Cards 41-80 Flashcards
- Two reasons to collect physical security program metrics:.
-provide assurance of program effectiveness
and
-facilitate improvements
- Commonly provides management with a snapshot of the effectiveness and efficiency of a physical security program?
A M S C
A metrics summary chart
- The purpose of a business impact analysis (BIA)?
Is to id______ and ev______ the potential impact of a ________ to operations.
Identify and evaluate the potential impact of a disruptive event to operations.
The purpose of a business continuity management system (BCMS)….?
Enable a company to address Disruptive events by identifying, developing and implementing …C….O….P, P and P…..capabilities, objectives, policies, processes and programs within legal bounds.
- What two things are the foundation for setting up business continuity objectives, targets, programs and plans?
The _______and the ______
The business impact analysis and the risk assessment.
- Name 3 inter-related management response steps that require pre-emptive planning and implementation in case of a disruptive or crisis event?
ER
CP
RP
Emergency response;
Continuity planning; and
Recovery planning
- What is the basis for setting recovery time objectives?
-The results of the business impact analysis
- What is a disruptive event?
An event that is planned or not planned that interrupts activities, operations or functions.
- What is a threat?
-The potential cause of an unwanted incident which may harm…
Individuals;
Assets;
A system
An organization
The environment or
The community
- What is a loss event profile?
-a list of the kind of threats affecting the assets to be safeguarded.
- What is a hazard?
A source of PD or AC…..ass with _________
A source of potential danger or adverse condition. They are generally associated with nature.
- Threats or loss risk events fall into three categories:
Cr
N-C, MM I or ND
EC by R with other O
-Crimes
-non-criminal man-made incidents or Natural disasters
- events caused by an org’s relationship with other orgs
- Two examples of non-criminal threats?
NT
MMT
Natural threats - hurricane, tornado, storm;
Man-made threats and disasters…..like a plane crash….labor strike or power failure
- Six examples of peripheral systems and interfaces?
LSS and P&P
BC and IT in
LR and OS
Life safety systems and policies and procedures;
Building controls and IT Infrastructure;
Liaison relationships and outsourced services;
- What is a consequential event?
-An event that occurs b/c of a relationship between events or between two organizations. The company suffers a loss b/c of that event or relationship.
- How is the probability of a threat occurring decided?
By considering the l______ that a L______ R_____ E______ may occur…..
-by considering the likelihood that a loss risk event may occur in the future.
- What factors determine the probability of a threat?
Historical
Geographical
Political
Economical and
social conditions
- What is a vulnerability?
Any weakness that can be exploited by an aggressor/terrorist or criminal that makes an asset susceptible to damage from Natural hazards or consequential events.
- The 8 Factors to consider in assessing asset vulnerability?
L of B
SP of F
Co-l of KS
In RC From A
In SM
E of AA to a F
HM
P for CD from OC
- lack of backup;
- single point of failure;
- co-location of key systems;
- inadequate response capability from attacks
- inadequate security measures
- Ease of aggressor access to a facility;
- presence of hazardous materials;
- potential for collateral damage from other companies.
- Four levels of risk?
Catastrophic;
High’
Moderate; and
Low
- What level of risk requires treatment at any cost?
Catastrophic
- The level of risk that cannot be further reduced w/o an expenditure of costs disproportionate to benefits is?
High
- The level of risk that is negligible or can be managed with routine procedures?
Moderate
- The level of risk where the org is prepared to pursue/ retain or take based on informed decisions?
Low
- What should occur in relation to a regular review of the physical security assessment report?
-Monitor and follow up on the assessment findings, observations and recommendations.
- Two categories of threats?
Man-made threats and
Natural threats
- This metric measures external dependencies responsiveness in meeting a security department request?
External dependency responsiveness
- Physical security design attributes include:
T of Ad & T to get to I A
D that S D the A
# and type of D IN/OUT
S, S and E of the RF
-type of adversary and time required for him to get to inside assets;
-delays that slow down the attack and number and type of detectors inside and outside a facility; and
- Size, strength, and Equipment of the response force
- Risk assessment is….?.
A SP for E the E of U on Ac an E’s Ob…..
-A systematic process for evaluating the effects of uncertainty on achieving an enterprise’s objectives
- The goal of a cost benefit analysis?
To ______ the ________ Lvls of ____ _______ at the best ______ value
-To identify the optimum levels of risk reduction at the best available value.
- The analysis method that uses comparative values and not numbers?
Qualitative
- An analysis method that uses numeric measures to describe value of assets, level of threats, vulnerabilities, impact or loss events?
Quantitative
- Qualitative analysis is most suited to …..?
-evaluating basic security applications
- What is a SWOT analysis/
-a business analysis method that involves strategic evaluation of key internal and external factors.
- SWOT stands for?
Strengths
Weaknesses
Opportunities and
Threats
- External factors in a SWOT analysis include:
Opportunities and threats
- Internal factors in a SWOT analysis include:
Strengths and weaknesses
- What is the annual loss expectancy?
The product of the C of II and the F of O
-the product of the cost of incident impact and the frequency of occurrence
- What 6 state and local requirements should be considered for security projects?
CR and St
Tr and In Be Pr
Pe and Co Re
Code regulations and standards;
Trade and industry best practices
Permitting and contracting requirements;
- What conditions affect the likelihood of occurrence?
P, S, P environments
P and P
C C
Physical environment;
Social “ “
Political. “ “
Procedures and processes;
Criminal capabilities
