CPP 2012 Domain 1 Security Principles and Practices

Question 1

What are indirect costs of security?

Answer 1

Harm to reputation, 
Loss of goodwill, 
Loss of employees, 
Harm to employee morale. 
Source: POA: Physical Security, 1.6, page 16

Question 2

What members should comprise a vulnerability assessment team?

Answer 2

Security specialist (leader),
Security systems engineer,
Response expert,
Data analyst,
Operations representatives,
Subject matter experts (e.g. locksmiths, technical writers, legal experts).
Source: POA: Physical Security, 1.7.1, page 20

Question 3

What is the goal of a vulnerability assessment?

Answer 3

To identify physical protection system (PPS) components in the functional areas of detection, delay, and response and to gather data to estimate their performance against particular threats.

Source: POA: Physical Security, 1.7.3, page 22

Question 4

What are the three primary functions of a physical protection system (PPS)?

Answer 4

Detection,
Delay,
Response.
Source: POA: Physical Security, 1.7.3, page 23

Question 5

What are the two key measurements for the effectiveness of the detection function of a physical protection system (PPS)?

Answer 5

Probability of sensing adversary action,
Time required for reporting and assessing the alarm.
Source: POA: Physical Security, 1.7.3, page 23

Question 6

How is the response function of a physical protection system (PPS) measured?

Answer 6

The response function of a PPS is measured by the time between receipt of a communication of adversary action and the interruption of the adversary action.

Source: POA: Physical Security, 1.7.3, page 23

Question 7

What is the vulnerability assessment team’s primary job as it pertains to a physical protection system (PPS)?

Answer 7

To determine security system effectiveness.

Source: POA: Physical Security, 1..7.3, page 24

Question 8

What are the two basic analytical approaches to a risk assessment?

Answer 8

Compliance based,
Performance based.
Source: POA: Physical Security, 1.7.4, page 25

Question 9

What is the formula for residual risk?

Answer 9

R = T x A x V, 
where
R = residual risk,
T = threat,
A = asset to be protected,
V = vulnerability.
Source: POA: Physical Security, 1.7.4, page 26

Question 10

A well-engineered physical protection system (PPS) exhibits which three characteristics?

Answer 10

Protection in depth,
Minimum consequence of component failure (redundancy),
Balanced protection.
Source: POA: Physical Security, 2.1, page 31

Question 11

What are the three contributors to cost of replacement?

Answer 11

Purchase price or manufacturing cost,
Freight and shipping charges,
Make-ready or preparation cost to install it or make it functional.
Source: POA: Physical Security, 1.6, page 16

Question 12

What is the formula for lost income cost?

Answer 12

I = i/365 x P x t,
where
I = income earned,
i = annual percent rate of return,
P = principal amount (in dollars) available for investment,
t = time (in days) during which P is available for investment.
Source: POA: Physical Security, 1.6, page 17

Question 13

What is the cost of loss formula?

Answer 13

K = (Cp + Ct + Cr + Ci) – (I-a),
where
K = criticality, total cost of loss,
Cp = cost of permanent replacement,
Ct = cost of temporary substitute,
Cr = total related costs,
Ci = lost income cost,
I = available insurance or indemnity,
a = allocable insurance premium amount.
Source: POA: Physical Security, 1.6, page 18

Question 14

What are the elements of a systems approach to developing a physical protection system (PPS)?

Answer 14

Assessment of vulnerability,
Implementation of countermeasures,
Evaluation of effectiveness.
Source: POA: Physical Security, 1.1, page 6

Question 15

What three questions does a risk assessment attempt to answer?

Answer 15

What can go wrong?
What is the likelihood it would go wrong?
What are the consequences?
Source: POA: Physical Security, 1.2, page 7

Question 16

What four questions does risk management attempt to answer?

Answer 16

What can be done?
What options are available?
What are the associated tradeoffs in terms of costs, benefits, and risks?
What are the impacts of current management decisions on future options?
Source: POA: Physical Security, 1.2, page 8

Question 17

What is the design-basis threat?

Answer 17

The adversary against which the utility must be protected. It is used to help design and evaluate a physical protection system (PPS).

Source: POA: Physical Security, 1.3, page 10

Question 18

What are the three general measures of valuing assets?

Answer 18

Cost,
Consequence criteria,
Policy.
Source: POA: Physical Security, 1.5, page 15

Question 19

What is the difference between assets protection and security?

Answer 19

Assets protection includes all security functions, as well as related functions such as investigations, risk management, safety, compliance, and emergency management.

Source: POA: Security Management, 4.1.2, page 65

Question 20

Assets protection is increasingly based on what principle?

Answer 20

Risk management.

Source: POA: Security Management, 4.1.3, page 69

Question 21

What are the five avenues of addressing risk?

Answer 21

Avoidance,
Transfer,
Spreading,
Reduction, 
Acceptance.
Source: POA: Security Management, 4.2.1, page 70

Question 22

What are the five Ds of security?

Answer 22

Deter,
Deny,
Detect, 
Delay,
Destroy.
Source: POA: Security Management, 4.2.1, pages 70-71

Question 23

What four major areas does assets protection cover in the telecommunications sector?

Answer 23

Information security
Network/computer security,
Fraud prevention,
Physical security.
Source: POA: Security Management, 4.2.2, page 74

Question 24

What are the five forces shaping assets protection globally?

Answer 24

Technology and touch,
Globalization in business,
Standards and regulation,
Convergence of security solutions,
Homeland security and the international security environment.
Source: POA: Security Management, 4.3, page 76

Question 25

According to Davidow and Malone, what is the centerpiece of the new global economy?

Answer 25

The virtual product, where major business functions are outsourced with hardly any internal departmentalization.

Source: POA: Security Management, 4.3.2, page 79

Question 26

What are the three managerial dimensions of assets protection?

Answer 26

Technical expertise,
Management ability,
Ability to deal with people.
Source: POA: Security Management, Figure 4-6, page 84

Question 27

What are the two general types of insurance?

Answer 27

Property,
Liability.
Source: POA: Security Management, 4, Appendix A, page 94

Question 28

What are the three classifications of loss in insurance policies?

Answer 28

Direct loss,
Loss of use,
Extra-expense loss (e.g. cost of defending a liability suit or paying a judgment).
Source: POA: Security Management, 4, Appendix A, page 96

Question 29

What are the five basic coverages of a crime insurance policy?

Answer 29

Employee dishonesty bond,
Money and securities coverage inside the premises,
Money and securities coverage outside the premises,
Money order and counterfeit paper currency coverage,
Depositors’ forgery coverage.
Source: POA: Security Management, 4, Appendix A, page 99

Question 30

For insurance against business interruption, what are the two types of valuation methods?

Answer 30

Actual loss sustained,
Valued loss.
Source: POA: Security Management, 4, Appendix A, page 100

Question 31

In Pastor’s public/private, substitute/supplement model of policing, which cell represents the rarest scenario?

Answer 31

Public/Substitute.

Source: POA: Security Management, 7.1.2, pages 181-182

Question 32

What three factors are driving the growth of private policing?

Answer 32

Economic and operational issues,
(Fear of) crime and violence,
Order maintenance.
Source: POA: Security Management, 7.1.2, page 182.

Question 33

What is the optimal relationship between police and private security?

Answer 33

Institutionalized coordination and cooperation through structural and contractual relationships.

Source: POA: Security Management, 7.1.3, page 184

Question 34

What was the purpose of the Hallcrest reports?

Answer 34

To compare the U.S. security industry to public law enforcement quantitatively.

Source: POA: Security Management, 7.1.3, page 185

Question 35

What is the most significant distinction between public and private policing?

Answer 35

Cost.

Source: POA: Security Management, 7.2.1, page 187

Question 36

What are the main costs that make public policing more expensive than private security?

Answer 36

Police officer salaries and benefits,
911 calls,
Alarm response,
Alternative services such as traffic control.
Source: POA: Security Management, 7.2.1, pages 187-190

Question 37

What are the four explanations for cost savings when using private security versus public police?

Answer 37

More flexible labor,
Richer incentives and penalties,
More precise allocation of accountability,
Less constraint on process, more focus on results.
Source: POA: Security Management, 7.3, page 196

Question 38

What five categories of distinction between public and private policing were identified by Carlson?

Answer 38

Philosophical (public police have more moral authority),
Legal (private police have limited power of arrest),
Financial (private police cost less),
Operational (private police are more flexible),
Security/political (private police give citizens more control over their safety by augmenting public police efforts).
Source: POA: Security Management, 7.3.1, page 197

Question 39

What is the most important distinction between public and private police?

Answer 39

The delivery system (government versus corporations).

Source: POA: Security Management, 7.3.1, page 199

Question 40

Where is it common for private security to supplement police in a public environment?

Answer 40

Business improvement districts.

Source: POA: Security Management, 7.4.3, page 201

Question 41

What is likely to be the key component for alternative security providers in the future?

Answer 41

Order maintenance operations.

Source: POA: Security Management, 7.5.2, page 214

Question 42

What is the best practice for security officer training?

Answer 42

Develop a training curriculum that focuses on the particular role or function to be performed.

Source: POA: Security Management, 7.5.3, page 216

Question 43

What are the types of security consultants?

Answer 43

Security management consultants (largest group),
Technical security consultants,
Forensic security consultants.
Source: POA: Security Management, 8.2, pages 229-231

Question 44

What are the best sources for finding security consultants?

Answer 44

Colleagues,
Security associations,
Industry-specific associations.
Source: POA: Security Management, 8.4, page 233

Question 45

As a rule of thumb, what kind of travel allowances should a consultant receive?

Answer 45

The same as those given to members of the client’s senior management.

Source: POA: Security Management, 8.6, page 239

Question 46

Who does a company typically assign to serve as project coordinator for a security consultant?

Answer 46

The CSO or vice president of security.

Source: POA: Security Management, 8.7.1, page 240

Question 47

What is the emerging trend in consultant fees?

Answer 47

Project-based pricing rather than hourly fees.

Source: POA: Security Management, 8.8, page 246

Question 48

In all industries, what are the most consistent predictors of theft?

Answer 48

The employee’s access to property and the perceived chances of being detected.

Source: POA: Security Management, 6.2.4, pages 142-143

Question 49

To what three issues should an organizational resilience management policy reflect senior management’s commitment?

Answer 49

Compliance with legal requirements;
Prevention, preparedness, and mitigation of disruptive incidents; Continual improvement.
Source: Security and Resilience in Organizations and their Supply Chains - Requirements with Guidance, Annex A, 6.1, page 46

Question 50

With which four ISO standards is ASIS’s Organizational Resilience standard aligned?

Answer 50

ISO 9000, 
ISO 14001, 
ISO 27001, 
ISO 28000.
Source: Security and Resilience in Organizations and their Supply Chains - Requirements with Guidance, E.1, page 108

Question 51

According to ASIS’s CSO standard, how many years of direct experience at a senior level should a CSO applicant have?

Answer 51

Three to five years.

Source: Chief Security Officer - An Organizational Model, A.4, page 12

Question 52

What workers are most likely to steal electronics components in manufacturing environments?

Answer 52

Engineers.

Source: POA: Security Management, 6.2.4, page 143

Question 53

What is a surety bond?

Answer 53

Insurance that protects an organization if there is a failure to perform specific tasks within a certain time period.

Source: POA: Security Management, 4, Appendix A , page 98

Question 54

Turnover costs run to what percentage of a security officer’s salary?

Answer 54

25 percent or more.

Source: POA: Security Officer Operations, 2.2, page 25

Question 55

What are the seven key skills of a CSO?

Answer 55

Relationship leader, 
Executive leader, 
Subject matter expert, 
Governance team leader, 
Risk executive, 
Strategist, 
Creative problem solver.
Source: Chief Security Officer - An Organizational Model, page 5

Question 56

According to Donald Cressey, what are the three factors leading to fraud?

Answer 56

Perceived non-sharable financial problem,
Perceived opportunity for a trust violation,
Series of rationalizations to justify behavior.
Source: POA: Security Management, 6.3, page 145

Question 57

What is Edwin Sutherland’s theory of crime?

Answer 57

Criminal behavior is most often correlated with a person’s association with a criminal environment, according to Sutherland.

Source: POA: Security Management, 6.3, page 145

Question 58

Which two characteristics must a loss event have before security countermeasures can be planned?

Answer 58

A measurable loss,
A loss that did not result from speculative risk.
Source: General Security Risk Assessment Guideline, page 16

Question 59

What is the formula for loss event probability?

Answer 59

P = f/n
where
P = the probability that a given event will occur,
f = the number of actual occurrences of that event,
n = the total number of experiments seeking that event.
Source: General Security Risk Assessment Guideline, page 16

Question 60

What is the first step in a qualitative general security risk assessment?

Answer 60

Understand the organization.

Source: General Security Risk Assessment Guideline, page 11

Question 61

What are useful categories for security data analysis?

Answer 61

Claims avoided, 
Proofs of loss, 
Recovered physical assets, 
Uninsured claims or causes of action.
Source: POA: Security Management, 5.6, pages 119-120

Question 62

What types of incidents should an asset protection program consider?

Answer 62

Major incidents and events, as well as incidental cost avoidances and asset or value recoveries that occur in the course of operations.

Source: POA: Security Management, 5.9.2, page 130

Question 63

What percentage of business failures result from employee theft?

Answer 63

The U.S. Chamber of Commerce estimates that 30 percent of business failure result from employee theft.

Source: POA: Security Management, 6.1, page 138

Question 64

What percentage of revenues do U.S. businesses lose to fraud?

Answer 64

U.S. organizations lose 6 percent of their annual revenues to fraud.

Source: POA: Security Management, 6.1, page 138

Question 65

In the retail industry, how much greater in dollars is employee theft than shoplifting?

Answer 65

Employees steal 15 times as much as shoplifters.

Source: POA: Security Management, 6.1, page 139

Question 66

In food service, employee theft imposes how much of a tax on every dollar spent?

Answer 66

Employee theft in food service is equal to a 4 percent tax.

Source: POA: Security Management, 6.1, page 139

Question 67

What items are most frequently stolen by employees?

Answer 67

Time,
Finished goods,
Scrap and waste,
Intellectual property.
Source: POA: Security Management, 6.1, page 140

Question 68

What hypotheses did Clark and Hollinger posit to explain employee theft?

Answer 68

External economic pressures, 
Youth,
Opportunity, 
Job dissatisfaction, 
Social control.
Source: POA: Security Management, 6.2, pages 141-142

Question 69

According to Clark and Hollinger, what fraction of employees admitted to stealing from their employer?

Answer 69

One-third of employees reported stealing from their employer.

Source: POA: Security Management, 6.2.1, page 142.

Question 70

Who commits most workplace property theft?

Answer 70

Employees with the greatest access to the property and least perceived chance of detection.

Source: POA: Security Management, 6.2.4, page 143

Question 71

Who commits the most theft in hospitals?

Answer 71

Nurses.

Source: POA: Security Management, 6.2.4, page 144

Question 72

What is the most consistent predictor of theft in all industries?

Answer 72

The employee’s perceived chance of being detected.

Source: POA: Security Management, 6.2.4, page 144

Question 73

According to Joseph Wells, what three factors are present in every fraud?

Answer 73

Financial pressure,
Opportunity,
Justification.
Source: POA: Security Management, 6.3.1, page 146

Question 74

What is “lapping?”

Answer 74

Lapping is pocketing small amounts from incoming invoices payments and then applying subsequent payment to cover the missing cash from the previous invoice, and so on.

Source: POA: Security Management, Figure 6-2, page 149

Question 75

Which of the three “shuns” (termination, prosecution, restitution) does the victim most good?

Answer 75

Restitution.

Source: POA: Security Management, 6, Appendix B, page 173

Question 76

According to Lewis and Maxwell, levels of fear are the greatest when there is a concern about which two factors?

Answer 76

Crime,
Incivility.
Source: POA: Security Management, 7.2.3, page 194

Question 77

What is the principal value of security awareness to executive management?

Answer 77

Awareness of the security program’s financial contribution to the bottom line.

Source: POA: Security Management, 10.1.1, page 292

Question 78

What is the primary purpose of a security awareness program?

Answer 78

To educate employees on how to protect company assets and reduce losses.

Source: POA: Security Management, 10.2, page 294

Question 79

What are the features of the most effective security awareness training programs?

Answer 79

They engage staff and let them have fun.

Source: POA: Security Management, 10.3, page 296

Question 80

What are the six main obstacles to an effective security awareness program?

Answer 80

Low credibility of security department, 
Organizational culture, 
Naiveté, 
Perception of a minimal threat, 
Departmental/employee indifference, 
Lack of reporting capability.
Source: POA: Security Management, 103.2, pages 298-299

Question 81

Through what measures can security departments create positive contacts with staff to promote security awareness?

Answer 81

Conducting home protection clinics,
Lending property marking devices,
Offering group purchases of alarms,
Conducting personal protection programs,
Conducting cybersecurity awareness programs,
Conducting children’s fire prevention campaigns.
Source: POA: Security Management, 10.4.1, page 300

Question 82

What are the three organizational models for security forces?

Answer 82

Vertical or hierarchical,
Shamrock,
Network.
Source: POA: Security Officer Operations, 1.9, pages 17-19

Question 83

What is the hierarchical model of organizational structure?

Answer 83

In the hierarchical model, authority comes from the top and flows down through a series of managers to the front-line staff.

Source: POA: Security Officer Operations, 1.9.1, page 18

Question 84

What is the shamrock model of organizational structure?

Answer 84

In the shamrock model, leaf one represents a small core of professionals and managers whose skills are critical to the organization.
Significantly larger, the second leaf consists of third-party suppliers with special expertise.
The third leaf consists of part-time and temporary workers who are employed as needed.
Source: POA: Security Officer Operations, 1.9.2, page 18

Question 85

What is the network model of organizational structure?

Answer 85

In the network model, employees are connected not just to their immediate supervisor and their direct reports, but to many others in the organization; people come together for particular tasks and disband or reorganize as needed.

Source: POA: Security Officer Operations, 1.9.3, page 19