Sec Prin and Mgmt Flashcards
What is the difference between resilience and risk
Resilience takes a forward looking view of risk, fully integrating business and risk management into the organization’s system of management. Risk is viewed as inevitable and having the potential for positive outcomes. Risk is the effect of uncertainty on the achievement of strategic, operational, tactical, and reputational objectives
What resilience promotes within an organization and what it requires
Resilience promotes a perspective of enterprise wide agility and adaptability in a dynamic and uncertain environment. Resilient organization fully integrate a holistic and proactive risk management perspective into good business management practice to enhance their buffering and adaptive capacity. Resilience requires both the convergence of risk disciplines as well as the elimination of and/or collaboration among organizational siloes to have coordinated plan for managing risk throughout the enterprise. Resilience is not something that is inherent to an organization but develops as organizations mature, learn from successes and mistakes, improve their management and decision making skills
Write 4 characteristics of resilience organizations
i. Recognize that change is constant
ii. Consider the organization’s dependencies and interdependencies in assessing risk to the organization and its risks on others;
iii. Integrate proactive risk management into all their decision making process;
iv. Promote situational awareness and monitoring with an emphasis on identifying indicators of change
What do you mean by resilient organization
Being a resilient organization means efficiently tapping into its human, tangible and intangible resources
What is essential to building resilience? How risk can be better managed
Improving communication and consultation skills is essential building resilience. Risk is best managed with on going consultation and interactive communication among stakeholders. A resilient organization will build the mechanisms needed to support both a top down and bottom up flow of information
Explain the importance of empowering people at all levels of organization to achieve organizational resilience
Empowering people at all levels of the organization fosters the sense of inclusiveness and ownership that encourage the sharing ideas. It helps to promote a risk culture where risk makers and risk takers understand that they are also risk owners and risk managers
What basically the Organizational Resilience Management System enables
The organizational resilience management system (ORMS) enables an organization to identify, assess and manage risks related to the achievement of its strategic, operational, tactical and reputational objectives in the organization and its supply chains.
How an Organizational Resilience Management System can be achieved
An ORMS is achieved by developing designing, documenting, deploying and evaluating fit for purpose proactive management strategies needed to achieve current objectives and identify indicators for potential needs for changes
What provide foundation for good governance
Enhanced security and resilience
Key Performance Indicators (KPI)are defined to support achievement of objectives? What KPI drive?
Key Performance Indicators (KPI) are defined to support achievement of objectives. KPI drive a culture of management by measurement for continual monitoring and performance improvement
When an organization cannot maximize opportunities and minimize negative outcomes?
Unless risk is managed effectively, organizations cannot maximize opportunities and minimize negative outcomes
What the system approach basically examines and when component parts of a system can be understood?
The systems approach examines the linkage and interactions between the elements that compose the entirely of the system. Component parts of a system can best understood in the context of their interrelationships, rather than in isolation, and must be treated as a whole
Cultivating what kind of skills enhances resilience builds trust and contributes to protecting the image and reputation of the organization?
Leadership skills at all levels
Why all organizations need to be cognizant of their resource constrain
To prioritize allocation of resource when managing risk
What can influence they way in which the organization will manage risk
Internal and external factors
What is the necessary in order to understand the organization’s value chain?
Identification of people, assets and services that provide tangible and intangible value
When identifying stakeholders’ needs and requirements, what the organization shall determine?
When identifying stakeholders needs and requirements, the organization shall determine:
(a) Requirements and obligations specified by stakeholders
(b) Legal regulatory and contractual obligations as well as other voluntary commitments
(c)Human right responsibilities and impacts relevant to its activities (d) Needs of the local and impacted communities and other stakeholders
(e) Risk management requirements including stakeholders risk appetite
Every organization should define and document criteria to evaluate the significance of risk, what are the elements of the organization should be evaluated by the risk criteria?
The risk criteria shall reflect organization’s values, objectives and resources
Explain a “statement of applicability” in relation to the scope of Organizational Resilience Management System (ORSM)?
A “Statement of Applicability” shall define the relevant risks that apply to the organization’s scope, legal, regulatory, and contractual obligations and operating environment based on its risk assessment. The organization shall implement adaptive, proactive and or reactive measures to manage risk that apply to the organization’s scope, legal, and regulatory and contractual obligations and operating environment.
How top management should provide evidence of active leadership for the Organizational Resilience Management System (ORSM)?
By overseeing its establishment and implementation, and motivating individuals to integrate security and resilience as a central part of the mission of the organization and its culture.
The organization shall establish, implement and maintain a formal and documented risk assessment process including its relevant supply chain partners and subcontractors activities. What kind of steps should be included in risk assessment process?
(a) Asset identification
(b) Risk identification
(c) Risk analysis
(d) Risk evaluation
What is the difference between risk analysis and risk evaluation?
Risk analysis is a systematically method to analyze and determine those risks that have a significant impact on activities, function, services, products, supply chain and others while in the other side risk evaluation is a systematically method to evaluate and prioritize risk controls and treatment as well as their related costs to determine how to bring risk within an accountable level consistent with risk criteria.
What organization should consider conducting the BIA as a separate analysis
The organizations’ where major variations in recovery priorities and or complex interdependencies are present, the organization should consider conducting the BIA as a separate analysis
Why organizations consider integrating a business impact analysis (BIA) into its risk assessment process?
Because a criticality analysis includes estimating allowable down times, potential impacts over time and recovery time objectives as a result organization may integrate a BIA into its risk assessment process
The risk assessment should identify activities, operations, and process that need to be managed. What are the elements should be included from the outputs of risk assessment?
a) A prioritized risk register identifying treatments to manage risk
b) Justification for risk acceptance
c) Identification of critical control points (CCP);and
d) Requirements for supplier, distributor, outsourcing and subcontractor controls
When establishing and reviewing the objectives and targets of organization resilience management system (ORSM), what are the factors an organization should consider?
a) Consistency with the ORMS policy
b) Significant risk
c) Brand, reputation and human right impacts
d) Integrity of information e) Financial, operational, and business requirements
g) Legal, regulatory, contractual and other requirements
How an organization should ensure the integrity of documents?
By rendering them securely backed‐up, accessible only to authorized personnel and protected from unauthorized disclosure, modification, deletion, damage, deterioration or loss
What an organization should establish to effectively pursue opportunities and deal with undesirable and disruptive events?
The organization shall establish planning, security incident management, response and or recovery team(s) with defined roles, appropriate authority, adequate resources and rehearsed operational plans and procedures
Write three functions of response structure in relation to organizational resilience management system (ORSM)?
Identify incident indicators and impact thresholds that justify initiation of a formal response; Assess the natural and extent of a potential undesirable or disruptive event and its impacts; Initiate an appropriate response to avoid, protect, mitigate or manage a potential undesirable or disruptive event
Whenever possible and consistent with jurisdiction laws, regulations and contractual requirements, what should include in the screening process?
a) Consistency with legal, regulatory and contractual requirements
b) Education and employment history review
c) Personal references
d) Military and security services records check e) Review of possible criminal records and others
As part of grievance procedures, how an organization should investigate allegations?
An organization shall investigate allegations expeditiously and impartially with due consideration to confidentially and restrictions imposed by jurisdictional law.
In preparing incident prevention and management procedures, what are the actions an organization should consider?
a) Safeguard life and assure the safety of internal and external stakeholders
b)Protect assets
c) Prevent further escalation of the incident
d) Minimize disruption to operations
e) Restore critical operational continuity and others
What kind of protection strategy an organization should develop to deter, detect, delay and response from risks and threats to the organization and its assets?
The organization shall adopt a “protection in depth” or layered protection strategy to develop a cost effective and robust approach to deter, detect, delay and respond from risk and threats to the organization and its assets
What should be considered when existing arrangement are revised and new arrangements introduced in the incident management procedures?
The associated risks before their implementation and the potential to create new or modify existing risks.
What should be ensured by the incident management procedures
(a) Supply and demand requirements (demand signals) are comprehended incapacity planning
(b) Contingencies and appropriate redundancies provide protection in depth and address single point failures
(c) Processes are in place to validate supply chain responses
(d) There is a feedback loop to know if past risk control and countermeasures are changing as part of design, engineering or process changes, or a decision to outsource certain activities
(e) That planned changes are controlled and the unintended charges reviewed and appropriate action is taken
How an organization should assess the performance and effectiveness of the ORSM?
The organization shall assess the performance and effectiveness of the ORMS by evaluating plans, procedures, and capabilities through periodic assessments, testing, posts incident reports, lessons learned, performance evaluations and exercises
A formal report should be written after each exercise, what should be assessed by this report?
The report shall assess the appropriateness and efficacy of the organization’s ORMS plans, processes, and procedures including nonconformities and should propose corrective and preventative action
To confirm what management should review the organization’s ORSM at documented specific intervals (at least annually)?
To confirm its continuing suitability, adequacy and effectiveness
Through the use of what kinds of elements an organization can continually improve the effectiveness of the organizational resilience management systems?
Through use of ORMS policy, objectives, results, analysis of monitored events, corrective and preventive actions and management review
What is gap analysis? What are the five key areas the gap analysis should cover
A gap analysis will enable the organization to compare its actual performance with the potential performance needed to meet its objective. The gap analysis should cover five key areas:
a) Identification of risks
b) The capacity to identify and pursuer opportunities
c) Identification of applicable legal, regulatory, contractual and other requirements to which organization subscribe
d) Evaluation of existing risk management practices and procedures e) Evaluating previous emergency situations and disruptive events.
What kinds of tools and methods may be required for undertaking a gap analysis
Checklists, conducting interviews, direct inspection and measurement, benchmark against best practices, or result of previous audits or other reviews
How the management systems approach is characterized
The management systems approach is characterized by: a) Understanding the context and environment within which the system operates b) Identifying the core elements of system, as well as the system boundary c) Understanding the role or function of each element in the system; and d) Understanding the dynamic interaction between elements of the system
How the value of an asset and service should be considered in the organization
Value of an asset and service should be considered within the context of how the assets contribute the organization’s achievement of its objectives. In addition, to considering the monetary value of assets, valuation should consider how the assets fits within the value chair of the organization and its relative value in achieving strategic, tactical, operational and reputational objectives
What risk assessment provides
The risk assessment provides a basis for evaluating the adequacy and effectiveness of current controls in place, as well as decisions on the most appropriate approaches to be used in managing and treating risks. It identifies those risks that should be addressed as a priority by the organization’s ORMS. The risk assessment provides the foundation for setting objectives, targets and programs within the management system, as well as measuring the efficacy of the ORMS.
The risk management strategies should be dynamic and monitored and when it should be modified
(a) Outcomes of the risk assessment change;
(b) Objectives and targets are modified or added
(c) Relevant legal requirements are introduced or changed;
(d) Substantial progress in achieving the objectives and targets has been made (or has not been made)
(e) Activities, products, services, processes, or facilities change or other issues arise
The most appropriate risk management strategy or strategies depends on what types of factors?
The most appropriate strategy or strategies should depend on a range of factors such as:
(a) Results of the organization’s risk assessment;
(b) Costs of implementing a strategy or strategies; and
(c) Consequences of inaction
What should be considered by the organization when seeking insurance coverage?
a) The policies and limits to be held by the organization should be specified in the contract;
b) The jurisdiction of the policy and in the event of a dispute;
c) The territorial limitations;
d) Limitations of indemnity;
e) Coverage of all activities, including use of weapons;
f) Activities of subcontractors, and g) Contractual obligations
What is the difference between problem assessment and severity assessment
Problem assessment is an evaluative process of decision making that will determine the nature of the issue to be addressed and severity assessment is the process of determining the severity of the disruption and what any associated consequences
What is the difference between functional exercise and full scale exercise
Functional exercise is walk through or specialized exercise simulating a scenario as realistically as possible in a controlled environment and full scale exercise is live or real life exercise simulating a real time, real life scenario
What a business impact analysis generally provides
A business impact analysis provides a structure approach to gaining information about the critical activities, functions, and processes of the organization and associated resources necessary for an organization to mitigate the impacts of undesirable and disruptive events
What is the purpose of business impact analysis
The purpose of BIA is to determine criticality of business function, estimate maximum downtime that can be tolerated while maintaining viability as well as determine resource requirement to resume critical operations
CPTED relies on what?
Crime prevention design solutions should be integrated into the design and function of the buildings, or at least the location where they are being implemented. CPTED relies on an awareness of how people use space for legitimate and illegitimate purpose.
What is important to choose first for the right physical security measures and apply them appropriately?
To choose the right physical security measures and apply them appropriately, it important to first conduct a risk assessment
What is building envelope and what it serve?
Building envelope: The separation between the interior and the exterior environments of a building. It serves as the outer shell to protect the indoor environment as well as to facilitate its climate control
What is risk assessment?
Risk assessment: The process of assessing security‐related risks from internal and external threats‐to an entity, its assets, or personnel
What is risk management?
Risk management: A business discipline consisting of three major functions: loss prevention, loss control and loss indemnificatory
What routine activity theory suggests?
Routinely activity theory suggests that a suitable guardian will prevent criminal activity from occurring. Criminals will generally avoid targets or victims when police, security, door staff, neighbours or others are in position to observe and react
What is CCT rating?
CCT rating: Corrected Colour Temperature (CCT) is a measure of the warmth or coolness of a light. It is measured in degrees Kelvin which is the Centigrade (Celsius) absolute temperature scale where 0OK is approximately 272OC
What is security survey?
Security survey: A thorough physical examination of a facility and its systems and procedures, conducted to assess the current level of security, locate deficiencies and gauge of protection needed.
What is stand‐off distance or set back?
Stand‐off distance/ set back: The distance between the asset and the threat, typically regarding an explosive threat.
What is tailgating?
Tailgating: To follow closely. In access control, the attempt by more than one individual to enter a controlled area by immediately follows an individual with proper access. Also called piggybacking
When a space will naturally have less opportunity for criminal activity
Natural or Architectural measures Designing of space to ensure the overall environment works more effectively for the intended users; while at the same time deterring crime. A space will naturally have less opportunity for criminal activity when it is effectively used. Poor layout reduces the ability of intended users to apply appropriate measures
Explain progressive collapse
Progressive collapse: Occurs when the failure of a primary structural element results in the failure of adjoining structural elements, which in turn causes further structural failure. The resulting damage progresses to other parts of the structure, resulting in a partial or total collapse of the building
What is risk
Risk: The likelihood of loss resulting from a threat, security incident, or event
What is threat
Threat: An action or event that could result in a loss; an indication that such an action or event might take place
What is throughput
Throughput: The average rate of flow of people or vehicles through an access point
What is token
Token: An electronically encoded device (i.e. a card, key‐fob, etc.) that contains information being read by electronic devices placed within or at the entry and exit points of a protected facility
Based on CPTED, explain organizational measures
Organizational measures: Focus on policies activities that encourage observation, reporting and where appropriate intervention this would include education for individuals and groups of strategies they can take to protect themselves and the space they occupy. It would also entail routine patrol and enforcement by security, law enforcement or others.
Explain natural territorial reinforcement boundary definition
Natural territorial reinforcement boundary definition: Establishing a sense of ownership by facility owners or building occupants to define territory to potential aggressors and to assist legitimate occupants or users to increase vigilance in identifying who belongs on the property and who does not. The theory holds that people will pay more attention to and defend a particular space or territory from trespass if they feel a form of “psychological ownership” in the area. Thus, it is possible‐through real or symbolic markers‐to encourage tenants or employees to defend property from incursion
Wooden fences are used for(a)……………………..Wooden fence’s effectiveness can be enhanced by adding(b)………………………… When utilizing a wood enfence to delay entry, the vertical picket sections must be (c)……………………. and the horizontal sections should be (d),……………………..
a) low‐security applications,
(b) barbed wire, razor wire, or metal spikes,
(c) no wider than 1‐3/4 inches,
(d) 50 inches apart (e) protected side of the building.
The width of the clear zone depends on what? When exception can be made in relation to the clear zone. ?
Wherever possible and practical, a clear zone should separate a perimeter barrier from structures inside the protected area. The width of the clear zone will depend upon the threat that is being protected against. An exception can be made when a building wall constitutes part of the perimeter barrier
Explain four design features of chain‐link fence
The following are some design features that enhance security(Chain Link Fence Manufactures Institute, 1997):
1‐Height: The higher the barrier, the more difficult and time‐ consuming it is to breach. For low security requirements, a 5‐6 ft. (1.5‐1.8 meter) fence may be sufficient; for medium security, a 7 ft. (2.1meter) fence may be appropriate; and for high security (such as a prison), an 18‐20 ft. (5.4‐6.0 meter) fence maybe required,
2-Barbed wire: Barbed wires vary in gauge, coating weight, number of barbs, and spacing of barbs. If chain link or expanded metal fences are intended to discourage human trespassing, barbed wire should be installed atop the fence on an outward facing top guard at a45 degree angle,
3‐Bottom rail: Properly anchored, this prevents an intruder from forcing the mesh up to crawl under it,
4‐ Top rail: A horizontal member of a fence top to which fabric is attached with ties or clips at intervals not exceeding two feet. A top rail generally improves the appearance of a fence, but it also offers a handhold to those installed.
What broken windows theory speaks about?
The “broken windows” theory suggests that an abandoned building or car can remain Unmolested indefinitely, but once the first window is broken, the building or car is quickly vandalized. Maintenance of building and its physical elements (such as lighting, landscaping, paint, signage, fencing and walkways) is critical for defining territoriality
In relation to chain‐link fence what prevents an intruder from forcing the mesh up?
Burying / Mow strip: Burying or installing a mow strip (concrete), in addition to a chain‐ link fabric 1 ft. (0.3 meters) or more, prevents an intruder from forcing the mesh up
What fence or wall can do
Fence or wall can do the following:
1‐Give notice of the legal boundary of the premises,
2 Help channel entry through a secured area by deterring entry elsewhere along the boundary,
3‐Provide a zone for installing intrusion detection equipment and video surveillance system,
4‐Deter casual intruders from penetrating a secured area,
5‐’Force an intruder to demonstrate his or her intent to enter the property,
6‐ Cause a delay in access, thereby increasing the possibility of detection,
7‐Create a psychological deterrent,
8‐ Reduce the number of security officers required,
9‐Demonstrate a facility’s concern for security
Explain the concept of compartmentalization?
Compartmentalization: One of the basic CPTED strategies is to design multiple or concentric layers of security measures so that highly protected assets are behind multiple barriers. Layers of security strategies or elements start from the outer perimeter and move inward to the area of the building with the greatest need for protection. Each layer is designed to delay an attacker as much as possible. This strategy is also known as protection‐in‐depth (Fay, 1993, p672). If properly planned, the delay should either discourage a penetration or assist in controlling it by providing time for an adequate response
Explain double fencing
Double fence: An additional line of security fencing a minimum of10 ft. to 20 ft. (3 meters to 6 meters) inside the perimeter fence creates a controlled area and room for sensors or a perimeter patrol road between the fences
Where welded wire fabric is generally used
Welded wire fabric, which is cheaper than expanded metal, is generally used for lower risk applications.
What affects the amount of protection required
The value of an asset being protected affects the amount of protection required.
Which strategy should be used while selecting physical barriers and the barriers designed to address the specific threats?
A threat basis design strategy should be used when selecting physical barriers and the barriers designed to address the specific threats.
What is the most common perimeter barrier?
The most common perimeter barriers are fencing and walls. However, fences and walls usually only deter or delay entry‐they do not prevent it entirely
Against what Chain‐link fence effective?
Chain‐link fences are quick to install, can be effective against pedestrian trespassers and animals and provide visibility to both sides of the fence.
By using which types of tools chain‐link fence can be breached easily?
Chain‐link fence fabric is made from steel or aluminum wire (which may be coated), which is wound and interwoven to provide a continuous mesh. It can be breached easily with a blanket, wire cutter, or bolt cutter.
What types of protection window film can provide?
Window film can be designed, tested, and applied to:
1‐Providevarying degrees of protection from intrusion or “smash and grab”. It can generally be defeated with repeated attacks,
2‐Reduce injury from projectile shards of glass in case of an explosion or blast force,
3‐Reduceinjury from projectile penetration in case of extreme weather (i.e., hurricane or tornado
Electric security fences consist of (a)……………… supported by posts fitted with insulators. These fences can be (b) ………………for wall top security, or (c) ………….. for high security sites. Most industrial applications are 8ft (2.4m) high with (d) ………
(a) a close wire grid,
(b) simple 5 wire systems,
(c) multi‐zoned systems with up to 50 wires,
(d) 20 wires and are fitted to the inside of the chain link perimeter fence.
What is the difference between deterrent fence and monitored fence
Electric security fences come in two forms:
1) the all live wire “deterrent” fence that relies on the human fear of electric shock; or more commonly
2) the “monitored” fence, where in addition to the fear factor, the fence will detect cutting or climbing of the wires and trigger an alarm. Monitored fences are usually integrated with intruder alarm or access control systems and‐increasingly‐with surveillance cameras.
Most building intrusions are effected through which?
Most building intrusions are effected through doors and windows
Annealed or plate glass has been manufactured to control (a) ……………. such that it can be subjected to fabrication. Regular plate, float, sheet, rolled, and some patterned surface glasses are examples of (b)…………………… Annealed glass breaks into large shards that can cause (c)…………………..and building codes may restrict its use in places where (d) ……………………………………….such as door panels and fire exits.
a) residual stresses
(b) annealed glass.
(c) serious injury,
(d) there is a high risk of breakage and injury
What types of measures can be taken to strengthen the doors
Measures can be taken to strengthen the doors by adding steel plate for reinforcement anchoring frames, and adding kick plates, using set screws in hinges or spot welding hinges
(a) ……………. is composed of two sheets of ordinary glass bonded to a middle layer or layers of plastic sheeting material. When laminated glass is stressed or struck, it may crack and break but the pieces of glass tend to adhere to the plastic materials. It is also the preferred glass type (b) …………………………. It will aid in the protection of building occupants from (c) …………………………………. in the event of an explosion.
a) Laminated glass,
(b) for mitigating blast forces,
(c) glass shattering
(a)……………….. or burglar resistant provides stronger resistance to attack. It is laminated and consists of multiple plies of glass, polycarbonate, and other plastic films to provide (b) ……………………
(a) Bullet‐resistant
(b) many levels of ballistic resistance
Describe working principle of credential‐operated locks?
Credential‐operated locks rely on a unique card or other device being presented to a card reader at a location where the access is being controlled. The system electronically checks the information (including the identification of the cardholder and the time period when access is permitted) on the card and compares it with the information already entry or denies access.
What are the key factors to be considered in hardening a facility?
Key factors in hardening a facility include: 1‐ stand‐off distance, 2‐structural integrity of the premises against attack, 3‐ prevention of progressive collapse,4‐ redundancy of operating systems.
………………………. , a single key operates a series of mechanical locks, and each of those locks is also operated with another key specific to that lock. Since the compromise of a master key can compromise an entire facility, the use of any master key must be strictly controlled.
In a master key system
What type of curtains provides protection from flying materials in an explosion?
Blast curtains are made of reinforced fabrics that provide protection from flying materials in an explosion
What are the measures needed to consider to decide whom to let into a facility and whom to keep out, it is necessary to?
Measures such as:
1‐Tokens or other items in the person’s possession(such as a metal key; a proximity, insertion, or swipe card or a photo identification card),
2‐Private information known by the individual (such as a password or personal identification number,
3‐ Biometric features of the person (such as fingerprint, hand geometry, iris and retinal patterns, signatures or speech patterns)
What types of attack an adversary might adopt to defeat an access control point?
An adversary may use several types of attacks to defeat an access control point:
1‐Deceit: employee to permit entry,
2‐ Direct physical attack: The adversary uses tools to force entry into an area,
3‐Technicalattack: The adversary forges a credential, guesses a personal identification number, or obtains another person’s credential.
Typically what are the purposes of security lighting
Typically, the purposes of security lighting‐discouraging unauthorized entry, protecting employees and visitors on site, and detecting intruders‐are served both outdoor and indoor.
Electronic access control systems validate (a) ……………………….. which can be in the form of something you know, (b) ……………………… or something you carry. Components of central database, software, supplementary interfaces to external systems, and (d)…………………………………
(a) one or more credentials
(b) something that is inherent to you,
(c) communication cabling distributed processor,
(d) applications for request‐to‐exit devices for applicable doors.
How progressive collapse can be prevented?
Prevention of progressive collapse, accomplished by structural design that prevents the loss a primary structural member from causing the further failure of primary structural members beyond the local damage zone.
Mechanical locks – such as door locks, cabinet locks and padlock use an arrangement of physical parts to prevent the opening of the bolt or latch. The two major components in most mechanical locks are the……………………………………….
coded mechanism and the fastening device
. An electromagnetic lock consists of an electromagnet (attached to the door frame)and an armature plate (attached to the door).A current passing through the electromagnet attracts the armature plate thereby holds the door shut. Electromagnetic locks are useful on doors that are (a)………………….and where (b…………… could not be achieved. Electromagnetic locks should be coordinated with (c)………………
(a) architecturally significant
(b) mechanical latching otherwise
(c) with safety codes.
Which types of lamps are the least efficient, the most expensive to operate, and have a short life span?
Incandescent: These lamps are the least efficient, the most expensive to operate, and have a short life span
The quality of IDS and its components greatly affects its usefulness. How deficiencies in IDS can harm a security program?
The quality of IDS and its components greatly affects its usefulness. Deficiencies can harm a security program by causing the system to:
1‐Fail to detect an intruder,
2‐Falsely report breaches(nuisance and unintentional) which generate costly and repeated deployment of security or law enforcement and maintenancepersonnel,
3‐Create excessive false activations so that alarms are ignored or security and law enforcement officers are called unnecessarily. (Many jurisdictions levy fines for excessive numbers of false alarm calls to police,
4‐Provide a false sense of security
The right level or intensity of lighting depends on what?
How intensity of lighting can be measured? The right level or intensity of lighting depends on a site’s overall security requirements. Lighting intensity can be measured within instruments in lux and foot‐candles.
Which light projects a downward circular pattern illumination
Streetlight: This projects a downward circular pattern illumination
Where generally floodlights are used?
Floodlight: This projects a medium to wide beam on a larger area. It is used in a variety of setting including the perimeters of commercial, industrial, and residential areas
What are the advantages of dual technology motion detectors
Dual technology motion detectors are selectable to employ or both micro waves and inferred technologies in a single package. Selecting both technologies reduces the false alarm rate and detection sensitivity
Which type of lamps are energy efficient and have a long life span, but poor colour rendition for video surveillance system. They are often applied on streets and parking lots, and their particular quality of light enables people to see more detail at greater distances in fog?
High‐pressure sodium: These lamps are energy efficient and have a long life span, but poor colour rendition for video surveillance system. They are often applied on streets and parking lots, and their particular quality of light enables people to see more detail at greater distances in fog.
Fresnel: This lighting typically projects a narrow, horizontal beam. Unlike a floodlight, which illuminates a large area, the Fresnel can be used to (a) …………………….. while leaving security personnel concealed. It is often used(b)……………………………
(a) illuminate potential intruders
(b) at the perimeters of industrial sites
Where capacitance devices generally are used
Capacitance devices: Often used with various metallic products such as safes and vaults, these devices detect changes in electrical capacitance) low voltage is applied to the protected items. If an object or person approaches or touched the protected item, the voltage (non‐harmful) discharges, altering the capacitance level and causing an alarm
Which type of lamps are more efficient than incandescent lamps but are not used extensively outdoors, except for underpasses, tunnels, and signs?
Fluorescent: Fluorescent lamps are more efficient than incandescent lamps but are not used extensively outdoors, except for underpasses, tunnels, and signs.
Which type of type of lamps take several minutes to produce full light output and have poor colour rendition for video surveillance, but they have a long life?
Mercury Vapor Lamp
Which type of lamp used at sport stadium, work well with video surveillance and can provide accurate colour rendition?
Metal halide: They are often used at sports stadium because they imitate daylight; for the same reason they work well with video surveillance system by providing accurate color rendition
Which types of lamps have a long life and, similar to fluorescent lamps, are utilized mainly indoors, except for parking structures underpasses, and tunnels?
Induction: Induction lamps have a long life and, similar to fluorescent lamps, are utilized mainly indoors, except for parking structures underpasses, and tunnels.
Name the different types of duress/panic alarms? When these alarms should be used?
Duress/Panic alarms: Wired switches, person‐down devices, wireless pushbutton transmitters, “Lack of Motion” devices, emergency notification call boxes, etc., are some of the device types which are employed to protect personnel by transmitting assistance alarms. These alarms should be of the highest priority level
What should be the functional requirements for a camera
Different functions require different fields of view. For camera functional requirement one most considers three factors:
1‐ target,
2‐activity,
3‐ purpose
What are the functions of network video recorders?
Network Video Recorders (NVR): A NVR is an internet protocol based device that sits on a network. Because they are IP based, NVR scan be managed remotely via a LAN WAN, GAN, or over the Internet.
By using which type of lens it is possible to expand or narrow the field of view providing enhanced viewing flexibility?
A motorized vari‐focal lens is used to expand or narrow the field of view providing enhanced viewing flexibility.
Define time‐lapse (analog) recorder?
Time‐lapse (analog) recorder: These recorders are designed to make a two‐hour cassette record up to 900 hours by allowing‐time to lapse between recorded images. Instead of a full 25 frames (FAL) or 30frames (NTSC) of video information being recorded each second, a time‐lapse recorder may capture only a fraction as many frames. The strongest market for the time‐lapse machine is retail, industrial, and long-term surveillance.
What is the potential drawback to PTZ camera applications?
A potential drawback to PTZ camera applications is that the camera is out of position, unable to capture an event as it is happening. Most PTZ camera applications are used for assessment or video patrol purpose
Coaxial cable is generally sufficient (a)……………. , but it does not work for IP‐based systems (b)………………….
a) for analog cameras
b) without media transformer
Where intelligent video analytics are used?
Intelligent video analytics: Uses can include the recognition of certain events and conditions, such as an unattended package or vehicle, or movement by an animal versus a human being.
When selecting video surveillance system equipment, it is important to use a systems approach as opposed to a components approach. What do you mean by system approach?
Approach as opposed to a components approach. A systems approach examines how equipment will work with other elements of the video surveillance system, with other workplace systems, and with the environment in which it is needed. This approach results in a video surveillance system that operates effectively and satisfies a facility’s needs
What are the elements affect the image quality?
Image quality is also affected by excessive shadows (light to dark ratio), lens glare and backlighting
What is the fundamental tool to most security officer positions?
Keys: A fundamental tool to most security officer positions. Care should be taken to ensure that all keys are accounted for at the beginning and end of shift. Additionally, proper care should be taken so that damage to keys does not occur
What do you mean by frames per seconds?
Frames per Seconds (FPS): Recorders may discard image frames to save storage space. If too many are discarded – that is, if the system records only one or two frames per second then fast moving action may not be captured or items in the scene may seem simply to appear or disappear.
Explain focal length of a lens?
The focal length of the lens determines the size (width and height) of the scene viewed measured in millimeters and are characterized as telephoto standard or wide angle Varifocal lenses are often used in applications that require a zoom capability. The lens’s iris, which opens and close to controls the quantity of light that reaches the camera’s sensing element, may be manual or automatic.
Name the major types of video surveillance cameras
The major types of video surveillance cameras are:
1‐ analog,
2‐IP (Internet protocol),
3‐ Infrared,
4‐ thermal
What can greatly affect a video surveillance system budget?
The availability of power can greatly affect a video surveillance system budget
What do you mean by security convergence?
Security Convergence: However, it is recognized that many security systems are increasingly being equipped with network connectivity to enable them to share a facility’s network infrastructure. Planning for, implementation, and management of converged security solutions often requires partnerships between physical security, IT security, IT, and other corporate or organizational stakeholders.
A concerted effort to address security issues on policy level shows (a) ……………. and that management was aware of such issues and attempted to address them
due‐diligence
In a broad sense, (a) ………………. should be considered part of the security program. Through a (b)……………………… employees should be taught to understand the relationship between security and the organization’s success, learn their obligations under the security program, understand how various security measures support security program objectives, and become familiar with available resources to help with security concerns.
(a) every employee
(b) security awareness program
What is post orders?
Post orders: Post orders, which are sometimes called standard operating procedures, state the essential elements of security officers’ work assignment
What form the basis for corrective action in the event of inappropriate behaviour or underperformance?
Policies and procedures can also form the basis for corrective action in the event of inappropriate behaviour or underperformance.
Policies are generally reviewed, approved, and issued (a) ……………………. of an organization. Once established, they tend to remain in place for an extended period. Therefore they should be aligned with the (b)…………………. of the organization.
(a) at the executive level
(b) overall business objectives
A standard that remains technically voluntary but practically obligatory is
Mixed standard
In drawing up an asset protection program, what is a main consideration in your analysis
Management-buy-in
The most popular means of protecting the asset of a company is
Redundant security scheme
To senior management, the primary factor determining the size or existence of an asset protection programme is
Cost-effectiveness
Three management activities are important in the strategic approach to crime prevention and assets protection according to Fennelly which is this
Planning,
Management,
Evaluation
Removing all the cash from the register in the night to eliminate the opportunity of robbery is an example of
Risk avoidance
How would an asset protection manager justify request for additional funds to support the security program
By demonstrating that consequences to the enterprise in real cost is greater if the level of support for the security program is reduced
An asset protection manager observed dwindling support of his protection program, recommend how renewed sustenance can be achieved from senior management
Evidence of losses avoided through security countermeasures
Which are the alternative service providers in private/public policing concept
Private police
Civilian employees of police agencies
Auxiliary (Volunteer) officer
When planning for security, what should the asset protection professional always consider
Organization’s culture
The return on the implementation of an effective security countermeasures can be measured by applying what
Efficiency VS cost
A fundamental template for the direction that defined and support an organizations long term goal is
Organizational strategy
The primary resource of an organization is
People
When developing policies, the asset protection professional should
Work closely with the manager whose team will be most affected by the policies
Vision
Specific description of where the business will be in the long-term
Quality’
Conformance to customer requirement
In defining a business purpose and mission the first and most crucial question according Peter Drucker
Who is the customer
A more concrete statement by which a business specifies its type of product or services and level of quality is
Mission
The most valuable resource of an organization is
Employees
When an organization communicates its strategy through a specific description of where the business will be in the long-term this is
Vision
The main reason for ‘‘blind-ad’’ is
For hiring skilled, technical and non-entry managerial level personnel
The recommended way to reduce the labor to deal with many resumes submitted in response to a public listing is
Hire external recruiters
What are the basic characteristics with regards to policies
Policies cover items the organization monitors and expects employees to confirm
Some policies are driven by government regulations
Not all policies have written procedures
Policies should be useful and simple and should not over load employee
The most visible component of the HR department is
Staffing
The possibility of loss resulting from a threat or security incident is
Risk
Awareness program purpose whose effort is prime one directed towards executive management is
Understanding the relationship between asset protection and successful operation
Factors instigating changes in concepts techniques and philosophies of asset protection are
Threat mutation
Technology advances
Transformation of business around the world
The planning stage in the cycle of ISO management system (PLAN-DO-CHECK ACT) entails
Identifying and analysing the organization problems
The first action of a security manager before organizing a training program
Taking into account adult learning style and current instructional design modules
A security manager can gain insights into countermeasures that may prevent future losses by what means
Tracking and analyzing incidents
When selecting countermeasures, each countermeasure should be weighed against what criteria
Likelihood of preventing losses
Cost of implementation
Value of avoided losses
A factor that must always be considered in the development of asset protection strategies is
Human factor
In the U.S the administrator and coordinator of the U.S private sector voluntary standardization system is
ANSI
In ISO the main committee working on security and addressing security business continuity, crisis management and emergency response is
ISO/TC 223 societal security
Which ISO standard is globally recognised as a cross-sector program management system concerning quality
ISO 9000
The most famous management system standard used by more than a million organizations in 161 countries is
Quality management systems
Environment management system
What aspect of communicating a business strategy is ‘‘SMART’’
Objectives
When does the greatest protection of corporate assets occur
When the appropriate mix of physical, procedural and electronics security measures are in place in relation to the value of the assets being protected
In security what are the assets requiring protection
People
Property
Information
Integration of traditional an information system security functions is
Convergence
The function of risk management in relation to asset management is
Manage risk by balancing the cost and benefits of protection
The change in asset protection is increasingly based on what
The principle of risk management
Which areas in asset protection are there paradigm shift
Surveillance technology
Public/private partnership
Convergence
In asset protection the period between major paradigm shift has
Decreasing
What is the alternative name of business ethics
Applied ethics
What will aid security professional to better be positioned to measure their departments effectiveness and report back to senior management
An incident reporting system
What is organizational culture
Pattern of shared basic assumption that the group learned
Who does professional ethics meant to serve
Serves as guideline for ethical conduct of all non members of a professional group
What is considered the basis of a security management plan for an organization
Information collection
What can guide both content and delivery methods for security training and awareness program
Behavioural theories
Who should the liaison security officer in a remote location report to
Security manager at the headquarters
The job of managing which of the correct sequence of basic functions
Planning,
Organizing,
Directing,
Coordinating
Controlling
The principle suggest that a single person can supervise only a limited number of staff members effectively
Span of control
A strategic approach to managing assets protection program which involves developing strategic goals and objectives and organization vision
Planning
The cause of a possible loss from an insurance perspective is
Peril
How can a security manager justify continuous funding of his operation
Demonstrate that the real cost to the enterprise would be greater if the level of support for security activities is reduced.
During a security department meeting which of the following is not an appropriate action the security director should take
Make operational decision
A business That conducts a good housekeeping and keeps valuable material from being concentrated in a high-hazard locate is practicing what
Risk spreading
When using software for security incident capture what is key consideration
Ensure that software aggregates the data for analysis
In asset protection, what is best described as the implementation of standards that when constantly applied control loss
Security
What are the causes of alarms on an organization
Age of equipment
Lack of training and familiarity with fire alarm system
Lack of communication between staff and contractor working in the building
An incident reporting system affords two benefits to an organization, one is, it provides a history of events occurring to the organization which is the other
Provides a basis for professional efforts at asset recapture, recovery or incident reduction or termination
Organizations without incident database can gain some of the benefits of a database by which of the following
Forming an asset protection committee to develop an asset protection committee to developing an asset protection plan
Producing good results for the money spent is
Cost-effectiveness
For security professional, the recommended method of calculating the return-on-investment is
Avoided losses plus recoveries made divided by the cost of the security program
Through the application of metrics, what are security managers better able to show
Cost-effectiveness of the asset protection program
What can a security manager achieve by avoiding costs or expense through the use of asset protection resources
Cost-justification
What process will a security manager use in measuring the cost and benefits as well as the successes and failures of the asset protection program
Security metrics
The performing of an analysis of the potential areas of loss is the first step in good security planning. This is called
Profile
In asset protection a requirement of balancing expenditure against results and revising the plan as needed is called
Cost-effectiveness
Which is the least expensive countermeasure that can be employed in an asset protection program
Procedural controls
A standard profitability ratio that measures how much net income the business earns for each dollar invested is
Return-on-investment
In the development of the security budget, what are the categories of expenses the security professional should consider
Salaries
Operational
Capital
How would a security manager justify the cost of the asset protection program in the organization
Establishing that the probable real looses would not occur if the proposed asset protection measures were adopted
The recognition of threats as they relates to an organization’s operation is a goal of what
Risk analysis
What is the cyclic operating principle of ISO management system standard
Plan-Do-Check-Act
To maximize cost-effectiveness a security manager should do what
Ensure security budget expenditures are aligned with budget implementation plans
What is modern organization now more interested in, than trying to buy insurance to cover every possible risk facing an organization
Preventing losses
comprehensive analysis of a business risk and pure risk in the insurance world is called
Portfolio theory
What is used to increase or decrease the coverage of the standard policy
Endorsements
Riders
List what are the recommended actions of a security manager in the departmental meeting
Set the directions
Establish a professional setting
Establish open exchange of information with subordinates
When is training of employees considered more effective
When employees can relate to the information presented and the way it is presented
What is the major concern of a first line manager
Performance
The lowest of the Maslow hierarchy of needs is
Physiological
Forecasting individual loss events that may occur is the first step in dealing with what
Risk assessment
The impact or gravity of a loss event on an organization is referred to as
Criticality
Criticality is mostly measured in what
Financial terms (Currency)
If a loss would have a noticeable impact on earnings as reflected in the operating structure and would require attention from senior executive management. What would such rating be
Moderately serious
Producing a major component of an equipment in more than one site of a company is referred to as
Risk spreading
The level of employee who would be more concerned with the implementation of organizational policies are
First line managers
Why does management develop appropriate administrative practices in an organization
Implement its strategies
Determining whether business processes accurately reflect the organization is a product of what study
Key metrics and performance indicators
Why an organization exist and how it will maintain itself as a profitable viable entity is defined by
Organizational strategy
Effective security managers are those that are recognized within their organization as
Business partners
A company that wants to reduce the current state of its business, will look at which directions
Products offered
Financial results
Markets targeted
The clearest distinction between public and private policing is
Source of authority
The most profound distinction between private and public police is
The person to whom the service is intended
What are amongst the most important issues that a business principle must address in other to define how an organization functions
Human resource requirement
Knowledge management
Corporate structure
A significant distinction between public and private policing is
Cost
Perhaps the most important distinction between private and public policing is
Delivery system
If an incident happens and it is asserted that the business or property owner should have reasonably known that a criminal would commit a crime within the property what claim can be made by the victim of such crime
Negligence
There is ample evidence that private firms can deliver more efficient services at lower cost saving are typically based on all the following except
More flexible use
Richer array of incentives and penalties
More precise allocation of accountability
Less constraint on process and more focus on results
Strategy requires looking at the business not only in the moment but also what period
3-5 years ahead
List the concepts that form the foundation for any asset protection strategy
The five avenues to address risk
Balancing security and legal consideration
The five D’s
Success in the management of asset protection depends on the proper balance of three managerial dimension which are
Technical expertise, management ability, the ability to deal with people
The real value of cost-effectiveness data gathering lies in what
Making periodic cumulative reports, to senior management on avoided cost
When conducting an analysis of the potential source of threats, the tool a security manager can use to determine the sources of such threats is called
SWOT
The ultimate value of incident reporting lies in what
The opportunities it creates for avoiding future incident, events and losses
What can best provide the asset protection manager with the data on which to base security decisions
Incident reports
The metrics for evaluating employee’s job performance should align closely with
The organizational strategy
In recruiting, skills which are most valuable for the job position, should be identified in which of the following
Job requirement analysis
When developing a strategic objectives for the asset protection program, which of the following should an asset protection professional use
WAEC-UP
