Cards 81-118

Question 1

81. What data goes into an incident management system?

-lo ____ ev____ history;
-th_____fr____ analysis;
- Single and an____ lo____expectancy; and
- im ____as______

Answer 1

Loss event;
Threat frequency;
Annual loss;
Impact assessment

Question 2

82. What tests should be part of a security survey?

-sh_____ and re_____;
-al_____;
-co____/se____ room security;
-General ac_____ co______

Answer 2

Shipping and receiving;
Alarms;
Computer/server
Access controls

Question 3

83. When performing security system and procedure tests as part of a security survey, you should coordinate with:

• building ow___/ma___/la___;
• Any involved ou___ ag____

Answer 3

Owner/manager/landlord;

Outside agencies

Question 4

84. During a security survey test on shipping and receiving, these should be checked:

-Controls are checked by ph____ ob_____ of selected shipments (incoming and outgoing) against bi____ of la_____ of inventory records.

Answer 4

Physical observation;

Bills of lading

Question 5

85. During a security survey test on alarms, what is evaluated?

-the re____ as well as the re____ of building occupants and security officers

Answer 5

Response

Reaction

Question 6

86. During a security survey test on a computer room or server room, these should be tested:

-Se______;
-ac_____ co_____ during both working and off hours

Answer 6

Security;

Access controls

Question 7

87. How are general access controls tested during a security survey?

-“intruders” should test if they get access to the fa_____ or in___ areas during business and off hours;
-do employees ch____ the inTruders

Answer 7

Facility or internal;

Challenge

Question 8

88. How should areas, items and issues be evaluated during a security survey?

In terms of the ap________ for the
Si
Ag
Op
Ma
Inter
Ae and
Con with the current use of space

Answer 8

Appropriateness

Situation
Age
Operability
Maintenance
Interoperability
Aesthetics
Consistency

Question 9

89. What should be reviewed when assessing key/card security during a security survey?

-acc_____ and po______;
-record ke____ and in_____;
-re_____pro_____ (for keys)
-changed when ap____, ie people leave, thefts, burglary

Answer 9

Accountability and policy;
Keeping and inventory;
Recovery procedures;
Appropriate

Question 10

90. Besides windows and doors, what other openings should be assessed during a security survey?

-ma
-sk
-r______ ha______;
-ve____, air co_____ ve___/sh____;
-Pe_____ roof; ve____ ac____;
-si______ grates

Answer 10

Manholes;
Skylights;
Roof hatches;
Ventilator, air conditioning vents/shafts;
-Penthouse; veranda access;
-sidewalk grates

Question 11

91. When assessing the protection of utilities during a security survey, what should be examined?

-lo____ & ph______ protection;
-acc_____ con______;
- ba____ and em_____ sources;
- pro____ of tele_____ and da___lines.

Answer 11

Location and physical protection;
Access control;
Backup and emergency
Protection of telecommunications and data lines.

Question 12

92. The first step in a risk assessment is:

-id______ and va______ of assets

Answer 12

Identification and valuation

Question 13

93. What are the four D’s?

Answer 13

Deter

Detect

Delay

Deny

Question 14

94. What are the five risk treatments:

-ac
-tr
-sp
-av
-mi

Answer 14

Acceptance;
Transfer;
Spreading;
Avoiding;
Mitigating;

Question 15

95. The seven functions of physical security?

-ac ____ c_____
-de____
-de____
-as___
-de____
-Re___ and
-ev_____ ga_____

Answer 15

Access control
Deterrence
Detection
Assessment
Delay
Response and
Evidence gathering

Question 16

96. Three factors to consider when selecting a risk mitigation strategy?

-av______
-af______ and
-fe_____

Answer 16

Availability;

Affordability; and

Feasibility

Question 17

97. The effectiveness of countermeasures and the security system depends on?

-the ad_______ and the th_____

Answer 17

The adversary and the threat

Question 18

98. As a threat increases in sophistication, what must happen?

-the ef_____ of the cou_____ must also increase, or the additional risk that must be ma____ by other means.

Answer 18

Effectiveness of the countermeasures

Managed

Question 19

99. What four criteria can be used to rank assets based on criticality?

-Wo_____;
-se_____ del_______;
-dep_______ and
-MI________/ob________

Answer 19

Workforce;
Service delivery;
Dependencies;
Mission/objectives

Question 20

100. Which risks should be prioritized?

-Those with the potential to cause sig_____ m____ im____ or harm.

Answer 20

Significant
Mission
Impact or harm

Question 21

101. Repeat

Answer 21

Repeat

Question 22

102. Two common measures of vulnerability?

-ob_________ and ex_______

Answer 22

Observability and

Exploitability

Question 23

103. Observability is:

The ability of an ad_____ to see and identify a vu_______

Answer 23

Adversary……

Vulnerability

Question 24

104. Exploitability is:

The ability of an adversary to ta____ ad_____ of a vu_____

Answer 24

Take advantage of

A vulnerability

Question 25

105. When is Observability reversed?

In assessing na______ threats

Answer 25

Natural

Question 26

106. How is risk calculated?

-Risk = (t x v x im)/3

Answer 26

Risk equals threats x vulnerabilities x impact /3

Question 27

107. The cost benefit analysis is…?

-the cost of a se____pr___ against the impact in loss reduction, fi___ sa ____, ac_____, li____cy____ replacement or other costs

Answer 27

Security program

Financial savings
Acquisition or
Life cycle

Question 28

108. Metrics are?

-A measure based on a re____that involves at least tw____ points.

Answer 28

Reference

Two

Question 29

109. What are the three technical criteria of a security metrics evaluation tool (M E T) ?

-Re_____;
-Va_____; and
-Ge________

Answer 29

Reliability

Validity and

Generalizability

Question 30

110. What are the three operational criteria of the security metrics evaluation tool (MET) ?

• Co______;
  -ti_______;
  -ma______

Answer 30

Cost;

Timeliness; and

Manipulation

Question 31

111. What are the strategic criteria of a security metrics evaluation tool (MET)?

-ROI;
-or______ re______; and
-co________

Answer 31

ROI

Organizational relevance and

Communications

Question 32

112. What are the high-level evaluation criteria for a security metrics evaluation tool (MET)?

-Te_____ criteria;
-Op_____criteria; and
-St______criteria

Answer 32

Technical

Operational and

Strategic

Question 33

BONUS - Summary MET criteria:

Technical - r v g
Operational - c t m
Strategic - ROI/ or/ c
High-level - tc/ oc / sc

Answer 33

Technical - reliability/validity/generalizability

Operational - cost/timeliness/manipulation

Strategic - ROI/organizational relevance/communications

High-level - technical criteria/operational criteria/ strategic criteria

Question 34

113. Three major physical security metrics?

Sy_____; per______; com______

Answer 34

Systems, personnel compliance

Question 35

114. Common physical security systems metrics include:

-fo_____do___;
-do____ he_____ op____;
-un_____ access at____;
-User-de_____act__/al_____
-comm____fa_____

Answer 35

Forced door;
Door held open;
Unauthorized access;
User-defined actions/alarms
Communications failures

Question 36

115. Two measurable physical security personnel metrics include:

Re_______ and tr________

Answer 36

Response and training

Question 37

116. What is the first step in asset protection?

-Perform a th_____ and vu____ analysis

Answer 37

Threat and vulnerability analysis

Question 38

117. One potential pitfall in choosing security technology?

An inability to thoroughly ev___pr___ cl_____ prior to installation

Answer 38

Evaluate product claims

Question 39

118. What is the primary challenge for security system designers?

-Balance the need for pu___ac____ against the need to ensure pu_____sa_________

Answer 39

Public access

Public safety