Security principles and practices

Question 1

What are indirect costs of security?

Answer 1

Harm to reputation,
Loss of goodwill,
Loss of employees,
Harm to employee morale.

Question 2

What members should comprise a vulnerability assessment team?

Answer 2

Security specialist (leader), 
Security systems engineer, 
Response expert,
Data analyst,
Operations representatives,
Subject matter experts (E.g. locksmiths, technical writers, legal experts).

Question 3

What is the goal of a vulnerability assessment?

Answer 3

To identify physical protection system (PPS) components in the functional areas of detection, delay, and response and to gather data to estimate their performance against particular threats.

Question 4

What are the three primary functions of a physical protection system (PPS)?

Answer 4

Detection,
Delay,
Response.

Question 5

What are the two key measurements for the effectiveness of the detection function of a physical protection system (PPS)?

Answer 5

Probability of sensing adversary action,

Time required for reporting and assessing the alarm.

Question 6

How is the response function of a physical protection system (PPS) measured?

Answer 6

The response function of a PPS is measured by the time between receipt of a communication of adversary action and the interruption of the adversary action.

Question 7

What is the vulnerability assessment team’s primary job as it pertains to a physical protection system (PPS)?

Answer 7

To determine security system effectiveness.

Question 8

What are the two basic analytical approaches to a risk assessment?

Answer 8

Compliance based,

Performance based.

Question 9

What is the formula for residual risk?

Answer 9

R = T x A x V

where

R = residual risk
T = threat
A = asset to be protected
V = vulnerability.

Question 10

A well engineered physical protection system (PPS) exhibits which three characteristics?

Answer 10

Protection in depth,
minimum consequence of component failure (redundancy),
balanced protection.

Question 11

What are the three contributors to cost of replacement?

Answer 11

Purchase price or manufacturing cost,
Freight and shipping charges,
Make ready or preparation cost to install it or make it functional.

Question 12

What is the formula for lost income cost?

Answer 12

I = i/365 x P x T

where

I = income earned,
i = annual percent rate of return,
P = principal amount (in dollars) available for investment,
t = time (in days) during which P is available for investment.

Question 13

What is the cost of lost formula?

Answer 13

K = (Cp + Ct + Cr + Ci) - (I-a),

where

K = criticality, total cost of loss,
Cp = cost of permanent replacement,
Ct = cost of temporary substitute,
Cr = total related costs,
Ci = lost income cost,
I = available insurance or indemnity,
a = allocable insurance premium amount.

Question 14

What are the elements of a systems approach to developing a physical protection system (PPS)?

Answer 14

Assessment of vulnerability,
Implementation of countermeasures,
Evaluation of effectiveness.

Question 15

What three questions does a risk assessment attempt to answer?

Answer 15

What can go wrong?
What is the likelihood it would go wrong?
What are the consequences?

Question 16

What four questions does risk management attempt to answer?

Answer 16

What can be done?
What options are available?
What are the associated trade-offs in terms of costs, benefits, and risks?
What are the impacts of current management decisions on future options?

Question 17

What is the design basis-threat?

Answer 17

The adversary against which the utility must be protected. It is used to help design and evaluate a physical protection system (PPS).

Question 18

What are the three general measures of valuing assets?

Answer 18

Cost,
Consequence criteria,
Policy.

Question 19

What is the difference between asset protection and Security,

Answer 19

Asset protection includes all security functions, as well as related functions such as investigations, risk management, safety, compliance, and emergency management.

Question 20

Assets protection is increasingly based on what principal?

Answer 20

Risk management.

Question 21

What are the five avenues of addressing risk?

Answer 21

Avoidance,
Transfer,
Spreading,
Reduction,
Acceptance.

Question 22

What are the five D’s of security?

Answer 22

Deter,
Deny,
Detect,
Delay,
Destroy.

Question 23

What four major areas does assets protection cover in the telecommunications sector?

Answer 23

Information security,
Network/computer security,
Fraud protection,
Physical security.

Question 24

What are the five forces shaping assets protection globally?

Answer 24

Technology and touch,
Globalization in business,
Standards and regulation,
Convergence of security solutions,
Homeland security and the international security environment.

Question 25

According to Davidow and Malone, what is the centerpiece of the new global economy?

Answer 25

The virtual product, where major business functions are outsourced with hardly any internal departmentalization.

Question 26

What are the three managerial dimensions of assets protection?

Answer 26

Technical expertise,
Management ability,
Ability to deal with people.

Question 27

What are the two general types of insurance?

Answer 27

Property,

Liability.

Question 28

What are the three classifications of loss in insurance policies?

Answer 28

Direct loss,
Loss of use,
Extra expense loss (e.g. cost of defending a liability suit or paying a judgment).

Question 29

What are the five basic coverages of a crime insurance policy?

Answer 29

Employee dishonesty bond,
Money and securities coverage inside the premises,
Money and securities coverage outside the premises,
Money order and counterfeit paper currency coverage,
Depositors’ forgery coverage.

Question 30

For insurance against business interruption, what are the two types of valuation methods?

Answer 30

Actual loss sustained,

Valued loss.

Question 31

In Pastor’s public/private, substitute/supplement model of policing, which cell represents the rarest scenario?

Answer 31

Public/substitute.

Question 32

What three factors are driving the growth of private policing?

Answer 32

Economic and operational issues,
(Fear of) crime and violence,
Order maintenance.

Question 33

What is the optimal relationship between police and private security?

Answer 33

Institutionalized coordination and cooperation through structural and contractual relationships.

Question 34

What was the purpose of the Hallcrest reports?

Answer 34

To compare the US security industry to public law enforcement quantitatively.

Question 35

What is the most significant distinction between public and private policing?

Answer 35

Cost.

Question 36

What are the main costs that make public policing more expensive than private security?

Answer 36

Police officer salaries and benefits,
911 calls,
Alarm response,
Alternative services such as traffic control.

Question 37

What are the four explanations for cost savings when using private security versus public police?

Answer 37

More flexible labor,
Richer incentives and penalties,
More precise allocation of accountability,
Less constraint on process, more focus on results.

Question 38

What five categories of distinction between public and private policing were identified by Carlson?

Answer 38

Philosophical (public police have more moral authority),
Legal (private police have limited power of arrest),
Financial (private police cost less),
Operational (private police are more flexible),
Security/political (private police give citizens more control over their safety by augmenting public police efforts).

Question 39

What is the most important distinction between public and private police?

Answer 39

The delivery system (government versus corporations).

Question 40

Where is it common for private security to supplement police in a public environment?

Answer 40

Business improvement districts.

Question 41

What is likely to be the key component for alternative security providers in the future?

Answer 41

Order maintenance operations.

Question 42

What is the best practice for security officer training?

Answer 42

Develop a training curriculum that focuses on the particular role or function to be performed.

Question 43

What are the types of security consultants?

Answer 43

Security management consultants (Largest group),
Technical security consultants,
Forensic security consultants.

Question 44

What are the best sources for finding security consultants?

Answer 44

Colleagues,
Security associations,
Industry specific associations.

Question 45

As a rule of thumb, what kind of travel allowances should a consultant receive?

Answer 45

The same as those given to members of the client’s senior management.

Question 46

Who does a company typically assign to serve as project coordinator for a security consultant?

Answer 46

The CSO or vice President of security.

Question 47

What is the emerging trend in consultant fees?

Answer 47

Project based pricing rather than hourly fees.

Question 48

In all industries, what are the most consistent predictors of theft?

Answer 48

The employee’s access to property and the perceived chances of being detected.

Question 49

To what three issues should an organizational resilience management policy reflect senior management’s commitment?

Answer 49

Compliance with legal requirements;
Prevention, preparedness, and mitigation of disruptive incidents;
Continual improvement.

Question 50

With which four ISO standards is ASIS’s Organizational resilience standard aligned?

Answer 50

IS0 9000,
ISO 14001,
ISO 27001,
ISO 28000.

Question 51

According to ASIS’s CSO standard, how many years of direct experience at a senior level should a CSO applicant have?

Answer 51

3 to 5 years.

Question 52

What workers are most likely to steal electronics components in manufacturing environments?

Answer 52

Engineers.

Question 53

What is a surety bond?

Answer 53

Insurance that protects an organization if there is a failure to perform specific tasks within a certain time period.

Question 54

Turnover costs run to what percentage of a security officer’s salary?

Answer 54

25% or more.

Question 55

What are the seven key skills of a CSO?

Answer 55

Relationship leader,
Executive leader,
Subject matter expert,
Governance team leader,
Risk executive,
Strategist,
Creative problem solver.

Question 56

According to Donald Cressey, what are the three factors leading to fraud?

Answer 56

Perceived non-shareable financial problem,
Perceived opportunity for a trust violation,
Series of rationalizations to justify behavior.

Question 57

What is Edwin Sutherland’s theory of crime?

Answer 57

Criminal behavior is most often correlated with a person’s association with a criminal environment, according to Sutherland.

Question 58

Which two characteristics must a lost event have before Security countermeasures can be planned?

Answer 58

A measurable loss,

A loss that did not result from speculative risk.

Question 59

What is the formula for loss event probability?

Answer 59

P = f/n

Where

P = The probability that a given event will occur,
f = The number of actual occurrences of that event,
n = The total number of experiments seeking that event.

Question 60

What is the first step in a qualitative general security risk assessment?

Answer 60

Understand the organization.

Question 61

What are useful categories for security data analysis?

Answer 61

Claims avoided,
Proofs of loss,
Recovered physical assets,
Uninsured claims or causes of action.

Question 62

What types of incidents should an asset protection program consider?

Answer 62

Major incidents and events, as well as incidental cost avoidances and asset or value recoveries that occur in the course of operations.

Question 63

What percentage of business failures result from employee theft?

Answer 63

The US Chamber of Commerce estimates that 30% of business failure result from employee theft.

Question 64

What percentage of revenues do US businesses lose to fraud?

Answer 64

US organizations lose 6% of their annual revenues to fraud.

Question 65

In the retail industry, how much greater in dollars is employee theft than shoplifting?

Answer 65

Employees steal 15 times as much as shoplifters.

Question 66

In food service, employee theft imposes how much of a tax on every dollar spent?

Answer 66

Employee theft in food service is equal to a 4% tax

Question 67

What items are most frequently stolen by employees?

Answer 67

Time,
Finished goods,
Scrap and waste,
Intellectual property.

Question 68

What hypotheses did Clark and Hollinger posit to explain employee theft?

Answer 68

External economic pressures,
Youth,
Opportunity,
Job dissatisfaction,
Social control.

Question 69

According to Clark and Hollinger, what fraction of employees admitted to stealing from their employer?

Answer 69

1/3 of employees reported stealing from their employer.

Question 70

Who commits most workplace property theft?

Answer 70

Employees with the greatest access to the property and least perceived chance of detection.

Question 71

Who commits the most theft in hospitals?

Answer 71

Nurses.

Question 72

What is the most consistent predictor of theft in all industries?

Answer 72

The employees perceived chance of being detected.

Question 73

According to Joseph Wells, what three factors are present in every fraud?

Answer 73

Financial pressure,
Opportunity,
Justification.

Question 74

What is “lapping?”

Answer 74

Lapping is pocketing small amounts from incoming invoices payments and then applying subsequent payment to cover the missing cash from the previous invoice, and so on.

Question 75

Which of the three “shuns” (termination, prosecution, restitution) does the victim most good?

Answer 75

Restitution.

Question 76

According to Louis and Maxwell, levels of fear are the greatest when there is a concern about which two factors?

Answer 76

Crime,

Instability.

Question 77

What is the principal value of security awareness to executive management?

Answer 77

Awareness of the security program’s financial contribution to the bottom line.

Question 78

What is the primary purpose of a security awareness program?

Answer 78

To educate employees on how to protect company assets and reduce losses.

Question 79

What are the features of the most effective security awareness training programs?

Answer 79

They engage staff and let them have fun.

Question 80

What are the six main obstacles to an effective security awareness program?

Answer 80

Low credibility of security department,
Organizational culture,
Naïveté,
Perception of a minimal threat,
Departmental/employee indifference,
Lack of reporting capability

Question 81

Through what measures can security departments create positive contacts with staff to promote security awareness?

Answer 81

Conducting home protection clinics,
Lending property marking devices,
Offering group purchases of alarms,
Conducting personal protection programs,
Conducting cyber security awareness programs,
Conducting children’s fire prevention campaigns.

Question 82

What are the three organizational models for security forces?

Answer 82

Vertical or hierarchical,
Shamrock,
Network.

Question 83

What is the hierarchical model of organizational structure?

Answer 83

In the hierarchical model, authority comes from the top and flows down three series of managers to the front line staff.

Question 84

What is the Shamrock model of organizational structure?

Answer 84

In the shamrock model,
Leaf one represents a small core of professionals and managers who skills are critical to the organization,
Significantly larger, the second leaf consists of third-party suppliers with special expertise,
The third leaf consists of part time and temporary workers who are employed as needed.

Question 85

What is the network model of organizational structure?

Answer 85

In the network model, employees are connected not just to their immediate supervisor and their direct reports, but too many others in the organization; people come together for particular tasks and disband or re-organize as needed.