POA Security Management Chapters 2,3,4,7,9 and 10

Question 1

Report of the Nations: 2018 Global study on Occupational Fraud and Abuse, Published by the Association of certified Fraud examiners , divides Fraud into 3 categories that are:

Answer 1

Asset Misappropriation, corruption and financial statement fraud

Question 2

Clark and Hollinger hypothesis the following are used to explain employee theft:

Answer 2

External economic pressure, youth and Work, Opportunity, job dissatisfaction, Social Control

Question 3

Edward Sutherlands theory non-shareable needs theory states that

Answer 3

Criminal behavior is most often correlated with an individuals association with a criminal environment.

Question 4

Donald Cressey’s theory defines the issue of theft/fraud as:

Answer 4

A violation of a position of financial trust, involves individuals having non-sharable financial problems. Theorizes that 3 elements are present prior to a crime occurring. elements are

The perception of a non-shareable problem, An opportunity for a trust violation, A series of rationalizations that allow the individual to justify their behavior as appropriate for the situation.

Question 5

Response Strategy for dealing with insider threat of fraud incident includes:

Answer 5

Convening a quick reaction team, Creating a cross-divisional team to establish thee facts of the case, Investigating why the theft occurred, Conduct a root cause analysis, develop a remediation plan.

Question 6

The following are a model for dealing with Theft and Fraud the elements of the cycle are:

Answer 6

1. Prevention Programs
2. Incident
3. Incident reporting
4. Investigation
5. Action
6. Resolution
7. Analysis
8. Publication
9. Implementation of Controls
10. Compliance Testing and Training

Question 7

Steven Kirby and Edward Kirby share 50 Honest truths about employee theft, including:

Answer 7

No theft no matter how minor should be tolerated or ignored, No one gets caught the first time, Your so called 6th sense is usually pretty accurate so trust it, Virtually every theft or fraud could have been prevented by better management, Tenure is not an insurance against theft, An employees ethical makeup will temper the temptation to steal, Virtually all employees who steal have rationalized behavior, employees who know of unreported thefts are as bad a thief’s.

Question 8

When dealing with Cost effectiveness of Security Programs the following should be taken into consideration

Answer 8

Design,
Installation,
Operation,
It Expenses,
Maintenance and
Replacement

Question 9

Kovacich and Halibozek define Security metrics as:

Answer 9

The process of measuring an asset protection programs cost and benefits as well as its successes and failures.

Question 10

When Security Professionals are presenting metrics to senior Management they should ensure:

Answer 10

-Present Metrics that meet standards
-Tell a story
-Use graphics and keep presentations short
-Present metrics data regularly

Question 11

Promote Security Functions;
The 8 steps to writing a business case:

Answer 11

1. Executive Summary
2. Project description
   3.Buisness Impact
3. Justification
   5.Cost-Benifit Analysis
4. Alternatives and Analysis
5. Recommendations
6. Approvals

Question 12

A investigation is

Answer 12

a process of logically, methodically and lawfully gathering information for the specific purpose of documenting information for the specific purpose of objectively developing a reasonable conclusion based on the facts learned through the process.

Question 13

Corporate of organizational setting investigations generally fall into the following categories:

Answer 13

Documenting incidents
Identifying the cause of undesirable situations where nefarious activity is suspected
Documenting and correlating facts where nefarious activity is suspected
Documenting and correlation facts surrounding misconducted or inappropriate behaviors
Identifying, interviewing or surveilling suspects involved in a crime or misconduct
Compilling informations that proves or disproves an allegation
Allowing a decision to be made regarding an individual or an organization
Preforming threat assessments to help prevent work place, internal or third party violence
Collecting crime data and other material to help mitigate liability and risks to the enterprise.

Question 14

Managing investigations entails basic functions of management which are:

Answer 14

planning
organizing
directing
coordinating
controlling

Question 15

Levels of investigation management are:

Answer 15

Strategic level - high level management involved, legal council

Operational level Technical aspects, how function works within the department

Case level Involves individual investigations investigation techniques and case management protocols.

Question 16

Investigative Process 4 phases:

Answer 16

1. Initiation
   2.Investigation
2. Report findings retain information
3. Final phase addressed the use of the results for statistical analysis , program evaluation, strategic planning, budgetary forecasting (and more)

Question 17

Legal considerations of investigations include the following:

Answer 17

Compliance with laws (Private investigations licensing conduct of investigators)

Compliance with regulatory reporting requirements in applicable jurisdictions

The possibility of civil suite based on allegations of defamation, false imprisonment, false arrest, retaliations and harassment

The possibility of subpoenas to testify produce written records of investigation or both

Question 18

Step of choosing a security consultant:

Answer 18

1. Identify candidates
   2.Invite candidates to submit application
   3.Evacuate applications
2. Interview the top 2 or 3 candidates
3. Negotiate an agreement and finalize the selection

Question 19

EP Program Management involves:

Answer 19

Threat assessment
Vulnerably assessment
risk assessment
Operations

Question 20

In Asset Protection new paradigm shifts have included changes in:

Answer 20

-Changes in Surveillance Technology
-integrated Security Systems
-The scope of Security Professionals Duties
-legal and liability issues
-The regulatory environment
-the use of computers in the security function
-public/private partnerships
antiterrorism
-Convergence
-Global Business relationships

Question 21

In short Asset Protection should involve:

Answer 21

a comprehensive strategy, not just piecemeal elements

Question 22

The 4 ways to manage risk and the 4 D’s are:

Answer 22

Risk Management:
Eliminate, Reduce, Transfer, Accept

The 4 D’s of asset Protection:
Deter, Deny, Detect, Delay

Question 23

IAP (Information Asset Protection) is also known as:

Answer 23

Information Security

Question 24

A milestone in the fight to protect commercial and dual use technologies in the USA was the:

Answer 24

Enactment of the Economic Espionage Act (EEA) of 1996. (federal offense to steal trade secrets) ASIS International and the Proprietary Information Council (now the IPPC) Provided input to write this Act

Question 25

Existing and Protected IAP Threats can include:

Answer 25

Intentional Threats, Natural Threats, Inadvertent Threats,

Question 26

IAP Noteworthy Threats include:

Answer 26

Data Mining, Insiders, Counterfeiting and Piracy

Question 27

According to Trends in Propriety information Loss (ASIS International 2007) top business impacts after a loss are:

Answer 27

Loss of company reputation/image/goodwill Loss of competitive advantage in one product/service Reduce Projected/anticipated return on profitability loss of core business technology or process loss of competitive advantage in multiple products/services.

Question 28

Moberly (2007) states IAP benefits a business as it does the following:

Answer 28

Enhanced Fiduciary oversight, control, and stewardship of key intangible assets Aligns information assets with business operations and the organizations strategic vision Offers more efficient allocation of traditional and IT security resources Allows for more time pursuit of information asset compromises intellectual property rights violations Serves as a leverage in negotiating coverages and premiums for intellectual property (IP) and Information Technology insurance Provides consistency in regulatory reporting of intangible assets Standardizes internal and external handling of intangible assets Identifies key internal and external sources of intangible assets and intellectual capital

Question 29

IAP Professional should coordinate closely with Physical Security staff harmonize efforts in these categories:

Answer 29

Layered Protection (Defense in Depth) Handling of documents and records Protection of Information in Physical form

Question 30

Operations Security OPSEC is:

Answer 30

A system of "information risk management (private sector) Calls for viewing the Big picture , identify gaps that remain despite current security measures, Gaps represent avenues that information security can be compromised either intentionally or inadvertently.

Question 31

If an organization identifies a copyright infringement has been violated response tools include:

Answer 31

Hire legal counsel Inform the proper authorities Conducting investigations, Raids and Seizures Initiating civil litigation, administrative Proceedings, and criminal prosecutions

Question 32

Terrorism is:

Answer 32

An act of violence designed to achieve political end. There is a lack of agreement universally regarding definition. Sometimes use of the word terrorism has led to confusion.

Question 33

Prevalent types of attacks in Cyber Security:

Answer 33

Phishing Ransomware Business email compromise schemes Intellectual Property Theft Attackers Leverage Supply chains