Physical Security Flashcards
What are Bollards?
A short post placed to deflect traffic from an area.
What is the purpose of a security survey?
-d____ and d_____the current security posture;
-id d_______ and ex_____in the……existing measures and
-compare the cp with the a______l_______ of security needed; and….
-r_________i____________ in the overall situation.
- Determine and document the current security posture;
- identify deficiencies and excesses in existing security measures;
- compare the current posture with a determination of the appropriate level of security or protection needed. Recommend improvement in the overall situation.
What are five criteria of good physical security survey reports?
Accuracy,
clarity,
conciseness,
timeliness and
slant or pitch.
What are the two foundational principles of physical security design?
-the four………..and……l____s_____or d_____in d_______
The four D’s (Deter, Detect, Delay, Deny) and
layered security or defense-in-depth.
What are the four D’s?
Deter, Detect, Delay, Deny
What is a defense-in-depth approach?
An Adversary must avoid or defeat a number of protective devices or features in sequence.
What is the purpose of the design concept?
-the design concept i_____the b______of d_____; it documents the f_____c_____and r_____from any initial s______and is the first opportunity to d______the p_______d_______.
The design concept incorporates the basis of design; it documents the findings, conclusions, and recommendations from any initial surveys, and is the first opportunity to document the project’s design.
What is included in the typical construction documents (CD) phase package?
-CD d________;
-s_________
-b______of q_________
-r_______s________b_______and
-c_____t_______ and c____________
- CD drawings,
- specifications,
- bill of quantities,
- refined system budgets and
- contract terms and conditions.
What are three types of cost estimates?
Budgetary estimates, preliminary design estimates and final design estimates.
What are four constraints on all security projects?
S…….S……B…….and q…………
Scope, schedule, budget, and quality.
What are the basic building blocks of an intrusion detection system?
Sensors
Mechanical CPTED measures may include?
-P______S_________h________ or e_________s_____(also known as t_____h___________)
Physical security hardware or electronic systems (also known as target hardening).
Organizational CPTED measures may include?
-involving p_______or a____________ rather than e________
Involving people or activities rather than equipment per se.
Natural CPTED measures may include?
-Natural features like t___, l_______, l___________ and other non-m________objects.
Involving natural features such as terrain, layout, landscaping and other non mechanical objects.
CPTED tools include…?
-NTR;………………………………..M&M
-NS;………………………………….LAS…..and
-NAC;………………………………..Comp…………
- Natural territorial reinforcement;
- natural surveillance;
- natural access control;
- management and maintenance; and
- legitimate activity support
What are the four D’s?
Deter an adversary;
Detect an attack;
Delay an attack; and
Deny access to a target
An effective physical security strategy has four functions?
-C…….A_________;
-O_____ an a_______, s________ or e__________;
- d______ e _______ and
- r______________to s______________
- Controlling access;
- Observing an area, situation or event;
- Detecting events; and
- Responding to situations
The functions and components of physical security comprise what 3 formats?
-S………………E…………………..H……………
Structural;
Electronic; or
Human
The basic tool for gaining a thorough and accurate understanding of a situation is…?
- sra or ss
The security risk assessment or security survey.
A comprehensive risk assessment begins by …then it…..and finally….?
-begins by id_________and v____________-assets; then
-ev________th_______to those assets and s_____and p______revealed risks; and finally, r________m______measures are r________and b________into a comprehensive p________s____.
-Begins by identifying and valuing assets;
-Then, it evaluates threats to those assets and summarizes and prioritizes revealed risks;
-Finally, risk mitigation measures are recommended and blended into a comprehensive protection strategy.
A gap analysis?
-used to determine what s______might improve an org’s capacity to move from a current state to a f_____ state through a r_______a_________
Is used to determine what steps might improve an organization’s capacity to move from a current state to a future state through a risk assessment.
A physical security assessment, also called a security survey, is a form of risk assessment that focuses on what two things?
The R to the PA and P of an org;
The PM (against risk) that are in the realm of PS
1) the risks to the physical assets and property of an organization; and 2) the protection measures (against any risk) that comprise the realm of physical security.
What is the most common and reliable tool for determining adequacy and foreseeability of security measures and programs to counter risks
The security survey.
What is the definition of a security survey?
A TPE of a F and its S and P to A the current L of S, L D and G the d of Pro needed.
A thorough physical examination of a facility and its systems and procedures, conducted to assess the current level of security, locate deficiencies, and gauge the degree of protection needed.
What is the difference between a comprehensive risk assessment and a security survey?
-A CRA focuses equally on a____t____and v_____while a SS place more emphasis on v_________
A CRA focuses equally on assets, threats and vulnerabilities while a SS places more emphasis on vulnerabilities.
What is a vulnerability assessment (VA)?
The P of id and q the weak pts of a f…e…v….or person.
A vulnerability assessment is the process of identifying and quantifying the weak points of a facility, entity, venue or person.
What is Delay effectiveness?
-the time required by the a_____ (after d_____) to b______each d_____el________.
Delay effectiveness is measured as the time required by the adversary (after detection) to bypass each delay element.
What is response effectiveness?
-measured by the time between r_____of a c_______ of a_____a_____and the i_________of the a______-a_______.
Response effectiveness is measured by the time between receipt of a communication of adversary action and the interruption of the adversary action.
What is deployment effectiveness?
-measured in terms of the p_____of d________ to the c_____l_____(the ad_____ l______) and the t______required to do so.
Deployment effectiveness is measured in terms of the probability of deployment to the correct location (the adversary’s location) and the time required to do so.
Outside-Inward Approach
An approach to conducting physical security assessments whereby the assessment team takes on the role of the adversary attempting to penetrate the physical defenses of a facility. The team begins outside the facility and approaches the outer perimeter to envision ways to get in.
Inside-Outward Approach
An approach to conducting physical security assessments whereby the assessment team takes on the role of the security professional (defender) and works from the asset or target out toward the outer perimeter. The assessors evaluate each successive layer of security for its ability to deter, detect, delay or deny……and solutions are considered.
Security survey results must be properly reported or applied; the five criteria for good reporting include?
- Accuracy;
-Clarity;
-Conciseness;
-Timeliness,; and
-Slant or pitch
What is the conceptual design, also known as a design concept or schematic phase?
-The first o_____ to d______ the project’s design (based on the b___of d_____ and f__ C____ and r____ from any initial s_____.)
-Also the ideal time to s___ m____ a____ because the team has reached consensus on the s_____ and s___ detail has been developed to create an in______ b______.
It is the first opportunity to document the project’s design (based on the basis of design and the findings, conclusions and recommendations from any initial surveys.) It is also the ideal time to seek management approval because the team has reached consensus on the scope and sufficient detail has been developed to create an initial budget.
Specifications vs. drawings
Drawings = pl…el…det…..ris…..and hardware sch
Specifications have precedence over drawings, which usually consist of plans, elevations, details, risers and hardware schedules P. 212
What are risers?
Representations of complete subsystems, these schematically demonstrate all the associated devices and components and their interconnecting cables.
Sole source procurement?
Best used when an owner already has a vendor on board and the owner has the capability to perform the security needs analysis and has good knowledge of systems and prices.
Request for proposal?
The most common form of procurement; usually based on a set of detailed design and construction documents setting out cost, schedule, technical ability. etc.
Invitation for bid?
Common form of procurement favored by the government and other organizations who require competitive bidding and then usually select the lowest bidder without negotiation.
What is life-cycle cost?
The sum of the capital cost and maintenance cost over the useful life of the system.