Cards 1-40

Question 1

Risk is measured by d_______ the value of the a______ in relation to the t______ and v_______ associated with it.

Answer 1

Determining….
Asset
Threats and vulnerabilities

Question 2

Security risk rating =
Asset v_______x
T______ L_______x
S_____ of in_____x
V______

Answer 2

Security risk rating = asset value x threat likelihood x
Severity of incident x
Vulnerability

Question 3

Categories of assets exposed to risk?
- P_____________;
-N_____________;
-L___________

Answer 3

Physical - facilities; operational & industrial control systems & on-site processes and assets.

Non-physical - geo-political landscape; culture, speed of decision making and intensity of competition;

Logical - information & digital assets and the network or digital space that connects them.

Question 4

The risk assessment process should be revisited c____ and c____ because of the elements that are constantly subject to change.

Answer 4

Cyclically and continuously.

Question 5

The purpose of s security survey?

-determine current s_____ p____;
-ID d_______ & ex__________;
-compare current SP with what would be appropriate; and
-r__________ i___________.

Answer 5

Security posture;
Deficiencies and excesses;

Recommend improvements.

Question 6

When considering vulnerabilities, what factors should be addressed?

-lack of b_____ for critical functions;
-single points of f______;
-co-location of c_____ systems, org_____ and c________
-inadequate preparedness for attacks;
-too easy for an a______ to attack facility;
-inadequate s______;
-presence of h_____ m______
-potential for collateral damage from n_______ companies

Answer 6

Backup;
Failure;
Critical systems, organizations and components;

Aggressor
Security
Hazardous material
Nearby

Question 7

A security survey focuses more on v______ than a physical s____ a_______

Answer 7

Vulnerabilities;
Security assessment

Question 8

A cost benefit analysis should be used in both a…….

P______S_______A____and a R____A_______

Answer 8

Physical security assessment and a risk assessment.

Question 9

The functions included in a functional approach to a physical security assessment include:

-Security a___ & e_____;
-S_______ security m_______;
-C_ _ _ _;
-E______S____S_____ and
-S______ O_____ and the h____E_____.

Answer 9

Security architecture and engineering;
Structural security measures;
CPTED
Electronic Security Systems;
Security officers and the
Human element

Question 10

Typically areas assessed in a physical security assessment include:

-b……d……w…….o…..;
-l…..s…..and c……..;
-s…….L……a……and el…….sys……..
-veh……tra…….par……….controls;
-v…….mgmnt;
-p_______handling.

Answer 10

Barriers, doors, windows, openings;
-locks, safes and containers;
-signage; lighting; alarm and electronic systems;
-vehicle traffic and parking controls;
-visitor management;
-package handling

Question 11

Automated assessment tools should only assist in completing because they…..

-may give a f______s_____ of k___;
-may have a h____ c____;
-may have c_____s______; and
-can’t capture un_____ c_______

Answer 11

• may give a false sense of knowledge;
  -may have a high cost;
  -may have complex software; and
• they can’t capture unquantifiable characteristics.

Question 12

Defense in depth?

An adversary must overcome a number of protective features in S_________

Answer 12

Sequence

Question 13

Why does each layer of security require a separate act by the adversary?

-causes U_____ in the perp’s mind;
-increases a___ p_____ t_____;
- adds s____ to the in______; and
-allows for more p____r____t____.

Answer 13

Uncertainty;
-attack prep time;
-steps to the intrusion; and
-police response time

Question 14

Layered security should have i______ at each of the layers?

Answer 14

Interdependencies

Question 15

Purposely left blank

Answer 15

Purposely left blank

Question 16

What is the principle of balanced protection?

-the protection system’s individual applications and components will be in_____ and con_____ so that they provide an equal level of protection.

Answer 16

Integrated & converged

Question 17

The appraisal component of the security survey involves Dev_____ and com______ recommendations for enhancements

Answer 17

Developing and communicating

Question 18

What is the focus of a physical security assessment?

The risks to the physical a____ & pr_____ of an organization and the pr____ m____ (against any risk) that c______ the realm of physical security.

Answer 18

Assets & property;
Protection measures
Comprise

Question 19

The physical security assessment could provide the basis for …what?

A c______ & in______ security a____ and risk a______;
-identify s____g_____;
-identify a range of S____ and their pros and cons; and
-assist in the development of the org’s s____r_____m____ co____, re____ and re____programs.

Answer 19

Comprehensive & integrated security analysis and risk assessment
-identify security gaps;
-identify a range of solutions

-security risk management continuity, response and recovery programs

Question 20

What costs are considered in a cost-benefit analysis?

-T___
-O____
-P____
-T___
-P____
-O______c_______ costs

Answer 20

Technology;
Opportunity;
Process;
Time;
Personnel; and
-Overall capability costs

Question 21

The 3 most common approaches to a physical security assessment?

O______ I_____ approach;
I_______O_____approach; and
F______ approach

Answer 21

Outside-inward approach;
Inside-Outward approach; and
Functional

Question 22

What is it called when the assessment team acts as the aggressor and moves from outside the facility through successive layers of security toward the asset?

Answer 22

Outside-inward physical security assessment approach

Question 23

When the assessment team acts as the defender and works from the asset out towards the outer perimeter it’s called….?

Answer 23

The inside-outward physical security assessment approach

Question 24

When the security assessment team evaluates security functions/disciplines and collates the findings from the assessment component it’s called?

Answer 24

The functional (security discipline) physical security assessment approach

Question 25

The five criteria of a good security survey report?

-a
-c
-c
-t
-s____ or p______

Answer 25

Accurate
Clear
Concise
Timely and
Slant or pitch

Question 26

The objectives of physical access control include:

-D____ i_______;
-Distinguish a____ from un____;
-D___ and P_____ intrusion;
-D__and m____ actual intrusions;
-t__incident response to security;
- deny c___/o_____ action

Answer 26

-deter intruders;
-distinguish authorized from unauthorized;
-delay and prevent intrusion;
-detect and monitor actual intrusions;
-trigger incident response from security/police;
-deny covert/overt action

Question 27

An asset is anything with t_____ or in______value

Answer 27

Tangible or intangible value

Question 28

Risk-analysis is a p_____ for identifying a_____ v____, th____ and v______ to determine risks.

Answer 28

Process;
Asset values, threats and
Vulnerabilities…..

Question 29

Two ways an asset’s criticality is determined?

-based on the org’s m___/g____;
-how the org would recover if the a_____ was no longer available.

Answer 29

Mission/goals;

Asset

Question 30

Three steps to identify an org’s assets are:

-Define P_____ b____ f______;
-ID site/bldg in______ & s_______;
-ID the org’s t_____ & in_____ assets.

Answer 30

Primary business functions;

Infrastructure and systems;

Tangible and intangible assets

Question 31

The two types of costs considered when valuing an asset are?

D_______ costs and In____ costs

Answer 31

Direct and indirect costs

Question 32

Factors to consider in valuing assets:

-injuries related to f___ d____;
-Ass____re______ costs;
-rev____ loss BC of lost functions;
-whether there are b____ s_____
-av____ of replacements;
- cr_____ in_______ value;
-impact on r____ and r______

Answer 32

-facility damage;
-asset replacement;
-revenue;
Backup systems;
Availability of ;
Critical information;
Revenue and reputation

Question 33

When determining asset values, some direct costs are?

-F___l____/va_____ of g____ds;
-ins_____ costs rise;
-ins_____ de_____ increase;
-lost b____;
-higher l_____ c_____;
-mgmnt time d_____ with event;
- punitive c____j_____ not covered by insurance

Answer 33

Financial losses/value of goods;
-insurance;
-insurance deductibles;
-lost business;
-labor costs;
-dealing with event;
-court judgements not….

Question 34

Indirect costs of asset value determination include:

-neg m_____ c_____;
-neg c_____ p_____;
- PR costs to i_____ i_____;
-insurance costs rise bc placed in a higher r_____ c_____;
-Have to pay h____ w_____ to get workers;
-shareholder lawsuits for mis______;
-poor e___ m___; higher t____/ work st_______.

Answer 34

Media coverage;
-consumer perception;
Improve image;
Risk category;
Higher wages;
Mismanagement;
Employee morale; turnover/ work stoppages.

Question 35

What legal & regulatory procedures should be part of a physical asset protection program?

-identify the legal and regulatory schemes the org uses with its assets/activities/functions/products/services/stakeholders/supply chain;
-determine how these s_____ apply to its risks;
-ensure these s____ are taken into account in est____ im____ & m_____ its physical asset protection program.

Answer 35

Schemes;
Schemes;
Establishing….implementing…….and maintaining

Question 36

Two types of assets include:

T_______ and in________

Answer 36

Tangible and intangible

Question 37

Assets can be valued in two ways:

-assigned a r___ v_____ based on P_____ and….
-apply a c____ of l______ formula;

Answer 37

Relative value…..priority;

And

Cost of loss formula

Question 38

What is the cost of loss formula to calculate an asset value:

Answer 38

K=(cp + ct + cr + ci) - i

K= ttl cost of loss;
Cp-cost of permanent replacement
Ct-cost of temporary substitute;
Cr - total related costs (removal and installation)
Ci- lost income costs
I- available insurance or indemnity

Question 39

Two types of adversaries:

-one uses in_______ to get at an asset, and
-one who a_____ from o_____

Answer 39

Intrusion;

Attacks from outside

Question 40

Two common physical security compliance metrics used in the public sector are:

-compliance of f______ and
-compliance of s_______

Answer 40

facilities &

Systems