Cards 41-80

Question 1

41. Two reasons to collect physical security program metrics:

-provide assurance of p____ e____; and
-f________ imp________.

Answer 1

Program effectiveness

Facilitate improvements

Question 2

42. Commonly provides management with a snapshot of the effectiveness and efficiency of a physical security program?

-A m_______ S______ chart

Answer 2

A metrics summary chart

Question 3

43. The purpose of a business impact analysis (BIA)?

ID and ev______ the potential impact of a dis______ ev_____ to operations.

Answer 3

Evaluate;

Disruptive event

Question 4

The purpose of a business continuity management system (BCMS)….?

-enable a company to address potentially d_____ ev______ by identifying, developing and implementing P___, ob ___, cap____, p_____ and Pro_____ w/in legal bounds.

Answer 4

Disruptive events;

Policies;
Objectives;
Capabilities;
Processes & programs…

Question 5

45. What two things are the foundation for setting up business continuity o__, t___, pr___ and pl___?

-The B___I____a____ and the R__A___

Answer 5

Objectives, targets, programs and plans;

The business impact analysis and the risk assessment.

Question 6

46. Name 3 inter-related management response steps that require pre-emptive planning and implementation in case of a disruptive or crisis event?

-e____r____;
-c_____ and
-r______

Answer 6

Emergency response;

Continuity planning; and

Recovery planning

Question 7

47. What is the basis for setting recovery time objectives?

-The results of the b___IM____A___

Answer 7

Business impact analysis

Question 8

48. What is a disruptive event?

An event that is planned or not planned that interrupts a___o____ or f______

Answer 8

Activities;

Operations; or

Functions

Question 9

49. What is a threat?

-The p___ c____ of an unwanted incident which may harm

I____
A____
A sys____
An org____
The e_____ or
The c_____

Answer 9

Potential cause

Individuals;
Assets;
A system
An organization
The environment or
The community

Question 10

50.What is a loss event profile?

-a list of the k____ of th______ affecting the a______to be safeguarded.

Answer 10

Kind of threats

Assets

Question 11

51. What is a hazard?

A source of p____d____ or ad___ c____. They are generally associated with n_______

Answer 11

Potential danger

Adverse condition

Nature

Question 12

52. Threats or loss risk events fall into three categories:

-C______
-non-criminal man-made in__ or N___ d____
- events caused by an org’s r_____ with other orgs

Answer 12

Crimes;

Incidents or natural disasters

Relationship

Question 13

53. Examples of non-criminal threats?

-N___threats - h__, t___, s___
-M___ M___ threats/disasters - plane crash, l____ s_____, power failure

Answer 13

Natural threats - hurricane, tornado, storm;

Man-made….labor strike

Question 14

54. Examples of peripheral systems and interfaces?

-L____ S_____ systems;
-B_____ controls;
-IT i________
- L_____r______
-O______ S______ and
-P_____ and pr______

Answer 14

Life safety;
Building controls;
Infrastructure;
Liaison relationships
Outsourced services;
Policies & procedures

Question 15

55. What is a consequential event?

-An event that occurs b/c a relationship between e____ or between two o_____. The company suffers a loss b/c of that event or relationship.

Answer 15

Events

Organizations

Question 16

56. How is the probability of a threat occurring decided?

-by considering the likelihood that a l____ r_____ e_____ may occur in the future.

Answer 16

Loss risk event

Question 17

57. What factors determine the probability of a threat?

-h______d_____;
-history of s____e____ at s___ c__
-the n____ and v_____;
-geo_____ l_____;
-po_____ and so____ conditions;
-c________ in the economy.

Answer 17

Historical data;
Similar events at similar companies
Neighborhood and vicinity
Geographical location
Politicial and social conditions
Changes in the economy

Question 18

58. What is a vulnerability?

Any w_______ that can be exploited by an aggressor/t____ or cr_____ that makes an asset susceptible to damage from n___h____ or c____ events.

Answer 18

Weakness
/terrorist or criminal
Natural hazards or consequential events.

Question 19

59. Factors to consider in assessing asset vulnerability?

-lack of b_____;
-single point of f______;
- co-location of k___ systems;
- inadequate r___ c____ from attacks
-Ease of aggressor a___ to a facility;
-inadequate s____ m____;
-presence of ha_____ ma_____;
-potential for collateral d___ from other companies.

Answer 19

Backup;
Failure;
Key;
Response capability;
Access;
Security measures;
Hazardous materials;
Damage

Question 20

60. Four levels of risk?

Answer 20

Catastrophic;
High’
Moderate; and
Low

Question 21

61. What level of risk requires treatment at any cost?

Answer 21

Catastrophic

Question 22

62. The level of risk that cannot be further reduced w/o an expenditure of costs d_____ to b_____?

Answer 22

Disproportionate to benefits

High

Question 23

63. The level of risk that is negligible or can be managed with routine procedures?

Answer 23

Moderate

Question 24

64. The level of risk where the org is prepared to p___ /r____ or take based on informed decisions?

Answer 24

Pursue/retain

Low

Question 25

65. What should occur in relation to a regular review of the physical security assessment report?

-Mo_____ and follow up on the as____ findings, ob_____ and rec_____

Answer 25

Monitor and

Assessment…

Observations

Recommendations

Question 26

66. Two categories of threats?

Ma______ threats &
Na______ threats

Answer 26

Man-made threats and

Natural threats

Question 27

67. This metric measures external dependencies responsiveness in meeting a security department request?

-ex_____de_____re_____

Answer 27

External dependency responsiveness

Question 28

68. Physical security design attributes include:

-type of ad_____
-time required for an adversary to get to inside as_____;
-# and type of de_____inside and outside a facility;
-de_____ that slow down the attack; and
- Si___, st____ and Eq___ of the response force

Answer 28

Adversary;
Assets
Detectors
Delays
Size, strength and equipment

Question 29

69. Risk assessment is….?

-The ov_____ and sy_____ process for evaluating the effects of un____on achieving an en_____ ob_______

Answer 29

Overall and systematic

Uncertainty

Enterprise’s objectives.

Question 30

70. The goal of a cost benefit analysis?

-To id_____ the op____ levels of risk reduction at the best available va______

Answer 30

Identify the optimum

Value

Question 31

71. The analysis method that uses comparative values and not numbers?

Answer 31

Qualitative

Question 32

72. An analysis method that uses numeric measures to describe value of assets, level of threats, vulnerabilities, impact or loss events?

Answer 32

Quantitative

Question 33

73. Qualitative analysis is most suited to …..?

-evaluating ba______ security applications

Answer 33

Basic

Question 34

74. What is a SWOT analysis/

-a business analysis method that involves st____ ev_____ of key in_____ and ex_____factors.

Answer 34

Strategic evaluation

Internal and external

Question 35

75. SWOT stands for?

Answer 35

Strengths
Weaknesses
Opportunities and
Threats

Question 36

76. External factors in a SWOT analysis include:

Answer 36

Opportunities and threats

Question 37

77. Internal factors in a SWOT analysis include:

Answer 37

Strengths and weaknesses

Question 38

78. What is the annual loss expectancy?

-the product of the cost of in___ im____ and the fr____ of oc______

Answer 38

Incident impact

Frequency of occurrence

Question 39

79. What state and local requirements should be considered for security projects?

-co_____ re____;
-tr____ and in___ best practices;
-st____;
-Pe______ re______;
-co_____ re______

Answer 39

Code regulations;
Trade and industry;
Standards;
Permitting requirements;
Contracting requirements

Question 40

80. What conditions affect the likelihood of occurrence?

-PH……en_____;
-So____ en____;
-PO___ en____;
-Pr____ and Pr____;
-Cr____ capabilities

Answer 40

Physical environment;
Social “ “
Political. “ “
Procedures and processes;
Criminal capabilities