Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
301 Cards in this Set
- Front
- Back
|
What is BCMS? |
2. Part of the overall management system that establishes, implements, operate, monitors, reviews, maintains and improve business continuity.Notes: An example is a Business Continuity Management audit, it is seen as a method by which procedures and documentation are measured against pre-agreed (BCM) standards.(Source: ISO 22301:2012 – Societal Security – Business Continuity Management Systems - Requirements)- clause 3.53. That part of the overall management system that establishes, implements, operates, monitors, reviews, maintains and improves business continuity.
|
|
|
Name Three Financial Statements |
1. Income Statement 2. Balance Sheet 3. Statement of Cash flows |
|
|
Define Income Statement |
The income statement shows all items of income and expense for your arts or crafts business. It reflects a specific time period. So, an income statement for the quarter ending March 31, shows revenue and expenses for January, February and March; if the income statement is for the calendar year ending December 31, it would contain all your information from January 1 to December 31.Income statements are also known as statements of profit and loss or P&Ls. The bottom line on an income statement is income less expenses.
|
|
|
Define Balance Sheet |
Accounting is based upon a double entry system - for every entry into the books there has to be an opposite and equal entry. The net effect of the entries is zero, which results your books being balanced. The proof of this balancing act is shown in the balance sheet when Assets = Liabilities + Equity.The balance sheet shows the health of a business from day one to the date on the balance sheet. Balance Sheets are always dated on the late day of the reporting period. If you’ve been in business since 1997 and your balance sheet is dated as of December 31 of the current year, the balance sheet will show the results of your operations from 1997 to December 31
|
|
|
Define Statement of Cash Flows |
The statement of cash flows shows the ins and outs of cash during the reporting period. You may be thinking – well who needs that type of report? I’ll just look at the checkbook. Good point, unless you’re reporting things that don’t immediately affect cash such as depreciation, accounts receivable and accounts payable.If I could only choose one of those three financial statements to evaluate the ability of a company to pay dividends and meet obligations (indicating a healthy business) I would pick the statement of cash flows. The statement of cash flows takes aspects of the income statement and balance sheet and kind of crams them together to show cash sources and uses for the period.
|
|
|
What is the formula to calculate ROI (Return on Investment)? |
Gross Profit = Gross Revenue – Cost of Goods Sold [here’s an article that shows you how to calculate COGS]
Gross Profit = Gross Revenue * Profit Margin (the % of your revenue that is actually profit) |
|
|
What is a Cost Benefit Analysis? |
Cost-benefit analysis (CBA) is an analytical tool for assessing and the pros and cons of moving forward with a business proposal. A formal CBA tallies all of the planned project costs, quantifies each of the tangible benefits and calculates key financial performance metrics such as return on investment (ROI), net present value (NPV), internal rate of return (IRR) and payback period. The costs associated with taking action are then subtracted from the benefits that would be gained. As a general rule, the costs should be less than 50 percent of the benefits and the payback period shouldn't exceed 12 months
|
|
|
What percentage of full time US employees are on drugs? |
8% |
|
|
Name the four types of evidence |
Statistical Evidence
Testimonial Evidence Anecdotal Evidence Analogical Evidence |
|
|
What can an employer ask about during a job interview? |
Convictions Guilty Please Nolo Contendere |
|
|
Define Herzbergs Motivational (Hygiene) Theory |
The two-factor theory (also known as Herzberg's motivation-hygiene theory and dual-factor theory) states that there are certain factors in the workplace that cause job satisfaction, while a separate set of factors cause dissatisfaction. It was developed by psychologist Frederick Herzberg, who theorized that job satisfaction and job dissatisfaction act independently of each other.[1]
Motivators (e.g. challenging work, recognition for one's achievement, responsibility, opportunity to do something meaningful, involvement in decision making, sense of importance to an organization) that give positive satisfaction, arising from intrinsic conditions of the job itself, such as recognition, achievement, or personal growth,[4] andHygiene factors (e.g. status, job security, salary, fringe benefits, work conditions, good pay, paid insurance, vacations) that do not give positive satisfaction or lead to higher motivation, though dissatisfaction results from their absence. The term "hygiene" is used in the sense that these are maintenance factors. These are extrinsic to the work itself, and include aspects such as company policies, supervisory practices, or wages/salary.[4][5] Herzberg often referred to hygiene factors as "KITA" factors, which is an acronym for "kick in the ass", the process of providing incentives or threat of punishment to make someone do something.According to Herzberg, hygiene factors are what causes dissatisfaction among employees in a workplace. In order to remove dissatisfaction in a work environment, these hygiene factors must be eliminated |
|
|
Define Probability |
Probability is the chance that something will happen - how likely it is that some event will happen.Sometimes you can measure a probability with a number like "10% chance of rain", or you can use words such as impossible, unlikely, possible, even chance, likely and certain.
|
|
|
What is the minimum an emergency plan is tested? |
Annually |
|
|
Define Vital Records |
Records necessary to insure the survival of the business, generally constitute no more than 2 percent of a corporations records. |
|
|
Who should responsibility for a plant shutdown be assigned? |
Those familiar with the shutdown process. |
|
|
What does partial evacuation include for a high rise building? |
The floor above and the floor below the threat, incident. |
|
|
What are the four legs of fire: |
1. Heat 2. Fuel 3. Oxygen 4. Chemical Reaction |
|
|
Name both types of manual fire alarm stations |
Local alarms: alert personnel in building Station alarms: signal is transmitted directly to a monitoring statoin |
|
|
Mutual Aid Association |
A cooperative organization of industrial firms, business firms, and similar orgs within an industrial communities that are united by a voluntary agreement to assist each other by providing materials, equipment and personnel needed to ensure effective industrial disaster control during emergencies. |
|
|
What is the greatest single destroyer of property? |
Fire |
|
|
How does the ionization fire detector warn of fire? |
by responding to invisible products of combustion emitted by a fire at its earliest/incipient stage. |
|
|
What fire detector responds to predetermined temperature or to an increase in temperature? |
Thermal Detector |
|
|
What fire detector responds to changes or interruption in the light source: |
Photoelectric Smoke Detector |
|
|
In connection with corporate kidnappings by terrorist, the decision whether ransom should be paid is made by whom? |
The highest corporate level official |
|
|
The development of an effective emergency disaster plan should include what elements: |
1. Written 2. Contain inventory of available resources 3. List preventative measures |
|
|
At the time of a strike, if no guard force is available, what action should be taken? |
Supervisory personnel should be mobilized into a patrol group |
|
|
What is the percentage of real bomb threats? |
2-5% |
|
|
What are vital records? |
1. Incorporation papers 2. By-laws of the corporation 3. The stock record books 4. Board of Director minutes and certain corporate finance records. |
|
|
What is the number of security personnel required to cover a single post around the clock on three eight hour shifts? |
4.5-5 persons |
|
|
Span of Control |
Refers to the number of personnel over which one can effectively supervise |
|
|
Chain of Command |
The path along which authority flows |
|
|
Unity of Command |
Employee should have only one immediate superior to whom the employee should report |
|
|
Theory X and Theory Y Developer |
Douglas McGregor |
|
|
Theory X |
Average employee has little ambition, dislikes work and must be coerced, controlled, and directed to achieve objectives. Autocratic Approach to management |
|
|
Theory Y |
Average employee likes work, self-directed, creative, imaginative. This theory encourages managers to support and encourage employees in efforts to higher achievement. |
|
|
Herzbergs Theory |
Work Motivation Theory: States motivation comes from work achievement not from salary or job security. |
|
|
Theory Z |
Japanese style, emphasizes humanized working conditions along with attention by management to enhance trust and close personal relationships. |
|
|
MBO - Management by Objectives |
Peter Drucker developed, in this approach both subordinate and superior agree on measurable goals to be achieved primarily by the subordinate over a stated period of time. |
|
|
What percentage of activated alarms are false? |
95-99% |
|
|
Define PML |
Possible Maximum Loss - maximum loss sustained if a given target is totally destroyed or removed. Probable Maximum Loss-amount of loss a target is likely to sustain. |
|
|
Define ALE |
Annual Loss Expectancy |
|
|
Define CPTED |
Crime Prevention through Environmental design advocates that the proper design and effective use of the building environment leads to a reduction in crime and a reduction in the fear of crime. |
|
|
Theft Triangle |
1. Motivation 2. Opportunity 3. Rationalization |
|
|
Who should the head of security report to from an organizational standpoint? |
A vice president or higher |
|
|
Who should an applicants first interview be with? |
A personnel interviewer |
|
|
What department of the company administers recruiting activities? |
Personnel Department |
|
|
The heart of personnel selection is what? |
Interview |
|
|
In a non-entry level recruiting, the recommended technique is what? |
Blind Ad |
|
|
Ultimate responsibility for the internal security in a department should rest with whom? |
Line Supervisor |
|
|
Risk Assessment |
Process of determining the probablity and cost of potential loss |
|
|
Loss Event Criticality |
Impact or effect on the enterprise if the loss occurs |
|
|
Loss Event Profile |
Spotting the individual loss events that might take place is the primary step in dealing with security vulnerability. |
|
|
Loss Event Probability |
Likelihood or probability of risks affecting the assets becoming actual loss events |
|
|
What book did Oscar Neuman publish: |
Defensible Space: presented ideas and applied strategies from the NY public housing project to aid in reducing the risk of being victimized and reducing fear of crime when on the streets. |
|
|
From a security perspective, what is the first factor to be considered in facility construction? |
The building site itself |
|
|
Security Survey |
Critical on site examination and analysis of an industrial plant business, home or public or private institution to ascertain the present security status, to identify deficiencies or excesses to determine the protection needed to make recommendations to improve the overall security. |
|
|
What are the two definitions of risk? |
1. Pure Risk 2. Dynamic Risk |
|
|
What steps are used in crime analysis: |
Data Collection Data Analysis Dissemination Feedback |
|
|
Bonds which require than an employee be investigated by the bonding company to limit the risk of dishonest, and if that trust is violated, the insurance company must indemnify the employer are known as... |
Fidelity Bonds |
|
|
Insurance rates are dependent upon what two primary variables? |
Cost of Claims Frequency of Claims |
|
|
Protection for a corporation, if there is failure to perform specified acts within a certain period of time is known as what... |
Surety Bond |
|
|
What types of protection are utilized by security personnel |
Fidelity Bonds Surety Bonds Burglary/Robbery/Theft Insurance |
|
|
What is the urban planning and design process which integrates crime prevention techniques with neighborhood design? |
Environmental Security (E/S) |
|
|
The ability of design to counteract the perception that the area is isolated and criminal vulnerable is known as... |
Image and Milieu |
|
|
What is the greatest ongoing threat to any business? |
Internal Theft |
|
|
A line item budge is the traditional and most frequently used method of budgeting, what are two other commonly used techniques? |
Capital and Program Budgets |
|
|
Pilferage is defines as stealing in small quantities over a long period of time. The taking of property entrusted to someone else is called what? |
Embezzlement |
|
|
The practice of preventing unauthorized persons from gaining information by analyzing electromagnetic emanations from electronic equipment is often termed? |
Tempest |
|
|
What are the two major types of surveillance? |
Physical Technical |
|
|
Picric Acid |
Yellow colored crystalline solid |
|
|
Nitrocellulose |
Not a high explosive |
|
|
What is not a requirement for a successful undercover investigation? |
Developing necessary evidence for prosecution |
|
|
The principal item of expense in an investigations budget is what? |
Personnel Costs |
|
|
The single most important administrative control in handling investigations is what? |
Indexing |
|
|
As a general rule the number of consecutive years of employment or non-employment to be verified preceding the date of investigation are? |
5 years |
|
|
Any investigation containing unfavorable information should be retained in files for a period of how long? |
3 years |
|
|
The rule which states that approximately one in ten applications will have major omissions which will require going back to the applicant is called what? |
The Rule of Ten |
|
|
If an interviewee during investigations is hostile, it is preferable to conduct the interview where? |
At the security office |
|
|
What is the process whereby communications are intercepted or recorded? |
Technical Surveillance |
|
|
Why is it becoming increasingly more difficult to do a good pre-employment background investigation? |
Various laws and court decisions which inhibit the use of techniques and or instruments available. |
|
|
Where should interviews be conducted? |
An area where distractions are minimal |
|
|
The most consistently available and most valuable sources of information are? |
Persons involved in the incident |
|
|
An undercover operator should be? |
Unknown by anyone likely to be in the target population |
|
|
What is the general rule incident to interviewing individuals in an investigation? |
Interview those who are unlikely to be available later first. |
|
|
Proprietary Information |
Information of value owned by or entrusted to a company which relates to the operations of the company and which has not been disclosed publicly |
|
|
Trade Secret |
Part of a company's proprietary information, including formula, pattern, compilation, etc. three basic requirements: must be competitive advantage, must be secret, must be used in the business of the owner Formula for Coca Cola |
|
|
Patent Laws |
A government grant conveying and securing the exclusive right to make, use, and sell an invention for a term of 17 years. |
|
|
What is a clandestine listening device? |
Bug |
|
|
A microphone with a large disk-like attachment used for listening to audio from great distances is known as what? |
Parabolic microphone |
|
|
The control software of a private board exchange (PBX) can be accessed and compromised by calling the telephone number of a device on the PBX from a computer and modem, the name of this PBX device is what? |
Remote Maintenance Access Terminal |
|
|
Ficuciaries |
Class of person under a duty to safeguard a proprietary secret |
|
|
Chief reason for the loss of information about sensitive operations? |
Lost through inadvertent disclosure |
|
|
Chief reason for loss of information about sensitive operations |
Inadvertent disclosure |
|
|
What does eavesdropping refer to? |
Wiretapping and bugging |
|
|
A microphone which has the characteristics of requiring no power source to operate, is quite small, relatively difficult to detect, and is offered by equipment suppliers in such items as cuff links and hearing aides |
Dynamic Microphone |
|
|
Microphone normally installed on a common wall adjoining a target area when it is impractical or impossible to enter the area to make a microphone installation |
Contact Microphone |
|
|
Business Strategy |
Defines the purpose of the business, in order to implement the strategy management develops appropriate administrative practices. May be current, 3-5 years out. |
|
|
Name three financial reports that have become accepted as standard and are able to paint a clear picture of a companies current and prospective financial health? |
1. Income Statement 2. Balance Sheet 3. Statement of Cash Flows |
|
|
Tells How much money an organization generates (revenue), how much it spends (expenses), and the difference between those figures (net income). Net income = Revenue - Expenses |
Income Statement |
|
|
EBITA |
Earnings Before Interest, Taxes, and amortization |
|
|
What summarizes an organizations investing and financing and uses the underlying equation which must be equal: assets=liabilities + shareholder equity? |
Balance Sheet |
|
|
What financial document provides insight into how cash inflows and outflows affect an organization? |
Cash Flow Statement |
|
|
Gross Profit Margin |
Provides insight into the efficiency of manufacturing a product. Gross Profit Margin = (Revenue-Cost of Goods Sold-General and Administrative Costs)/Revenue |
|
|
Operating Margin |
Demonstrates the company's overall operating efficiency in producing and selling a product. Operating Margin=EBITA/Revenue |
|
|
Net Profit Margin |
Measures net profit after all expenses are included. Net Profit Margin=Net Income/Revenue |
|
|
What two ratios demonstrate how well a firm has done in making money for a reporting period? |
ROA and ROE |
|
|
Return on Equity (ROE)
|
(how well does a company use financial assets to generate income) effectiveness at using loans to generate profit
ROE=Net Income/Shareholder Equity |
|
|
Return on Assets (ROA)
|
Demonstrates organizations ability to generate income bases on its assets independent of financing.
ROA=Net Income/Total Assets |
|
|
EPS |
Earning Per Share - represents how much income or loss is generated per share of the organization |
|
|
How are earnings per share calculated? |
EPS=Net Income/Total Shares |
|
|
P/E |
Price to Earnings Ration - relates a company's share price to its EPS, useful to determine whether an organization is fairly valued. |
|
|
How are price to earnings calculated? |
P/E=Price per Share/EPS |
|
|
What is ROI? |
Return on Investment, an effective way to compare the desirability of different ways of spending, also assists in obtaining future budget monies. |
|
|
How is ROI calculated? |
ROI=[Investment Value at End of Period/Investment Value Beginning of Period]-1 ROI=[(Initial Investment +Interest Earned(or lost))/Initial Investment]-1 |
|
|
Define PDCA or Deming Cycle |
Plan-Do-Check-Act, most management systems standards are based on this mode of total quality management developed decades ago. |
|
|
Name three types of assets |
1. People 2. Property 3. Information |
|
|
Name Five avenues to address risk |
1. Deter (attack) 2. Deny (deny access through traditional measures) 3. Detect ( Through surveillance, etc) 4. Delay (via target hardening) 5. Destroy |
|
|
Maslow's Hierarchy of Needs |
Often depicted as a pyramid, basic or lower-level needs must be met before a person is motivated by the next higher level of needs: 1. Physiological 2. Security 3. Affiliation 4. Esteem 5. Self Acutalization |
|
|
Give two explanations of white-collar crime |
1. Edwin Sutherlands Differential Association Theory (criminal behavior is associated with individuals association with criminal evnvironment) 2. Donald Cresseys non-shareable need theory (defines the problem as a violation of a position of financial trust) |
|
|
What percentage of police officer work is devoted to crime related matters? |
20% |
|
|
Loss Event Profile |
Spotting individual loss events that might take place is a primary step in dealing with security vulnerability |
|
|
Loss Event Probability |
Likelihood or probability of risk affecting the assets becoming actual loss events |
|
|
What is the first factor to be considered in facility construction? |
The building itself |
|
|
Name two types of risk |
Pure Dynamic |
|
|
What four factors does crime analysis consist of? |
Data Collection Analysis Dissemination Feedback |
|
|
E/S Environmental Security |
urban planning and design process which integrates crime prevention techniques with neighborhood design |
|
|
What is the greatest threat to business? |
Internal Theft |
|
|
Surety Bond |
Protection for a corporation, if there is a failure to perform specified acts within a certain period of time |
|
|
Fidelity Bonds |
Require an employee to be investigated by the bonding company to limit the risk of dishonest, and if trust is violated, the insurance company must indemnify the employer |
|
|
What should happen to a security plan that no longer serves a useful purpose? |
Abandon |
|
|
Lanham Act |
AKA trademark act of 1941 |
|
|
Mutual aid association |
Cooperative organization of industrial firms, business firms, and similar organizations within an industrial community that are united by a voluntary agreement to assist each other by providing materials, equipment, and personnel needed to ensure effective industrial disaster control during emergencies. Mutual Assistance agreements are one of the most important aspects of coping with major plant firest |
|
|
What should good emergency planning consist of? |
Written Plan Individual appointed as coordinator Simplicity |
|
|
Effective Emergency disaster plan |
Written Contain inventory of available resources list preventative measures |
|
|
What percentage of bomb threats are estimated to be real? |
2-5% |
|
|
What do vital records include? |
1. Incorporation Certification 2. By-laws 3. Stock Record Books |
|
|
Comprehensive Emergency Management (CEM) |
1. Mitigation 2. Preparedness 3. Response 4. Recovery MPRR |
|
|
What is the primary focus in Executive Protection? |
Avoid dangerous persons or condisions |
|
|
ISO 27000 |
Security Standards |
|
|
Risk Analysis |
Management tool which sets the standards to determine what is acceptable in terms of actual loss in a logical manger. |
|
|
PML |
Possible Maximum Loss if target is lost |
|
|
ALE |
Annualized Loss Expectancy, formula used in quantitative risk analysis, used when determining return on investment |
|
|
What is the recommended technique for non-entry level recruiting? |
Blind Ad |
|
|
What is the heart of personnel selection? |
The interview |
|
|
What are the three main theories of organizations behavior? |
Autocratic Custodial Supportive |
|
|
What is the autocratic theory? |
All management is all powerful and employees are obligated to follow orders without question |
|
|
Under federal law when is the use of the polygraph for pre-employment permissible? |
Alcohol Manufacturing |
|
|
Vulnerability Study |
Process used by security manager in establishing priorities of protection of assets |
|
|
What is used to locate eavesdropping devices by detecting the semi-conductor components which comprise their circuits? |
Nonlinear junction detector |
|
|
The interior height of a vault should not exceed what? |
12ft |
|
|
What temperature can paper be destroyed? |
350F |
|
|
What temperature can electronic process media deteriorate? |
150F |
|
|
What is the mechanical lock longest in use and with practically no security value? |
Warded Lock |
|
|
What is used to protect very sensitive equipment from electromagnetic radiation? |
Tempest Shielding |
|
|
Where does the ultimate responsibility for the internal security in a department lie? |
Line Supervisor |
|
|
What is the single most important administrative control in handling investigations? |
Indexing: a means whereby inquiries about the investigation can be connected to the investigation results and suspects involvement |
|
|
What are the interview priorities? |
1. Those unavailable later 2. Those with extensive knowledge 3. Those with relevant knowledge 4. Hostile |
|
|
What are the number of consecutive years of employ/non-employ that should be verified preceding the date of investigation? |
5 years |
|
|
What safe should always be anchored? |
That weighing less than 750lbs |
|
|
What is the most common type of access control? |
Photo ID |
|
|
What is the best way to transmit signals 2,200 feet? |
Fiber |
|
|
How many monitors may be watched by one individual? |
10 or less |
|
|
Barbed wire |
standard wire is twisted, double strand, 12 gauge wire with 4 point barbs spaced equi-distance apart. Not less than 7 feet high excluding top guard. Attached to posts not more than 6 feet apart. Distance between strands not more than 6 inches and at lease one wire interlaced vertically and midway between posts. |
|
|
Concertina Wire |
Commercially manufactured wire coil of high strength steel barbed wire clipped together at intervals to form a cylinder. 50' long and 3' in diameter. |
|
|
Barbed Tape |
Composed of 3 things - barbed wire, barbed tape dispenser, concertina tape. Fabricated from a steel strip with a minimum breaking system of 500 lbs. |
|
|
Top Guard |
an overhand of barbed wire or barbed tape along the top of the fence, facing outward and upward at approximately a 45 degree angle. Top guard supporting arms will be permanently affixed to the top of the fence posts to increase the overall height of the fence at least one foot. Must consist of 3 strands of barbed wire, spaced 6" apart installed on supporting arms. |
|
|
Manhole Covers |
10" or more in diameter must be secured to prevent unauthorized opening. |
|
|
Barbed Wire Fencing designed to prevent human trespassing |
Excluding top guard should be not less than 7' high |
|
|
What should the distance between the strands of barbed wire be in a fence? |
Not exceeding 6" |
|
|
What is the required clear zone between the perimeter barrier and exterior structures? |
20' |
|
|
What is the cross sectional area that must be protected by fastened welded bar grills on culverts, vents, and other openings? |
96 square inches |
|
|
What is the percentage of drug use for employees? |
8.8% |
|
|
What federal law pertains to safe workplace? |
OSHA 29 USC 654(a)(1) |
|
|
what lighting is used for protective lighting systems? |
1. Continuous 2. Standby 3. Moveable |
|
|
What is a series of fixed luminaries arranged to flood a given area continuously during the hours of darkness with overlapping cones of light? |
Continuous Lighting |
|
|
What should be done before installing protective lighting adjacent to navigable waters? |
US Coast Guard should be consulted |
|
|
How far should water approaches extending to a distance of 100 feet from the pier be illuminated? |
To at least 0.5 foot candles |
|
|
Decks on open piers should be illuminated to what? |
at least one foot candle 1.0 fc |
|
|
What are the illumination intensity minimums for lighting of the perimeter of restricted areas? |
0.40 foot candles |
|
|
Proprietary Alarm System |
Similar to central station system, except it is owned by and is located at the installation. Response to the alarm is by the installations own security personnel. |
|
|
Local Alarm System |
Activates a visual or audible signal in the immediate vicinity |
|
|
Auxillary Alarm System |
Installation owned system which is a direct extension of the police or fire alarm system. Least effective. |
|
|
Central Station Alarm System |
Alarms transmitted to a central station outside the installation from which appropriate action is taken, i.e. notifying police or fire departments. |
|
|
Microwave system |
intrusion detection system in which a pattern of radio waves are transmitted and partially reflected back to the antenna |
|
|
Capacitance System |
Intrusion detection system which is used on a safe, wall and openings therein in an effort to establish an electrostatic field around the object to be protected |
|
|
Ultrasonic motion detection |
System using inaudible sound waves to detect the presence of an intruder or other disturbance. |
|
|
Microwave motion detector |
sensor which is used when air turbulence is present in the protected room and when there are no potential false alarm sources outside the room and in the field of the detector |
|
|
Microwave Sensor |
Based on the Doppler Principle. A radio/radar frequency transmitter having a frequency range of GHz, which detects motion. |
|
|
Acoustic Detector |
sensor which is used when light air turbulence, vibration, and motion outside the room are present. |
|
|
Electro-mechanical sensor |
Foil used as a detector on a glass window to signal a surreptitious or forcible penetration, designed to place a current carrying conductor between an intruder and an area to be protected. |
|
|
Volumetric |
Capacitance, Vibration, Microwave, Ultrasonic, Passive Infrared, PhotoElectric |
|
|
Annunciator |
A visual indicator that shows from which of several zones or building an alarm signal has originated |
|
|
Contact Microphone |
Specially constructed microphone attached directly to an object or surface to be protected and which responds only when the protected object or surface is disturbed or "contacted" |
|
|
Glass |
Weakest are in a window Over 50% of all break in's through window glass |
|
|
Laminated Glass |
Type of glass used in street level windows or displays where security is necessary and which is composed of two sheets of ordinary glass bonded to an intervening layer of plastic material |
|
|
Tempered Glass |
often utilized for both safety and security purposes because it is 3-5 times stronger than regular glass and 5 times as resistant to heat |
|
|
Loss Event Profile |
Definition of a security problem requires three things be recognized and evaluated in quantitative terms: 1. Kinds of threats or risks affecting the assets to be safeguarded; 2. The likelihood or probability of those threats or risks becoming actual losses; 3. The impact or effect on the assets or the enterprise responsible for the assets if the loss occurs. |
|
|
To meet minimum federal specifications, non-insulated security containers must successfully pass a drop test of what? |
30 feet |
|
|
Vaults are designed to meet fire protection standards specified by who? |
National Fire Protection Association |
|
|
Acceptable vault construction of insulated doors is a minimum reinforced thickness of how many inches? |
6 inches |
|
|
Money Safes |
Do not have accredited fire resistance Classified by both the Underwriters Laboratories and The Insurance Services Office |
|
|
The interior height of a vault should not exceed what? |
12 feet |
|
|
How do security vaults differ from safes? |
They are permanently affixed to a building |
|
|
What temperature can paper be destroyed? |
350 F |
|
|
What temperature can electronic process media begin to deteriorate? |
150 F |
|
|
What types of alarms are used on vaults? |
Capacitance and Vibration |
|
|
Lever Locks |
used in safe deposit boxes, difficult to pick |
|
|
Warded Lock |
the mechanical lock longest in use which has practically no security value |
|
|
Pin Tumbler Lock |
Most widely used lock for both exterior building doors and interior rooms |
|
|
Employee Theft Triangle |
Motive Opportunity Rationalizatoin |
|
|
What five attributes characterize an effective and reliable investigation? |
Objectivity, Thoroughness, Reliance, Accuracy, Timeliness |
|
|
What are the stages of fire |
Incipient Stage (invisible) Smoldering (smoke Visible) Flame Heat (uncontrolled heat) |
|
|
Fire Sensor Types |
Smoke Detectors - Photoelectric Ionization - Sensitive to invisible products of combustion Thermal - Respond to Heat Flame - detect flames Infrared - radiant energy unseen by humans |
|
|
How many years should employment or non-employment be verified preceding applicatoin? |
5 years |
|
|
What is the frequency of a re-investigation of an employees financial lifestyle? |
18 months |
|
|
What is the minimum retention period for any investigation which includes unfavorable information or which results in an adverse employment decision? |
3 years |
|
|
What is not an acceptable form of information for a professional position? |
Resume |
|
|
How many people are needed to cover a single post around the clock providing coverage for three eight hour shifts? |
4.5 persons |
|
|
What is the main reason for not arming private guards? |
"The typical business or government facility is not customarily a place where violent crime occurs" |
|
|
What tort is the wrongful appropriation of personal property of another to the use of the taker ? |
Conversion |
|
|
What is the relationship in which two parties agree that one will act as the representative of the other? |
Agency Relationship |
|
|
What is a willful or negligent wrong done by one person to another? |
Tort; i.e. batter, assault, false arrest, trespass |
|
|
What does the 4th amendment deal with? |
Search and Seizure |
|
|
The affirmative act of concealing the commission of a felony, cognizable by a court of the US, by someone having knowledge of the felony is a violation called what? |
Misprision of a Felony |
|
|
What is the purpose of bail? |
To assure the appearance of the accused in court |
|
|
Express Contract |
Actual agreement usually in writing |
|
|
Implied Contract |
Not created or evidenced, inferred by law |
|
|
The Civil Rights Act (42 USC 2000e) |
Prohibits employers with 15 or more employees from discrimination, failure or refusal to hire, discharge, limitation, segregation, or classification in any way adverse to an employee or employment applicant on the basis or race, color, religion, sex, or national origin |
|
|
What two primary variable are insurance rates dependent? |
cost of claims and frequency of claims |
|
|
After Sept 11, 2001 what percentage did security staff in the US increase by? |
13% |
|
|
Who is responsible for escorting visitors on site? |
The inviting party |
|
|
Organizational Vertical model of authority |
Also Hierarchical, authority comes from the top and flows down. |
|
|
Organizational Shamrock Model (Dalton) |
Based on the three leaf shamrock where each leaf represents a small core of professionals. |
|
|
Organizational Network Model |
Flattened or horizontal model, employees are connected not just to immediate supervisors but to many others. People come together for certain tasks and then disband or regroup as needed. |
|
|
Post Orders |
Should be available at each guard post. Kept current and accessible. Vital link between requirements of the client and the ability of the security officer to effectively meet those reqs. |
|
|
Five attributes characterize an effective and reliable investigation |
Objectivity, thoroughness, relevance, accuracy, and timeliness. |
|
|
Substance abuse in the workplace |
According to US govt sources, on the job substance abuse costs American businesses 81-100 billion annually. |
|
|
Title VII of the Civil Rights Acts exemptions |
Defense contractors are exempt in the hiring of aliens |
|
|
What is the discrepancy between what the applicant provided on the resume to the truth? |
49% |
|
|
What ways does a pre-employement screening program benefit business? |
Discourages applicants with something to hide Demonstrates company exercised due diligence Ensures candidate has appropriate qualifications |
|
|
Resume |
Important element in pre-screening Company must not accept a resume in lieu of an application or complete work history. |
|
|
Applications |
IN US considered tests. Should address: material omissions applicants correct and full name current and prior addresses criminal information such as convictions, guilty pleas, and nolo contendere. |
|
|
Behavioral Theory: McGregor |
Theory X-average worker indolent, lacks ambition. need hard driving authoritarian manager. Theory Y-work is natural and can be satisfying. Represents involvement, contribution, and commitment by workers. |
|
|
Behavioral Theory: Maslow |
Hierarchy of Needs: Physiological Safety and Security Social Ego Self actualization |
|
|
Behavioral Theory: Herzberg |
Hygiene or maintenance factors Hygiene: employer policies, communications, job security, fringe benefits, etc. Motivators: elements that make the job more challenging and lead to personal growth and development. Earned recognition, achievement, sense of contribution, increased authority, growth, advancement. |
|
|
Behavioral Theory: Argyris |
Traditional organizational principles, structures, and procedures are incompatible with the mental health of employees. Workers fight this system. |
|
|
Behavioral Theory: Bennis |
Organization should be adaptive and problem solving. Free and full communication, rely on consensus. |
|
|
Principle of Line Loss |
The effectiveness of a communication tends to vary inversely with its extension. The more people are involved with the line of communication the greater the probability of distortion, delay, and loss of meaning. |
|
|
Principle of Emotional Appeal |
Appeals to emotion are communicated more readily than appeals to reason. People will listen and understand better if the ideas being introduced relate to their personal interests, desires, families, and jobs. |
|
|
Principle of applicaton |
The more a communication is applied, the better it is understood and remembered. People will retain information better if they can put it to use; application converts ideas into action and gets results. |
|
|
Rand Report 1972 |
Focused national attention on the security industry in the US. Stated the typical security officer was an uneducated (possessing a 10th grade education) untrained, aging male who worked many hours at low wages. |
|
|
Hallcrest Report 1- 1985 |
Found contract security firms had inadequate employee selection and training standards |
|
|
York College- 1985 |
Managers did not understand the developmental progression of training. |
|
|
National Labor Relations Act (NLRA)/Wagner Act |
Foundational federal statute in labor relations. Gave workers the right to representation. |
|
|
Landrum-Griffin Act 1959 |
Established safeguards and restrictions on the conduct of union management and officers with regard to their own memberships. Also added unfair labor practice of hot cargo agreements. |
|
|
Taft-Hartley Act 1947 |
Amended NLRA to forbid unions to engage in unscrupulous activities. |
|
|
Two basic categories of Evidence |
Direct: real/first hand knowledge Indirect: Circumstantial and hearsay. |
|
|
Documentary Evidence |
Information usually in the form of letters, figures, or other marks contained in paper products, rubber stamps, plastic bags, typewriters, and seals. |
|
|
Physical Evidence |
Tangible, may consist of dirt, dust, clothing, tools, electronics etc. |
|
|
Five Categories of Physical Evidence |
1. Corpus Delicti: Proves a crime has been committed, i.e. Body at homicide 2. Associative/Circumstantial: links suspect with the scene of a crime, fingerprints or DNA. is identifying Evidences Establishes identity of a suspect, fingerprint, blood, etc. 3. Tracing Evidence: Articles that assist in the possible ID or location of suspect, credit card receipt, etc. 4. Trace Evidence: Includes fibers, paints, dyes. 5. Impression Evidence: includes firearms, tool marks, bite impressions, footprints. |
|
|
Theft Triangle |
Desire Motive Opportunity |
|
|
Questioning Order for interviews |
1. persons not likely to be readily available later 2. persons believed to have the most pertinent info 3. hostile witnesses 4. Offender |
|
|
B |
How much one should spend to prevent an information system security incident equals the probability of the incident times its cost. B=cost of taking adequate measures to prevent harm; L = monetary loss; P=probability of its occurring. |
|
|
Turing Machine |
1937 created by Alan Turing, predecessor to what would ultimately become the microcomputer. |
|
|
Residual Risk=(Threats*Vulnerabilities)/Countermeasures |
Fundamental equation of ISS: Qualitative equation, says residual risk rises as threats rise and as vulnerabilities rise. Residual risk falls as countermeasures are applied. |
|
|
Information System Countermeasures |
1. Administrative Controls: management, policies, standards, procedures, guidelines, personnel screening, awareness training, etc. 2. Technical Controls: network log-ins and passwords, firewalls, audit logs, encryption, antivirus, and spam filters. 3. Physical Controls: Door locks, cameras, environmental controls, guards, etc. |
|
|
CIA Triad (Information Security issues) |
Confidentiality Integrity Availability |
|
|
Gramm-Leach-Billey Act (GLBA) 1999 |
Regulates use and disclosure of nonpublic personal information about individuals who obtain financial products or services from financial institutions. |
|
|
High Rise Structure |
Extends higher than the maximum reach of available fire fighting equipment. Appx 7-10 stories. |
|
|
Pin tumbler locking mechanism |
Most common type of key operated mechanism used in architectural or builders door hardware in the US. |
|
|
Emergency Management Plan Development |
1. Define emergency in terms relevant to the organization 2. Establish an group within the organization to perform specific tasks before, during, after emergency 3. Establish method for using available resources and for obtaining additional resources at the time of an emergency 4. Provide a means for moving normal operations into and back out of the emergency mode of ops. |
|
|
What are the four elements of emergency management? |
1. Mitigation: activities providing critical foundation in the effort to reduce the loss of life and property. (i.e. fastening bookshelves to walls) 2. Preparedness: encompasses actions taken before an event to plan, organize, equip, train, exercise in order to deal with emergencies. 3. Response: Entails activities that address the short-term direct effects of an incident. 4. Recovery: involves near term and long term actions taken to return the organization to a pre-emergency level of operation. |
|
|
Business Continuity |
Encompasses Business Impact Analysis (BIA) Private Sector version of emergency management, encompasses all actions taken by a business before, during or after an emergency to minimize the emergency negative impact on the organizations operations and to bring about a timely response, resumption of critical business functions and recovery. |
|
|
COOP |
Continuity of operations, normally applied to US Federal Government and entails movement of critical functions and personnel to an alternate operating site or sites. |
|
|
Three primary objectives of emergency management |
1. Minimize probability of a threat or emergency 2. Mitigate the impact if the event occurs 3. Recovery and resumption of normal operations |
|
|
Emergency Management Plan |
Formal audit should be conducted annually Plan should be evaluated and modified after : training drill, emergency, changes in personnel, changes in facility, changes in policy |
|
|
Mutual Aid Association |
Businesses and organizations agree to assist each other by providing materials, equipment, and personnel for disaster control during emergencies. |
|
|
Business Impact Analysis (BIA) |
Used to identify an entity's critical function, asses impact of a disaster or other emergency on those functions over time, help develop and prioritize recovery strategies. |
|
|
Non-linear junction detectors |
Used for detecting concealed electrical circuits. Used for bomb detection |
|
|
Define Risk |
The likelihood of a consequence |
|
|
Define Probablility |
The likelihood of one outcome out of the total of all possible undesirable outcomes, expressed as a number between 0 and 1 |
|
|
Direct Costs |
Include the loss of money, negotiable instruments, property or information. |
|
|
Indirect Costs |
Harm to Reputation, loss of goodwill, loss of employees and harm to morale. |
|
|
Lost Income Cost I=(i/365)xPxT |
Use of money for loss replacement represents an additonal cost margin and is called lost income: I=income earned i=annual percent rate of return P=principal amount in dollars available for investment T=time in days during which P is available for investment |
|
|
Cost of Loss Formula K=(Cp + Ct+ Cr + Ci) - (I-a) |
Analyze each security vulnerability in light of probably maximum loss for a single occurrence. K=criticality, total cost of loss Cp=cost of permanent replacement Ct=cost of temporary substitute Cr=total related costs Ci=lost income cost I=available insurance or indemnity a=allowable insurance premium amount |
|
|
Vulnerability Assessment |
Process of identifying and quantifying vulnerabilities. Must be performed once to establish baseline, may be repeated to verify effectiveness of upgrades, etc. Used to support a risk assessment by answering "What can go wrong" |
|
|
R=Tx A x V |
Risk R=residual risk T=threat, definition and likelihood of attack A=asset to be protected V=vulnerability, represented by system effectiveness |
|
|
Metal Halide Lamps |
Last 20,000 hours and accurately reproduce color of cars, clothes, people. |
|
|
Low Pressure Sodium Vapor Lamps |
Last 50,000 hours and are most energy efficient, have poor color rendition |
|
|
High Pressure Sodium Vapor Lamps and Mercury Vapor Lamps |
Very low CRI (color rendition index) should not be used in conjunction with color camera applications. Less expensive than metal halide, do not last as long, do not render color as well. |
|
|
Mulitplexing |
A technique to transmit several messages simultaneously on the same medium |
|
|
Private Fixed Wireless Systems |
PABX - a wireless private automatic board exchange uses a low power transmitter to communicate with handheld telephones within a limited range. |
|
|
Wiegand |
Wire technology in existence for some time, wiegand signal output format has become industry standard. Technology is not used much. |
|
|
What two classes can locks be divided into? |
Mechanical and electric/mechanical |
|
|
Warded Lock |
mechanical lock longest in use and first developed |
|
|
Lever Lock |
18th century, improvement over warded lock |
|
|
Pin tumbler lock |
Most widely used lock in the US for exterior and interior building doors |
|
|
Wafer Tumbler |
Design permits master keying |
|
|
Primary Functions of PPS |
Detection Delay Response Deterrence is a secondary function |
|
|
Define CARVER analysis
|
C-Criticality: measure of public health and economic impacts of an attack.
A-Accessibility: ability to physically access and egress from target R-Recuperability: ability of a system to recover from an attack V-Vulnerability: Ease of accomplishing task E-Effect: amount of direct loss from an attack as measured by loss in production R-Recognizability: ease of identifying target |
|
|
PE=PI x PN |
PE=Protection system effectiveness PI= probability of interruption PN=probability of neutralization |
