[CCCure CISSP] physical security

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[CCCure CISSP] physical security

Anantha Srinivasan
Physical security is pertinent even if the application is hosted on the cloud. It is just that the onus for such security is passed on to the cloud provider.
In fact it is even more important to ask these questions of a cloud provider -in order to ensure that the level of protection they provide is satisfactory to what the application owner is willing to accept. although a data center is likely to have better than average security controls in place.

thanks,
Anantha.

On Thu, Jan 10, 2013 at 10:13 PM, <[hidden email]> wrote:
Send CISSPstudy mailing list submissions to
        [hidden email]

To subscribe or unsubscribe via the World Wide Web, visit
        http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
or, via email, send a message with subject or body 'help' to
        [hidden email]

You can reach the person managing the list at
        [hidden email]

When replying, please edit your Subject line so it is more specific
than "Re: Contents of CISSPstudy digest..."


Today's Topics:

   1. CPE - self-study (chi badiola)
   2. Re: physical security (Doug Spindler)
   3. Re: physical security (Doug Spindler)


----------------------------------------------------------------------

Message: 1
Date: Fri, 11 Jan 2013 01:02:58 +0800 (SGT)
From: chi badiola <[hidden email]>
To: [hidden email]
Subject: [CCCure CISSP] CPE - self-study
Message-ID:
        <[hidden email]>
Content-Type: text/plain; charset="iso-8859-1"

Hi,
?
I passed a non-ISC2 certification.??It says in
https://www.isc2.org/uploadedFiles/(ISC)2_Member_Content/CPEs/cpe_guidelines.pdf? that I can earn 1 CPE per hour for self-study.? I?don't remember?how many hours I spent in studying. How to prove it? What is the maximum number of hours that can be claimed in self-study?
?
Thanks in advance.
?
Regards,
Chi?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cccure.org/mailman/private/cisspstudy_cccure.org/attachments/20130111/603f6a40/attachment.html>

------------------------------

Message: 2
Date: Thu, 10 Jan 2013 19:04:00 -0800
From: Doug Spindler <[hidden email]>
To: "[hidden email]" <[hidden email]>,        The CISSP
        Study Mailing list <[hidden email]>
Subject: Re: [CCCure CISSP] physical security
Message-ID: <[hidden email]>
Content-Type: text/plain; charset="utf-8"

Jim,
What about when your data is stored in the cloud?   It's not your facilities.

Whole drive and whole volume encryption would prevent someone from accessing your data booting with a Knoppix Live distro.






On Jan 10, 2013, at 5:53 AM, "Jim White" <[hidden email]> wrote:

> Mohamed,
>
> If an adversary gains physical access to your facilities, they are no longer ?your? facilities.
>
> All security starts with your physical perimeter. If the bad guys can get their hands on your equipment, all bets are off. Think of booting a server to a Knoppix Live distro. This is also why we keep our wiring closets locked, to deny access to Layer One bit streams and Layer Two and Three console ports, etc.
>
> The Physical and Environmental Security Domain represents one tenth of the CISSP scope and should be taken just as seriously as the other nine. There is no ?more important? part. It?s all important. J
>
> Best of luck in your preparations,
>
> Jim
>
> From: CISSPstudy [mailto:[hidden email]] On Behalf Of waleed zidan
> Sent: Thursday, January 10, 2013 3:11 AM
> To: [hidden email]
> Subject: [CCCure CISSP] physical security
>
> what about physical security , I am reading it from AIO and it is talking about strange things for IT people , in other parts we talk about standards protocol technology algorithms.....etc, but here we talk about lock types and security guard and glass and dogs :) , what do you think it is more important in this part ?
>
> --
> Eng. Mohamed Waleed Zidan
> IT  Engineer
> CCIE Security ID 36851
> CCNP, CCSP,Mitel Certified
> Mob: <a href="tel:%2B971%2055%201566719" value="+971551566719">+971 55 1566719
> Linkedin: http://www.linkedin.com/in/mzidan
> _______________________________________________
> You can find the list archive at:
> http://cissp-study.3965.n7.nabble.com/
>
> CISSPstudy mailing list
> [hidden email]
>
> To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cccure.org/mailman/private/cisspstudy_cccure.org/attachments/20130110/f4c20fbf/attachment.html>

------------------------------

Message: 3
Date: Thu, 10 Jan 2013 19:13:09 -0800
From: Doug Spindler <[hidden email]>
To: Rogelio O'Farril <[hidden email]>, The CISSP Study
        Mailinglist <[hidden email]>
Cc: The CISSP Study Mailing list <[hidden email]>
Subject: Re: [CCCure CISSP] physical security
Message-ID: <[hidden email]>
Content-Type: text/plain; charset="us-ascii"

Environmental issues can be overcome with a good dr plan such as replicating and services to the cloud in near real time.  Fire or hvac problem in the data center are no longer a problem.






On Jan 10, 2013, at 6:33 AM, Rogelio O'Farril <[hidden email]> wrote:

> Think about this for a second: an attacker on the other side of the world has to bypass firewalls, IPD, IDS and a million other things. An attacker than has physical access to a network or server has a clear advantage over the first guy. Stealing equipment, deploying rogue access points, setting Pwn Plugs (http://arstechnica.com/security/2012/07/power-strip-or-network-hacking-tool-its-both-actually/), the options are endless.
>
> Look at it from another angle: environmental issues. You spend thousands or millions protecting data but forget about fire protection or the proper HVAC system. There's a small fire and you don't have the appropriate protection in place. See where I'm going? In a nutshell, all your effort can be brought down to it's knees in a matter of minutes.
>
> Never forget that security starts at the physical level. I suggest more reading so you can understand the importance of this domain:
>
> - http://www.techrepublic.com/article/lock-it-down-dont-overlook-physical-security-on-your-network/5054057
> - http://www.sans.org/reading_room/whitepapers/physcial/implementing-robust-physical-security_1447
> - http://www.themetropreneur.com/columbus/importance-physical-security/
>
>
> From: waleed zidan <[hidden email]>
> To: [hidden email]
> Sent: Thursday, January 10, 2013 3:10 AM
> Subject: [CCCure CISSP] physical security
>
> what about physical security , I am reading it from AIO and it is talking about strange things for IT people , in other parts we talk about standards protocol technology algorithms.....etc, but here we talk about lock types and security guard and glass and dogs :) , what do you think it is more important in this part ?
>
> --
> Eng. Mohamed Waleed Zidan
> IT  Engineer
> CCIE Security ID 36851
> CCNP, CCSP,Mitel Certified
> Mob: <a href="tel:%2B971%2055%201566719" value="+971551566719">+971 55 1566719
> Linkedin: http://www.linkedin.com/in/mzidan
>
> _______________________________________________
> You can find the list archive at:
> http://cissp-study.3965.n7.nabble.com/
>
> CISSPstudy mailing list
> [hidden email]
>
> To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>
>
> _______________________________________________
> You can find the list archive at:
> http://cissp-study.3965.n7.nabble.com/
>
> CISSPstudy mailing list
> [hidden email]
>
> To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cccure.org/mailman/private/cisspstudy_cccure.org/attachments/20130110/e14b6093/attachment.html>

------------------------------

Subject: Digest Footer

_______________________________________________
You can search through the mailing list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org


------------------------------

End of CISSPstudy Digest, Vol 55, Issue 8
*****************************************


_______________________________________________
You can find the list archive at:
http://cissp-study.3965.n7.nabble.com/

CISSPstudy mailing list
[hidden email]

To UNSUBSCRIBE, SUBSCRIBE, or MANAGE your accout visit the link below:
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org