Solution for Whitman Book 4th Edition

Principles of Information Security, 4th Edition

Chapter 9

Review Questions

1. What is physical security? What are the primary threats to physical security? How are they manifested in attacks against the organization?

Physical security addresses the design, implementation, and maintenance of countermeasures that protect the physical resources of an organization. This means the physical protection of the people, hardware, and the supporting system elements and resources associated with the management of information in all its states: transmission, storage, and processing.

The primary threats to physical security include the following: inadvertent acts - potential acts of human error or failure, potential deviations in quality of service by service providers, and power irregularities; deliberate acts – acts of espionage or trespass, acts of information extortion, acts of sabotage or vandalism, acts of theft, software attacks, and compromises to intellectual property; acts of God – forces of nature; technical failures – technical hardware failures or errors and technical software failures or errors; and management failures – technical obsolescence.

In the physical environment a potential act of human error or failure can be represented by an employee accidentally spilling coffee on his or her laptop computer. A compromise to intellectual property can include an employee without an appropriate security clearance copying a classified marketing plan. A deliberate act of espionage or trespass could be exemplified by a competitor sneaking into a facility with a camera. Deliberate acts of sabotage or vandalism can be physical attacks on individuals or property with the intent to sabotage or deface; deliberate acts of theft are perhaps the most common of these threats. Examples include employees stealing computer equipment, credentials, passwords, and laptops. Acts of God include lightning hitting a building and causing a...