Phy Sec - Imp Q

Question 1

Based on what principle Asset protection increases

Answer 1

ESRM

Question 2

What is Security’s prime objective

Answer 2

To manage risks by balancing the cost of protection measures with their benefit

Question 3

Critical requirement for successful ESRM adoption

Answer 3

Alignment of security strategy with the organizations overall strategy

Question 4

Who is responsible for security risk

Answer 4

Asset owner

Question 5

Key risk for all organizations

Answer 5

Cyber/Information Security

Question 6

ESRM Cycle

Answer 6

Identify and Prioritize asset
Identify and Prioritize Risks
Mitigate prioritized risks
Continuous improvement

Question 7

Asset Prioritization

Answer 7

Asset criticality

Question 8

Risk Prioritization

Answer 8

Risks Potential

Question 9

Risks are mitigated

Answer 9

In order of priority

Question 10

To manage risk effectively

Answer 10

Security professional would eliminate or reduce the total number of incidents leading to loss

Question 11

A goal of risk management is to

Answer 11

Manage loss effectively at the least cost

Question 12

Comprehensive assets protection strategy

Answer 12

Based on strategy risk management approach

Question 13

Risk Management

Answer 13

It is a systematic and analytical process by which an organization identifies, reduces and controls its potential risks and losses

Question 14

Considering Assets

Answer 14

The first step in risk assessment is identification and valuation of assets/identifying the business’s assets (Although this step is frequently overlooked)

Question 15

Threats fall into three categories

Answer 15

Intentional
Natural and
Inadvertent

Question 16

Vulnerability is viewed as

Answer 16

A security weakness or gaps in an asset’s protection

Question 17

Definition of Vulnerability

Answer 17

A weakness or organizational practice that may facilitate or allow a threat to be implemented or increase the magnitude of a loss threat.

A vulnerability is a weakness or business practice that can be exploited by an adversary or that makes an asset susceptible to damage from natural and inadvertent threats

Question 18

Risk analysis

Answer 18

Process of identifying potential areas of loss and implementing countermeasures to mitigate probability of loss

Question 19

Non linear junction detector

Answer 19

It is portable listening device and detect bugs even when they are turned off or malfunctioning

Question 20

Risk mitigation

Answer 20

Several concepts support risk mitigation strategies. The four Ds , the five avenues to address risk and layered security

Question 21

4 Ds of physical security

Answer 21

Deter
Detect
Delay
Deny

Question 22

Detection

Answer 22

It can done by using surveillance and intrusion detection systems or even a management system that is located on the outermost defensive layer to provide the earliest detection

Question 23

Strategies of managing risk

Answer 23

Risk avoidance
Risk transfer
Risk spreading
Risk reduction
Risk acceptance

Question 24

Physical Security

Answer 24

Risk Reduction

Question 25

Risk Avoidance

Answer 25

It is the most direct avenue for dealing with risk

Question 26

The primary way to spread risk is

Answer 26

To geographically distribute and organizations assets

Question 27

Risk Transfer

Answer 27

Purchase of insurance

Question 28

Purpose of physical security

Answer 28

To protect assets (Asset Protection)

Question 29

Primary function of Physical security / Security officer

Answer 29

Access control

Question 30

Physical security measure aims

Answer 30

To either prevent a direct assault on premises or reduce the potential damage

Question 31

Physical security measures must be considered in the context of what

Answer 31

4 Ds (basis for physical security projects)

Question 32

Functions of physical security

Answer 32

Access Control Deterrence Detection Assessment Delay Response and Evidence Gathering

Question 33

Components of physical security

Answer 33

Structural measures Electronic systems Human element

Question 34

Incident Management

Answer 34

It is a foundation of enterprise risk and represents a key input into any risk assessment

Question 35

No security program should be implemented

Answer 35

Without first identifying the assets the company is trying to protect, the threats against those assets and how vulnerable the assets are to the various threats

Question 36

Security surveys

Answer 36

Largest portion of field work used to collect data and accumulate evidence to support countermeasures

Question 37

Security risk assessment models are based upon

Answer 37

Asset Threat Vulnerability Impact Analysis Mitigation approach

Question 38

Each components of assessment process must be evaluate either

Answer 38

Quantitatively Qualitatively

Question 39

Qualititative

Answer 39

Qualitative analysis includes any approach that does not use numbers or numeric values to describe the risk components

Question 40

Quantitative

Answer 40

Quantitative analysis includes any approach that uses numeric measures to describe the value of assets or the level (severity or probability) of threats, vulnerabilities, impact or loss events

Question 41

What is critical to an estimate of risk at site

Answer 41

Asset Identification

Question 42

Asset

Answer 42

An asset may be more critical or less critical. The impact of loss as measured in currency is best described as criticality

Question 43

Inadvertent threats

Answer 43

Perhaps the most neglected threats are inadvertent threats

Question 44

Scope creep

Answer 44

Small documented changes that could have significant impact on the project deadline

Question 45

Security Survey

Answer 45

A particular relevant form of risk assessment is the physical security assessment also called as Security survey

Question 46

Security Survey

Answer 46

A thorough physical examination of a facility and its systems and procedures, conducted to assess the current level of security, locate deficiencies and gauge the degree of protection needed

Question 47

Security Survey focus on what

Answer 47

Security survey focuses on two things The risk to the physical assets and property of an organization The protection measures (against any risk) that comprise the realm of physical security

Question 48

Security surveys are usually concerned

Answer 48

With measuring at least three basis factors : quality, reliability and cost using the techniques of observing, questioning, analyzing, verifying, investigating and evaluating

Question 49

Checklist

Answer 49

It is a useful tool in security survey

Question 50

Comprehensive Risk Assessment

Answer 50

It focuses equally on assets, threats, vulnerabilities, and consequences, a security survey places more emphasis on vulnerabiltiies

Question 51

Outside inward approach

Answer 51

Under this approach the assessment team makes on the role of an adversary (Perpetrator) attempting to penetrate the physical defences of a facility

Question 52

Inside outward approach

Answer 52

Here the assessment team takes on the role of the security professional (defender). They work from the asset or target out toward the outer perimeter. The assessors evaluate each successive layer of security, determining how the measures at that layer operate, how effective they are , how they contribute to the deter detect delay deny concept and how the layer could be improved

Question 53

SWOT Analysis

Answer 53

Strengths, Weaknesses, Opportunities And Threats analysis. The technique originated in the business management community but can easily be adapted to the security analysis

Question 54

The property perimeter is considered to be the

Answer 54

First (outer) ring of protection Second (middle) ring , the buildings perimeter Third (inner) ring, internal controls

Question 55

Annual Loss Expectancy

Answer 55

Annual Loss Expectancy is the product of the cost of incident impact and the frequency of occurence