Physical Security Assessment (SPED),
Physical Security Certification (PSC),
DCSA SPeD Physical Security
Certification (PSC)
What are some techniques used in performing a security survey? (6) - Answer: Observing,
Questioning,
Analyzing,
Verifying,
Investigating,
Evaluating.
What is the requirements document? - Answer: A major result of the planning phase, the requirements
document identifies the main reasons for implementing new measures or upgrading older systems.
What is the purpose of a security survey? - Answer: Determine and document the current security
posture,
Identify deficiencies and excesses in existing security measures,
Compare the current posture with a determination of the appropriate level of security,
Recommend improvements in the overall situation.
What are three common approaches to a physical security assessment? - Answer: Outside-Inward
approach,
Inside-Outward approach,
Functional approach.
Which approach to physical security assessment occurs when an assessment team takes the role of
perpetrator and begins outside the facility focusing on the successive layers of security? - Answer:
Outside-Inward approach.
,Which approach to physical security assessment occurs when an assessment team takes the role of
defender and works its way from the asset out toward the outer perimeter? - Answer: Inside-Outward
approach.
Which approach to physical security assessment occurs when an assessment team evaluates security
functions and disciplines and collates the findings? - Answer: Functional (Security Discipline) approach.
What are five criteria of a good security survey report? - Answer: Accuracy,
Clarity,
Conciseness,
Timeliness,
Slant or pitch.
What are the objectives of physical access control? (6) - Answer: Deter potential intruders,
Distinguish authorized from unauthorized people,
Delay and prevent intrusion attempts,
Detect intrusions and monitor intruders,
Trigger appropriate incident response by communicating to security officers and police,
Deny by opposing or negating the effects of an overt or covert actions.
What is an asset? - Answer: Anything of tangible or intangible value (people, property, information) to
the organization.
What is risk analysis? - Answer: A process for identifying asset values, and vulnerabilities to ascertain
risks.
How is an asset's critically determined? - Answer: An asset's criticality is based on the mission and goals
of the organization and how the company would recover in the event that the asset is no longer
available.
What are the three steps to identifying a company's assets? - Answer: Define and understand the
company's primary business functions and processes,
,Identify site and building infrastructure and systems,
Identify the company's critical tangible and intangible assets.
What two types of costs should be considered when valuing an asset? - Answer: Direct costs and indirect
costs.
What are some factors to consider in valuing assets? - Answer: Injuries or deaths related to facility
damage,
Asset replacement costs,
Revenue loss due to lost functions,
Availability of backups and system redundancy,
Availability of replacements,
Critical support agreements in place,
Critical or sensitive information value,
Impact on revenue and reputation.
When determining asset values, what are some direct costs? - Answer: Financial losses (including value
of goods lost),
Increased insurance premiums,
Insurance deductibles,
Lost business,
Labor expenses incurred as a result of the event,
Management time dealing with the event,
Punitive damage awards not covered by insurance.
When determine asset values, what are some indirect costs? - Answer: Negative media coverage,
Long-Term negative consumer perception,
Public relations cost to overcome image problems,
Lack of insurance coverage due to higher risk category,
Higher wages needed to attract future employees,
, Shareholder suits for mismanagement,
Poor employee morale leading to work stoppages and higher turnover.
What is the first step in creating an asset protection program? - Answer: Identifying the business's
assets.
What are two types of assets? - Answer: Tangible and intangible.
What are two ways assets can be valued? - Answer: Assign a relative value, such as a number from 1
(low) to 5 (high),
based on priority.
Apply a cost-of-loss formula.
What is the cost-of-loss formula to calculate an asset value? - Answer: K= Cp+Ct+Cr+Ci - I
K= total cost of loss
Cp= Cost of permanent replacement
Ct= Cost of temporary substitute
Cr= Total related costs (remove old asset, install new etc.)
Ci= Lost income cost
I= available insurance or indemnity
What are the two types of adversaries? - Answer: An adversary who uses intrusion to gain access to the
target asset and an adversary who plans to attack the site from outside without gaining entrance.
What are two common physical security compliance metrics in the public sector? - Answer: Compliance
of facilities and compliance of systems.
What are two objectives of collecting physical security program metrics? - Answer: To provide assurance
to the organization on the effectiveness of the program and to facilitate improvement.
Physical Security Certification (PSC),
DCSA SPeD Physical Security
Certification (PSC)
What are some techniques used in performing a security survey? (6) - Answer: Observing,
Questioning,
Analyzing,
Verifying,
Investigating,
Evaluating.
What is the requirements document? - Answer: A major result of the planning phase, the requirements
document identifies the main reasons for implementing new measures or upgrading older systems.
What is the purpose of a security survey? - Answer: Determine and document the current security
posture,
Identify deficiencies and excesses in existing security measures,
Compare the current posture with a determination of the appropriate level of security,
Recommend improvements in the overall situation.
What are three common approaches to a physical security assessment? - Answer: Outside-Inward
approach,
Inside-Outward approach,
Functional approach.
Which approach to physical security assessment occurs when an assessment team takes the role of
perpetrator and begins outside the facility focusing on the successive layers of security? - Answer:
Outside-Inward approach.
,Which approach to physical security assessment occurs when an assessment team takes the role of
defender and works its way from the asset out toward the outer perimeter? - Answer: Inside-Outward
approach.
Which approach to physical security assessment occurs when an assessment team evaluates security
functions and disciplines and collates the findings? - Answer: Functional (Security Discipline) approach.
What are five criteria of a good security survey report? - Answer: Accuracy,
Clarity,
Conciseness,
Timeliness,
Slant or pitch.
What are the objectives of physical access control? (6) - Answer: Deter potential intruders,
Distinguish authorized from unauthorized people,
Delay and prevent intrusion attempts,
Detect intrusions and monitor intruders,
Trigger appropriate incident response by communicating to security officers and police,
Deny by opposing or negating the effects of an overt or covert actions.
What is an asset? - Answer: Anything of tangible or intangible value (people, property, information) to
the organization.
What is risk analysis? - Answer: A process for identifying asset values, and vulnerabilities to ascertain
risks.
How is an asset's critically determined? - Answer: An asset's criticality is based on the mission and goals
of the organization and how the company would recover in the event that the asset is no longer
available.
What are the three steps to identifying a company's assets? - Answer: Define and understand the
company's primary business functions and processes,
,Identify site and building infrastructure and systems,
Identify the company's critical tangible and intangible assets.
What two types of costs should be considered when valuing an asset? - Answer: Direct costs and indirect
costs.
What are some factors to consider in valuing assets? - Answer: Injuries or deaths related to facility
damage,
Asset replacement costs,
Revenue loss due to lost functions,
Availability of backups and system redundancy,
Availability of replacements,
Critical support agreements in place,
Critical or sensitive information value,
Impact on revenue and reputation.
When determining asset values, what are some direct costs? - Answer: Financial losses (including value
of goods lost),
Increased insurance premiums,
Insurance deductibles,
Lost business,
Labor expenses incurred as a result of the event,
Management time dealing with the event,
Punitive damage awards not covered by insurance.
When determine asset values, what are some indirect costs? - Answer: Negative media coverage,
Long-Term negative consumer perception,
Public relations cost to overcome image problems,
Lack of insurance coverage due to higher risk category,
Higher wages needed to attract future employees,
, Shareholder suits for mismanagement,
Poor employee morale leading to work stoppages and higher turnover.
What is the first step in creating an asset protection program? - Answer: Identifying the business's
assets.
What are two types of assets? - Answer: Tangible and intangible.
What are two ways assets can be valued? - Answer: Assign a relative value, such as a number from 1
(low) to 5 (high),
based on priority.
Apply a cost-of-loss formula.
What is the cost-of-loss formula to calculate an asset value? - Answer: K= Cp+Ct+Cr+Ci - I
K= total cost of loss
Cp= Cost of permanent replacement
Ct= Cost of temporary substitute
Cr= Total related costs (remove old asset, install new etc.)
Ci= Lost income cost
I= available insurance or indemnity
What are the two types of adversaries? - Answer: An adversary who uses intrusion to gain access to the
target asset and an adversary who plans to attack the site from outside without gaining entrance.
What are two common physical security compliance metrics in the public sector? - Answer: Compliance
of facilities and compliance of systems.
What are two objectives of collecting physical security program metrics? - Answer: To provide assurance
to the organization on the effectiveness of the program and to facilitate improvement.
