Time
8 hours 33 minutes
Difficulty
Beginner
CEU/CPE
9

Video Transcription

00:06
so physical security considerations. We're going to kind of start from an outside in approach. So well, first kind of look out at the outside physical perimeter of of location and then just kind of start to move, you know, on on in with, with different
00:25
considerations in safeguards that can be put in a place. So, you know, at the most basic, we're talking about considerations for a location. Um, you know, considering the actual location itself, is it in a high crime area? If so, maybe there needs to be more, you know, external
00:44
controls in place, things like
00:46
fences, gates, walls, guards, alarms. And once again, all of these controls they depend on, You know, how much risk is your organization willing toe willing to take? If there's, um
01:00
if there's, you know, high valued, you know, assets within the organization, then you know they're probably gonna have a greater security, you know? Then if if the potential loss wouldn't be that great if if someone was able to actually
01:19
get into the building and look around
01:23
eso so facilities, facilities could be protected, there's many different ways securing roof access, the events and ducks monitoring via closed circuit television cameras, alarms and panic buttons. Windows and door bars, door locks and deadbolts. Youngers. They're just one of many different, you know,
01:44
measures for protecting the
01:46
preventing you
01:49
unauthorized access, actually into the building
01:53
consideration for visitors. So no, most organizations air gonna have people coming, you know, coming in and out that aren't a part of the organization. So, you know, it's important to have some kind of visitor control in place. You know
02:12
how strict it is once again will depend on, um, you know how tight security needs to be. But you know, some, you know, some
02:23
safeguards are procedures for controlling your visitors coming into an organization, conclude, you know, having visitor request. So not allowing people just to kind of, you know, pop in, but having some kind of formal procedure that an individual needs to go through ahead of time so that,
02:43
you know, security office can can vet,
02:45
you know, the validity of their visit, or at least you know, ahead of time to expect them to prevent against certain kind of attacks like social engineering attacks were, you know, to prevent someone from just being able to show up and say, Hey, I'm here to see you know so and so have them sign and then and then kind of go on their merry way.
03:06
Um uh,
03:08
you know, another part for for another kind of control for visitors is potentially you might want to set up, you know, a specific area for visitors that that they must go to first, especially and, you know, highly secured area somewhere where you know the organization can
03:28
ensure that there is no,
03:30
you know, confidential information or proprietary information that's gonna be that's gonna be out somewhere. That's the thing is kind of ah d m z s so to speak for for people, so somewhere where they can ensure that there's not gonna be
03:47
any kind of information or data week Ege
03:51
having things like clean desk policies. And you're ensuring that people aren't leaving work materials out on their desk that when people actually come into the organization that, you know, someone couldn't just walk up to someone's cubicle when they're away and start pulling papers off
04:10
off of their desk,
04:12
designing for plans to restrict access to sensitive areas. So that's actually something that you know, we have here at certain as you go through. Different parts of the building actually have to, you know, badge in and badge out because there's there's certain areas that you are restricted for certain personnel,
04:31
so kind of partitioning off
04:33
different areas of the building, depending on
04:39
you know how secure it needs to be
04:42
and then restricting access invisibility of computer screen so, you know, just to prevent against things as simple as you know, shoulder surfing. So so visitors. You can't just walk, buying and and see you know what's on someone's screen or overlooked watching people typing their passwords,
05:00
just working on
05:01
sensitive, sensitive company material.
05:08
On The other thing here is is locking workstations, you know, when they're not in use. Um,
05:13
you know, if you just have someone
05:15
want around, If you don't have any kind of policy or or control in place for not for leaving work stations unlocked, then you know if someone is able to get into the building and walk around, you know they can. You know, if a workstation that locked they could just hop right on and they're right away into the network, So
05:33
I mean, these were just kind of very kind of, you know, easy pickings, low hanging fruit kind of things. And a lot of these things are really geared towards Maur social engineering, type of tax, interactive type of tax where someone can just kind of go around on DDE.
05:51
Andi have their way inside inside an organization
05:58
maintenance. So,
06:00
as you know, as a part of, you know, facilities management, you know, an organization is is gonna have to have maintenance personnel coming in periodically for different things for working on the air conditioning, working on the heating, working on just different infrastructure, electric water,
06:20
all that kind of stuff.
06:21
So it's it's important when you have those individuals coming into your organization,
06:28
you know, they there are authorized to come in, but you want to have some procedures in place to monitor them. So another example here at the S E I When when there are maintenance personnel coming in or working on certain areas, you always see there's there's a guard
06:47
No,
06:47
that will be escorting them. So so individuals aren't allowed tohave just just totally free access
06:58
to the building

Up Next