security

Physical and Perimters test cases

September 21, 2009

Perimeter Review

This is a method of testing the physical security of an organization and its assets by reviewing is its physical perimeter security measures.

Expected Results:

1        Map of physical perimeter

2        Types of physical protective measures

3        List of unprotected / weakly protected areas

Tasks to perform for a thorough Perimiter review:

  • Map physical perimeter
  • Map physical protective measures (fences, gates, lights, etc)
  • Map physical access routes / methods
  • Map unmonitored areas

Monitoring Review

This is a method of discovering monitored access points to an organization and its assets through discovery of guard and electronic monitoring.

Expected Results:

1        List of monitored access points

2        Types of monitoring

3        List of unmonitored standard and privileged access points

4        List of alarm triggers

Tasks to perform for a thorough Monitoring review:

  • Enumerate monitoring devices
  • Map guarded locations and routes traveled
  • Map unmonitored areas to monitored areas
  • Test monitoring devices for limitations and weaknesses
  • Test monitoring devices for denial of service attacks

Access Control Testing

This is a method of testing access privileges to an organization and its assets through physical access points.

Expected Results:

1        List of physical access points

2        Types of authentication

3        Types of alarm systems

4        List of alarm triggers

Tasks to perform for a thorough Access Controls test::

  • Enumerate access control areas
  • Examine access control devices and types
  • Examine alarm types
  • Determine the level of complexity in an access control device
  • Determine the level of privacy in an access control device
  • Test access control devices for vulnerabilites and weakneses
  • Test access control devices against Denial of Service

Alarm Response Review

This is a method of discovering alarm procedure and equipment in an organization through discovery of guard and electronic monitoring.

Expected Results:

1        List of alarm types

2        List of alarm triggers

3        Map of alarm procedure

4        List of persons involved in alarm procedure

5        List of containment measures and safety precautions triggered by

6        Alarm

Tasks to perform for a thorough Alarm Response review:

  • Enumerate alarm devices
  • Map alarm trigger procedures
  • Map alarm activated security reflexes
  • Discover persons involved in an alarm procedure
  • Test alarm escalation
  • Test alarm enablement and disablement
  • Test alarm devices for limitations and weaknesses
  • Test alarm devices for denial of service attacks
  • Test alarm procedures for Denial of Service attacks

Location Review

This is a method of gaining access to an organization or its assets through weaknesses in its location and protection from outside elements.

Expected Results:

1        Map of physical locations of assets

2        List of physical location access points

3        List of vulnerable access points in location

4        List of external 3rd parties accessing locations

Tasks to perform for a thorough Location review:

  • Enumerate visible areas into the organization (line of sight)
  • Enumerate audible areas into the organization (laser or electronic ear)
  • Test location areas for vulnerabilities and weaknesses to supply delivery
  • List supply delivery persons and organizations
  • List cleaning staff and organizations
  • List hours and days in delivery cycles
  • List hours and days in visitor cycles

Environment Review

This is a method of gaining access to or harming an organization or its assets through weaknesses in its environment.

Expected Results:

1        Map of physical locations of assets

2        List of vulnerable locations

3        List of local laws, customs, and ethics

4        List of operational laws, customs, and ethics

Tasks to perform for a thorough Environment review:

  • Examine natural disaster conditions for the region
  • Examine political environmental conditions
  • Examine back-up and recovery procedures
  • Identify weaknesses and vulnerabilities in back-up and recovery procedures
  • Identify Denial of Service attacks in back-up and recovery procedures
  • Examine physical and electronic handicaps in various weather patterns
  • Compare operational procedures with regional laws, customs, and ethics

https://www.bestitdocuments.com/Samples/