A computer processing top-secret data is an air-gapped one that is disconnected and isolated from networks to avoid attacks. Which of the following is the least effective physical control in terms of the control objectives?
A. Faraday cage
B. White noise
C. Access control policy
D. Security guards
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is D. Security guards.
A control objective is a “statement describing what is to be achieved as a result of implementing controls.” (ISO 27000:2018) Control objectives direct the planning, implementation, and evaluation of security controls. They provide specific targets for auditors to evaluate the effectiveness of security controls.
This question doesn’t explicitly present the control objective but implicitly suggests the air-gapped computer is subject to the emission of electromagnetic radiation. As a result, this question assumes the control objective is to prevent electromagnetic radiation from emission.
- “Security guard” is physical control, but it is ineffective in terms of electromagnetic radiation.
- Faraday cage and white noise are ideal physical controls to achieve the control objectives.
- Access control policy, in the world of CISSP, is administrative control.
* White noise – broadcasting false traffic at all times to mask and hide the presence of real emanations.
* Faraday cage – a box, mobile room, or entire building designed with an external metal skin, often a wire mesh that fully surrounds an area on all sides (in other words, front, back, left, right, top, and bottom). This metal skin acts as an EMI absorbing capacitor
* Control zone – the implementation of either a Faraday cage or white noise generation or both to protect a specific area in an environment
- Tempest (codename)
- An Introduction to TEMPEST
- Air-gap malware
- TEMPEST HDMI demo
- voting computer tempest attack
- Faraday cage
- How safe is your air-gapped PC?
- A Look at the Threats to Air-Gapped Systems
- How Secure Are Air Gapped Computers
- Attacking Air-Gap-Segregated Computers
- White noise
A BLUEPRINT FOR YOUR SUCCESS IN CISSP
My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.
- It is available on Amazon.
- Readers from countries or regions not supported by Amazon can get your copy from the author’s web site.
處理最高機密數據的計算機已斷開連接並與網絡隔離，以避免受到攻擊。 就控制目標(control objectives)而言，以下哪項是最無效的物理控制？
A. 法拉第籠 (Faraday cage)
B. 白噪音 (White noise)