Summary CPP cards Flashcards
What are the main purposes of testing physical security systems and technologies?
To ensure continuous monitoring for performance, effectiveness, and suitability.
What does the ASIS International Risk Assessment standard define security as?
The protection being provided against hazards, threats, risks, and menaces.
How can managers benefit from a Security Metrics Program?
They can view, analyze, compare, and measure program components and staff performance.
What knowledge can security professionals gain from effectively applying security metrics?
Understanding performance, identifying risks, discovering problems, assessing compliance, and leveraging security capabilities.
What are the key aspects included in designing a metrics program for security?
Measurement framework, technical, operational, and strategic criteria evaluation.
What are the three key approaches to evaluating security metrics?
Effectiveness, efficiency, and strategic improvement aligned with organizational objectives.
What questions should be considered when evaluating each element of the security program?
Primary and secondary functions, necessary procedures, processes, tools, and resources.
What is the basic tool for developing an understanding in physical security projects?
Security risk assessment or security survey.
What is the first step in a comprehensive risk assessment?
Identifying and valuing the organization’s assets.
What are the categories that can increase assets’ exposure to the risk of loss?
Physical environment, social environment, political environment, historical experience, procedures and processes, criminal capabilities.
What is a gap analysis used for in the risk assessment process?
To determine steps to improve an organization’s risk assessment capacity.
What is the best method for monitoring and preparing to respond to security risks?
An ongoing risk assessment program.
What is the difference between qualitative and quantitative risk assessment?
Qualitative uses expert judgment, while quantitative uses probabilities and statistics.
When might using a blended approach for risk assessment be appropriate?
When combining elements of qualitative and quantitative analysis is most suitable.
What is the focus of a physical security assessment or security survey?
Risks to physical assets and property, along with protection measures.
What documents are typically included in a bid package?
Contract information, drawings, specifications, hardware schedules, bidder instructions, licenses, terms and conditions, and security-sensitive information requirements.
When should a bidder’s conference or site visit be scheduled?
One week after the Request for Proposal (RFP) is issued.
What is the process after receiving bids for a project?
Evaluate bids for conformance to requirements and financial evaluation, then select a bidder.
What constitutes the initial kick-off meeting for a contract?
Setting the course for scope, schedule, and budget.
What activities are involved in managing the warranty period?
Initiating and evaluating warranty work conformance within the scope and schedule.
What is the focus of the initial phase of a security design project?
Planning and assessment to develop the basis of design and resultant design documentation.
Why is it important to establish a security ‘basis of design’?
To focus on specific project requirements, threats, assets, vulnerabilities, risk assessment, and conceptual design solution.
What are some key elements considered in developing design criteria?
Codes and standards, quality, capacity, performance, features, cost, operations, culture, image, monitoring, and response.
What are the elements of the management process in security projects?
Integration management, quality management, resource management, communications management, risk management, and procurement management.
What are the three constraints under which security projects work?
Project scope, project schedule, and project budget.
What are the basic tasks of physical protection system (PPS) implementation?
Planning and assessment, developing conceptual solutions, preparing design documentation, soliciting bids, and installation.
What are the roles a security project manager may play in the security project process?
Design concept creator, principal decision maker, budget manager, project influencer, stakeholder, and contractor.
What are the phases through which security projects are typically administered?
Project conception, project planning, project design management, project bid process management, and project construction.
What should security projects do to integrate physical, electronic, and operational security elements?
Use available resources to create a cohesive solution to deter, delay, and respond to security incidents.
What is included in the project management process for an integrated PPS project?
Understanding decision makers, defining project scope, budget, schedule, designing the project, and managing the bid process.
What are the two crime prevention operating assumptions related to CPTED?
Crime prevention knowledge is continually developing and interdisciplinary; strategies must be flexible and creative.
How can CPTED measures help prevent repeat victimization?
By quickly removing signs of victimization, improving physical security, blocking easy access to targets, protecting vulnerable targets, and regulating access.
According to routine activity theory, how can the presence of capable guardians deter crime?
Capable guardians may deter crime by their presence.
What is the focus of situational crime prevention?
To manage, design, or manipulate the environment to increase effort and risk for potential offenders while reducing rewards.
What are the four main strategies of second-generation CPTED?
Cohesion, capacity threshold, community culture, and connectivity.
What does CPTED 3-D stand for?
Designation of space, Definition in terms of management and identity, and Design as it relates to desired function and behavior.
What tools apply to the underlying elements of CPTED: territoriality, surveillance, and access control?
Effective training, surveillance (natural/ electronic), and access control (natural/mechanical).
How can security practitioners reduce opportunities for crime through architectural design?
By integrating CPTED features during initial planning and working with appropriate community and professional groups.
What is the focus of access control strategies in physical security?
To deny access to a crime target, create a perception of risk in potential offenders, and include detection, delay, and response strategies.
Name some examples of mechanical access control methods.
Locks, card key systems, special door and window hardware.
Why should a metrics program only be established after introspection and planning?
To ensure measures are properly defined, scoped, collected, analyzed, and applied.
What does SMART stand for in the context of metrics?
Specific, Measurable, Attainable, Repeatable, Time-dependent.
Why should metrics be specific according to the course notes?
To provide actionable intelligence for a clear purpose.
What does it mean for a metric to be attainable?
A metric should not take excessive time to gather to remain effective.
Why is it important for a metric to be time-dependent?
Consistent collection ensures accuracy and meaningful comparison.
How does analyzing physical security systems from an operational perspective help?
It enhances efficiency by addressing system flaws like excessive alarms.
What information do metrics tracking the human element in security programs provide?
Insights into required staffing, costs, and operational efficiency.
How does collecting and analyzing metrics help improve a security program?
It shows program effectiveness and areas for enhancement.
What should acceptance tests of physical security measures simulate?
Actual threat conditions up to site-specific threat limits.
What factors should be considered in determining what tests to conduct on security systems?
Site-specific threats, worst-case scenarios, critical system functions, etc.
What are the categories of expenses in security system procurement?
Bonding, overhead, operating costs, maintenance costs, other costs, and adjustments.
What are the three major forms of security systems procurement?
Sole source, request for proposal (RFP), and invitation for bid (IFB).
When should the type of procurement be selected in the design phase?
Before or at the start of the design phase.
When is sole source procurement appropriate?
When an owner already has a vendor on board.
What is the purpose of a Request for Proposal (RFP) in security systems procurement?
To competitively choose vendors based on factors like cost, schedule, and technical ability.
What is the key feature of Invitation for Bid (IFB) in procurement?
Projects are competitively bid, and the award goes to the lowest responsive bidder.
What should be reviewed when comparing proposal costs?
The life-cycle cost, which includes capital and maintenance costs over the system’s useful life.
What factors should be checked if one proposal’s costs are significantly lower than others?
Mathematical errors, quality of equipment, contractor experience, understanding of the project, and financial stability.
What should be done before making an award decision in procurement?
Check all contractors’ references.
What should the designer attempt to determine during interviews with leading contenders?
Good relationship with contractor’s reps, experience, problem-solving, and working well with other trades.
What should negotiating the final price with shortlisted contractors be based on?
Value.
What is essential for the successful implementation of any physical security construction project?
A well-defined and executed procurement contract.
What are the components of a full-featured access control system?
Credential reader, communication cabling, distributed processor, central database, software, request-to-exit devices.
What is personnel access control used for?
To authorize entry and verify personnel authorization to a controlled area.
How can an access control point be defeated through deceit?
By employing false pretenses to convince security personnel for entry.
What are some common types of credentials used in personnel access control?
Photo identification badges, exchange badges, stored-image badges, coded credentials.
What is the purpose of metal detectors in contraband detection?
To sense contraband using a varying magnetic field over a short period.
What are the basic building blocks of an intrusion detection system?
Sensors that initiate the detection function and indicate intrusion attempts.
What can sensors in intrusion detection systems be based on?
Optical, electronic, electromechanical, or mechanical technology.
What must be included in a VA report to make it understandable to facility management?
Description of facility, defined threats, identified assets, system effectiveness analysis.
How should a VA report be protected and distributed?
Defined in master project agreement for protection and appropriate distribution.
What approach does the assessment team take in the Outside-Inward Approach?
Adversary role, penetration of physical perimeter, envision ways to get in.
In the Inside-Outward Approach, which role does the assessment team take?
Security professional (defender) role, working from asset/target outwards.
What are examples of security layers considered in VA assessments?
Asset/target, container/vault, controlled area, security desk, building perimeter.
What does the Functional (Security Discipline) Approach address in VA assessments?
Addresses each security function or discipline individually.
What does the Security Architecture and Engineering component of VA assessments address?
Design of facilities with security features built in from the start.
What is included in Structural Security Measures in VA assessments?
Overall building structure, physical barriers, locking systems, and lighting.
What does Crime Prevention Through Environmental Design (CPTED) focus on in VA assessments?
Engages planners, designers, architects, law enforcement, for crime prevention.
What does the Electronic Security Systems component of VA assessments encompass?
Access control, intrusion detection, surveillance, communications, electronic systems.
Why is evaluation of security officers and the human element important in VA assessments?
Discuss importance of QA and QC programs in managing security officers.
What are the three primary functions of a Physical Protection System (PPS)?
Detection, delay, and response.