Physical Security Flashcards
What are Bollards?
A short post placed to deflect traffic from an area.
What is the purpose of a security survey?
- Determine and document the current security posture;
- identify deficiencies and excesses in existing security measures;
- compare the current posture with a determination of the appropriate level of security or protection needed. Recommend improvement in the overall situation.
What are five criteria of good physical security survey reports?
Accuracy,
clarity,
conciseness,
timeliness and
slant or pitch.
What are the two foundational principles of physical security design?
The four D’s (Deter, Detect, Delay, Deny) and
layered security or defense-in-depth.
What are the four D’s?
Deter, Detect, Delay, Deny
What is a defense-in-depth approach?
An Adversary must avoid or defeat a number of protective devices or features in sequence.
What is the purpose of the design concept?
The design concept incorporates the basis of design; it documents the findings, conclusions, and recommendations from any initial surveys, and is the first opportunity to document the project’s design.
What is included in the typical construction documents (CD) phase package?
- CD drawings,
- specifications,
- bill of quantities,
- refined system budgets and
- contract terms and conditions.
What are three types of cost estimates?
Budgetary estimates, preliminary design estimates and final design estimates.
What are four constraints on all security projects?
Scope, schedule, budget, and quality.
What are the basic building blocks of an intrusion detection system?
Sensors
Mechanical CPTED measures may include?
Physical security hardware or electronic systems (also known as target hardening).
Organizational CPTED measures may include?
Involving people or activities rather than equipment per se.
Natural CPTED measures may include?
Involving natural features such as terrain, layout, landscaping and other non mechanical objects.
CPTED tools include…?
- Natural territorial reinforcement;
- natural surveillance;
- natural access control;
- management and maintenance; and
- legitimate activity support
What are the four D’s?
Deter an adversary;
Detect an attack;
Delay an attack; and
Deny access to a target
An effective physical security strategy has four functions?
- Controlling access;
- Observing an area, situation or event;
- Detecting events; and
- Responding to situations
The functions and components of physical security comprise what 3 formats?
Structural;
Electronic; or
Human
The basic tool for gaining a thorough and accurate understanding of a situation is…?
The security risk assessment or security survey.
A comprehensive risk assessment begins by …then it…..and finally….?
-Begins by identifying and valuing assets;
-Then, it evaluates threats to those assets and summarizes and prioritizes revealed risks;
-Finally, risk mitigation measures are recommended and blended into a comprehensive protection strategy.
A gap analysis?
Is used to determine what steps might improve an organization’s capacity to move from a current state to a future state through a risk assessment.
A physical security assessment, also called a security survey, is a form of risk assessment that focuses on what two things?
The R to the PA and P of an org;
The PM (against risk) that are in the realm of PS
1) the risks to the physical assets and property of an organization; and 2) the protection measures (against any risk) that comprise the realm of physical security.
What is the most common and reliable tool for determining adequacy and foreseeability of security measures and programs to counter risks
The security survey.
What is the definition of a security survey?
A TPE of a F and its S and P to A the current L of S, L D and G the d of Pro needed.
A thorough physical examination of a facility and its systems and procedures, conducted to assess the current level of security, locate deficiencies, and gauge the degree of protection needed.
What is the difference between a comprehensive risk assessment and a security survey?
A CRA focuses equally on assets, threats and vulnerabilities while a SS places more emphasis on vulnerabilities.
What is a vulnerability assessment (VA)?
The P of id and q the weak pts of a f…e…v….or person.
A vulnerability assessment is the process of identifying and quantifying the weak points of a facility, entity, venue or person.
What is Delay effectiveness?
Delay effectiveness is measured as the time required by the adversary (after detection) to bypass each delay element.
What is response effectiveness?
Response effectiveness is measured by the time between receipt of a communication of adversary action and the interruption of the adversary action.
What is deployment effectiveness?
Deployment effectiveness is measured in terms of the probability of deployment to the correct location (the adversary’s location) and the time required to do so.
Outside-Inward Approach
An approach to conducting physical security assessments whereby the assessment team takes on the role of the adversary attempting to penetrate the physical defenses of a facility. The team begins outside the facility and approaches the outer perimeter to envision ways to get in.
Inside-Outward Approach
An approach to conducting physical security assessments whereby the assessment team takes on the role of the security professional (defender) and works from the asset or target out toward the outer perimeter. The assessors evaluate each successive layer of security for its ability to deter, detect, delay or deny……and solutions are considered.
Security survey results must be properly reported or applied; the five criteria for good reporting include?
- Accuracy;
-Clarity;
-Conciseness;
-Timeliness,; and
-Slant or pitch
What is the conceptual design, also known as a design concept or schematic phase?
It is the first opportunity to document the project’s design (based on the basis of design and the findings, conclusions and recommendations from any initial surveys.) It is also the ideal time to seek management approval because the team has reached consensus on the scope and sufficient detail has been developed to create an initial budget.
Specifications vs. drawings
Drawings = pl…el…det…..ris…..and hardware sch
Specifications have precedence over drawings, which usually consist of plans, elevations, details, risers and hardware schedules P. 212
What are risers?
Representations of complete subsystems, these schematically demonstrate all the associated devices and components and their interconnecting cables.
Sole source procurement?
Best used when an owner already has a vendor on board and the owner has the capability to perform the security needs analysis and has good knowledge of systems and prices.
Request for proposal?
The most common form of procurement; usually based on a set of detailed design and construction documents setting out cost, schedule, technical ability. etc.
Invitation for bid?
Common form of procurement favored by the government and other organizations who require competitive bidding and then usually select the lowest bidder without negotiation.
What is life-cycle cost?
The sum of the capital cost and maintenance cost over the useful life of the system.