Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
236 Cards in this Set
- Front
- Back
Vulnerability Assessment |
Process of identifying and quantifying vulnerabilities. |
|
Residual Risk= |
Threat x Asset to be protected x Vulnerability, represented by system effectivness |
|
Protection in Depth |
the adversary should be required to defeat or avoid a number of protective devices in sequence. |
|
PPS Functions are to: |
Detect, Delay, Respond |
|
Deterrence |
measures that potential adversaries perceive as to difficult to defeat |
|
Natural CPTED measures |
ditches, berms, bollards, planters, moats, shrubs |
|
Natural Access Control |
Real and symbolic barriers, including doors, fences, shrubbery to define and limit access to a building |
|
Natural Surveillance |
Increasing the visibility to occupants and casual observers to increase the detection of trespassers |
|
Oscar Newman wrote: |
"Defensible Space: Crime Prevention Through Urban Design" |
|
Three main principles of CPTED |
Access Control, Natural Surveillance, and territoriality |
|
Four approaches to situational crime prevention: |
Increasing the effort, Increasing the risk, Reducing the anticipated rewards, Removing excuses |
|
Crowe's 3 D approach to CPTED |
Definition, Designation, and Design |
|
2nd generation CPTED's four main strategies |
Cohesion, Capacity threshold, Community culture, and Connectivity |
|
Security Zones |
Unrestricted zones, Controlled zones, Restricted Zones |
|
Classification of intrusion sensors |
Passive or active, covert or visible, line-of-sight or terrain following, volumetric or line detection, or application |
|
Capacitance sensors |
active, visible, terrain-following sensors designed to detect a change in capacitive coupling |
|
Freestanding Infrared sensors |
active, visible, line-of-sight, sensors, if object blocks the beam it is detected |
|
Bistatic Microwave Sensors |
active, visible, line-of sight sensors, respond to changes in the vector sum caused by moving objects |
|
Exterior Video Motion Detectors |
passive, covert, line-of-sight sensors, that process video signals from CCTV cameras. |
|
Interior Sensors |
Active or passive, covert or visible, volumetric or line detection, or application |
|
Application classes for sensors |
Boundry-penetration, Interior Motion, and Proximity |
|
Vibration Sensors |
Detect the movement of the surface to which they are fastened |
|
Electromechanical Sensors |
Passive, visible, line sensors, switch unit with magnetic reed switch |
|
Interior Motion Sensors |
Microwave active, visible, volumetric sensors, establish an energy field if changed will alarm |
|
Passive Infrared Sensors |
Visible and Volumetric and respond to changes in energy |
|
Dual Technology Sensors |
Active and Passive, visible, volumatric, attempt to achieve absolute alarm confirmation while maintaining high probability of detection |
|
Proximity Sensors |
Pressure mats and Capacitance sensors |
|
System Integration |
Combining technology elements, procedures, and personnel |
|
Reasons to have cameras: |
obtain visual information about something that is happening, obtain visual that something has happened, to deter undesirable activities |
|
Subject Identification |
Ability to identify something or someone within a scene beyond a shadow of doubt. A $100 bill from 3 feet |
|
Action Identification |
identification captures what happened. Pining a$100 bill to the wall |
|
Scene Identification |
Scene should stand on its own merit. |
|
Analog system components |
Camera, transmission cable, monitor |
|
Digital system components |
Camera, digital electronic signal carrier cable or digital network, PC with viewing or recording software |
|
Electronic Shuttering |
Camera's ability to compensate for light changes |
|
when choosing lens include: |
Format size, Distance from camera to scene, field of view |
|
Types of lens: |
Wide-Angle, Standard, Telephoto, Zoom, Varifocal |
|
inappropriate locations for cameras: |
locker rooms, bathrooms, or other places that that have a reasonable expectation of privacy. |
|
Video info needed to be admissible as legal evidence |
quality of image, time/date stamp, percentage of the scene occupied by the subject |
|
Lighting involves: |
lighting science and technology, electrical systems, aesthetic design of fixtures, socioeconomic considerations, light trespass, effect of chemicals |
|
Glass break sensors |
Detect pressure change that causes glass to break, sound frequency of breaking glass and the glass hitting the floor |
|
Impact sensors |
Detect sudden changes in air pressure |
|
Duress/ panic alarms |
Wired switches, person down devices, wireless push button transmitters, lack of motion devices, highest priority level alarms |
|
Capacitance devices |
Changes in electrical capacitance, low voltage applied to the protected items |
|
Temperature sensors |
When temperature changes occurs outside of a predetermined limits |
|
Heat sensors |
When air or surface temperature changes |
|
Vibration shaking or physical shocks (tool attacks) |
Vibration sensors |
|
Return on assets= |
net income/ total assets |
|
Return on equity (roe)= |
Net income / shareholder equity |
|
Earnings per share (eps)= |
Net income/ total shares |
|
Price to earnings(p/e)= |
Price per share/ eps |
|
Current ratio= |
Current assets/ current liabilities |
|
Quick ratio= |
(Cash+ securities + accounts receivable/ current liabilities ) |
|
Net profit margin= |
Net income/ revenue |
|
Operating margin= |
EBITA/ revenue |
|
Gross profit margin= |
(Revenue- cost of goods sold- general and admin costs/ revenue |
|
Balance sheet- assets= |
Liabilities + shareholder equity |
|
EBITA |
Earnings before interest taxes and amortization |
|
Net income= |
Revenue - expenses |
|
GAAP |
Generally accepted accounting principles |
|
Critical infrastructure |
Transportation, oil and gas, water, emergency services, government services, banking and finance, electrical power, telecommunications |
|
Assets protection. Counter measures need to include- |
People, hardware, and software |
|
Risk- |
The possibility of loss resulting from a threat, security incident, or event |
|
Three concepts of underlying principles ofassets management to address risk |
balancing security, legal considerations, five d's |
|
Asset protection |
Should be designated to a single office or person, do not get left out of key decisions |
|
3 questions to test for ethical conduct |
Is it legal, is it balanced, how will it make me feel about myself |
|
Sarbanes-Oxley act |
Required publicly traded corporations to perform more extensive assessment and reporting most important legislation to have an impact on all organization |
|
Five avenue to address risk |
Risk avoidance, risk transfer, risk spreading, risk reduction, risk acceptance |
|
Business ethics |
Ethics that examines moral controversies relating to business practices in any economic system |
|
Applied ethics |
The type most relevant to business is active (not descriptive or presentive) applying ethical concepts in specific business situations |
|
IDS |
Intrusion detection systems devices |
|
Position detection devices |
Detect when one part moves away from another part |
|
Sound detectors |
Alarm when sound outside the selected ambient range are received by a detector (used in a vault) |
|
Beam detectors |
Transmit alarm when the beam is not detected on the receiving end |
|
Ultrasonic detectors |
Transmit in the ultrasonic range |
|
Dual technology motion detectors |
Use both microwave and infrared technologies in a single package |
|
Passive infrared detectors (pir) |
Absorb invisible light energy and compare actual energy to background energy |
|
Microwave detection |
Point to point, area, buried cable, requires consistent reception level or alarm is transmitted |
|
Contraband detection |
X-ray machines, metal detectors, explosive detectors, searches by officers, trained canines |
|
20000:2005 |
It service management |
|
28000 |
Security in supply chain |
|
27001:2005 |
Information security management systems |
|
(Shem) |
Society for human resource management |
|
General security risk assessment |
7 step methodology for identifying and communicating security risks at a specific location |
|
Premployment background screening guideline |
Helps employees understand & implement thefundamental concepts methodology and legal issues associated with pre employment background |
|
Information asset protection |
General protection advice for an entities information assets, including proprietors, classified, and other sensitives materials |
|
Threat advisory system response |
Private industry with possible actions to implement at various us department of homeland security levels |
|
waist high about 3 feet or full height 7feet |
Turnstiles |
|
TQM |
Total quality management |
|
Return on investment= |
Investment value at end of period/ investment value at begin of period |
|
9 types of standards |
Basic, product, design, process, specification, code, management systems, conformity assessment, personnel certification |
|
A standard is |
A set of criteria, guidelines and best practices that can be used to enhance quality and reliability of products, services, or processes |
|
Important parameters of lighting system for CCTV |
Minimum intensity, evenness of illumination |
|
Direct sunlight= |
10,000 foot candles |
|
Upper level of visual tolerance= |
50,000 foot candles |
|
100 watts = |
1,700 lumens |
|
1 foot candle= |
10.76 lux |
|
K4= |
15,000 pounds at 30 mph |
|
K8= |
15,000 pounds @ 40 mph |
|
K12= |
15,000 pounds at 50 mph |
|
Wired glass |
Provides resistance against breakage from large objects, may still shatter |
|
Laminated glass |
Two sheets of glass bonded to a middle layer of plastic sheeting material best against explosives |
|
Polygraph exemptions |
Government, security armored car, security alarm, security uniformed personnel, employer function pertains to national safety, security and health, drug security of 1st 4 drug classifications |
|
Employer may use lie decision if |
Test is polygraph, in connection with an ongoing investigation of loss or injury, employee had access, reasonable suspicion, written statement is provided |
|
Weingarten rule decision |
Right to have others present in an interview both union and non union |
|
BAI |
Behavior analysis interview |
|
Activities sourounding deception |
Posture change, grooming gestures, supportive gestures, slouches or leans back in chair, unnaturally stiff |
|
Turnover costs= |
.25 times the salary |
|
Dogs first used in the US |
In 1956 in Baltimore & philidelphia |
|
Costs of benefits = |
1.3 times the salary |
|
Applied ethics |
type most relevant to business - is active (not descriptive or prescriptive) applying ethical concepts in specific business situations |
|
SHRM |
Society of human resource management |
|
96% of companies |
Preform background checks |
|
77% of illicit drug users |
Work |
|
Background investigations emerged in |
1980's |
|
53% of |
Resumes have falsification |
|
Undercover investigations are |
Most expensive |
|
Types of investigative reports |
Initial report, progress report, special report, final report |
|
Types of investigations |
Incident, misconduct, compliance |
|
Three levels of investigation management |
Strategic, operational, case |
|
Managing investigations requires |
Plan, organize, direct, coordinate, and control (PODCC) |
|
Eugene vidocq |
Founder and first director of crime fighting unit surety nationals , head of first private detective agency |
|
Attribute of a effective and reliable investigation |
Objective, thoroughness, reliability, accuracy, timeliness (Oscar the rat) |
|
ASTM-American society for testing and Materials |
As over 100 active standards relating to a broad range of security concerns |
|
Henry Fielding |
Layed foundation for 1st modular police force |
|
Investigation |
A systematic and through examination or inquiry into something or someone and recording of that examination in a report |
|
Chief security officer should report to |
A key position at the senior executive level |
|
CPTED has three classifications |
Mechanical, organizational, natural or architectural |
|
cPTED mechanical measures |
hardware & technology i.e. Locks, security screens on windows |
|
cPTED organizational measures |
Polices and activities that encourage observation reporting and where appropriate intervention |
|
CPTED natural or Achitectural measures |
Design of space to ensure e overall environment works more effectively for intended users |
|
Natural access control |
Physical and symbolic barriers to discourage or prevent access or direct movement to access points |
|
Natural surveillance |
Increasing both visibility on the interior and exterior to increase witness potential foster a sense of exposure to the criminal element |
|
Natural territorial reinforcement/ boundary definition |
Form of "psychological ownership" defines territory to potential aggressors |
|
Management and maintenance |
Maintains spaces to look well-tended and crime free |
|
Legitimate activity support |
Engaging legitimate occupants, residents, customers, or visitors in the desired or intended use of the space |
|
Compartmentalizations |
layers of security measures, so assets are behind multiple barriers
|
|
Cash flow statement |
insight into how cash inflows and outflows affect an organization |
|
Balance sheet |
Summarizes an organizations investing and financing Assests= liabilities + shareholder equity |
|
Net income= |
Revenue- expenses |
|
Income statements |
tells how much money a organization generates (revenue), how much it spends (expenses), and the difference (net income) |
|
To improve margin you must |
Either reduce costs or increase prices |
|
ISO 9001:2008 |
Quality Management systems requirements |
|
ISO 14001:2004 |
Environmental Management Systems Requirements |
|
Check- |
Examines the solutions devised to address the problems |
|
Do- |
Here one looks at the planning analysis, devises a solution, prioritized next steps, develops an action plan |
|
Peter Drucker |
"Who is the customer" |
|
Direct Hacking |
someone goes after a system by directly accessing it via normal channels or by exploring a vulnerability
|
|
Social engineering |
Someone convinces a user to share their creditials to get on huge network |
|
SEC-Securities Exchange Commision |
Forefront of IS rules 16 CFR 314 "develop, maintain, implement IS program" |
|
Covergenence can |
Enhance risk mitigation a but without careful planning it can also increase total organizational risk |
|
GLBA- gram leach biliey act (1999) |
Prohibits financial institutions from disclosing non-public personal information to a non affliated 3rd party |
|
COPPA-children's online privacy protection act (2000) |
Verifiable consent from parents |
|
PCIDSS- payment card industry data security standard |
2010, all major credit cards |
|
PCIDSS- |
Protect card holder data, strong access control, regular network tests, maintain IS polices, maintain vulnerability management, build and maintain secure network |
|
27001: 2005 |
Information security governance |
|
27002: 2005 |
Certified information systems security profession (CISSP) |
|
Risk management= |
Optimizing your risk never minimize it |
|
Residual Risk= |
Threats x Vulnerabilites / countermeasures |
|
Open systems interconnect (OSI) |
Application, presentation, session, transport, network, data link, physical |
|
CIA triad for IS systems |
Confidentiality, integrity, availability |
|
Obstacles to providing training |
Budget limitations, scheduling, lack of expertise, stereotypes, ego |
|
Roles of security officer |
Management representive, intelligence agent, enforcement/compliance officer, legal consultant, physical security, or crime prevention |
|
Learning types- |
Cognitive (intellectual), affective (perceptual), psychomotor (physical skills) |
|
Civil law branches |
Contract common law, tort common law |
|
Types of OSHA citations |
Imminent danger, serious violation, non-serious violation, deminimis violation, willful violation, repeated violation |
|
OSHA penalites |
Fee structure is complex and costly, criminal violations |
|
Occupational safety and health act (OSHA) |
1970- provide safe and healthful working conditions for employees |
|
Economic strike |
Stop working due to no satisfactory agreement has been met -60 day notice of desire to modify agreement |
|
Unfair labor practice strike |
Force discontinuance of alleged violation by employer of the labor law, no time for planning, non striking workers have to be allowed to work |
|
Land rim-Griffith Act |
Established safe guards and restrictions on union officers and management conduct regarding their members. Prohibits either union or employer from "hot cargo" agreements |
|
Together make up us national labor relations law |
Wagner act, Taft Hartley , land rum Griffith act |
|
Two basic drives prevalent in security dogs |
Hunt and pack |
|
Dogs ability to detect scent is |
100 times greater than humans |
|
Dogs can detect |
Odors at great distances |
|
Dogs aural acuity far surpasses humans |
In both range and pitch |
|
You need dogs to be _________________ aggressive for the easiest training |
Moderately |
|
Dogs can remember up to ________commands |
100 |
|
A dogs intelligence is determined by |
How quickly the dog learns a command |
|
Dogs are either trained in |
Drugs or explosives not both |
|
The cost of using a protection dog is ___________than of humans |
Less |
|
Dogs are used for |
Building searches, detection of explosives and incendiary accelerants, drug detection, guarding or holding a person in a location, tracking, aggressive attack, protection and control of areas with or without handler |
|
Dogs from what groups are used in security applications |
Working and herding |
|
7 layers of the OSI model |
Physical, data link, network, transport, session, presentation, application |
|
IS countermeasures |
Admin controls, technical controls, physical controls |
|
Equation of ISS |
Residual risk= threats x Vulnerabilites / countermeasures |
|
Thomas Kuhn |
Who wrote "the structure of scientific revolutions" |
|
Insiders |
Vendors, customers, joint venture partners, subcontractors, and outsource providers |
|
Data mining- |
Software driven collection of open source data and public information |
|
Natural threats |
Disasters, no effective preparedness plAn |
|
Analytical ethics |
Attempts to examine a ethical concept to achieve a deeper understanding of their meaning and justification |
|
Stare decisis |
(Let the decision stand) - cases that have been decided before have to be considered |
|
Descriptive ethics |
Attempts to explain or describe ethical events |
|
Three levels of business ethics applied |
Individual employee, the organization, society |
|
Heath care sector |
Intellectual property, facilities, patients, records, materials, reputation |
|
Heath care sector threats |
To patients, workplace violence, domestic violence threats, fraud, harassment, violence in ER dept, internal theft, vandalism, extermist activity |
|
Access control barriers |
Doors, gates, turnstiles, elevators, usually in multiple layers |
|
Educational threats |
Liability, assaults against students, staff, facility damage, vandalism, theft of goods, theft of private information, attacks against IT, white collar crime, natural disasters |
|
Security shutters |
Add protection to windows, either roll up type with interlocking slats or according type, manual, electric, or sensors |
|
Window film can prevent |
Degree of protection from "smash and grab" reduce injury from blast force, reduce injury from extreme weather |
|
Blast curtains are made from |
Reinforced fabrics that provide protection from flying materials in an explosion |
|
Bullet resistant |
is laminated and consists of multiple piles of glass, polycarbonate, and other plastic films to provide ballistic resistance |
|
International organsisation for standardization (ISO) |
World's largest developer of standards (159h member countries |
|
Equal footing of members market need, consensus, voluntary participation and application, worldwide applicability |
Characteristics of ISO standards |
|
Facilities physical security measures |
Methodology to select appropriate physical security measures to safeguard assets |
|
Chief security officer |
Key responsibilities skills, and qualifications needed in an organizations senior security executive |
|
PDCA- or deming cycle-plan-do-check-act |
Cycle is the operating principle of ISO's management systems standards aka asses-protect-confirm-improve (APCI) |
|
Today's security professional must be |
Adaptable, strategic thinker, skilled in process management, and fast program implementation |
|
Act |
Act to standardize those solutions throughout the organization, review current list of problems |
|
Plan- |
Most critical stage for identifying and analyzing the organizations problems |
|
Management system standards |
Plan-do-check-act |
|
Elements that affect vigilant performance |
Work area design, space light, heat, and noise, human visual and auditory acuity, human detection, human attention, workplace environment |
|
Monotony and an increase of fatigue as shift progresses= |
Gradual loss of alertness |
|
Use of deadly force |
Response to fear for one' s own life, prevention of a crime involving a deadly weapon, or apprehension of a criminal who has a deadly weapon |
|
Agency relationship |
Press appointment, ratification of actions, authority to act |
|
commitment to do what is right good and proper |
Ethics |
|
Liability for contractor |
Work contracted is wrongful, work contracted is public nuisance, inherently dangerous, violates duty imposed on the employer by contract, villages statuary duty |
|
Independent contractor |
Avoid liability if contract states that the relationship is |
|
Tort |
A wrongful or negligent wrong done to one person by another either willful or negligent |
|
Vicarious liability |
Legal concept which holds employer as well as employee, liable if the "wrong" was committed while the employee was acting within the scope of employment
|
|
Weingarten rule |
Management is not required to advise an employee of the right of representation or to "bargain" with the union representative |
|
Taft-Hartley act |
Forbids unions from coercing an employer to pay for work not performed (feather beading) , no excessive union fees, no discrimination hiring, no secondary boycotts |
|
Wagner Act |
Test of unfair labor practice is whether it results in coercion or discrimination prohibited by labor act, guards and non guards can't be in same bargaining unit, management may not attend union meetings |
|
Age discrination in employment act of 1967 |
Discrimination against applicants or employees over the age of 40 |
|
ADA of 1990 amended in 2008 |
Can't discriminate with or without reasonable accommodations |
|
Civil right act of 1964 |
National standard that prohibits discrimination, failure to hire, discharge, limitation, segregation, or classification in any way adverse to the employee or employment application |
|
1964 civil rights act |
Discrimination can't be based on race, color, religion, sex, national orgin, only pertains to companies of more than 15 employees |
|
4th amendment |
Search and seizure, doesn't apply to private person, plain view doctrine |
|
Exclusionary rule |
Excludes evidence obtained by methods that violate the 4th amendment |
|
Miranda applies if |
Interrogator is acting in aid of the police, the interview is within earshot of the police |
|
Arrest without a warrant by a officer with |
Reasonable cause |
|
any crime committed in there presence and a felony eve if not committed in that persons presenc |
Private persons ca arrest for |
|
Mens rea |
Guilty mind |
|
Two things required to commit a crime |
The act and the intent |
|
9th amendment |
Certain rights shall not be construed to deny or disparage others retained by the people |
|
10th amendment |
Grants each state sovernity, freedom, and independance, and every power, jurisdiction, and right which is not expressly obligated to federal power |