Security principles and practices Flashcards Preview

CPP > Security principles and practices > Flashcards

Flashcards in Security principles and practices Deck (85)
Loading flashcards...
1

What are indirect costs of security?

Harm to reputation,
Loss of goodwill,
Loss of employees,
Harm to employee morale.

2

What members should comprise a vulnerability assessment team?

Security specialist (leader),
Security systems engineer,
Response expert,
Data analyst,
Operations representatives,
Subject matter experts (E.g. locksmiths, technical writers, legal experts).

3

What is the goal of a vulnerability assessment?

To identify physical protection system (PPS) components in the functional areas of detection, delay, and response and to gather data to estimate their performance against particular threats.

4

What are the three primary functions of a physical protection system (PPS)?

Detection,
Delay,
Response.

5

What are the two key measurements for the effectiveness of the detection function of a physical protection system (PPS)?

Probability of sensing adversary action,
Time required for reporting and assessing the alarm.

6

How is the response function of a physical protection system (PPS) measured?

The response function of a PPS is measured by the time between receipt of a communication of adversary action and the interruption of the adversary action.

7

What is the vulnerability assessment team’s primary job as it pertains to a physical protection system (PPS)?

To determine security system effectiveness.

8

What are the two basic analytical approaches to a risk assessment?

Compliance based,
Performance based.

9

What is the formula for residual risk?

R = T x A x V

where

R = residual risk
T = threat
A = asset to be protected
V = vulnerability.

10

A well engineered physical protection system (PPS) exhibits which three characteristics?

Protection in depth,
minimum consequence of component failure (redundancy),
balanced protection.

11

What are the three contributors to cost of replacement?

Purchase price or manufacturing cost,
Freight and shipping charges,
Make ready or preparation cost to install it or make it functional.

12

What is the formula for lost income cost?

I = i/365 x P x T

where

I = income earned,
i = annual percent rate of return,
P = principal amount (in dollars) available for investment,
t = time (in days) during which P is available for investment.

13

What is the cost of lost formula?

K = (Cp + Ct + Cr + Ci) - (I-a),

where

K = criticality, total cost of loss,
Cp = cost of permanent replacement,
Ct = cost of temporary substitute,
Cr = total related costs,
Ci = lost income cost,
I = available insurance or indemnity,
a = allocable insurance premium amount.

14

What are the elements of a systems approach to developing a physical protection system (PPS)?

Assessment of vulnerability,
Implementation of countermeasures,
Evaluation of effectiveness.

15

What three questions does a risk assessment attempt to answer?

What can go wrong?
What is the likelihood it would go wrong?
What are the consequences?

16

What four questions does risk management attempt to answer?

What can be done?
What options are available?
What are the associated trade-offs in terms of costs, benefits, and risks?
What are the impacts of current management decisions on future options?

17

What is the design basis-threat?

The adversary against which the utility must be protected. It is used to help design and evaluate a physical protection system (PPS).

18

What are the three general measures of valuing assets?

Cost,
Consequence criteria,
Policy.

19

What is the difference between asset protection and Security,

Asset protection includes all security functions, as well as related functions such as investigations, risk management, safety, compliance, and emergency management.

20

Assets protection is increasingly based on what principal?

Risk management.

21

What are the five avenues of addressing risk?

Avoidance,
Transfer,
Spreading,
Reduction,
Acceptance.

22

What are the five D’s of security?

Deter,
Deny,
Detect,
Delay,
Destroy.

23

What four major areas does assets protection cover in the telecommunications sector?

Information security,
Network/computer security,
Fraud protection,
Physical security.

24

What are the five forces shaping assets protection globally?

Technology and touch,
Globalization in business,
Standards and regulation,
Convergence of security solutions,
Homeland security and the international security environment.

25

According to Davidow and Malone, what is the centerpiece of the new global economy?

The virtual product, where major business functions are outsourced with hardly any internal departmentalization.

26

What are the three managerial dimensions of assets protection?

Technical expertise,
Management ability,
Ability to deal with people.

27

What are the two general types of insurance?

Property,
Liability.

28

What are the three classifications of loss in insurance policies?

Direct loss,
Loss of use,
Extra expense loss (e.g. cost of defending a liability suit or paying a judgment).

29

What are the five basic coverages of a crime insurance policy?

Employee dishonesty bond,
Money and securities coverage inside the premises,
Money and securities coverage outside the premises,
Money order and counterfeit paper currency coverage,
Depositors’ forgery coverage.

30

For insurance against business interruption, what are the two types of valuation methods?

Actual loss sustained,
Valued loss.