Safety Principles for Site and Facility Design

Implement site and facility security control

Implementation and management of physical security

Understand why there is no security without physical security. Without control over the physical environment, no amount of management or technical-logical access control technology can provide sufficient security. If someone with malicious intent gains physical access to a facility or facility, they can do almost anything they want, including destroying equipment and stealing or altering data.

Understand safety improvement plans. A secure facility plan outlines the organization's security needs and highlights the methodological mechanisms for providing security. The plan is developed through risk assessment and critical path analysis.

Define critical path analysis. Critical path analysis is a systematic effort to determine the relationships between mission-critical application engineering, processes, operations, and all necessary supporting elements.

Understand technology convergence. Technology integration refers to the integration of various technologies over time. Solutions, utilities, and systems continue to evolve and converge. While in some cases this can improve efficiency and save money, it can also create a single point of failure, making it a more valuable target for malicious hackers and intruders.

Understand site selection. Site selection should be based on the organization's security needs. Cost, location and size are all important, but security requirements should always take precedence. Key factors in site selection include visibility, composition of the surrounding environment, and convenience of the area.

Understand the key elements of building facility design. A key element of building facility design is understanding the level of security an organization requires before construction and developing careful plans for this.

Definition CPTED. The idea of ​​Crime Prevention through Environmental Design (CPTED) is to carefully design the physical environment to influence the personal decisions potential offenders make before committing a criminal act.

Ability to list administrative physical security controls. Examples of administrative physical security controls include: facility construction and selection, site management, personnel controls, security awareness training, and emergency response and procedures.

Ability to list technical and physical security controls. Technical physical security controls include: building access control, intrusion detection, alarms, security cameras, surveillance, power supply to HVAC, and fire detection and fire protection.

Ability to list on-site physical security controls. On-site physical security controls include: fences, lighting, door locks, building materials, access control vestibules (formerly known as traps), police stations and guards.

Understand the functional sequence of controls. The order is deterrence, denial, detection, delay, judgment and decision.

Understand equipment failure. No matter the quality of the equipment an organization chooses to purchase and install, they will eventually fail. Failure preparedness measures include purchasing spare parts, storage equipment or signing an SLA with the supplier

Define MTTF, MTTR and MTBF. Mean time to failure (MTTF) is the typical life expectancy of equipment under specific operating conditions. Mean Time to Recovery (QMITR) is the average time it takes to repair a device. Mean time between failures (MTBF) is an estimate of the time between first and subsequent failures.

Learn how to design and set up a safe workspace. Access levels should not be uniform across all areas of the facility. The higher the value or importance of the assets placed in a zone, the more restricted access to that zone should be. Assets that are fully valued should be located at the core or center of the facility's protection.

Understand the safety aspects of wiring closets. A wiring closet is where building-wide or single-layer network cables are placed, connecting them to other critical equipment such as patch panels, switches, routers, LAN extenders, and backbone channels. The focus of wiring closet security is to prevent illegal physical access. If an illegal intruder enters the area, they may steal equipment, pull out cables, or even install listening devices.

Understand smart cards. Smart cards are credit card-sized identification badges, badges, or security passes with an embedded magnetic stripe, barcode, or integrated circuit chip. It contains information that can be used for identification and/or authentication purposes of the authorized holder.

Learn about proximity devices and card readers. Proximity devices can be passive devices, inductively powered devices or transponders. When a proximity device passes through a card reader, the reader device is able to determine who the cardholder is and whether they have access.

Understand intrusion detection systems. An intrusion detection system (IDS) or burglar alarm is an automatic or manual system that detects: Intrusion, sabotage or attack attempts: Unauthorized entry is used: Special events occur during unauthorized or unusual times event

Learn about cameras. Video road view! Surveillance, closed circuit television (CCTV) and security cameras are all means of deterring unwanted activity and creating a record. The camera can be public or hidden; it can store records locally or in the cloud; it can provide pan, tilt and zoom functions; it can work in visible light or infrared light; it may be triggered by motion; it can support time-lapse recording, tracking, facial recognition, object detection, infrared or color filtering; and can provide face recognition, gait analysis and object detection

Understand the security requirements for media storage. The media storage facility is used to securely store blank media, reusable media, and installation media. Focus should be placed on issues of theft, corrosion, and residual data recovery. Measures to protect media storage facilities include using locked cabinets or safes, designated custodians/custodians, check-in/check-out procedures, and media decontamination.

Understand the key points of evidence storage. Evidence storage is often used to save logs, disk images, virtual machine snapshots, and other data for recovery, internal investigation data, and forensic investigation data. Protection methods include: dedicated/separate storage facilities, offline storage, activity tracking, hash management, access restrictions and encryption.

Learn about common threats to physical access control. Regardless of the form of physical access control, security guards or other surveillance systems must be in place to prevent abuse, impersonation, disguise, tailgating, and piggybacking.

Learn common terms related to electrical problems. Know the definitions of the following terms: fault, blackout, voltage dip, undervoltage, spike, surge, closing current, ground, and noise.

Understand how to control the environment. In addition to the power supply, control of the environment also includes control of HVAC. The temperature of the room where the computer is placed should be maintained between 59-89.6F (15~32 C). Computer room humidity should be maintained at 20%-80%. When the humidity is too high, it may corrode the machine, and when the humidity is too low, static electricity may be generated.

Learn about static electricity. Even on antistatic carpets, an electrostatic discharge of 20,000 volts may still occur if the ambient humidity is too low. Even the lowest levels of electrostatic discharge voltage are enough to destroy electronic equipment.

Understand the requirements for leakage and flood management. Environmental safety policies and procedures should include solutions for leaks and flooding. Although pipe leaks do not happen every day, when they do happen it can have disastrous consequences. Water and electricity are incompatible, and if water enters a computer system, especially when it is running, it is bound to damage the system. Whenever possible, local server rooms and critical computer equipment should be located away from water sources or water pipes.

Understand the importance of fire detection and fire protection systems. Fire detection and firefighting cannot be ignored. The primary goal of any security system is to keep people safe. In addition to protecting people, fire detection and fire protection systems should also be designed to eliminate fire and smoke. Damage caused by high temperatures and fire extinguishing materials should be minimized, and emphasis should be placed on protecting IT infrastructure.

Understand the possible contamination and damage caused by fire detection and fire protection systems. The destructive factors of fire include not only fire and smoke, but also extinguishing agents, such as water or sodium carbonate. Smoke can damage data storage devices. High temperatures will damage any electronic and computer components. Extinguishing agents may cause short circuits, primary corrosion, or render the equipment inoperable. These factors must be taken into account when designing fire protection systems.

Understand physical perimeter security controls. Access control to facilities can be achieved using fences, gates, turnstiles, access control vestibules, bollards and barricades.

Understand lighting. Lighting is the most commonly used form of perimeter security control, providing a deterrent security effect.

Learn about guards and police dogs. Guards can be set up at the border or inside to monitor entrances and exits or to monitor detection and surveillance. The advantage of guards is that they can adapt and respond to various status or situations. With the way of learning and identifying the past and falsehoods, Luo Weisi can adapt to the changing environment and make favorable judgments accordingly. The Road Guard can serve as a replacement for the Road Guard and is often used for border security control. The police force is a very effective means of detection and deterrence.

Understand how to respond to interviews in secure facilities. If a facility has restricted areas to control physical security, it may be necessary to establish a visitor handling mechanism. Common practice is to assign a chaperone to the visitor and closely monitor the visitor's comings and goings. If outsiders are allowed to enter protected areas without effective tracking and control of their activities, the security of protected assets may be compromised.

Understand internal security controls. There are a variety of physical security mechanisms for internal control, including locks, badges, distributed cable protection systems (PDS), motion detectors, intrusion alarms, and secondary verification mechanisms.

Understand personnel privacy and security. In all situations and conditions, the most important aspect of a security program is protecting people. Preventing personal injury is therefore the primary goal of all safety efforts.

Understand the KPIs for physical security. Key performance indicators (KPIs) for physical security should be identified, monitored, recorded and evaluated. KPIs are indicators of operations or failures in various aspects of physical security.

1. Your organization is planning to build a new facility to accommodate a large number of on-site employees. There are many safety issues at the current facility, such as loitering, theft, graffiti, and even some physical altercations between employees and non-employees. The CEO has asked you to assist in developing a facility plan to reduce these safety issues. While researching your options, you discovered the concept of CPTED. Which of the following is not one of its core strategies? A. Reinforcement of natural environment areas B. Natural environment access control C. Natural environment training and improvement D.Natural environment monitoring

2. When assessing the safety of a facility or designing a new facility, what is the method to systematically determine the relationships between mission-critical applications, processes, operations, and all necessary supporting elements? A. Log file audit B. Critical path analysis C.Risk analysis D. Count inventory

3.Which of the following is a correct description of a security camera? (Select all that apply.) A. Cameras should be positioned to monitor entrances and exits, allowing for changes in authorization or access levels. B: Not required around critical assets and resources, nor provided in public areas such as parking lots and sidewalks Extra protection. C: Cameras should be positioned to provide a clear view of all exterior walls, entrances and exits, and interiors. D. To provide a deterrent effect, security cameras should be public and visible. E. Security cameras have a fixed recording area. F Some camera systems include system-on-a-chip (SoC) or embedded components and are capable of performing various special functions such as time-lapse recording, tracking, facial recognition, object detection, infrared or color-filtered recording. G. Motion detection or sensing cameras are always able to differentiate between humans and animals.

4 Your organization is planning to build a new headquarters in a new town. You are asked to participate in the design process, and as such, you will be given a copy of the blueprints for review. Which of the following is not a facility or venue design element that focuses on safety? A. Separate work and visitor areas B. Restrict access to areas of higher value or importance C. Confidential assets are located at the core or center of the facility D. All places in the facility have the same access rights

5. A recent security audit of your organization's facilities identified a number of issues that need to be addressed. Some of these issues are related to the primary data center. But you think at least one of the findings is a false positive. To maintain the most efficient and secure server room, which of the following does not need to be true? A. Must be optimized for employees. B. Non-water fire protection systems must be used. C. Humidity must be maintained at 20%~80%. D. The temperature must be maintained at 59~89.6°F.

6. A recent security policy update restricted the use of portable storage devices brought in from outside. To compensate for this, media storage management processes have been implemented. Which of the following is not a typical security measure for a storage facility that contains reusable removable media? A. Installation custodian or custodian B. Adopt a check-in and check-out process C.Hash D. Purify the returned media

7. The company’s server room has been converted to a raised floor and MEA door locks. You want to ensure that your updated facility maintains optimal operating efficiency. What is the ideal humidity range for a server room? A. 20% 40% B. 20%~80% C. 80%~89.6% D. 70%~95%

8 You are mapping the critical path of network cables throughout the building. When developing a cable equipment management strategy, you need to ensure that the master wiring diagram includes and labels which of the following items? (Select all that apply.) A. Access Control Lobby B access facilities C. Equipment room D. Fire escape passage E backbone wiring system F. Telecommunications room G.UPS H. Horizontal wiring system I Industrial loading and unloading platform

9 Which type of water fire protection system is best for computer equipment? A. Wet pipe system B. Main pipe system C. Pre-response system D. Intensive sprinkler system

10. Your company's fire detection and suppression systems are inspected annually by local authorities. You start a conversation with the chief inspector and they ask, "What are the most common causes of false alarms in water-based fire suppression systems?" So, how do you answer? A. lack of water B. people C ionization detector D. Install the detector in the ceiling

11. The data center experienced multiple hardware failures. The auditor noted that systems were stacked on top of each other in a dense and disorganized manner. What measures should be taken to solve this problem? A. Visitor log B. Industrial Camouflage C. Gas fire extinguishing D. Hot aisle and cold aisle

12. Which of the following is an advantage of a gas-fired fire suppression system? (Select all that apply.) A, can be deployed across company facilities B. Minimal damage to computer systems C. Extinguish fire by removing oxygen D. Able to extinguish fires faster than drainage systems

13. When designing physical security for an environment, focus should be placed on the functional sequence of control applications. Which of the six common Correct sequence of physical security control mechanisms? A Default, delay, rejection, detection, intimidation, judgment B intimidation, rejection, detection, delay, judgment, determination C refuse, threaten, delay, test, decide, judge Ddecision, detection, rejection, judgment, return, postponement

14 Equipment failure is a common cause of loss of availability, and when developing strategies to maintain availability, it is often necessary to understand the criticality of each asset and business process and the organization's ability to survive adverse conditions. Please match the term with the definition I. MTTF II.MTTR III.MTBF IV. SLA ①Clearly stipulates the response time provided by the supplier in case of emergency failure ② Estimation of the time interval between the first and subsequent failures ③ Typical life expectancy of equipment under specific operating environments ④The average time required to maintain the equipment A. I-①. II-②. III-④. IV-③ B. I-④. II-③. III-①. IV-② C. I-③. II-④. III-②. IV-① D. I-②, II-①, III-③, TV-④

15 You have been placed on the facility security planning team. Your task is to create a prioritized list of issues to be addressed during the initial design phase. What is the primary goal of all security efforts? A. Prevent information leakage B. Maintain integrity C. Personal safety D. Maintain availability

16. While looking at the facility blueprints, you notice a few tell-tale signs. These are indications that physical security mechanisms are deployed directly into the structure of the building. Which of the following is a double door, usually guarded by a guard, used to contain a subject until his or her identity and authority can be verified? A. Gate B. revolving door C. Access control foyer D. Proximity detector

17: Facility security has become a top priority due to a recent building intrusion. You are a member of the security committee that will make recommendations on how to improve the organization's physical security posture. What are the most common perimeter security devices or mechanisms? A. Security Guards B. fence C.CCTV D.Lighting

18 Your organization has a new contract with an important customer. This requires increasing the generation operations of a major facility that will be used to house valuable digital and physical assets. Make sure these new assets are properly protected. Which of the following is not a shortcoming of security guards? A. Security guards often do not understand the scope of a facility's operations B. Not all environments and facilities are suitable for security guards C. Not all security guards are reliable D. Pre-screening, team building and training cannot guarantee the capability and reliability of security guards.

19. While designing a security plan for a proposed facility, you are informed that the budget has just been reduced by 30 percent. However, they did not adjust or reduce safety requirements. What are the most common and inexpensive forms of physical access control devices used indoors and outdoors? A. Lighting B. Security Guards C. Key lock D.fence

20. While implementing a motion detection system to monitor unauthorized entry into secure areas of a building, you realize that your current infrared detectors are causing a large number of false alarms. You need to replace them with another option. Which type of motion detector senses changes in the electric or magnetic fields surrounding the object being monitored? A. Fluctuation B. Optoelectronics C. Heat D. Capacitance