Physical Security Flashcards
What are Bollards?
A short post placed to deflect traffic from an area.
What is the purpose of a security survey?
- Determine and document the current security posture;
- identify deficiencies and excesses in existing security measures;
- compare the current posture with a determination of the appropriate level of security or protection needed. Recommend improvement in the overall situation.
What are five criteria of good physical security survey reports?
Accuracy,
clarity,
conciseness,
timeliness and
slant or pitch.
What are the two foundational principles of physical security design?
The four D’s (Deter, Detect, Delay, Deny) and
layered security or defense-in-depth.
What are the four D’s?
Deter, Detect, Delay, Deny
What is a defense-in-depth approach?
An Adversary must avoid or defeat a number of protective devices or features in sequence.
What is the purpose of the design concept?
The design concept incorporates the basis of design; it documents the findings, conclusions, and recommendations from any initial surveys, and is the first opportunity to document the project’s design.
What is included in the typical construction documents (CD) phase?
- CD drawings,
- specifications,
- bill of quantities,
- refined system budgets and
- contract terms and conditions.
What are three types of cost estimates?
Budgetary estimates, preliminary design estimates and final design estimates.
What are four constraints on all security projects?
Scope, schedule, budget, and quality.
What are the basic building blocks of an intrusion detection system?
Sensors
Mechanical CPTED measures may include?
Physical security hardware or electronic systems (also known as target hardening).
Organizational CPTED measures may include?
Involving people or activities rather than equipment per se.
Natural CPTED measures may include?
Involving natural features such as terrain, layout, landscaping and other non mechanical objects.
6 CPTED tools include…?
- Natural territorial reinforcement;
- natural surveillance;
- natural access control;
- management and maintenance;
- legitimate activity support and
-compartmentalization
What are the four D’s?
Deter an adversary;
Detect an attack;
Delay an attack; and
Deny access to a target
An effective physical security strategy has four functions?
- Controlling access;
- Observing an area, situation or event;
- Detecting events; and
- Responding to situations
The functions and components of physical security comprise what 3 elements?…S…E…H
Structural;
Electronic; or
Human
The basic tool for gaining a thorough and accurate understanding of a situation is…?
The security risk assessment or security survey.
A comprehensive risk assessment begins by …then it…..and finally….?
-Begins by identifying and valuing assets;
-Then, it evaluates threats to those assets and summarizes and prioritizes revealed risks;
-Finally, risk mitigation measures are recommended and blended into a comprehensive protection strategy.
A gap analysis?
-used to determine what steps might improve an org’s capacity to move from a current state to a future state through a risk assessment.
A physical security assessment, also called a security survey, is a form of risk assessment that focuses on what two things?
1) the risks to the physical assets and property of an organization; and 2) the protection measures (against any risk) that comprise the realm of physical security.
What is the most common and reliable tool for determining adequacy and foreseeability of security measures and programs to counter risks
The security survey.
What is the definition of a security survey?
A thorough physical examination of a facility and its systems and procedures, conducted to assess the current level of security, locate deficiencies, and gauge the degree of protection needed.
What is the difference between a comprehensive risk assessment and a security survey?
A CRA focuses equally on assets, threats and vulnerabilities while a SS places more emphasis on vulnerabilities.
What is a vulnerability assessment (VA)?
A vulnerability assessment is the process of identifying and quantifying the weak points of a facility, entity, venue or person.
What is Delay effectiveness?
Delay effectiveness is measured as the time required by the adversary (after detection) to bypass each delay element.
What is response effectiveness?
Response effectiveness is measured by the time between receipt of a communication of adversary action and the interruption of the adversary action.
What is deployment effectiveness?
Deployment effectiveness is measured in terms of the probability of deployment to the correct location (the adversary’s location) and the time required to do so.
Outside-Inward Approach
An approach to conducting physical security assessments whereby the assessment team takes on the role of the adversary attempting to penetrate the physical defenses of a facility. The team begins outside the facility and approaches the outer perimeter to envision ways to get in.
Inside-Outward Approach
An approach to conducting physical security assessments whereby the assessment team takes on the role of the security professional (defender) and works from the asset or target out toward the outer perimeter. The assessors evaluate each successive layer of security for its ability to deter, detect, delay or deny……and solutions are considered.
Security survey results must be properly reported or applied; the five criteria for good reporting include?
- Accuracy;
-Clarity;
-Conciseness;
-Timeliness,; and
-Slant or pitch
What is the conceptual design, also known as a design concept or schematic phase?
It is the first opportunity to document the project’s design (based on the basis of design and the findings, conclusions and recommendations from any initial surveys.) It is also the ideal time to seek management approval because the team has reached consensus on the scope and sufficient detail has been developed to create an initial budget.
Specifications vs. drawings
Specifications have precedence over drawings, which usually consist of plans, elevations, details, risers and hardware schedules P. 212
What are risers?
Representations of complete subsystems, these schematically demonstrate all the associated devices and components and their interconnecting cables.
Sole source procurement?
Best used when an owner already has a vendor on board and the owner has the capability to perform the security needs analysis and has good knowledge of systems and prices.
Request for proposal?
The most common form of procurement; usually based on a set of detailed design and construction documents setting out cost, schedule, and technical ability. etc.
Invitation for bid?
Common form of procurement favored by the government and other organizations who require competitive bidding and then usually select the lowest bidder without negotiation.
What is life-cycle cost?
The sum of the capital cost and maintenance cost over the useful life of the system.
What is color rendering index (CRI)?
Used for:
accurate reproduction and identification of colors,
reflectance of materials and
the directionality of the reflected lighting.
Crime Prevention through environmental design (CPTED) is a set of management tools that target…..?
-Places;
- Behavior; and
- Design and use of space
Three underlying elements of CPTED are….?
-Territoriality;
-Surveillance; and
-access control
CPTED measures may include:
-Mechanical - physical security hardware or electronic systems (target hardening);
-Organizational - involving people or activities rather than equipment;
-Natural - involving natural features such as terrain, layout, landscaping and other non-mechanical objects.
Security personnel are usually…..?
Both the most expensive component of a security program but also the most critical.
Metal Halide lights are best for….?
Providing best color rendition for night lighting.
What are metrics?
They measure the effectiveness and efficiency of an organization’s operations over time….using quantitative, statistical and/or mathematical analysis.
What are the four types of equipment tests?
- predelivery or factory acceptance tests;
- site acceptance tests;
- reliability or availability tests; and
- post-implementation tests.
Physical protection system maintenance is of two main types?
- Remedial -corrects faults and returns the system to normal after a component failure; and
- Preventive - scheduled maintenance to keep components in good working order.
What is intrusion detection?
The process of detecting a person or vehicle attempting to gain unauthorized entry into an area.
What would be the best type of lighting for a hospital parking garage to enhance the CCTV surveillance and monitoring?
LED
A security director wants to test a new, never tested business continuity plan but it is critical the 24/7 manufacturing process is not impacted by the testing. What’s his best approach?
An orientation session followed by a tabletop exercise presented in a narrative format.
A joint effort involving local police crime prevention programs, law enforcement and various community members from residential, commercial and other organizations to focus on high-profile crime issues. Such collaboration encourages information sharing, involvement of stakeholders, elimination of duplicative efforts, and effectively reduces crime. This is best described as….?
A force multiplier.
When selecting a video surveillance system it is important to take a _______________ approach?
A systems approach.
To monitor and measure an organization’s risk management performance, a set of performance indicators should be developed to measure both the management systems and its outcomes. Measurements should be……
Quantitative or qualitative.
Which tool aids in the approaches to the Physical Security Assessment?
SWOT analysis
Project planning involves planning, organizing and ?
Monitoring and controlling resources on a project
All security projects work within the triangle of constraints, which are?
Project scope, schedule and budget
A security project manager can play many roles, including?
-principal decision maker influencing scope and budget;
-design concept creator to solicit support from senior mngmnt;
– budget manager
Which lock is generally used on cars, desks and cabinets?
Wafer
An inventory of key systems should be conducted at least?
Annually
A sentry dog normally does not perform as well at?
gasoline storage areas.
Safes that UL classified must be anchored to the floor or must be…?
750 pounds
Most theft is committed by?
Amateurs
Metrics will help to show the status of a program, identify performance trends, and demonstrate the value of a program’s ……
a program’s effectiveness and efficiency.
The condition of being protected against hazards, threats, risks or loss?
Security
There are two approaches to evaluate security program metrics. One analyzes technical criteria, operational criteria and strategic criteria. The other considers what three factors?
Effectiveness, efficiency and strategic improvement
True or false, equipment performance tests MUST always be coordinated with the appropriate facility personnel.
True
Regarding predelivery/factory acceptance tests the contractor should be informed that written permission of the __________ should be obtained before proceeding with the next phase of testing.
The customer
A formal report should be written after each exercise. It should document the formal review of the appropriateness and efficacy of the organization’s PAPMS plans, processes, and procedures (including nonconformities) and should propose what?
Corrective and preventive actions
Physical protection system maintenance is of two main types and they are?
Remedial and Preventive
What are the five main ways of classifying exterior intrusion sensors?
- Passive/active;
- Covert/visible
-Line of sight/terrain following; - Volumetric/line detection;
- Application
What assessment is performed to establish a baseline of physical protection system effectiveness in meeting goals and objectives. The process is a method of identifying the weak points of a facility, entity, venue or person?
Vulnerability assessment
ABC wants to develop a document outlining the overall intentions and direction of the organization as it relates to managing risk to enhance the resilience and security at ABC. This is also referred to as…?
A policy
This layer of physical security protection for a facility includes protective lighting, intrusion detection systems, locks, signs, barriers such as fencing and building exterior walls and openings and is called?
The middle layer
These do not have to be registered?
Copyrights
This process requires consideration of the three type, tactics, mode of operations, capabilities, threat level and likelihood of occurrence. Threats come from malevolent humans, not accidental (safety-related) events. The process is?
Design-basis threat
What factors affect a dog’s tracking and trailing ability?
Ground type, Weather conditions, Temperature, Conflicting odors, Terrain factors.
What are the six basic application types of exterior security lighting?
Continuous, Glare projection, Standby, Controlled, Portable, Emergency.
What are the five main types of CCTV lenses?
Wide angle, Standard, Telephoto, Zoom, Varifocal.
What are the five types of general security lighting equipment?
Streetlight, Searchlight, Floodlight, Fresnel, High mast.
What types of materials are dispensed in dispensable barriers?
Rigid foam, Aqueous foam, Sticky foam, Smoke or fog, Entanglement devices.
What are the five main types of mechanical locks?
Warded lock, Lever lock, Pin Tumbler lock, Wafer Tumbler lock, Dial combination lock.
The owners of a townhouse complex implemented signage and designed the landscaping to deter unwanted activity and trespassing. They also designed better sight-lines to th children’s playground from the inside of the residences. They intend to enforce a sense of ownership, responsibility and accountability with property owners to increase vigilance in spotting trespassers. In CPTED, this is described as?
Natural Territorial reinforcement
A new multi-level parking garage was designed to increase visibility…both interior to exterior and outside to inside to facilitate witness potential and make the adversary fear exposure is described in CPTED as?
Natural Surveillance
CPTED focuses most on which PPS principle?
Deterrence
Corrected color temperature (CCT)
A measure of the warmth or coolness of a light….measured in degrees Kelvin
The high-intensity discharge (HID) family of lamps include:
Metal halide
Mercury vapor
High-pressure sodium
They require stable voltage levels since they produce light from an arc discharge under high pressure…
Three main characteristics of intrusion sensor performance:
probability of detection (PD)
nuisance alarm rate and
vulnerability to defeat
The effectiveness of a sensor is described by…
Partial Discharge….often less than “1” which would be a perfect probability of detection.
Confidence level - of detection.
When manufacturers state values of PD without stating the CL, they are likely implying a value of at least 90 percent for CL
A nuisance alarm
Any alarm not caused by an intrusion
This sensor absorbs invisible light energy comparing actual energy to established background energy. What type of sensor is this?
Passive Infrared
This sensor can use buried cable or transmitting and receiving signals relying on consistent reception of transmitted or reflected energy. When energy levels change due to a reflection or deflection, an alarm is transmitted. This is called….?
Microwave detection
Visual assessment
Having visual information of an identifying or descriptive nature during an incident.
Surveillance forensics
Having visual information stored in a format that allows the study or review of images.
Visual documentation
Includes various embedded authenticity points - like time/date
Camera Sensitivity
The minimum amount of visible light that is necessary to produce a quality image….as well as invisible light spectrums such as infrared.
Camera Resolution
Measured in the number of horizontal and vertical pixels and defines the image quality from a detail or reproduction perspective.
Mean time between failures (MTBF)?
Measures the average time that equipment is operating between breakdowns or stoppages….helps businesses understand their equipment and if there is a problem.
What characteristics drive the design of alarm communications systems?
Quantity of alarm data
high reliability
speed at which data must be delivered
(Ease of system use by personnel…..not considered.)
