CPP 2022 Domain 5: Physical Security Flashcards
What is the purpose of a security survey?
Determine and document the current security posture,
Identify deficiencies and excesses in existing security measures,
Compare the current posture with a determination of the appropriate level of security or protection needed,
Recommend improvements in the overall situation.
Source: POA, Physical Security, 3.3.1, pages 37-38
What are three physical security assessment methodologies?
Outside-Inward Methodology,
Inside-Outward Methodology,
Functional Methodology.
Source: POA, Physical Security, 3.3.2, page 39
What are typical areas, items, and issues to consider when conducting a physical security survey?
Barriers,
Doors, windows, and other openings,
Locks, Safes and containers, Signage, Lighting, Alarm and electronic security systems, Security officer services, Vehicle, traffic, and parking controls, Protection of utilities, Visitor management, Package and mail handling.
Source: POA, Physical Security, 3.4.1, pages 43-48
How should areas and items be assessed during a physical security survey?
In terms of appropriateness for the situation, age, operability, maintenance, interoperability, aesthetics, and consistency with the current use of the space.
Source: POA, Physical Security, 3.4.1, page 43
What are four tests that should be conducted as part of a physical security survey?
Shipping and receiving,
Alarms,
Computer/server room security,
General access controls.
Source: POA, Physical Security, 3.4.2, page 48
What are five criteria of good physical security survey reports?
Accuracy,
Clarity,
Conciseness,
Timeliness,
Slant or pitch.
Source: POA, Physical Security, 3.5, pages 48-49
What are the two foundational principles of physical security design?
Four Ds,
Layered security or defense-in-depth.
Source: POA, Physical Security, 5.1, page 78
What are the Four Ds?
Deter,
Detect,
Delay,
Deny.
Source: POA, Physical Security, 5.1, page 78
What is a defense-in-depth approach?
An adversary must avoid or defeat a number of protective devices or features in sequence.
Source: POA, Physical Security, 5.1, page 78
What is the different between point and area security?
Area security features a significant perimeter protection and entry is tightly controlled at a single portal.
Point security features a loosely controlled perimeter and the primary security focus is at the individual buildings.
Source: POA, Physical Security, 5.1.1, page 79
What is CPTED?
CPTED, or crime prevention through environmental design, is the design or redesign of a venue to reduce crime opportunity and fear of crime through natural, mechanical, and procedural means.
Source: POA, Physical Security, 10.1, pages 211-212
What are the three types of CPTED measures?
Mechanical measures,
Organizational measures,
Natural measures.
Source: POA, Physical Security, 10.1, page 212
What are five examples of CPTED tools?
Natural territorial reinforcement,
Natural surveillance,
Natural access control,
Management and maintenance,
Legitimate activity support.
Source: POA, Physical Security, 10.1, pages 212-214
This CPTED tool is the process of establishing a sense of ownership, responsibility, and accountability in property owners, manager, or occupants to increase vigilance in identifying trespassers.
Natural territorial reinforcement.
Source: POA, Physical Security, 10.1, page 213
This CPTED tool states that increasing visibility by occupants and casual observers increases the detection of trespassers or misconduct at a facility.
Natural surveillance.
Source: POA, Physical Security, 10.1, page 213
The idea of this CPTED tool is to employ both real and symbolic barriers - including doors, fences, and shrubbery - to define and limit access to a building or other space
Natural access control.
Source: POA, Physical Security, 10.1, page 213
This CPTED tool states that for spaces to look well cared for and crime-free, they must be maintained. This tool is also supported by the “broken windows” theory.
Management and maintenance.
Source: POA, Physical Security, 10.1, page 213
This CPTED tool states that some places are difficult to protect by nature of their location or other geographic feature and space may need to be occupied to prevent it.
Legitimate activity support.
Source: POA, Physical Security, 10.1, page 213
What is the capable guardian concept?
The presence of a capable guardian may deter crime by reducing the site’s perceived vulnerability and make it less attractive to offenders.
Source: POA, Physical Security, 10.1.1, page 216
What are the four main strategies of second generation CPTED (the Four Cs)?
Cohesion, Capacity threshold (tipping point),
Community culture,
Connectivity.
Source: POA, Physical Security, 10.1.2, page 217
What lenses are added in third generation CPTED and CPTED 3-D?
Third generation CPTED introduces environmental sustainability and green technology.
CPTED 3-D incorporates designation of a space, its definition in terms of management and identity, and design as it relates to desired function.
Source: POA, Physical Security, 10.1.2, page 217
What are the six tasks of technical security projects?
Risk analysis,
Conceptual (schematic),
Design development,
Construction documents,
Bidding,
Construction.
Source: POA, Physical Security, 14.1, page 481
What are two important outcomes of the initial phases of a design project?
A security basis of design, focusing on the specific project requirements and a conceptual design solution based on those requirements;
A business case to support the project.
Source: POA, Physical Security, 14.2, pages 481-482
The level of protection for a group of assets must meet the protection needs of what?
The most critical asset in the group.
Source: POA, Physical Security, 14.2, page 483
What are nine design criteria?
Codes and standards,
Quality,
Capacity, Performance, Features, Cost, Operations, Culture and image, Monitoring and response.
Source: POA, Physical Security, 14.3.1, pages 485-488
What is the purpose of the design concept?
The design concept incorporates the basis of design; documents the findings, conclusions, and recommendations from any initial surveys, and is the first opportunity to document the project’s design.
Source: POA, Physical Security, 14.3.3, page 489
What is included in the typical construction documents (CD) phase package?
CD drawings,
Specifications,
Bill of quantities,
Refined system budgets,
Contract terms and conditions.
Source: POA, Physical Security, 14.3.4, page 493
System security drawings usually consist of what 5 items?
Plans,
Elevations,
Details,
Risers,
Hardware schedules.
Source: POA, Physical Security, 14.3.6, page 495
What two types of costs should be considered in the estimate?
Capital projects and service projects and recurring costs.
Source: POA, Physical Security, 14.4.2, page 503
What are three types of cost estimates?
Budgetary estimates,
Preliminary design estimates,
Final design estimates.
Source: POA, Physical Security, 14.4.3, pages 504-506
This types of cost estimate is prepared during the initial planning phase and the goal is to arrive at a cost figure that can be used for getting the new security system into the budget cycle.
Budgetary estimate.
Source: POA, Physical Security, 14.4.3, page 504
This type of cost estimate is prepared when the security system is part of a larger construction project and should include a contingency of plus or minus 10%.
Preliminary design estimate.
Source: POA, Physical Security, 14.4.3, page 504
This type of cost estimate is developed using the completed documents, drawings, and schedules and should have a contingency of plus or minus 5%.
Final design estimate.
Source: POA, Physical Security, 14.4.3, page 506
What are components of life-cycle cost?
Engineering and design costs,
Hardware,
Software, Installation costs, Operating costs, Maintenance costs, Other costs, Adjustments.
Source: POA, Physical Security, 14.4.4, page 506
What are three forms of security systems procurement?
Sole source,
Request for proposal (RFP),
Invitation to bid (IFB).
Source: POA, Physical Security, 14.8.1, page 529
In this procurement method, the organization prequalifies a reputable security system contracts, works with the contractor to design the system, and negotiates the cost of the equipment, installation, and service.
Sole source procurement.
Source: POA, Physical Security, 14.8.1, page 530
This procurement method is the most common and is based on a set of detailed design and construction documents that form the basis of the organization’s functional requirements.
Request for proposal.
Source: POA, Physical Security, 14.8.1, page 530
This procurement method is commonly used by government agencies and other organizations whose procedures require that projects be competitively bid and that the award be given to the lowest qualified, responsive bidder.
Invitation for bid.
Source: POA, Physical Security, 14.8.1, page 531
The type of procurement process has a direct impact on what preparation?
The procurement affects the level of detail required in the construction documents.
Source: POA, Physical Security, 14.8.1, page 529
What is a pre-bid conference?
Each contractor is invited to meet with the owner or the owner’s consulting engineer for a complete review of the bid documents and a walk-through of the site.
Source: POA, Physical Security, 14.8.2, page 531
Why should life-cycle and warranty costs be calculated during proposal review?
Calculating those figures can reveal whether the low bidder has priced the system at a low profit margin but plans to make up the difference in high charges for maintenance.
Source: POA, Physical Security, 14.8.2, page 532
What three things should be determined when checking references for contractors?
Is there good chemistry with the contractor’s representatives?
Do they have the experience and power of personality to work well with the other trades on the project?
How have they resolved problems that occurred on other projects?
Source: POA, Physical Security, 14.8.2, pages 532-533
What is the challenge of project management?
To achieve all the project goals and objectives while living within the project’s time and budget constraints.
Source: POA, Physical Security, Chapter 13, page 471
What are four constraints of all security projects?
Scope,
Schedule,
Budget,
Quality.
Source: POA, Physical Security, Chapter 13, page 472
What are the five phases of a project?
Conception,
Planning,
Design management,
Bid process management (or participation),
Construction (or construction review).
Source: POA, Physical Security, Chapter 13, page 474
What are seven types of barriers?
Walls,
Floors,
Ceilings, Roofs, Doors, Windows, Other structures, such as symbolic and natural barriers.
Source: POA, Physical Security, 9.1, page 135
What are two categories of safes?
Safes designed for fire protection,
Safes designed for protection of valuables against forcible penetration.
Source: POA, Physical Security, 9.2.1, page 163
What is a vault?
Specially constructed rooms or areas intended to limit access and provide protection to the assets in the space.
The term vault also applies to specially constructed rooms or areas that are designed to protect the contents from fire, but not necessarily theft.
Source: POA, Physical Security, 9.2.2, page 171
What are two general classes of locks?
Mechanical,
Electrical.
Source: POA, Physical Security, 9.3.1, page 177
This type of lock uses an arrangement of physical parts to prevent the opening of a bolt or latch.
Mechanical lock.
Source: POA, Physical Security, 9.3.1, page 177
This type of lock can be locked or unlocked by a remote device.
Electrical lock.
Source: POA, Physical Security, 9.3.2, page 181
What are common design or planning criteria for lock systems?
Total number of locks,
Major categories of sectors of the system,
Security objectives,
Size and turnover of the population,
Related or supportive security subsystems,
Intelligence or information requirements,
Criticality of asset exposure.
Source: POA, Physical Security, 9.3.3, page 189
What are five categories of general security lighting equipment?
Streetlight,
Searchlight,
Floodlight,
Fresnel,
High mast lighting.
Source: POA, Physical Security, 9.4.1, page 191
What are the three major security purposes of lighting?
To create a psychological deterrent,
To enable detection,
To enhance the capabilities of video surveillance systems.
Source: POA, Physical Security, 9.4.2, page 195
What are the four components of lighting systems?
Lamp,
Luminaire,
Mounting hardware,
Electrical power.
Source: POA, Physical Security, 9.4.4, pages 201-202
What is intrusion detection?
The process of detecting a person or vehicle attempting to gain unauthorized entry into an area.
Source: POA, Physical Security, 11.3, page 294
What are the basic building blocks of an intrusion detection system?
Sensors.
Source: POA, Physical Security, 11.3, page 294
What are the three main characteristics of intrusion sensor performance?
Probability of detection,
Nuisance alarm rate,
Vulnerability to defeat.
Source: POA, Physical Security, 11.3.1, page 294
What are three ways to defeat a sensor?
Bypass,
Adversary path exploitation,
Spoof.
Source: POA, Physical Security, 11.3, page 297
What are five ways to classify intrusion sensors?
Passive or active,
Covert or visible,
Line-of-sight or terrain-following (for exterior sensors only),
Volumetric or line detection,
Application.
Source: POA, Physical Security, 11.3.3, page 304
What are the seven main elements of a video surveillance system?
Field of view,
Scene,
Lens, Camera, Transmission medium, Workstation, Recording equipment.
Source: POA, Physical Security, 11.4, page 344
What questions can be asked to determine a camera system’s functional requirements?
What is the purpose of the system?
What specifically is each camera supposed to view?
What are the requirements for proactive risk reduction, real-time monitoring, or recorded video?
Source: POA, Physical Security, 11.4.1, page 346
What are four reasons to have cameras in security applications?
To obtain visual information about something that is happening,
To obtain visual information about something that has happened,
To deter or discourage undesirable activities,
To use video analytics tools.
Source: POA, Physical Security, 11.4.2, page 347
For which three components of a physical security program can metrics be produced?
Systems,
Personnel,
Compliance.
Source: POA, Physical Security, 4.2, page 58
What is the goal of establishing metrics for physical security systems?
To reduce the amount of noise on the operator’s screen, thereby enabling the systems to operate efficiently.
Source: POA, Physical Security, 4.2.1, page 59
What are common types of alarms reported in physical security system metrics?
Forced door,
Door held open,
Unauthorized access attempts,
User-defined actions/alarms,
Communications failure.
Source: POA, Physical Security, 4.2.1, pages 59 - 61
What is the purpose of tracking metrics for physical security personnel?
Provides an understanding of the appropriate expenditures and number and type of personnel required for effective physical security operations.
Source: POA, Physical Security, 4.2.2, page 65
What are two measurable performance categories for physical security personnel?
Response,
Training.
Source: POA, Physical Security, 4.2.2, page 65
What is the purpose of equipment performance testing?
Determine whether equipment is functional, has adequate sensitivity, and will meet its design and performance objectives.
Source: POA, Physical Security, 15.4, page 550
What is the purpose of personnel performance testing?
Determine whether procedures are effective, whether personnel know and follow procedures, and whether personnel and equipment interact effectively.
Source: POA, Physical Security, 15.4, page 550
What are four types of equipment tests?
Predelivery or factory acceptance tests,
Site acceptance tests,
Reliability or availability tests,
Post-implementation tests.
Source: POA, Physical Security, 15.4, page 550
This type of testing is conducted to demonstrate that system performance complies with specified requirements in accordance with approved factory test procedures.
Predelivery or factory acceptance testing.
Source: POA, Physical Security, 15.4.1, page 551
This type of test tests all components and verifies data transmission system operation after the system has been installed and placed into service.
Site acceptance testing.
Source: POA, Physical Security, 15.4.2, page 552
This type of test is conducted in alternating phases of testing and evaluation to allow for validation of the tests and corrective actions.
Reliability or availability testing.
Source: POA, Physical Security, 15.4.3, page 554
What are six types of post-implementation tests?
Operational tests,
Performance tests,
Post-maintenance tests,
Subsystem tests,
Limited scope tests,
Evaluation tests.
Source: POA, Physical Security, 15.4.4, pages 555-556
What requirements should be outlined in a warranty?
The contractor should be required to repair, correct, or replace any defect for a period of 12 months from the date of issue of the certificate of practical completion.
Source: POA, Physical Security, 15.4.5, page 556
What are two main types of physical protection system maintenance?
Remedial maintenance or service contracts,
Preventative maintenance.
Source: POA, Physical Security, 16.1, pages 562-563
This type of maintenance corrects faults and returns the system to operation in the event that a hardware or software component fails.
Remedial maintenance.
Source: POA, Physical Security, 16.1, page 562
This type of maintenance is scheduled to keep the hardware and software in good operating condition.
Preventative maintenance.
Source: POA, Physical Security, 16.1, page 563
What factors should be considered when justifying the cost of a replacement physical security system?
Cost of maintenance,
Lack of spare parts,
Obsoleteness of hardware and software,
Operating costs,
Unreliability.
Source: POA, Physical Security, 16.2, page 571
