WEBVTT

00:00:00.940 --> 00:00:04.220
We'll continue looking at Access Controls Concepts for the

00:00:04.220 --> 00:00:08.640
Certified in Cybersecurity course with a more in‑depth look

00:00:08.640 --> 00:00:11.050
at physical access controls.

00:00:12.230 --> 00:00:16.070
This is one of the three modules of this course,

00:00:16.490 --> 00:00:20.260
the idea being that we looked at the concepts or theory.

00:00:20.860 --> 00:00:24.240
Now we want to look at how we implement those in a

00:00:24.240 --> 00:00:27.350
physical access control world. And later,

00:00:27.350 --> 00:00:29.800
we'll look at how we implement them in a logical or

00:00:29.800 --> 00:00:32.570
technical access control environment as well.

00:00:33.670 --> 00:00:36.670
We identify the various physical threats,

00:00:36.850 --> 00:00:41.930
natural events, for example, crime, competitors.

00:00:42.270 --> 00:00:45.950
Yeah, a competitor may want to steal our best employees,

00:00:46.340 --> 00:00:50.690
they may try to monopolize the supply chain so we

00:00:50.690 --> 00:00:52.680
can't get the raw materials we need.

00:00:53.010 --> 00:00:59.260
We've even had cases where they purchased land so that we had a limited

00:00:59.260 --> 00:01:02.350
supply of water available for our systems to run.

00:01:03.150 --> 00:01:05.840
We also have the problem of a geopolitical event,

00:01:05.840 --> 00:01:09.840
some things like wars, insurrection, unrest,

00:01:09.840 --> 00:01:10.680
for example.

00:01:12.510 --> 00:01:17.860
It's important that we set up the correct support for our IT systems

00:01:17.860 --> 00:01:21.220
to operate in our data centers and server rooms.

00:01:21.760 --> 00:01:24.180
That means we put in systems such as heating,

00:01:24.180 --> 00:01:29.340
ventilation, air conditioning, we put in power support systems and lighting.

00:01:30.260 --> 00:01:32.740
In the case of heating, ventilation, air conditioning,

00:01:32.740 --> 00:01:36.090
we try to control the temperature to a temperature that

00:01:36.090 --> 00:01:38.500
is good for the systems to run at.

00:01:38.990 --> 00:01:40.430
Now this varies a lot.

00:01:40.750 --> 00:01:45.310
It used to be that the temperatures were a lot lower than they are today.

00:01:45.850 --> 00:01:50.030
We spend a lot of money trying to cool a data center.

00:01:50.030 --> 00:01:52.850
So, a lot of our equipment now will actually run

00:01:52.850 --> 00:01:54.720
quite a bit hotter than it used to.

00:01:55.280 --> 00:01:58.390
We used to have very strict controls over humidity

00:01:58.390 --> 00:02:01.550
between 40 and 60% relative humidity,

00:02:01.980 --> 00:02:06.950
but we see some data centers today going 20 to 80% relative humidity.

00:02:07.800 --> 00:02:09.169
When it comes to power,

00:02:09.560 --> 00:02:14.090
we want to ensure we have clean and steady power for our systems to run.

00:02:14.440 --> 00:02:18.650
Maybe that means we have a UPS, or uninterruptible power supply,

00:02:19.020 --> 00:02:21.000
and if the power goes out,

00:02:21.010 --> 00:02:25.860
we have a generator that can kick in and start to provide the power we need.

00:02:26.800 --> 00:02:28.270
When it comes to lighting,

00:02:28.600 --> 00:02:32.620
it's good for our systems to be well lit in the way of

00:02:32.620 --> 00:02:36.360
providing more safety for our personnel,

00:02:36.360 --> 00:02:37.260
for example,

00:02:37.260 --> 00:02:42.320
and hopefully less of a hazard of a person tripping or whatever, as well.

00:02:42.770 --> 00:02:49.080
Physical security is very much based on concepts such as layered defense.

00:02:49.080 --> 00:02:53.960
A layered defense, sometimes known as defense in depth,

00:02:54.360 --> 00:02:58.080
means I'm not going to rely on just a single control to

00:02:58.080 --> 00:03:00.820
protect something that is an important asset.

00:03:02.310 --> 00:03:08.510
So we have controls arranged in a sequence or in a series such as we could

00:03:08.510 --> 00:03:12.000
have at the outside perimeter of our facility a fence,

00:03:12.620 --> 00:03:16.370
then into the building, a door, behind the door,

00:03:16.380 --> 00:03:20.030
a security guard, into a secure work area,

00:03:20.040 --> 00:03:25.580
another type of biometric lock, for example. Within the work area,

00:03:25.590 --> 00:03:26.720
locked cabinets.

00:03:27.130 --> 00:03:28.300
What does this do?

00:03:28.300 --> 00:03:32.240
This means that the data we have in that locked cabinet would

00:03:32.240 --> 00:03:36.330
only be accessible to a person who would actually manage to get

00:03:36.330 --> 00:03:40.320
past all five of these actual controls.

00:03:41.700 --> 00:03:44.160
So the idea of layered defense is important.

00:03:44.160 --> 00:03:44.610
Why?

00:03:45.230 --> 00:03:49.950
Because physical security vulnerabilities can be more serious

00:03:49.950 --> 00:03:52.760
than any other security control vulnerability.

00:03:54.150 --> 00:03:58.590
The idea is that I could have long passwords and I could have,

00:03:58.590 --> 00:04:02.300
for example, a lot of technical controls,

00:04:02.720 --> 00:04:06.460
but if my building was just wiped out in a flood,

00:04:06.990 --> 00:04:09.640
then it doesn't matter if I had, for example,

00:04:09.640 --> 00:04:11.000
redundant equipment.