Physical Security for IT (eBook)
256 Seiten
Elsevier Science (Verlag)
978-0-08-049590-3 (ISBN)
Even though the skill level required to hack systems and write viruses is becoming widespread, the skill required to wield an ax, hammer, or fire hose and do thousands of dollars in damage is even more common. Although many books cover computer security from one perspective or another, they do not thoroughly address physical security. This book shows organizations how to design and implement physical security plans. It provides practical, easy-to-understand and readily usable advice to help organizations to improve physical security for IT, network, and telecommunications assets.
* Expert advice on identifying physical security needs
* Guidance on how to design and implement security plans to prevent the physical destruction of, or tampering with computers, network equipment, and telecommunications systems
* Explanation of the processes for establishing a physical IT security function
* Step-by-step instructions on how to accomplish physical security objectives
* Illustrations of the major elements of a physical IT security plan
* Specific guidance on how to develop and document physical security methods and procedures
The physical security of IT, network, and telecommunications assets is equally as important as cyber security. We justifiably fear the hacker, the virus writer and the cyber terrorist. But the disgruntled employee, the thief, the vandal, the corporate foe, and yes, the terrorist can easily cripple an organization by doing physical damage to IT assets. In many cases such damage can be far more difficult to recover from than a hack attack or malicious code incident. It does little good to have great computer security if wiring closets are easily accessible or individuals can readily walk into an office and sit down at a computer and gain access to systems and applications. Even though the skill level required to hack systems and write viruses is becoming widespread, the skill required to wield an ax, hammer, or fire hose and do thousands of dollars in damage is even more common. Although many books cover computer security from one perspective or another, they do not thoroughly address physical security. This book shows organizations how to design and implement physical security plans. It provides practical, easy-to-understand and readily usable advice to help organizations to improve physical security for IT, network, and telecommunications assets.* Expert advice on identifying physical security needs* Guidance on how to design and implement security plans to prevent the physical destruction of, or tampering with computers, network equipment, and telecommunications systems* Explanation of the processes for establishing a physical IT security function* Step-by-step instructions on how to accomplish physical security objectives* Illustrations of the major elements of a physical IT security plan* Specific guidance on how to develop and document physical security methods and procedures
Front Cover 1
Physical Security for IT 4
Copyright Page 5
Contents 8
Preface 14
Acknowledgements 16
Introduction 18
Chapter 1. Physical Security Overview 22
1.1 Why Physical Security Is Important 23
1.2 The Relationship Between Physical and Cyber Security 24
1.3 Guard Against Disgruntled Employees and Angry Former Employees 25
1.4 How Activists and Corporate Foes Can Hurt You 26
1.5 Vandals Who Damage for Fun 27
1.6 Saboteurs Who Work for Profit 28
1.7 Thieves and Spies Are Everywhere 30
1.8 Domestic Terrorists Are Still a Threat 31
1.9 International Terrorist Are a Growing Threat 33
1.10 Physical Security for Natural Disasters 35
1.11 Physical Security for Random Incidents 36
1.12 Action Steps to Improve Physical IT Security 37
Chapter 2. Establishing a Physical IT Security Function 40
2.1 Organizational Placement of the IT Physical Security Function 41
2.2 Interdepartmental Relationships for Physical Security 43
2.3 Evaluating Financial Resources 44
2.4 The Role of Corporate 45
2.5 The Role of IT Security 46
2.6 The Role of Network Security 47
2.7 Relationships with Law Enforcement 48
2.8 Relationships with Private Security Providers 50
2.9 Establishing and Utilizing an Alert System 51
2.10 Action Steps to Improve Physical IT Security 53
Chapter 3. Developing an IT Physical Security Plan 56
3.1 Overview of the Planning Process 57
3.2 Developing the IT Physical Security Plan 59
3.3 Utilizing Existing Risk Exposure Analysis 60
3.4 Integrating Physical IT Security and Cyber Security Planning 61
3.5 Integrating Physical IT Security and Disaster Recovery Planning 62
3.6 Integrating Physical IT Security and Business Continuity Planning 63
3.7 Working with Your Insurance Company 64
3.8 Evaluating Regulatory Requirements 65
3.9 Action Steps to Improve Physical IT Security 69
Chapter 4. Major Elements of a Physical IT Security Plan 72
4.1 Overview and Mission Statement 75
4.2 Organizational Responsibilities 75
4.3 Duty Officers 76
4.4 Contact Lists 77
4.5 Security Procedures for Data Centers 77
4.6 Security Procedures for Wiring and Cabling 79
4.7 Security Procedures for Remote Computers 80
4.8 Security Procedures for Desktops 81
4.9 Security Procedures for Department-Based Servers 82
4.10 Security Procedures for Telecom and Datacom Equipment 83
4.11 Security Procedures for Manufacturing Control Equipment 84
4.12 Security Procedures for Surveillance and Alarm Systems 85
4.13 Action Steps to Improve Physical IT Security 86
Chapter 5. Developing and Documenting Methods and Procedures 88
5.1 The Process of Developing Methods and Procedures 89
5.2 Devising a Format for Documenting Procedures 90
5.3 Physical Security Procedures for Data Centers 91
5.4 Physical Security Procedures for Wiring and Cabling 92
5.5 Physical Security Procedures for Remote Computers 93
5.6 Physical Security Procedures for Desktops 93
5.7 Physical Security Procedures for Department-Based Servers 94
5.8 Physical Security Procedures for Telecom and Datacom Equipment 95
5.9 Physical Security Procedures for Manufacturing Control Equipment 96
5.10 Physical Security Procedures for Surveillance and Alarm Systems 97
5.11 Action Steps to Improve Physical IT Security 98
Chapter 6. Auditing and Testing Procedures 100
6.1 How to Audit and Test Procedures 100
6.2 Auditing and Testing for Data Centers 103
6.3 Auditing and Testing Wiring and Cabling Security 106
6.4 Auditing and Testing Remote Computer Procedures 107
6.5 Auditing and Testing Desktop Procedures 108
6.6 Auditing and Testing Procedures for Department-Based Servers 109
6.7 Auditing and Testing Telecom and Datacom Equipment Security 110
6.8 Auditing and Testing Manufacturing Control Equipment Security 111
6.9 Auditing and Testing in Surveillance and Alarm System Security 112
6.10 Action Steps to Improve Physical IT Security 113
Chapter 7. The Role of the Incident Response Team 116
7.1 The First Report 118
7.2 The Confirmation Process 120
7.3 Mobilizing the Response Team 120
7.4 Notifying Management 121
7.5 Using the Alert System 122
7.6 The Preservation of Evidence 123
7.7 When to Call Law Enforcement 124
7.8 Returning to Normal Operations 125
7.9 Analyzing Lessons Learned 126
7.10 The Role of the Incident Response Team During Disasters 128
7.11 Action Steps to Improve Physical IT Security 134
Chapter 8. Model Training Program for Organization Staff 138
8.1 Training for IT and Security Professionals 139
8.2 The Basics of Training 140
8.3 Building Awareness About Physical Security for IT Assets 141
8.4 How to Identify Potential Threats and Vulnerabilities 145
8.5 Reporting Suspicious Behavior or Security Violations 156
8.6 What to Expect from Different Departments 157
8.7 How the Internal Alert System Works 159
8.8 Performing the Administrative Aspects of a Training Program 160
8.9 Action Steps to Improve Physical IT Security 161
Chapter 9. The Future of Physical Security for IT Assets 164
9.1 The Impact of National Security Plans 165
9.2 The Role of ISACS 175
9.3 Action Steps to Improve Physical IT Security 189
Appendix A. Physical Computer Security Resources 190
Appendix B. Physical Security Glossary and Acronyms 198
Appendix C. Action Step Checklists 212
Appendix D. Physical Security Planning Checklists 220
Index 238
Erscheint lt. Verlag | 4.12.2004 |
---|---|
Sprache | englisch |
Themenwelt | Sachbuch/Ratgeber |
Informatik ► Netzwerke ► Sicherheit / Firewall | |
Informatik ► Office Programme ► Outlook | |
Mathematik / Informatik ► Informatik ► Theorie / Studium | |
Recht / Steuern ► Strafrecht ► Kriminologie | |
Sozialwissenschaften | |
Wirtschaft ► Betriebswirtschaft / Management | |
ISBN-10 | 0-08-049590-7 / 0080495907 |
ISBN-13 | 978-0-08-049590-3 / 9780080495903 |
Haben Sie eine Frage zum Produkt? |
Kopierschutz: Adobe-DRM
Adobe-DRM ist ein Kopierschutz, der das eBook vor Mißbrauch schützen soll. Dabei wird das eBook bereits beim Download auf Ihre persönliche Adobe-ID autorisiert. Lesen können Sie das eBook dann nur auf den Geräten, welche ebenfalls auf Ihre Adobe-ID registriert sind.
Details zum Adobe-DRM
Dateiformat: PDF (Portable Document Format)
Mit einem festen Seitenlayout eignet sich die PDF besonders für Fachbücher mit Spalten, Tabellen und Abbildungen. Eine PDF kann auf fast allen Geräten angezeigt werden, ist aber für kleine Displays (Smartphone, eReader) nur eingeschränkt geeignet.
Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen eine
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen eine
Geräteliste und zusätzliche Hinweise
Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.
aus dem Bereich