




























































































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Physical Security Assessment, PHYSICAL SECURITY-- (SPED), Physical Security Certification (PSC), DCSA SPeD Physical Security Certification (PSC).pdf
Typology: Exams
1 / 116
This page cannot be seen from the preview
Don't miss anything!





























































































What are some techniques used in performing a security survey? (6) - correct answer ✅Observing, Questioning, Analyzing, Verifying, Investigating, Evaluating. What is the requirements document? - correct answer ✅A major result of the planning phase, the requirements document identifies the main reasons for implementing new measures or upgrading older systems. What is the purpose of a security survey? - correct answer ✅Determine and document the current security posture, Identify deficiencies and excesses in existing security measures, Compare the current posture with a determination of the appropriate level of security, Recommend improvements in the overall situation. What are three common approaches to a physical security assessment? - correct answer ✅Outside-Inward approach, Inside-Outward approach,
Functional approach. Which approach to physical security assessment occurs when an assessment team takes the role of perpetrator and begins outside the facility focusing on the successive layers of security? - correct answer ✅Outside-Inward approach. Which approach to physical security assessment occurs when an assessment team takes the role of defender and works its way from the asset out toward the outer perimeter? - correct answer ✅Inside-Outward approach. Which approach to physical security assessment occurs when an assessment team evaluates security functions and disciplines and collates the findings? - correct answer ✅Functional (Security Discipline) approach. What are five criteria of a good security survey report? - correct answer ✅Accuracy, Clarity, Conciseness, Timeliness, Slant or pitch.
Identify site and building infrastructure and systems, Identify the company's critical tangible and intangible assets. What two types of costs should be considered when valuing an asset? - correct answer ✅Direct costs and indirect costs. What are some factors to consider in valuing assets? - correct answer ✅Injuries or deaths related to facility damage, Asset replacement costs, Revenue loss due to lost functions, Availability of backups and system redundancy, Availability of replacements, Critical support agreements in place, Critical or sensitive information value, Impact on revenue and reputation. When determining asset values, what are some direct costs? - correct answer ✅Financial losses (including value of goods lost), Increased insurance premiums, Insurance deductibles, Lost business,
Labor expenses incurred as a result of the event, Management time dealing with the event, Punitive damage awards not covered by insurance. When determine asset values, what are some indirect costs? - correct answer ✅Negative media coverage, Long-Term negative consumer perception, Public relations cost to overcome image problems, Lack of insurance coverage due to higher risk category, Higher wages needed to attract future employees, Shareholder suits for mismanagement, Poor employee morale leading to work stoppages and higher turnover. What is the first step in creating an asset protection program? - correct answer ✅Identifying the business's assets. What are two types of assets? - correct answer ✅Tangible and intangible. What are two ways assets can be valued? - correct answer ✅Assign a relative value, such as a number from 1 (low) to 5 (high), based on priority.
What is the commonly used to provide management with a snapshot of the effectiveness and efficiency of a physical security program? - correct answer ✅Metrics summary chart. What is the purpose of a business impact analysis (BIA)? - correct answer ✅To assess and prioritize organizational activities and the resources required to deliver products and services. What is the purpose of a business continuity management system (BCMS)? - correct answer ✅To enable an organization to identify, develop, and implement policies, objectives, capabilities, processes, and programs - taking into account legal and other requirements - to address disruptive events that might impact the organization and its stakeholders. What is considered the foundation for establishing business continuity objectives, targets, programs, and plans? - correct answer ✅The business impact analysis (BIA) and risk assessment. What are the three generic and interrelated management response steps that require preemptive planning and implementation in case of a disruptive incident?
What group of individuals are responsible for developing and implementing a comprehensive plan for responding to a disruptive incident? - correct answer ✅The crisis management team (CMT). It consists of a core group of decision makers trained in incident management and prepared to respond to an event. What is the term for activities, programs, and systems developed and implemented prior to an incident that may be used to support and enhance mitigation of, response to, and recovery from disruptions? - correct answer ✅Preparedness (readiness). What is a threat? - correct answer ✅An action or event that could result in a loss or an indication that such an action or event might take place. What is a loss event profile? - correct answer ✅A list of the kinds of threats affecting the assets to be safeguarded. What is a hazard? - correct answer ✅A source of potential danger or adverse condition. Hazards are generally associated with nature. Threats or loss risk events can fall into which three distinct categories? - correct answer ✅Crimes, Non criminal events such as man-made incidents or natural disasters,
Overall geographical location, Political and social conditions, Changes in the economy. What is vulnerability? - correct answer ✅Any weakness that can be exploited by an aggressor (terrorist or criminal) or that makes an asset susceptible to damage from natural hazards or consequential events. What are some factors to consider in determining asset vulnerability? (7) - correct answer ✅Lack of redundancy or backups for critical systems, Single points of failure, Collocation of critical systems and organizations, Inadequate response capability to recover from attack, Ease of aggressor access to a facility, Inadequate security measures in place, Presence of hazardous materials, Potential for collateral damage from other companies in area. What is the difference between a threat and a vulnerability in terms of an organization? - correct answer ✅Vulnerabilities are something that the organization can control to some degree, whereas threats are outside the control of the organization.
What is risk avoidance? - correct answer ✅Removing any opportunity for risk to cause a loss event. What are some factors of a social environment? - correct answer ✅Demographics, Crime Rates, Population characteristics. What are some examples of an inadvertent threat? - correct answer ✅Accidents, Errors, Omissions, Peripheral threats. Of the three types of threats (intentional, natural, and inadvertent), which is generally the most difficult to identify? - correct answer ✅Inadvertent threats. What is an all-hazards perspective? - correct answer ✅A balanced approach that looks at the big picture and identifies that in the context of risk, a hazard is a contributing factor to a peril. What are the three categories of threats? - correct answer ✅Intentional threats,
Which analysis method does not use numbers, but instead uses comparative terms? - correct answer ✅Qualitative analysis. Which analysis method utilizes numeric measures to describe the value of assets or the level of threats, vulnerabilities, impact, or loss events? - correct answer ✅Quantitative analysis. Who should be involved in the quantitative risk analysis? - correct answer ✅A multidisciplinary team of subject matter experts. What is the SWOT analysis? - correct answer ✅A situational business analysis that involves strategic evaluation of key internal and external factors. What does SWOT stand for? - correct answer ✅Strengths, Weaknesses, Opportunities, Threats. In a SWOT analysis, what are the external factors? - correct answer ✅Opportunities and threats.
In a SWOT analysis, what are the internal factors? - correct answer ✅Strengths and weaknesses. What is the annual loss expectancy? - correct answer ✅The product of the cost of incident impact and the frequency of occurrence. What are some state and local requirements that should be consider for projects?
What is tested during a security survey test on a computer room or server room? - correct answer ✅The security and access controls of computer and data processing areas during both working and nonworking hours. How are general access controls tested during a security survey? - correct answer ✅Testers evaluate the ability to gain access to the facility and selected internal areas during working and nonworking hours. If access is achieved, they determine whether employees challenge the "intruders" after the fact. How should areas, items, and issues be evaluated during a security survey? - correct answer ✅In terms of appropriateness for the situation, age, interoperability, maintenance, interoperability, aesthetics, and consistency with current use of the space. What should be reviewed when assessing key and card security during a security survey? - correct answer ✅Accountability and policy, Record keeping and inventory, Recovery procedures (for keys), Change procedures when appropriate (turnover of key personnel, after a theft, etc.) What are some examples of openings (other than windows and doors) that should be assessed during a security survey? - correct answer ✅Manholes,
Skylight, Roof hatches, Ventilator and air conditioning vents and shafts, Penthouses and penthouse/roof/veranda/access, Sidewalk grates. What should be examined when assessing the protection of utilities during a security survey? - correct answer ✅Location and physical protection, Access control, Backup/emergency sources, Protection of telecommunications and data lines. What is the first step in a risk assessment? - correct answer ✅Identification and valuation of assets. What are the Four D's of risk mitigation? - correct answer ✅Deter, Detect, Delay, Deny. What are the five avenues to address risk? - correct answer ✅Risk avoidance,
Which is the risk management option when risk is virtually impossible to eliminate after considering all other risk management options have been implemented? - correct answer ✅Risk acceptance. Which is the risk management option where assets are placed in different locations? - correct answer ✅Risk spreading. What conditions tend to increase an asset's exposure to the risk of loss? (5) - correct answer ✅Physical environment, such as location; Social environment, including crime rate and demographics; Political environment, including government stability and law enforcement resources; Historical experience, such as previous events; Procedures and processes for using and protecting assets; Criminal capabilities. What are two common approaches to measure vulnerability? - correct answer ✅Observability and exploitability. The ability of an adversary to see and identify a vulnerability is known as what? - correct answer ✅Observability. The ability of the adversary to take advantage of the vulnerability is known as what? - correct answer ✅Exploitability.
When is obervability reversed? - correct answer ✅In assessing natural threats. What sources can security professionals consult to learn about crime-related events that might affect their enterprise? (6) - correct answer ✅Local police crime statistics, U.S. Department of Justice Uniform Crime Reports, The enterprise's records of prior crime, Demographic and social data, Prior criminal and civil complaints brought against the company, Intelligence from local, state, or federal law enforcement agencies. The determination of the actual cost of a security program against the impact in terms of loss reduction, financial savings, acquisition, life cycle, replacement, or other measures is known as what? - correct answer ✅Cost-benefit analysis. A measure based on a reference that involves at least two points (for example, quantity over time) is known as what? - correct answer ✅Metrics. What are the technical criteria of the Security Metrics Evaluation Tool (security MET)? - correct answer ✅Reliability, Validity,