1 / 20

Under Lock and Key: Conducting a Physical Security Audit John Fremer, Ph.D – President, Caveon

Under Lock and Key: Conducting a Physical Security Audit John Fremer, Ph.D – President, Caveon Jamie Mulkey, Ed.D. – Sr. Director Caveon July 19, 2006. Got questions? Get the Card. Are your tests out partying when you leave the office at night?.

Download Presentation

Under Lock and Key: Conducting a Physical Security Audit John Fremer, Ph.D – President, Caveon

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Under Lock and Key: Conducting a Physical Security Audit John Fremer, Ph.D – President, Caveon Jamie Mulkey, Ed.D. – Sr. Director Caveon July 19, 2006

  2. Got questions? Get the Card.

  3. Are your tests out partying when you leave the office at night? Let’s get out the #2 and change the answer key Yeah, then can see what’s happening up the block. I hear they are having a party at the testing house tonight

  4. Webinar focus: • Understand the types of materials that need to be put under lock and key • Determine who should have access rights to rooms, systems, & paper materials • Describe policies to put in place to protect secure information • Understand the cultural & attitudinal effects of maintaining physical security

  5. Defining physical security “Physical security is the protection of personnel, hardware, programs, networks, and data from physical circumstances and events that could cause serious losses or damage to an enterprise, agency, or institution. This includes protection from fire, natural disasters, burglary, theft, vandalism, and terrorism.” www.searchsecurity.com

  6. Three main components of physical security Surveillance Methods Obstacles

  7. Like the Shoemaker’s children…

  8. The problem with most testing programs Security is penetrable Materials too easily accessible Lack of formal process

  9. Got Questions?

  10. Putting materials under lock & key • Test files • Candidate records • Candidate agreements • Vendor agreements • Discarded product • Putting most secure content in most secure areas

  11. Who has access? • Determine a chain of responsibility • Maintaining a list of who needs access to what materials • Rules for sending confidential material to others • Vendor physical security agreements • Visitor access • Training of staff • Access is limited to “need to know”

  12. Policy management • Procedures appropriate to the context • Policies for access to test items, test publication, test administration • Processes for employees who leave the company • Escalation plan when a breach does occur • Back up and disaster recovery plans • Use score card to evaluate how you are doing

  13. Culture & attitude • Higher success when individuals recognize the value of policies • Employees and vendors more likely to comply, not “get around” • Ongoing security training and awareness activities help

  14. Conducting a physical security audit • Objective, third-party auditors • Explicit written standards, carefully developed, using available models: • Transmission of secure materials • Access to items banks • Password change frequency • Materials reviewed in advance

  15. Conducting a physical security audit • Individual and group interviews • Physical examination of work area and procedures • Distinguishing between formal policy and actual practice • Written report with recommendations for improvement • Follow-up after defined time interval

  16. Sample recommendations • Enhance building access controls: Require visitors to present ID before being admitted to the building • Scan and post-incident records on internal system with limited, secure access to the files • Secure files with combination locks for the file cabinets • Maintain an entry/exit log for use of materials in the secure storage vault • Make secure files difficult to get to

  17. Got Questions?

  18. Results of physical security audits • Increased awareness and training among staff • Installation of locks and locked access areas • Reduced number of access points into the building • Issuance of system password policies • Move from physical to electronic files • Moving most vulnerable stuff into most secure area

  19. Points we hope you will take away • What needs to be put under lock and key? • Who needs access? • What policies need to be put in place? • What culture and behaviors need to be reinforced? • Who can I bring in to evaluate my physical environment?

  20. Thanks for attending! Please contact us: John Fremer, Ph.D. john.fremer@caveon.com (215) 805-3007 Jamie Mulkey, Ed.D. jamie.mulkey@caveon.com 916 652-4017 phone 916 765-8838 mobile www.caveon.com

More Related