From the course: ISC2 Certified Information Systems Security Professional (CISSP) (2024) Cert Prep

Site and facility design

From the course: ISC2 Certified Information Systems Security Professional (CISSP) (2024) Cert Prep

Start my 1-month free trial Buy for my team

Site and facility design

- [Instructor] Cybersecurity professionals must also ensure the physical security of facilities under their control. This includes limiting access to those facilities, authenticating employees seeking to gain access, and tracking contractors and other visitors who access the site. Let's begin our discussion of physical security by discussing some of the different types of facilities that must be protected. Data centers are the most obvious locations of concern to cybersecurity professionals. These secure facilities contain all of the servers, storage, and other computing resources needed to run the business. Data center access must be strictly limited to prevent the potential theft of resources and information. Anyone gaining physical access to a data center would have the ability to cause significant damage and disruption to the business. Now, not all servers are kept in the relatively safe confines of a managed data center. Many businesses only have simple server rooms that often lack strong security controls. These server rooms may also proliferate within business units of organizations that have central data centers because they tend to pop up organically, beginning with just a few servers in a room and growing until they have the capacity of small data centers. Media storage facilities also require security attention. Good disaster recovery, and business continuity plans place copies of critical business information, including system backups, at remote locations. These locations contain important data and must have equivalent security to the main data center, if not greater security because of their remote location. Cybersecurity professionals often engage in digital forensic investigations. If evidence handled during these investigations may be used in court, investigators must document and preserve the chain of custody, ensuring that evidence is not tampered with while in their hands. This requires secure evidence storage rooms that are safe from intrusion. Intermediate distribution frames, or IDFs, are critical components in an organization's network infrastructure. They're often situated in various locations throughout a facility to facilitate network connectivity for different departments or areas. These IDFs hold essential network equipment, including switches and patch panels that connect end user devices to the network's broader architecture. Securing IDFs involves implementing physical security measures, such as locked doors, surveillance, and strict access controls to ensure that only authorized personnel can interact with the network hardware. Regular security assessments and monitoring are also vital to safeguarding these frames from tampering, unauthorized access, or other security threats that could compromise the integrity and performance of the network. Wiring closets are an often overlooked physical security concern. They exist throughout an organization's facilities, and if they're not properly secured, they may offer an intruder physical access that may be used to eavesdrop on network communications or gain access to sensitive networks. The need for this protection extends to the cable distribution runs that leave the wiring closets and travel around in organizations' facilities to deliver network connectivity. There may be other facilities in the business that require similar protections. These may include operation centers and other restricted work areas. Security professionals should perform an inventory of all sensitive locations under their control and conduct physical security assessments of those facilities.

Contents