Cards 81-118 Flashcards
- What data goes into an incident management system?
LEH
TFA
S and ALE and
I’m As
Loss event history
Threat frequency analysis
single and Annual loss expectancy and;
Impact assessment
- What tests should be part of a security survey?
S and R
Al
C/S room security
GAC
Shipping and receiving;
Alarms;
Computer/server room security
general access controls
- When performing security system and procedure tests as part of a security survey, you should coordinate with:
building Owner/manager/landlord;
Any involved Outside agencies
- During a security survey test on shipping and receiving, these should be checked:
Co are checked by PO of SS
(In and out) against
B of L of In Re
-Controls are checked by physical observation of selected shipments (incoming and outgoing) against bills of lading of inventory records.
- During a security survey test on alarms, what is evaluated?
the Response as well as the reaction of building occupants and security officers
- During a security survey test on a computer room or server room, these should be tested:
Security;
Access controls during both working and off hours.
- How are general access controls tested during a security survey?
“intruders” should test if they get access to the facility or internal areas during business and off hours;
-do employees challenge the intruders
- How should areas, items and issues be evaluated during a security survey?
In terms of the Ap for the S,A,O,M as well as the I, A and C with……
In terms of the appropriateness for the
Situation, Age, Operability, Maintenance, Interoperability, Aesthetics and Consistency with the current use or space.
- What four things should be reviewed when assessing key/card security during a security survey?
Ac and Po
RK and In
RP and
App updates…
Accountability and policy;
record Keeping and inventory;
Recovery procedures (for keys); and
whether changed when Appropriate, ie people leave, thefts, burglary
- Besides windows and doors, what other openings should be assessed during a security survey?
Manholes;
Skylights;
Roof hatches;
Ventilator, air conditioning vents/shafts;
-Penthouse; veranda access;
-sidewalk grates
- When assessing the protection of utilities during a security survey, what 4 things should be examined?
L and PP
Acc Co
B and Em
Pro of TC and DL
Location and physical protection;
Access control;
Backup and emergency
Protection of telecommunications and data lines.
- The first step in a risk assessment is:
Identification and valuation of assets
- What are the four D’s?
Deter
Detect
Delay
Deny
- What are the five risk treatments:
Acceptance;
Avoiding
Mitigating
Transferring;
Spreading;
- The seven functions of physical security?
AC
Ass
De
De
De
Re and
EG
Access control
Assessment
Deterrence
Detection
Delay
Response and
Evidence gathering
- Three factors to consider when selecting a risk mitigation strategy?
AV
AF
Fe
Availability;
Affordability; and
Feasibility
- The effectiveness of countermeasures and the security system depends on?
The adversary and the threat
- As a threat increases in sophistication, what must happen?
-the effectiveness of the countermeasures must also increase, or the additional risk that must be managed by other means.
- What four criteria can be used to rank assets based on criticality?
WF
D
SD
M/O
Workforce;
Dependencies
Service delivery; and
Mission/objectives
- Which risks should be prioritized?
-Those with the potential to cause significant mission impact or harm.
- Repeat
Repeat
- Two common measures of vulnerability?
Observability and
Exploitability
- Observability is:
The ability of an adversary to see and identify a vulnerability
- Exploitability is:
The ability of an adversary to take advantage of a vulnerability
