200 likes | 490 Views
Prince Sultan University- College for Women. Physical Security Project. Supervised by: Ms. Faten Al- khahtany . Done by: IS 370 Students, 2011. Scope Team. Diana Al- Omari Donia Mohamad. Arwa Abu Shmais Enas Yaghi.
E N D
Prince Sultan University- College for Women PhysicalSecurity Project Supervised by: Ms. Faten Al-khahtany. Done by: IS 370 Students, 2011.
Scope Team • Diana Al-Omari • Donia Mohamad • Arwa Abu Shmais • EnasYaghi
The scope will be about the physical security of PSCW buildings to protect the buildings from unauthorized access ,the misuse of PSCW resources ,and to keep the fundamental documents secure
Project Goals • Protect the PSU's IT systems and information assets from unauthorized access, alteration, disclosure or destruction. • Ensure the reliability and availability of the University's IT systems and information assets. • Ensure the privacy of faculty, staff and student information and that of other University customers or associates. • Identify and prevent identity theft. • Establish resources and guidelines that allow all individuals within the University community to practice good data stewardship.
Project Mission Protect the Prince Sultan University for women against information physical threats
Who Is Included? • All faculties and departments of the University • All resource units • Research units. • Every computer on University premises or attached to the University's LAN (whether through a wired or wireless connection)
How many offices do we have? • Building 1: • 25 rooms • 12 labs • 4 studios • 46 faculty offices • 2 gym • 1 library • 13 stores • 6 bathrooms • 17 administrator offices
Building 2: Building 3: • 9 rooms • 4 studios • 4 faculty offices • 1 meeting room • 13 stores • 5 bathrooms • 10 administrator offices • 1 prayer room • 29 rooms • 2 studios • 4 faculty offices • 4 stores • 1 bathrooms • 10 labs
What to protect ? • We have 600 computers in the three buildings, and there are 15 switches (all switches in building 1). • There are also 92 projectors in the three buildings, one in each lab, room, studio.
What is included? Physical Aspect • Physical Access Control • Physical Security
(B) 1: Physical Access Control • Secured and audited access to office workspace, and policies for allowing guests and visitors into workspace • System locks on unattended machines.. • Physical access to building space secured through access card keys. • Access to sensitive building spaces are further restricted to authorized personnel only.
Physical Access Control (cont.) • Alarms are placed on all doors. • Any forced entry results in an automatic call sent to police. • Door point card readers are on Uninterrupted Power Supplies
Physical Security • we must secure not only the information but also the physical medium where the information is stored and kept. This includes: • The rooms, buildings, hardware: PCs and servers, the network, paper, cables…
Physical Security • Each location must have at least one secure room for storage or installation of sensitive or critical components. • Smoke and fire detectors in every and each room fire suppression systems • heating and air conditioning control • multiple locks, fencing, walls, cameras • Separate the network and the main servers from the actual work place areas
Physical Security • Rooms, cupboards and shutters must all be lockable. • Keys to drawers and cupboards must be carefully administered. • to enforce the physical control, we could use the separation of duties technique An individual can not complete a critical task by himself • Equipment may be taken elsewhere only with formal permission from the responsible party (with a signed document of indemnity).
Physical Security • In the case of longer-lasting power disruptions automatic shut-down procedures come into effect. • Equipment of the highest impact class is connected to a permanent emergency power supply. • Infrastructural cabling is channeled through protected, compartmentalized cable ducts. • Document shredding • Also electronic storage media are often prepared for disposal by purging, which erases files which may have been "deleted" by an operating system but never overwritten with other data
Who have the master keys in PSU? • The security • Maintenance people • Guards • The warehouse.
Disaster Recovery Plan • encompasses activities required to maintain a viable continuity • capability ensures that a consistent planning methodology is applied including: • Implementing accurate and continuous vital records, data backup, and off-site storage • Pack critical data at the sound of the alarm • Gather at a Pre-Determined location
Resources • University of Glasgow :: IT Services :: Information Security Management System Scope." University of Glasgow :: Glasgow, Scotland, UK. Web. 07 Mar. 2011. <http://www.gla.ac.uk/services/it/regulationscommitteesandpolicies/securitypolicies/informationsecuritymanagementsystemscope/>. • "University Policies." Queen's University. Web. 07 Mar. 2011. <http://www.queensu.ca/secretariat/senate/policies/InfoSystem.html#1>. • "In Depth Security: Using a Layered Approach to Network Security." Internet / Network Security - Tips, Advice and Tutorials About Internet Security and Network Security. 27 Feb. 2009. Web. 07 Mar. 2011. <http://netsecurity.about.com/od/newsandeditorial1/a/indepth.htm>. • "Security Implementation Mechanisms - The Java EE 5 Tutorial." Automatic Redirection. Web. 07 Mar. 2011. <http://download.oracle.com/javaee/5/tutorial/doc/bnbwy.html>. • "Authentication and Accounts Security." File Redirection. Web. 07 Mar. 2011. <http://www.softpanorama.org/Authentication/index.shtml>. • Moens, A. (2011). Physical and environmental security. Retrieved March 4, 2011, from TUDelft: https://intranet.tudelft.nl/live/pagina.jsp?id=74aeca25-a655-42df-b893-ea881f8a88b4&lang=en • https://online.penson.com/PensonBusinessContinuityPlan.pdf