Cards 41-80 Flashcards
(40 cards)
- Two reasons to collect physical security program metrics:.
-provide assurance of program effectiveness
and
-facilitate improvements
- Commonly provides management with a snapshot of the effectiveness and efficiency of a physical security program?
A M S C
A metrics summary chart
- The purpose of a business impact analysis (BIA)?
Is to id______ and ev______ the potential impact of a ________ to operations.
Identify and evaluate the potential impact of a disruptive event to operations.
The purpose of a business continuity management system (BCMS)….?
Enable a company to address Disruptive events by identifying, developing and implementing …C….O….P, P and P…..capabilities, objectives, policies, processes and programs within legal bounds.
- What two things are the foundation for setting up business continuity objectives, targets, programs and plans?
The _______and the ______
The business impact analysis and the risk assessment.
- Name 3 inter-related management response steps that require pre-emptive planning and implementation in case of a disruptive or crisis event?
ER
CP
RP
Emergency response;
Continuity planning; and
Recovery planning
- What is the basis for setting recovery time objectives?
-The results of the business impact analysis
- What is a disruptive event?
An event that is planned or not planned that interrupts activities, operations or functions.
- What is a threat?
-The potential cause of an unwanted incident which may harm…
Individuals;
Assets;
A system
An organization
The environment or
The community
- What is a loss event profile?
-a list of the kind of threats affecting the assets to be safeguarded.
- What is a hazard?
A source of PD or AC…..ass with _________
A source of potential danger or adverse condition. They are generally associated with nature.
- Threats or loss risk events fall into three categories:
Cr
N-C, MM I or ND
EC by R with other O
-Crimes
-non-criminal man-made incidents or Natural disasters
- events caused by an org’s relationship with other orgs
- Two examples of non-criminal threats?
NT
MMT
Natural threats - hurricane, tornado, storm;
Man-made threats and disasters…..like a plane crash….labor strike or power failure
- Six examples of peripheral systems and interfaces?
LSS and P&P
BC and IT in
LR and OS
Life safety systems and policies and procedures;
Building controls and IT Infrastructure;
Liaison relationships and outsourced services;
- What is a consequential event?
-An event that occurs b/c of a relationship between events or between two organizations. The company suffers a loss b/c of that event or relationship.
- How is the probability of a threat occurring decided?
By considering the l______ that a L______ R_____ E______ may occur…..
-by considering the likelihood that a loss risk event may occur in the future.
- What factors determine the probability of a threat?
Historical
Geographical
Political
Economical and
social conditions
- What is a vulnerability?
Any weakness that can be exploited by an aggressor/terrorist or criminal that makes an asset susceptible to damage from Natural hazards or consequential events.
- The 8 Factors to consider in assessing asset vulnerability?
L of B
SP of F
Co-l of KS
In RC From A
In SM
E of AA to a F
HM
P for CD from OC
- lack of backup;
- single point of failure;
- co-location of key systems;
- inadequate response capability from attacks
- inadequate security measures
- Ease of aggressor access to a facility;
- presence of hazardous materials;
- potential for collateral damage from other companies.
- Four levels of risk?
Catastrophic;
High’
Moderate; and
Low
- What level of risk requires treatment at any cost?
Catastrophic
- The level of risk that cannot be further reduced w/o an expenditure of costs disproportionate to benefits is?
High
- The level of risk that is negligible or can be managed with routine procedures?
Moderate
- The level of risk where the org is prepared to pursue/ retain or take based on informed decisions?
Low
