Handbook of Information Security Management:Physical Security

Previous Table of Contents Next


Palm Scan

The system scans 10,000 points of information from a 2-inch-square area of the human palm. With the information, the system identifies the person as an impostor or authentic. The typical price is $2,500. Performance:

  False rejection rate = 0
  False acceptance rate = 0.00025%
  Average processing time = 2-3 seconds

Hand Geometry

This device uses three-dimensional hand geometry measurements to provide identification. The typical price is $2,150. Performance:

  False rejection rate = 0.1%
  False acceptance rate = 0.1%
  Average processing time = 2 to 3 seconds

Facial Recognition

Using a camera mounted at the authentication place (gate, monitor, etc.) the device compares the image of the person seeking entry with the stored image of the authorized user indexed to the system. The typical price is $2,500. Performance:

  Average processing time = 2 seconds

Voice Verification

When a person speaks a specified phrase into a microphone, this device analyzes the voice pattern and compares it against a stored data base. The price can run as high as $12,000 for 3,000 users. Performance:

  False rejection rate = 8.2%
  False acceptance rate = 0.4%
  Average processing time = 2 to 3 seconds (response time is calculated after the password or phrase is actually spoken into the voice verification system).

TESTING

Security systems, passwords, locks, token cards, biometrics, and other authentication devices are expected to function accurately from the moment they are installed, but it is the management and testing that makes them work. There is little point in installing an elaborate access control system for the computer room if the employees routinely use the emergency fire exits. Employees must be trained in the proper use of physical security systems. Access logs must be monitored and reconciled in a timely manner.

Training and awareness demands time, money, and personnel, but it is essential for organizations to meet the challenges brought about by increased competition and reduced resources. There must be a partnership between the technology and the employees. Exhibit on spending at least as much time and resources on training employees on how to use the technology as on procuring and installing it. Employees must understand why the control mechanisms were selected and what their roles are in the security process.

SUMMARY

Companies where employees hold open the door for others to walk through may need to review their level of security awareness. The first step in implementing a physical security program is determining the level of need and the current level of awareness. To implement a cost-effective security program (1) analyze the problems, (2) design or procure controls, (3) implement those controls, (4) test and exercise those controls, and (5) monitor the controls. Implement only controls needed to meet the current needs, but make sure that additional control can be added later if required. Physical security is an organization’s first line of defense against theft, sabotage, and natural disasters.

Recommended Readings

Russell, D. and Gangemi, G.T., Computer Security Basics, O’ Reilly & Associates, Inc., Sebastopol, CA, 1991.

Jackson, K. and Hruska, J., Computer Security Reference Book, CRC Press, Inc., Boca Raton, FL, 1992.

Ashborn, J., “Baubles, Bangles and Biometrics,” Association for Biometrics (1995).

Davies, S. G., “Touching Big Brother: How biometric technology will fuse flesh and machine,” Information Technology & People, Vol. 7, No. 4, 1994.

Lawrence, S. et al., “Face Recognition: A hybrid neural network approach,” Technical Report UMIACS-TR-96 and CS-TR-3608, Institute for Advanced Computer Studies, University of Maryland, College Park, MD, 1996.


Previous Table of Contents Next


-->
The CISSP Open Study Guide Web Site

We are proud to bring to all of our members a legal copy of this outstanding book. Of course this version is getting a bit old and may not contain all of the info that the latest version are covering, however it is one of the best tool you have to review the basics of security. Investing in the latest version would help you out in your studies and also show your appreciation to Auerbach for letting me use their book on the site.