Phy Sec - Imp Q Flashcards

1
Q

Based on what principle Asset protection increases

A

ESRM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is Security’s prime objective

A

To manage risks by balancing the cost of protection measures with their benefit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Critical requirement for successful ESRM adoption

A

Alignment of security strategy with the organizations overall strategy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Who is responsible for security risk

A

Asset owner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Key risk for all organizations

A

Cyber/Information Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

ESRM Cycle

A

Identify and Prioritize asset
Identify and Prioritize Risks
Mitigate prioritized risks
Continuous improvement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Asset Prioritization

A

Asset criticality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Risk Prioritization

A

Risks Potential

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Risks are mitigated

A

In order of priority

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

To manage risk effectively

A

Security professional would eliminate or reduce the total number of incidents leading to loss

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A goal of risk management is to

A

Manage loss effectively at the least cost

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Comprehensive assets protection strategy

A

Based on strategy risk management approach

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Risk Management

A

It is a systematic and analytical process by which an organization identifies, reduces and controls its potential risks and losses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Considering Assets

A

The first step in risk assessment is identification and valuation of assets/identifying the business’s assets (Although this step is frequently overlooked)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Threats fall into three categories

A

Intentional
Natural and
Inadvertent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Vulnerability is viewed as

A

A security weakness or gaps in an asset’s protection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Definition of Vulnerability

A

A weakness or organizational practice that may facilitate or allow a threat to be implemented or increase the magnitude of a loss threat.

A vulnerability is a weakness or business practice that can be exploited by an adversary or that makes an asset susceptible to damage from natural and inadvertent threats

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Risk analysis

A

Process of identifying potential areas of loss and implementing countermeasures to mitigate probability of loss

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Non linear junction detector

A

It is portable listening device and detect bugs even when they are turned off or malfunctioning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Risk mitigation

A

Several concepts support risk mitigation strategies. The four Ds , the five avenues to address risk and layered security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

4 Ds of physical security

A

Deter
Detect
Delay
Deny

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Detection

A

It can done by using surveillance and intrusion detection systems or even a management system that is located on the outermost defensive layer to provide the earliest detection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Strategies of managing risk

A

Risk avoidance
Risk transfer
Risk spreading
Risk reduction
Risk acceptance

24
Q

Physical Security

A

Risk Reduction

25
Risk Avoidance
It is the most direct avenue for dealing with risk
26
The primary way to spread risk is
To geographically distribute and organizations assets
27
Risk Transfer
Purchase of insurance
28
Purpose of physical security
To protect assets (Asset Protection)
29
Primary function of Physical security / Security officer
Access control
30
Physical security measure aims
To either prevent a direct assault on premises or reduce the potential damage
31
Physical security measures must be considered in the context of what
4 Ds (basis for physical security projects)
32
Functions of physical security
Access Control Deterrence Detection Assessment Delay Response and Evidence Gathering
33
Components of physical security
Structural measures Electronic systems Human element
34
Incident Management
It is a foundation of enterprise risk and represents a key input into any risk assessment
35
No security program should be implemented
Without first identifying the assets the company is trying to protect, the threats against those assets and how vulnerable the assets are to the various threats
36
Security surveys
Largest portion of field work used to collect data and accumulate evidence to support countermeasures
37
Security risk assessment models are based upon
Asset Threat Vulnerability Impact Analysis Mitigation approach
38
Each components of assessment process must be evaluate either
Quantitatively Qualitatively
39
Qualititative
Qualitative analysis includes any approach that does not use numbers or numeric values to describe the risk components
40
Quantitative
Quantitative analysis includes any approach that uses numeric measures to describe the value of assets or the level (severity or probability) of threats, vulnerabilities, impact or loss events
41
What is critical to an estimate of risk at site
Asset Identification
42
Asset
An asset may be more critical or less critical. The impact of loss as measured in currency is best described as criticality
43
Inadvertent threats
Perhaps the most neglected threats are inadvertent threats
44
Scope creep
Small documented changes that could have significant impact on the project deadline
45
Security Survey
A particular relevant form of risk assessment is the physical security assessment also called as Security survey
46
Security Survey
A thorough physical examination of a facility and its systems and procedures, conducted to assess the current level of security, locate deficiencies and gauge the degree of protection needed
47
Security Survey focus on what
Security survey focuses on two things The risk to the physical assets and property of an organization The protection measures (against any risk) that comprise the realm of physical security
48
Security surveys are usually concerned
With measuring at least three basis factors : quality, reliability and cost using the techniques of observing, questioning, analyzing, verifying, investigating and evaluating
49
Checklist
It is a useful tool in security survey
50
Comprehensive Risk Assessment
It focuses equally on assets, threats, vulnerabilities, and consequences, a security survey places more emphasis on vulnerabiltiies
51
Outside inward approach
Under this approach the assessment team makes on the role of an adversary (Perpetrator) attempting to penetrate the physical defences of a facility
52
Inside outward approach
Here the assessment team takes on the role of the security professional (defender). They work from the asset or target out toward the outer perimeter. The assessors evaluate each successive layer of security, determining how the measures at that layer operate, how effective they are , how they contribute to the deter detect delay deny concept and how the layer could be improved
53
SWOT Analysis
Strengths, Weaknesses, Opportunities And Threats analysis. The technique originated in the business management community but can easily be adapted to the security analysis
54
The property perimeter is considered to be the
First (outer) ring of protection Second (middle) ring , the buildings perimeter Third (inner) ring, internal controls
55
Annual Loss Expectancy
Annual Loss Expectancy is the product of the cost of incident impact and the frequency of occurence