Physical Security Assessment,
PHYSICAL SECURITY-- (SPED),
Physical Security Certification (PSC),
DCSA SPeD. Physical Security
Certification (PSC)
What are some techniques used in performing a security survey? (6) -
answerObserving,
Questioning,
Analyzing,
Verifying,
Investigating,
Evaluating.
What is the requirements document? - answerA major result of the planning phase, the
requirements document identifies the main reasons for implementing new measures or
upgrading older systems.
What is the purpose of a security survey? - answerDetermine and document the current
security posture,
Identify deficiencies and excesses in existing security measures,
Compare the current posture with a determination of the appropriate level of security,
Recommend improvements in the overall situation.
What are three common approaches to a physical security assessment? -
answerOutside-Inward approach,
Inside-Outward approach,
Functional approach.
Which approach to physical security assessment occurs when an assessment team
takes the role of perpetrator and begins outside the facility focusing on the successive
layers of security? - answerOutside-Inward approach.
Which approach to physical security assessment occurs when an assessment team
takes the role of defender and works its way from the asset out toward the outer
perimeter? - answerInside-Outward approach.
,Which approach to physical security assessment occurs when an assessment team
evaluates security functions and disciplines and collates the findings? -
answerFunctional (Security Discipline) approach.
What are five criteria of a good security survey report? - answerAccuracy,
Clarity,
Conciseness,
Timeliness,
Slant or pitch.
What are the objectives of physical access control? (6) - answerDeter potential
intruders,
Distinguish authorized from unauthorized people,
Delay and prevent intrusion attempts,
Detect intrusions and monitor intruders,
Trigger appropriate incident response by communicating to security officers and police,
Deny by opposing or negating the effects of an overt or covert actions.
What is an asset? - answerAnything of tangible or intangible value (people, property,
information) to the organization.
What is risk analysis? - answerA process for identifying asset values, and vulnerabilities
to ascertain risks.
How is an asset's critically determined? - answerAn asset's criticality is based on the
mission and goals of the organization and how the company would recover in the event
that the asset is no longer available.
What are the three steps to identifying a company's assets? - answerDefine and
understand the company's primary business functions and processes,
Identify site and building infrastructure and systems,
Identify the company's critical tangible and intangible assets.
What two types of costs should be considered when valuing an asset? - answerDirect
costs and indirect costs.
What are some factors to consider in valuing assets? - answerInjuries or deaths related
to facility damage,
Asset replacement costs,
Revenue loss due to lost functions,
Availability of backups and system redundancy,
Availability of replacements,
Critical support agreements in place,
Critical or sensitive information value,
Impact on revenue and reputation.
,When determining asset values, what are some direct costs? - answerFinancial losses
(including value of goods lost),
Increased insurance premiums,
Insurance deductibles,
Lost business,
Labor expenses incurred as a result of the event,
Management time dealing with the event,
Punitive damage awards not covered by insurance.
When determine asset values, what are some indirect costs? - answerNegative media
coverage,
Long-Term negative consumer perception,
Public relations cost to overcome image problems,
Lack of insurance coverage due to higher risk category,
Higher wages needed to attract future employees,
Shareholder suits for mismanagement,
Poor employee morale leading to work stoppages and higher turnover.
What is the first step in creating an asset protection program? - answerIdentifying the
business's assets.
What are two types of assets? - answerTangible and intangible.
What are two ways assets can be valued? - answerAssign a relative value, such as a
number from 1 (low) to 5 (high),
based on priority.
Apply a cost-of-loss formula.
What is the cost-of-loss formula to calculate an asset value? - answerK= Cp+Ct+Cr+Ci -
I
K= total cost of loss
Cp= Cost of permanent replacement
Ct= Cost of temporary substitute
Cr= Total related costs (remove old asset, install new etc.)
Ci= Lost income cost
I= available insurance or indemnity
What are the two types of adversaries? - answerAn adversary who uses intrusion to
gain access to the target asset and an adversary who plans to attack the site from
outside without gaining entrance.
What are two common physical security compliance metrics in the public sector? -
answerCompliance of facilities and compliance of systems.
, What are two objectives of collecting physical security program metrics? - answerTo
provide assurance to the organization on the effectiveness of the program and to
facilitate improvement.
What is the commonly used to provide management with a snapshot of the
effectiveness and efficiency of a physical security program? - answerMetrics summary
chart.
What is the purpose of a business impact analysis (BIA)? - answerTo assess and
prioritize organizational activities and the resources required to deliver products and
services.
What is the purpose of a business continuity management system (BCMS)? - answerTo
enable an organization to identify, develop, and implement policies, objectives,
capabilities, processes, and programs - taking into account legal and other
requirements - to address disruptive events that might impact the organization and its
stakeholders.
What is considered the foundation for establishing business continuity objectives,
targets, programs, and plans? - answerThe business impact analysis (BIA) and risk
assessment.
What are the three generic and interrelated management response steps that require
preemptive planning and implementation in case of a disruptive incident? -
answerEmergency Response,
Continuity,
Recovery.
What group of individuals are responsible for developing and implementing a
comprehensive plan for responding to a disruptive incident? - answerThe crisis
management team (CMT). It consists of a core group of decision makers trained in
incident management and prepared to respond to an event.
What is the term for activities, programs, and systems developed and implemented prior
to an incident that may be used to support and enhance mitigation of, response to, and
recovery from disruptions? - answerPreparedness (readiness).
What is a threat? - answerAn action or event that could result in a loss or an indication
that such an action or event might take place.
What is a loss event profile? - answerA list of the kinds of threats affecting the assets to
be safeguarded.
What is a hazard? - answerA source of potential danger or adverse condition. Hazards
are generally associated with nature.
PHYSICAL SECURITY-- (SPED),
Physical Security Certification (PSC),
DCSA SPeD. Physical Security
Certification (PSC)
What are some techniques used in performing a security survey? (6) -
answerObserving,
Questioning,
Analyzing,
Verifying,
Investigating,
Evaluating.
What is the requirements document? - answerA major result of the planning phase, the
requirements document identifies the main reasons for implementing new measures or
upgrading older systems.
What is the purpose of a security survey? - answerDetermine and document the current
security posture,
Identify deficiencies and excesses in existing security measures,
Compare the current posture with a determination of the appropriate level of security,
Recommend improvements in the overall situation.
What are three common approaches to a physical security assessment? -
answerOutside-Inward approach,
Inside-Outward approach,
Functional approach.
Which approach to physical security assessment occurs when an assessment team
takes the role of perpetrator and begins outside the facility focusing on the successive
layers of security? - answerOutside-Inward approach.
Which approach to physical security assessment occurs when an assessment team
takes the role of defender and works its way from the asset out toward the outer
perimeter? - answerInside-Outward approach.
,Which approach to physical security assessment occurs when an assessment team
evaluates security functions and disciplines and collates the findings? -
answerFunctional (Security Discipline) approach.
What are five criteria of a good security survey report? - answerAccuracy,
Clarity,
Conciseness,
Timeliness,
Slant or pitch.
What are the objectives of physical access control? (6) - answerDeter potential
intruders,
Distinguish authorized from unauthorized people,
Delay and prevent intrusion attempts,
Detect intrusions and monitor intruders,
Trigger appropriate incident response by communicating to security officers and police,
Deny by opposing or negating the effects of an overt or covert actions.
What is an asset? - answerAnything of tangible or intangible value (people, property,
information) to the organization.
What is risk analysis? - answerA process for identifying asset values, and vulnerabilities
to ascertain risks.
How is an asset's critically determined? - answerAn asset's criticality is based on the
mission and goals of the organization and how the company would recover in the event
that the asset is no longer available.
What are the three steps to identifying a company's assets? - answerDefine and
understand the company's primary business functions and processes,
Identify site and building infrastructure and systems,
Identify the company's critical tangible and intangible assets.
What two types of costs should be considered when valuing an asset? - answerDirect
costs and indirect costs.
What are some factors to consider in valuing assets? - answerInjuries or deaths related
to facility damage,
Asset replacement costs,
Revenue loss due to lost functions,
Availability of backups and system redundancy,
Availability of replacements,
Critical support agreements in place,
Critical or sensitive information value,
Impact on revenue and reputation.
,When determining asset values, what are some direct costs? - answerFinancial losses
(including value of goods lost),
Increased insurance premiums,
Insurance deductibles,
Lost business,
Labor expenses incurred as a result of the event,
Management time dealing with the event,
Punitive damage awards not covered by insurance.
When determine asset values, what are some indirect costs? - answerNegative media
coverage,
Long-Term negative consumer perception,
Public relations cost to overcome image problems,
Lack of insurance coverage due to higher risk category,
Higher wages needed to attract future employees,
Shareholder suits for mismanagement,
Poor employee morale leading to work stoppages and higher turnover.
What is the first step in creating an asset protection program? - answerIdentifying the
business's assets.
What are two types of assets? - answerTangible and intangible.
What are two ways assets can be valued? - answerAssign a relative value, such as a
number from 1 (low) to 5 (high),
based on priority.
Apply a cost-of-loss formula.
What is the cost-of-loss formula to calculate an asset value? - answerK= Cp+Ct+Cr+Ci -
I
K= total cost of loss
Cp= Cost of permanent replacement
Ct= Cost of temporary substitute
Cr= Total related costs (remove old asset, install new etc.)
Ci= Lost income cost
I= available insurance or indemnity
What are the two types of adversaries? - answerAn adversary who uses intrusion to
gain access to the target asset and an adversary who plans to attack the site from
outside without gaining entrance.
What are two common physical security compliance metrics in the public sector? -
answerCompliance of facilities and compliance of systems.
, What are two objectives of collecting physical security program metrics? - answerTo
provide assurance to the organization on the effectiveness of the program and to
facilitate improvement.
What is the commonly used to provide management with a snapshot of the
effectiveness and efficiency of a physical security program? - answerMetrics summary
chart.
What is the purpose of a business impact analysis (BIA)? - answerTo assess and
prioritize organizational activities and the resources required to deliver products and
services.
What is the purpose of a business continuity management system (BCMS)? - answerTo
enable an organization to identify, develop, and implement policies, objectives,
capabilities, processes, and programs - taking into account legal and other
requirements - to address disruptive events that might impact the organization and its
stakeholders.
What is considered the foundation for establishing business continuity objectives,
targets, programs, and plans? - answerThe business impact analysis (BIA) and risk
assessment.
What are the three generic and interrelated management response steps that require
preemptive planning and implementation in case of a disruptive incident? -
answerEmergency Response,
Continuity,
Recovery.
What group of individuals are responsible for developing and implementing a
comprehensive plan for responding to a disruptive incident? - answerThe crisis
management team (CMT). It consists of a core group of decision makers trained in
incident management and prepared to respond to an event.
What is the term for activities, programs, and systems developed and implemented prior
to an incident that may be used to support and enhance mitigation of, response to, and
recovery from disruptions? - answerPreparedness (readiness).
What is a threat? - answerAn action or event that could result in a loss or an indication
that such an action or event might take place.
What is a loss event profile? - answerA list of the kinds of threats affecting the assets to
be safeguarded.
What is a hazard? - answerA source of potential danger or adverse condition. Hazards
are generally associated with nature.
