The quote from “The Art
of Deception” that says “The human factor is truly security’s weakest link (Mitnick, 2002)”,
can be easily explained by simply looking at humanity itself. As humans we try to be extremely trustworthy
and most of us become gullible in doing so.
With this in mind there are a few policies that we could implement to
help strengthen this weakness.
One of the policies that
would be helpful to implement is security access panels to ensure only specific
employees can enter certain areas of the building. To back up this policy we would provide
annual training to all employees explaining the procedures to follow in order
to avoid any risks. For example, if
someone were to walk in behind another employee simply scan their badge for
them. If the employee does not have
their badge escort them to have a temporary one created to ensure they should
in fact be there.
Physical Control
|
Description
|
Example
|
Hardware Locks and Security
|
Physical locks and cable.
|
Docking station attached to desk with key.
|
Mantraps
|
Rooms that requires visual and authentication to get in and out.
|
Front office that requires front desk associate and key card.
|
Camera / Guard
|
Camera or guard to monitor front door.
|
Surveillance system.
|
Fencing
|
Chain-link fencing surrounding the building to keep people out.
|
Large fencing protecting outer barrier.
|
Control Type
|
Definition
|
Example
|
Deterrent
|
Something to warn the attacker.
|
No trespassing sign.
|
Preventive
|
Prevents the attack from happening.
|
Locked door.
|
Detective
|
Detects and uncovers any violations.
|
Motion sensor alarm.
|
Compensating
|
Backup system to use when others fail.
|
Combination of all the above.
|
Technical
|
Technological security controls.
|
Firewalls.
|
Administrative
|
Procedures, policies, and guidelines.
|
Notification person.
|
The reason of which a
network administrator would need to be concerned about the HVAC and fire
suppression systems is to ensure they too are not compromised by attackers. Even though these systems may not seem like
they are vulnerable to hackers they are, so it is best to protect them. One of two policies I would implement to
ensure the fire suppression system is secure within the IT area, is to have the
backup system checked regularly to ensure it works properly. Also, keeping the system up to date to ensure
all patches have been applied on a consistent basis.
References
Dulaney, E., & Easttom, C. (2014). CompTIA
Security+ Study Guide, Sixth Edition. Indianapolis: John Wiley & Sons,.
Mitnick, K. D. (2002). The Art of Deception.
Wiley.
Wireless attacks and its types. (n.d.). Retrieved December 11, 2016, from Exam
Collection: http://www.examcollection.com/certification-training/security-plus-wireless-attacks-and-their-types.html
No comments:
Post a Comment