Operational and Organizational Security: Policies and Disaster Recovery• Chapter 12  681

                         using cables that are locked to the hardware and bolted to the wall or racks
                         in a server room. Similarly, physical access to computers may implement
                         usernames and passwords, password-protected screensavers, smart cards, or
                         other authentication methods that prevent unauthorized use.
                      ■  Validation procedures, which outline how access is given and how the
                         validity of a person’s presence in a restricted area can be verified.
                         Authentication may involve the control measures we previously men-
                         tioned, and other methods that identify and confirm the validity of indi-
                         viduals. It may also specify the roles of specific departments to perform
                         background checks, verify credentials, issue identification cards, and other
                         tasks necessary in confirming a person’s identity and what they are
                         bringing into a facility (i.e., laptops, network analyzers, or other equip-
                         ment that could pose a security risk).
                      ■  Monitoring and record keeping, which manages who is or was in an area
                         at a given time. Such measures may involve electronic surveillance
                         methods like video cameras, or human interaction, such as security guards
                         or receptionists who are responsible for individuals within a certain area.
                         Records may also be used to manage access, such as using sign-in sheets,
                         maintenance records, or other documents that identify a person presence,
                         when they attended the location, and their purpose for being there.

                    A physical security plan addresses numerous components of an organization,
                 including its facilities, personnel, computers, equipment, and other assets.The
                 objectives of the plan focuses on safeguarding these assets from theft, tampering,
                 and other threats that could result from unauthorized physical access.To restrict
                 access and reduce such risks, it is important that the policy be thorough in
                 addressing any areas where security could be an issue.



                 NOTE
                      For more information on issues relating to physical security, refer to
                      Chapter 11, “Operational and Organizational Security: Incident
                      Response.”












                                                                              www.syngress.com