all right. Now, with the networking concepts that we've talked about for enterprise security, we cannot forget physical security. And, uh, you know, a lot of physical security is common sense, but you've got to be very comprehensive
in your design of physical security. The greatest impact we can have on physical security as faras cost effectiveness
is through deterrence. Simply a no trespassing sign. We'll keep some people off of your organizational grounds, keep them out of your building. Now again, if there's a determined intruder, they're not gonna pay any attention to that. But not everybody's a determined intruder, so we're gonna think about deterrence.
A sign that says Do not enter on a closed door
fences. You don't have to have a 12 foot fence if you've got a four foot fence that's gonna deter many, many Attackers. So deterrence is one of those things that we want to think of first having a log in banner on your system and you know so it's not just physical but ah, logging banner that says unauthorized access of this system is strictly prohibited.
That'll keep a portion of users
off that system, so we want to look to deter because it's the cheapest, easiest way
now, Um, with physical security, we need a means of violation analysis. Violation analysis is always our first step. Anytime we think that there's some sort of breach, and basically all that means is we need a way to step back and say, Is this something that was authorized? Or is it unauthorized?
And if it's unauthorized, isn't an attack?
So certainly with physical security, we want to be able to differentiate between people that belong in our building and people that don't often they're swipe card access. There's a badge. There might be some other type of token device or some other mechanism, but we want to be able to separate out who belongs and who doesn't
delay or prevent intrusion. Now, lot of house, we really don't like to talk in terms of prevention because there's no single device that will prevent. But a lot of times we do think of deterrence, then we delay, and if we delay long and up, hopefully we can detect that someone that we have an intruder
and then ultimately deny
so deter, delay, detect, deny. That's often what we talk about relationships. Security. So if I can't deter you, I've gotta sign in my window. That says I have a burglar alarm. I think I mentioned you guys. I have an attack pug that will bark. So that's a deterrence.
However, if that doesn't deter you, I wanna be able Thio delay you. So I locked my screen door. Honestly, that's very little security, but it is one additional step
I locked my front door locks can be picked, some of them much easier than others, but it does slow an attacker down that three foot four foot fence that we talked about. If it doesn't deter you as an attacker, I'll guarantee you it'll slow you down at least a little bit.
So we want to delay.
If we delay long enough, our detective mechanisms will kick in like our motion detector lighting or a burglar alarms. And then, ideally, once your detective will be able to deny you access s Oh, those were the ways that we think about.
And when we do detect that in a true vision and intrusion happens, we should have a predefined response. We should know what to do, and we shouldn't be in the mode of standing around, looking each other, going what next? So there is no required methodology for how to work.
Respond to a physical security incident.
But you need one and needs to be well documented, and you need to have an incident response team that's responsible. You know, a lot of times you have security guards on premises, and those security guards would be responsible for responding to some sort of access.
Now, threats come from a wide range of categories. Internal threats. Don't forget the folks on the inside. A lot of times your greatest weakness, the greatest vulnerabilities from folks on the inside, external threats for whatever purpose, some sort of grudge,
maybe a political espionage, you know, is we're hearing a lot about that today.
Corporate espionage, uh, just lots of reasons that attacks exists from the outside theft. Of course, being very popular natural disasters, threatened physical securities, tornadoes, fires, hurricanes, floods
and then man made attacks can threaten our physical security, whether it is a malicious attack from a kn outsider or insider terrorist attack, and certainly here in the D C area, we're quite aware
of the possible ability for those but terrorist attacks extend well beyond
the D C area of the New York area. We can't forget the loss that we saw in the Oklahoma bombings, so we've got to think about man made threats
now some of the ways that we can help secure our physical, uh, facilities, how our facility is laid out, how it's designed. And just like always, If we design something to be inherently secure, it's more secure than adding security is an afterthought.
Now there's a concept called Sip Ted Crime Prevention. I don't really like the word prevention here, but that's what it's called
crime prevention through environmental design.
So what that means is designed your building securely to start with choose secure equipment. You know, we talked about floods and fires. Well, good strong building materials don't make your building out of matchsticks.
A slight exaggeration there. But choose good material like brick or steal. If you're concerned with fire safety, um, stairwells if you have a multi storey building rather than having the typical cement steps, and if you're in that stairwell, you have no idea what's going on underneath.
mess stairs. You can look down and you could see an attacker an intruder down below. And that's just using some common sense design mechanisms. Choose where you put your building. Place it in a secure location. Ah, lot of organizations, they're they're company. If they have a high value asset that they're protecting,
they're building. May back up to a body of water
to prevent drive up access. So the idea is, consider security when you're designing your building,
okay. And, as always, senior management must be on board. Senior management isn't on board. None of this matters because they're the ones funding the physical security requirements for your building.