1 / 18

Physical and Cyber Attacks

Physical and Cyber Attacks. Inspirational Quote. Country in which there are precipitous cliffs with torrents running between, deep natural hollows, confined places, tangled thickets, quagmires and crevasses, should be left with all possible speed and not approached. - Sun Tzu.

salaam
Download Presentation

Physical and Cyber Attacks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Physical and Cyber Attacks Physical and Cyber Attacks

  2. Inspirational Quote Country in which there are precipitous cliffs with torrents running between, deep natural hollows, confined places, tangled thickets, quagmires and crevasses, should be left with all possible speed and not approached. - Sun Tzu Physical and Cyber Attacks

  3. Underlying Principles Separation of physical and cyber security no longer possible Physical events can have cyber consequences Cyber events can have physical consequences Understanding the cyber environment is now an essential element of developing and maintaining situational control The nature of cyberspace means that the old “fortress” mentality is no longer viable Physical and Cyber Attacks

  4. Physical Security • Physical security critical to security of cyber environment – essential during advance visits • Loss of physical infrastructure can cause loss of cyber infrastructure • Must consider both material and human factors Physical and Cyber Attacks

  5. Impacts • Unmonitored activity of outsiders can increase risk to networked systems through unauthorized access • Weak security practices at IT centers increases risk of unauthorized access to both the facility and network systems • Unmonitored employee activity significantly increases the insider threat. Physical and Cyber Attacks

  6. Security Policies • Does the organization have physical and cyber security policies? • Have they been reviewed with respect to each other? • Are the parties responsible for these policies in contact? • What are the enforcement methods? Physical and Cyber Attacks

  7. Specific Policy Areas of Concern • Hiring and firing • Outsourcing contracts • Visitors • Customers/sponsors • Special events Physical and Cyber Attacks

  8. Facility Controls • Are the physical security plans for the facility documented and tested? • To what degree is the physical security dependent on computers and information networks? • Policies and procedures for visitors? • Do new or renovated facilities have computer controlled elevators, escalators, security systems, or fire doors? • Are these systems isolated or are they connected via the Internet to an external security provider? Physical and Cyber Attacks

  9. Personnel Controls • Background checks • Access Logs / work patterns • Proactive management • Problem resolution Physical and Cyber Attacks

  10. Physical Protection of Information Resources How is physical access to remote nodes controlled? What precautions are taken to minimize access to servers, cabling, routers, etc.? What access controls are in place? How are the access controls updated and managed? How are system components physically safeguarded? Are audit and monitoring records routinely examined for anomalies and necessary corrective actions? By whom? Physical and Cyber Attacks

  11. Network Security What does the network look like? What is the connectivity between networks? Can the network be accessed from the outside? What encryption protocols (if any) are in use on the network? Physical and Cyber Attacks

  12. Network Concerns Is redundancy built into the network? Are all necessary security patches in place? How often are security patch requirements reviewed? Are there external nodes on the network, and if so, are any of them wireless? Is the network administered on-site or at a remote facility? Physical and Cyber Attacks

  13. Physical Protection of Personnel • Emergencies • Travel • Commuting • Environment • Pollution • Disease • Assembly/communication Physical and Cyber Attacks

  14. Information Protection of Physical Resources • What information regarding the facility is available on the network? • Is there information about guests, employees, critical functions available? (scheduling, credentialing, etc.) • What access controls are in place for this information? (technology, procedure) • Is sensitive or critical information protected by secure, offsite storage and backups? • Is the integrity of installed software and data verified regularly? How? • Are all changes to IT hardware and software planned, controlled, and documented? • Is unique user identification required for all information system users, including third-party users? Physical and Cyber Attacks

  15. Information Protection of Personnel • Personally-identifying information • Personally-threatening information • Personally-compromising information • Localization/schedule information Physical and Cyber Attacks

  16. Personnel Protection of Information • Training • Awareness • Process • Follow-up • Value Physical and Cyber Attacks

  17. Example Impacts • Interruption of emergency services • 911 service off line • Disruption of hospital networks • Potential loss of life • Interruption of power grid • Disruption of services dependent on power • Hospitals • Hazardous material facilities • Secure facilities • Traffic control in chaos • Potential financial loss enormous Physical and Cyber Attacks

  18. Cascade Impacts • Interruption of Telecommunications • Impact on all levels of communications • Severe impact on financial services • Loss of communications with public impacts confidence in government • Potentially serious impact on military logistics (over 90 percent of all logistics over private infrastructure) • Interruption of Transportation • Disruption of commerce • Foodstuffs and fuel deliveries interrupted • Potential hazardous material compromises • Direct impact on population Physical and Cyber Attacks

More Related