Security + Computer System Security

Name: Shaamim Ahmed

DCOM 258 E31

Chapter 16: Policies, Procedures, & People

Part # 1

Define the following Key Terms (12 points)

1. Fire Suppression
The process of controlling and/or extinguishing fires to protect people and an
organizations data and equipment.
(Prowse 467)
2. Wet Pipe Sprinkler System
"wet pipe sprinkler system Consists of a pressurized water supply system that can
deliver a
high quantity of water to an entire building via a piping distribution system."
(Page 479)
3. Pre-action Sprinkler System
Pre-action sprinkler system Similar to a dry pipe system, but there are requirements for
it to be set off such as heat or smoke."
(Page 473)
4. Special Hazard Protection System
Special hazard protection system is a clean agent sprinkler system such as FM-200 used
in server rooms."
(Page 476)
5. Supervisory Control and Data Acquisition (SCADA)
Supervisory control and data acquisition (SCADA) System of hardware and software
that controls and monitors industrial systems such as HVAC."
(Page 477)
6. Pretexting
When a person invents a scenario, or pretext, in the hope of persuading a victim to
divulge information.
(Page 413)
7. Diversion Theft
When a thief attempts to take responsibility for a shipment by diverting the delivery to a
nearby location.
(Page 413)
8. Spear Phishing

Security + Computer System Security

Name: Shaamim Ahmed

DCOM 258 E31

9. Whaling
10. Vishing
11. Hoax
The attempt at deceiving people into believing something that is false.
(Page 413)
12. Shoulder Surfing
When a person uses direct observation to find out a targets password, PIN, or other such
authentication information.
(Page 413)
13. Eavesdropping
When a person uses direct observation to listen in to a conversation. This could be a
person hiding around the corner or a person tapping into a phone conversation.
(Page 413)
14. Dumpster Diving
When a person literally scavenges for private information in garbage and recycling
containers.
(Page 413)
15. Baiting
When a malicious individual leaves malware-infected removable media such as a USB
drive or optical disc lying around in plain view in the hopes that unknowing people will
bring it back to their computer and access it.
(Page 413)
16. Tailgating
When an unauthorized person tags along with an authorized person to gain entry to a
restricted area.
(Page 413)
17. Mantrap
Mantrap is an area between two doorways, meant to hold people until they are identified
and authenticated.
(Page 470)
18. Change Management

Security + Computer System Security

Name: Shaamim Ahmed

DCOM 258 E31

Change management is a structured way of changing the state of a computer system,

network, or IT procedure.
(Page 464)
19. Onboarding
Onboarding, when a new employee is added to an organization, and to its identity and
access management system.
(Page 471)
20. Offboarding
Offboarding is the converse, and correlates to procedurally removing an employee from a
federated identity management system, restricting rights and permissions, and possibly
debriefing the person. This happens when a person changes roles within an organization,
or departs the organization altogether.
(Page 419)
21. Due Diligence
Due diligence Ensuring that IT infrastructure risks are known and managed.
(Page 466)
22. Due Care
Due care is the mitigation action that an organization takes to defend against the risks that
have been uncovered during due diligence."
(Page 466)
23. Due Process
Due process, the principle that an organization must respect and safeguard personnels
rights.
(Page 466)
Part # 2 Short Answers (8 points)
1. Discuss the following concepts: (3)
A.
Fire Class A
B.
Fire Class B
C.
Fire Class C
D.
Fire Class D
E.
Fire Class K
Fire Class A: Denoted by a green triangle, this class defines use for ordinary fires consuming
solid combustibles such as wood. Think A for ash to help remember this type. Water-based
extinguishers are suitable for Class A fires only and should not be used in a server room.

Security + Computer System Security

Name: Shaamim Ahmed

DCOM 258 E31

Fire Class B: Represented by a red square, this type defines use for flammable liquid and gas
fires. I like to remember this by associating B with butane because butane is a highly
flammable gas.
Fire Class C: Indicated with a blue circle, this type defines use for electrical firesfor example,
when an outlet is overloaded. Think C for copper as in copper electrical wiring to aid in
memorizing this type. If a fire occurs in a server room, and you dont have a special hazard system (not wise), the multipurpose BC extinguisher (CO2) is the best handheld extinguisher to use.
Electrical fires are the most likely type of fire in a server room.
Fire Class D: Designated with a yellow decagon, this type defines use for combustible metal fires
such as magnesium, titanium, and lithium. A Class D extinguisher is effective in case a lap- tops
batteries spontaneously ignite. Chemical laboratories and PC repair labs should definitely have
one of these available. Metal fires can easily and quickly spread to become ordinary fires. These
fire extinguishers are usually yellow; it is one of only a couple that deviate from the stan- dard
red color. Also, this is the only other exception when it comes to the use of extinguishers in a
critical area of your organization. Because of those two reasons, I like to remember it by
associating D with deviate.
Fire Class K: Symbolized as a black hexagon, this type is for cooking oil fires. This is one type
of extinguisher that should be in any kitchen. This is important if your organization has a
cafeteria with cooking equipment. Think K for kitchen when remembering this type.
(Page 405)
2. List and discuss two aisle concepts.
In its simplest form, hot aisle/cold aisle data center design involves lining up server racks
in alternating rows with cold air intakes facing one way and hot air exhausts facing the
other. The rows composed of rack fronts are called cold aisles. Typically, cold aisles face
air conditioner output ducts. The rows the heated exhausts pour into are called hot aisles.
Typically, hot aisles face air conditioner return ducts.
A containment system can be used to isolate hot aisles and cold aisles from each other
and prevent hot and cold air from mixing. Containment systems started out as physical
barriers that simply separated the hot and cold aisles with vinyl plastic sheeting or
Plexiglas covers. Today, vendors offer plenums and other commercial options that
combine containment with variable fan drives (VFDs) to prevent cold air and hot air from
mixing.
Best practices for hot aisle/cold aisle containment include:
I.
Raising the floor 1.5 feet so that air being pushed by air conditioning equipment
can pass through.
II.
Deploying high cubic feet per minute (CFM) rack grills that have outputs in the
range of 600 CFM.
III.
Locating devices with side or top exhausts in their own part of the datacenter.
IV. Installing automatic doors in the data center.

Security + Computer System Security

Name: Shaamim Ahmed

DCOM 258 E31

3. List and discuss three shielding types and their application.

Shielded twisted-pair (STP) cable: By using STP cable, you employ a shield
around the wires inside the cable, reducing the levels of interference on the cable
segment. This can help with computers suffering from intermittent data loss.

HVAC shielding: By installing a shield around air conditioners and other similar
equipment, you end up shielding them, and thereby keep EMI generated by that
equipment inside the shield.

Faraday cage: There are several types of Faraday cages. Screened cables such as
coaxial cables for TV are basic examples. Booster bags lined with aluminum foil
would be another example. But the term Faraday cage is usually applied to an
entire room. If an entire room is shielded, electromagnetic energy cannot pass
through the walls in either direction. So, if a person attempts to use a cell phone
inside the cage, it will not function properly, because the signal cannot go beyond
the cage walls; the cell phone cannot acquire a signal from a cell phone tower.
More important, devices such as cell phones, motors, and wireless access points
that create electromagnetic fields and are outside the cage cannot disrupt
electromagnetic-sensitive devices that reside inside the cage.

4. Discuss the following concepts: (3)

a. Shoulder Surfing
When a person uses direct observation to find out a targets password, PIN, or
other such authentication information.
b. Eavesdropping
When a person uses direct observation to listen in to a conversation. This could
be a person hiding around the corner or a person tapping into a phone
conversation.
c. Dumpster Diving
When a malicious individual leaves malware-infected removable media such as a
USB drive or optical disc lying around in plain view in the hopes that unknowing
people will bring it back to their computer and access it.

d. Baiting
When a person literally scavenges for private information in garbage and
recycling containers.

Security + Computer System Security

Name: Shaamim Ahmed

DCOM 258 E31

e. Piggybacking
When an unauthorized person tags along with an authorized person to gain entry
to a restricted area.
f. Tailgating
When an unauthorized person tags along with an authorized person to gain entry
to a restricted area.
g. Mantrap
Mantrap is an area between two doorways, meant to hold people until they are
identified and authenticated.
5. Discuss the following concepts: (3)
A.
Service-level Agreement (SLA)
Service-level agreement (SLA) is a part of a service contract where the level of
service is formally defined."
B.

Blanket Purchase Agreement (BPA)

Blanket purchase agreement (BPA) is a service-level agreement (SLA) that is
reoccurring.

C.

Memorandum of Understanding (MoU)

Memorandum of understanding (MoU) is a letter of intent between two entities
(such as government agencies) concerning SLAs and BPAs.