Chief Security Officer CSO - Class 1,2,3 Domain 1 Flashcards by Glenn Seward

Human Resources and Intellectual Assets
Ethics and Reputation
Financial Assets
Information/ Data
Transportation, Distribution, and Supply Chain
Legal, Regulatory, and General Counsel
Facilities and Premises
Environmental, Health, and Safety
Vendor/Outsourcing

Model Profile of a Chief Security Officer Function

How well did you know this?

Not at all

Perfectly

Global Security Policy and Procedures Administration
Technology and Infrastructure Protection
Information Risk Management
Business Continuity, Crisis Management, and Response
Investigative and Forensic Science
Safe and Secure Workplace Operations
Tailored Business-Process Safeguards
Insurance and Risk Transfer
Risk Assessment, Analysis, Evaluation , and Testing
Executive Protection
Background and Due Diligence Investigation
Business Conduct and Security Compliance
External and Government Relations
Business Intelligence and Counterintelligence Suppor

CSO - Benchmark Processes and Services

How well did you know this?

Not at all

Perfectly

Develops, influences, nurture trust-based relationship with business unit leaders, government officials, and professional organization. Act as a Consultant to all organizational clients.

Relationship Manager

How well did you know this?

Not at all

Perfectly

Builds, motivates, and leads a professional team attuned to organizational culture,response to business needs, and committed to integrity and excellence.

Executive Management and Leadership

How well did you know this?

Not at all

Perfectly

Provides intellectual leadership and active support to the organization’s governance team to ensure risks are made known to senior management and the Board.

Governance Team Member

How well did you know this?

Not at all

Perfectly

Provides or sees to the provisions of technical expertise appropriate to knowledge of risk and the cost-effective delivery of essential security services.

Def. - Competencies, experiences, and advanced working knowledge of contemporary tradecraft, practices, and applications related to the topic of interest.

Subject Matter Expert

How well did you know this?

Not at all

Perfectly

Identifies, analyzes, and communicates on business and security-related risk to the organization.

Risk Manager

How well did you know this?

Not at all

Perfectly

Develops global security strategy keyed to likely risks and collaboration with the organization’s stakeholders.

Strategist

How well did you know this?

Not at all

Perfectly

Aids competitiveness and adds value by contributing dynamic, real-time critical thinking and solutions that enable the organization to “prevent” disruptions from occurring and minimize damage when they do occur. Engages in business processes to mitigate risk. Is a positive change agent on behalf of the organizational protection.

Creative Problem Solver

How well did you know this?

Not at all

Perfectly

One key responsibility of the CSO is to?

Strategize

How well did you know this?

Not at all

Perfectly

True/False:
The CSO is responsible and accountable for systematically gathering, assessing, and synthesizing information related to wide range of security-related events and threats specific to the organization and its various operations, which may adversely affect the security and safety of personnel and the profitability or reputation of the organization.

TRUE

How well did you know this?

Not at all

Perfectly

True/False
E
The CSO is responsible and accountable for ensuring that the enterprise is prepared for events or circumstances that potentially disrupts the continuity of business operations.

TRUE

How well did you know this?

Not at all

Perfectly

Who should identify and understand the nature of security risk in the business environment, as well as the application of appropriate financial and managerial control to mitigate those risk.

CSO - Chief Security Officer

How well did you know this?

Not at all

Perfectly

True/False

Generally, the outlook of the CSO should be more strategic than tactical.

TRUE

How well did you know this?

Not at all

Perfectly

True/False

CSO - is a senior executive leadership position?

TRUE

How well did you know this?

Not at all

Perfectly

What type of CSO serves as the executive responsible for the identification, development, implementation, and management of the organization’s [global] security strategies and programs?

Incumbent

How well did you know this?

Not at all

Perfectly

An individual who can blend “common sense” control with efficient and productive business processes and procedures; requires creative problems solving and business acumen

Business Process Enabler

How well did you know this?

Not at all

Perfectly

An individual who is willing to challenge establish business processes and procedures in the pursuit of excellence.

Change Agent

How well did you know this?

Not at all

Perfectly

A leadership function responsible for providing comprehensive, integrated risk strategies (policy, procedures, management, training, etc.) to help protect an organization from security threats.

Chief Security Officer (CSO)

How well did you know this?

Not at all

Perfectly

In terms of security issues, critical business processes include incident reps phones, and the Management of recovery efforts within the organization to restore critical systems and provide alternative facilities so that the organization can continue to function.

Critical Business Processes

How well did you know this?

Not at all

Perfectly

What are such things as facilities, equipment, inventory, and on-hand cash.

Financial and Physical Assets

How well did you know this?

Not at all

Perfectly

Includes organization staff (leadership, directors, managers, employees), customers, and any others the organization has a duty to protect.

Human Capital

How well did you know this?

Not at all

Perfectly

This term is being used in the context of any person currently functioning in the CSO role, being considered for the CSO role via an external recruitment effort, or any existing management team member who will be assigned the accountabilities recommended for the CSO role within this Standard.

Incumbent

How well did you know this?

Not at all

Perfectly

Includes such things as reputation, customer confidence, client confidence, trade secrets, intellectual property, and goodwill.

Intangible Assets

How well did you know this?

Not at all

Perfectly

Medical, financial, and emotional resources provided to employees, customers, and others involved in a catastrophic event or an attack on the organization.

Support Assistance

What is an organization-wide process that establishes a fit-for-purpose, strategic, and operational framework that upon implementation by the organization's leadership?

A Business Continuity Management System (BCMS)

The developer and publisher of international standards.

ISO - International Standard ISO - is a nongovernmental organization bring together stakeholders from the public, private and not-for-Profit sector.

True/False | ISO, does not regulate,legislate, or enforce.

True

What is the operating principle of the IOS's management systems standard?

PLAN-DO-CHECK-ACT (PDCA)

# Define & Analyze a Problem and Identify the Root Cause. *Establish

PLAN

Devise a Solution, Develop Detail Action Plan and Implement it Systematically. * Implements and Operates

Confirm Outcomes Against Plan. Identify Deviation and Issues. *Monitor & Review

CHECK

Standardize Solution - Review and Define next Issues. *Maintain and Improve

ACT

Assess-Protect-Confirm Improve model is also called the?

PDCA PLAN-DO-CHECK-ACT

True/False | Assets Protection can be performed by internal entities,external entities, or a combination.

TRUE

Three concept form a foundation for any assets protection strategy.

``` A. Five Avenues to Address Risk B. Balancing Security and Legal Considerations C. The Five D's D. A & C E. All The Above ```

What are the Five D's

Deter, Deny, Detect, Delay, Destroy.

What is the Health Insurance Portability and Accountability Act. The criteria is set by the : (JCAHO) - Joint Commission on Accreditation of Health Organization.

(HIPPA)

What is (QSR) Industry? An Industry that features many company-owned restaurants and franchise stores around the world.

Quick-Service Restaurant Industry

True/False Asset protection in the Telecommunications Sector has changed in the wake of industry deregulation; the boom in wireless, Internet, fiber optics and other telecommunications technologies; and in the United States, the designation of the telecommunications system a national critical Infrastructure.

TRUE

True/False | Asset Protection in the Telecommunications Sector now encompasses four major area?

TRUE They are: Information Security, Network and Computer Security, Fraud Prevention, and Physical Security.

The sector which includes civil aircraft, military aircraft, missiles, space systems, and aerospace services, is characterized by fierce, global competition, large, complex contracts; international joint venues; and a large network of vendors, all of which factors significantly complicated asset protection strategies is called?

Aerospace Sector

True/false | There are Five forces that shapes the practice of asset protection.

TRUE What are they: technology and touch, globalization in business, standards and regulation, convergence of security, and homeland security and the international security environment.

Suggests FINANCE. What is designed as a support tool for security professionals and others with similar responsibilities. Ref. It provides information on all aspects of security and related functions and helps readers balance costs and results in planning, developing, implementing sound risk management strategies.

Protection of Assets

The greatest protection of corporate assets occur when an appropriate mix of security is in place in relation to the asset being protected, what are they? Hint - 3 types:

Physical, Procedural, and Electronic Security.

The "integration of traditional and information [systems] security functions"

Convergence

True/False | Human factors must always be considered in the development of security strategies?

TRUE

A strategy approach to managing assets protection programs likewise involve three tools, what are they?

Planning, Management, Evaluation

This principle suggest that a single person can supervise only a limited number of staff members effectively.

Span of Control

What term dictates that an individual report to only one supervisor?

Unit of Command

This theory asserts that people's behavior is driven by basic needs at different levels?

Abraham Maslow's theory *know as the "hierarchy of need"

True/False Maslow's theory is still recommended to analyze individual employee motivation and establish tailored rewards, such as pay, recognition, advancement, and time off. The basic or lower-level needs must be met before a person is motivated by the next high level of need.

TRUE

Self actualization need: self-fulfillment,realizing one's full potential. Esteem or recognition needs: respect from others and self Affiliation or love needs: affectionate social and family relationships Security or safety needs: protection from perceived harm Physiological or survival needs: food, drinks, shelter

Maslow's Hierarchy of Need

Theory X - content that workers are inherently lazy and tend to avoid work, and Theory Y states that workers are naturally motivated and want to work hard and do a good job. Programs based on Theory Y according to ? Are more successful than those based on Theory X

McGregor's

The Theory that is based on the premises that the opposite of satisfaction is not dissatisfaction but simply no satisfaction. The theory maintains that two sets of factors determine a worker's motivation. Attitude and Success

Herzberg's Motivation-Hygiene Theory

True/False | Most risk management tools are either proactive or reactive, but insurance is a combination of both?

TRUE

A formal social device for reducing risk by transferring the risk of several individual entities to an insurer.

Insurance

The cause of a possible Loss is called.

Peril

Felonious abstraction of insured property by any individual or individuals gaining entry to the premises by FORCE. There must be visible marks on the exterior of the premises at the place of entry, such as evidence of the use of tools, explosives, electricity, or chemicals.

BURGLARY

Felonious and forcible taking of property by violence inflicted upon a custodial or messenger, either by putting the person in fear of violence or by an overt act committed against the custodian or messenger who was cognizant of the act? Ex. (Note Robbery) Sneak thievery, pick pocketing,confidence games, and other forms of swindling are not included in robbery coverage.

ROBBERY

Physical loss of or damage to the object concerned

Direct Loss

Such as the reduction of net income due to loss of use of e damaged or destroyed object?

Loss of Use

Such as the costs of defending a liability suit and paying judgement or hospital and medical expenses following a personal accident?

Extra-Expense Losses

Retrospective coverage for events that occurred during a prior policy period but raised during the tail period?

"Tail Coverage"

It is customary to exclude from coverage any person the insured knows to have committed any fraudulent or dishonest act, in the insured service or otherwise. The exclusion usually dates from the time the insured became aware of the fraudulent or dishonest act.

Fidelity Coverage

Insurance that is written to protect the insured against loss by burglary, robbery, theft, forgery, embezzlement, and other dishonest acts?

Crime Coverage

There are two types of bonds that may be used for protection?

Fidelity Surety

Coverage written to protect the employer from the dishonesty of employees.

Fidelity Bond/Coverage

Coverage that is intended to guarantee the credit or performance of some obligations by an individual.

Surety Bond/Coverage

If a building or machine sustains physical damage, there will be at least an interruption in production or sales, resulting in financial loss

Business Interruption Insurance - It offers a number of coverage choices.

A separate, wholly or principally owned firm, usually organized offshore, used to write insurance for the owning company. Sometimes a CAPTIVE insurer is owned Bryan association of two or more firms with common insuring interest. When appropriate they can make it easier to insure risks not acceptable to conventional carriers, can help make a more favorable expense ratio, and can open reinsurance resources not otherwise available.

Captive Insurance/Carrier

What is the least Expensive countermeasures one can employ?

Protection tools and Procedural controls

What is the standard profitability ratio that measures how much net income the business earns for each dollar invested by it's owner?

(ROI) Return on investment

AL + R ---------- = ROI CSP ``` AL = Avoid Loss R = Recoveries made CSP = Cost of the security program includes personal expenses, admin expenses, and capital cost. ```

One way to determine ROI

Loss productivity for employees evacuating the building and for employees responding to the alarms, as well as the cost of fire department fines.

Hard Cost

Includes wear and tear on building mechanical systems when alarms activated; the tendency for employees to learn to ignore alarms, thereby placing themselves in jeopardy when legitimate alarms activate; the potential for staff injuries during evacuations; and the frustration of he organization's staff and fire department personnel due to the high number of alarms?

Soft Cost

Security Related Measurements

Security Metrics

The process of measuring an asset protection program's cost and benefits as well as its successes and failures?

Security Metrics

What report provided the security manager with data on which to base security decisions

Incident Report

True/False When submitting "loss report" the following practices are recommended. * All employees - most notify their immediate supervisor of any incidents or known or suspected asset losses. * First-line supervisor - should be responsible for completing reports for losses within their areas of responsibility. * The Security Manager - is responsible for reviewing the report. Correction or modification, if any are required, can then be made

TRUE

True/False The ultimate value of Incident reporting lies in the opportunities it creates for avoiding future incidents, events, and losses through planning, employee awareness training and security enhancement.

TRUE

A group very familiar with the company's products, materials, tools and resources.

Asset Protection Committee

The preservation of company assets, both human and material, is the responsibility of every employee of the company.

LOSS REPORTING POLICY

A report sought to compare the U.S. security industry to public law enforcement quantitatively.

Hallcrest Report

Economics and operational issues - What is the distinction between public and private police

Cost

Public Policing (Public Police Officers) are

Duly sworn by the Government.

Private Policing (Private Police) are

Individuals who are employed by private firms or other organizations without Government affiliation. However this distinction is not always clear. Some jurisdictions license and regulates private security personnel. Some Government units even grant special police status to private security personnel, giving them broad arrest powers.

Carson - Identifies five specific categories of distinction between public and private policing, what are they?

``` Philosophical Legal Financial Operational Security/Political ```

Private police may lack the moral authority that government can give to law enforcement.

Philosophical

Private police are hobbled by law, with only limited powers of arrest, usually restricted to the commission of crimes within their presence. However, those with special police status have nearly all powers of public police, including authority to make arrest and carry guns.

Legal

Private police can perform certain task more cheaper

Financial

Private police are more flexible, can be assigned to specific locations, and spend nearly all their tour on the beat. They make fewer arrest, are burdened with little paperwork, and rarely make court appearances.

Operational

Private police give citizens more control over their own safety by augmenting police efforts, helping to maintain order when police are spread thin. Also, private policing encourages citizen to follow community standards in a way that police officers cannot or do not.

Security/Political

Peace Officer arrest powers are only available to what officer when he or she is on duty?

Special Police

Acts as a liability shield to protect the officer (and his or her employer) from civil lawsuits. Although this shield is not available for reckless or malicious conduct, it protects the reasonable and prudent officer who makes a mistake in judgement or behavior.

Qualified immunity act

Types of Security Consultants

1. Security Management Consultants 2. Technical Security Consultant 3. Security Forensic Consultant

Specialize in certain discipline, which comprises the foundation of their expertise (and reputation). Assist the client in managing the protection strategies for the business

Security Management Consultant

Deals with investigation, identification and collection of evidence, identification of vulnerabilities, mitigation strategies and litigation.

Forensic security consultant

Internal resource than can be formed to assist corporate executives and chief security officers in their effort to ensure that current security measures are adequate?

Security Advisory Committee

Consciousness of an existing security program, it's relevance, and the effects one's behavior on reducing security risk.

Security Awareness

The field of safeguarding a key person from harm. This is practiced in the private world. EP

Executive Protection

Consciousness of an existing security program, it's relevance, and the effect of one's behavior on reducing security risk.

Security Awareness

It is a continuing attitude that can move individuals to take specific actions in support. Of enterprise security.

Security Awareness

What Type of supervisor is typically concerned with specific processes or activities. For these employees, security awareness focuses on how the security program aids or distracts from specific performance objectives.

First-Line Supervisor

Tends to be held accountable for the successor their individual department, so they view the security program in terms of contribution towards the goal.

Middle Managment

Personnel that must be aware do the security program because they are an enterprise's top decision maker regarding risk and recourses.

Executive Management

Most modern management approaches to employee motivation that the employee is willing and interested, and that while information and instruction are needed, coercion and pressure are not. The only formal exposure an employee gets to the security program may be a brief reference to it on the first day of work.

Individual Employee

People who are not employees of the organization may also be effected by the security program. They include vendors and suppliers, customers, service personnel, representatives of government, and members of the public.

Nonemployees

``` Which level are standards in security developed on A. Continental, National, International B. National, International, Foreign C. Regional, National, International D. Regional, Federal, National ```

National, Regional, and International

Protection of Assets

The greatest protection of corporate assets occur when an appropriate mix of security is in place in relation to the asset being protected, what are they? Hint - 3 types:

Physical, Procedural, and Electronic Security.

The "integration of traditional and information [systems] security functions"

Convergence

True/False | Human factors must always be considered in the development of security strategies?

TRUE

A strategy approach to managing assets protection programs likewise involve three tools, what are they?

Planning, Management, Evaluation

This principle suggest that a single person can supervise only a limited number of staff members effectively.

Span of Control

What term dictates that an individual report to only one supervisor?

Unit of Command

This theory asserts that people's behavior is driven by basic needs at different levels?

Abraham Maslow's theory *know as the "hierarchy of need"

TRUE

Maslow's Hierarchy of Need

McGregor's

Herzberg's Motivation-Hygiene Theory

True/False | Most risk management tools are either proactive or reactive, but insurance is a combination of both?

TRUE

A formal social device for reducing risk by transferring the risk of several individual entities to an insurer.

Insurance

The cause of a possible Loss is called.

Peril

BURGLARY

ROBBERY

Physical loss of or damage to the object concerned

Direct Loss

Such as the reduction of net income due to loss of use of e damaged or destroyed object?

Loss of Use

Such as the costs of defending a liability suit and paying judgement or hospital and medical expenses following a personal accident?

Extra-Expense Losses

Retrospective coverage for events that occurred during a prior policy period but raised during the tail period?

"Tail Coverage"

Fidelity Coverage

Insurance that is written to protect the insured against loss by burglary, robbery, theft, forgery, embezzlement, and other dishonest acts?

Crime Coverage

There are two types of bonds that may be used for protection?

Fidelity Surety

Coverage written to protect the employer from the dishonesty of employees.

Fidelity Bond/Coverage

Coverage that is intended to guarantee the credit or performance of some obligations by an individual.

Surety Bond/Coverage

If a building or machine sustains physical damage, there will be at least an interruption in production or sales, resulting in financial loss

Business Interruption Insurance - It offers a number of coverage choices.

Captive Insurance/Carrier

What is the least Expensive countermeasures one can employ?

Protection tools and Procedural controls

What is the standard profitability ratio that measures how much net income the business earns for each dollar invested by it's owner?

(ROI) Return on investment

AL + R ---------- = ROI CSP ``` AL = Avoid Loss R = Recoveries made CSP = Cost of the security program includes personal expenses, admin expenses, and capital cost. ```

One way to determine ROI

Loss productivity for employees evacuating the building and for employees responding to the alarms, as well as the cost of fire department fines.

Hard Cost

Soft Cost

Security Related Measurements

Security Metrics

The process of measuring an asset protection program's cost and benefits as well as its successes and failures?

Security Metrics

What report provided the security manager with data on which to base security decisions

Incident Report

TRUE

A group very familiar with the company's products, materials, tools and resources.

Asset Protection Committee

The preservation of company assets, both human and material, is the responsibility of every employee of the company.

LOSS REPORTING POLICY

A report sought to compare the U.S. security industry to public law enforcement quantitatively.

Hallcrest Report

Economics and operational issues - What is the distinction between public and private police

Cost

Public Policing (Public Police Officers) are

Duly sworn by the Government.

Private Policing (Private Police) are

Carson - Identifies five specific categories of distinction between public and private policing, what are they?

``` Philosophical Legal Financial Operational Security/Political ```

Private police may lack the moral authority that government can give to law enforcement.

Philosophical

Legal

Private police can perform certain task more cheaper

Financial

Operational

Security/Political

Peace Officer arrest powers are only available to what officer when he or she is on duty?

Special Police

Qualified immunity act

Types of Security Consultants

1. Security Management Consultants 2. Technical Security Consultant 3. Security Forensic Consultant

Specialize in certain discipline, which comprises the foundation of their expertise (and reputation). Assist the client in managing the protection strategies for the business

Security Management Consultant

Deals with investigation, identification and collection of evidence, identification of vulnerabilities, mitigation strategies and litigation.

Forensic security consultant

Internal resource than can be formed to assist corporate executives and chief security officers in their effort to ensure that current security measures are adequate?

Security Advisory Committee

Consciousness of an existing security program, it's relevance, and the effects one's behavior on reducing security risk.

Security Awareness

The field of safeguarding a key person from harm. This is practiced in the private world. EP

Executive Protection

Chief Security Officer CSO - Class 1,2,3 Domain 1 Flashcards

(167 cards)