Security Principles Flashcards
What is the difference between asset protection and security?
A. Asset protection’s main aim is to reduce losses, whereas security may also fulfill a compliance function.
B. Asset protection is defined at corporate level, whereas security is more often organized at local (site) level.
C. Asset protection includes all security risks, as well as related functions, such as investigations, risk management, safety, compliance, etc.
D. Asset protection relies on the whole organization whereas security is limited to a dedicated department.
C
ESRM is a strategic approach to security management that ties an organization’s security practice to its overall strategy using globally accepted, established risk management principles.
When following the ESRM strategic approach, who has the responsibility for final security decisions?
A. The departmental head.
B. The asset owner.
C. The Chief Executive Officer.
D. The Chief Security Officer.
B
A standard is a set of criteria, guidelines, and best practices that can be used to enhance the quality and reliability of products, services, or processes.
Which statement is true regarding standards?
A. Standards must be complied to.
B. Standards are voluntary.
C. Standards are regulated by government.
D. Standards are compulsory.
B
A management system provides the framework for continual improvement to increase the likelihood of achieving strategic, operational, tactical, and reputational objectives while enhancing the resilience of an organization.
What is not a term used for the operating principle of ISO’s management systems standards?
A. Assess-Protect-Confirm-Improve model.
B. Standard Operating Procedures (SOP).
C. Deming circle.
D. Plan-Do-Check-Act cycle (PDCA).
B
A framework for viewing the underlying principles of asset protection states that three concepts form a foundation for any asset protection strategy. One of those concepts is known as the Four Ds.
What is the first objective in protecting assets in the Four Ds security approach?
A. To deter any type of attack.
B. To reduce losses.
C. To delay any attack.
D. To detect adversaries on the outside.
A
Management system standards are designed to help organizations improve the ways in which they provide services and perform processes; they are widely accepted and used in many fields and disciplines.
Which stakeholder group drives the (ANSI/ISO/etc.) standards development process?
A. Corporations.
B. Standards users.
C. Governments.
D. Certifying bodies.
B
Risk assessments should identify risks, quantify them, and prioritize them according to the organization’s criteria for risk acceptance. The results of the assessment should help in selecting and prioritizing actions for managing risks.
Loosely formulated, what three questions should a risk assessment attempt to answer?
A. Which risks are low? Which risks are medium? Which risks are high?
B. What can go wrong? What is the likelihood it would go wrong? What are the consequences if it would go wrong?
C. What risk can be transferred? What risk can be reduced? What risk can be avoided?
D. What is the risk? What is the likelihood? What is the impact?
B
Protection occurs with an appropriate mix of physical, procedural, or electronic security in relation to the assets protected. What is most correct?
A. This will provide complete protection.
B. This creates an effective defense-in-depth asset protection program.
C. This is known as convergence.
D. This will be the most cost-effective mix of protection measures.
B
Which (risk) approach relies on probabilities and statistics using mathematical formulas and calculations to interpret numbers, data, and estimates?
A. Inductive approach.
B. Qualitative approach.
C. Deductive approach.
D. Quantitative approach.
D
What is described below?
A physical examination of a facility and its systems & procedures to assess the current security level and the required protection level is a ………. Physical security professionals should be intimately familiar with ………. because these form the basis for any physical security project, are the largest portion of field work used to collect data and accumulate evidence to support countermeasures.
A. Loss Event Survey.
B. Vulnerability Analysis.
C. Risk Analysis.
D. Security Survey.
D
Which type of insurance is described by: “provides coverage against losses that are caused by your employees’ fraudulent or dishonest actions”?
A. Indemnification bond.
B. Surety bond.
C. Fidelity bond.
D. Liability bond.
C
To senior management, cost-effectiveness is a primary strategic factor. Anecdotal evidence of the efficiency of asset protection in a given business line is interesting, but in the final analysis the activity must be measurable in financial terms.
Loosely formulated, what is the goal of a cost-benefit analysis?
A. To calculate the value, amount or numbers of losses recovered.
B. To establish a baseline for budgeting.
C. To identify the optimal level of risk reduction at the best value available.
D. To calculate the cost of the security program.
C
There are several ways that security and protection professionals can manage risks. One of those concepts is known as the four ways to manage risk or the risk mitigation strategy.
Which of the following is not one of those risk mitigation strategies?
A. Reduction.
B. Assessment.
C. Avoidance.
D. Transfer.
B
What is an important, but often overlooked, feature of an effective security awareness training program?
A. They engage staff and let them have fun.
B. They are always a mix of an online, offline, and practical method of training.
C. They start with outlining the obligations of staff according to the security policy.
D. They should be conducted by experienced security staff.
A
In some places, security officers may take on a community protection role in high-crime housing developments. In other instances, private security officers fill traditional policing roles. This is also known as private policing.
What is usually the reason behind the use of private policing?
A. Private firms can deliver more efficient services at a lower cost than public forces.
B. They are not perceived as threatening.
C. They may not be armed.
D. Private firms have more funds available than public forces.
A
What is the principal value of security awareness to executive management?
A. A reduction in liability in case of losses or other security incidents.
B. Awareness of the program’s financial contribution to the bottom line, i.e., what would the cost of loss be without implementing the security program.
C. Easier execution of security policies, procedures, and instructions.
D. The reduction of the number of potential losses or security incidents.
B