ASIS CPP "Security Principles " Flashcards Help in Exam
Hallcrest: framed private security characteristics, its effect on crime control, and established a working relationship between private security and public law enforcement
Hallcrest recommendations: code of ethics, legislation, interstate licensing
Hallcrest II: profiled changes within the industry, identified security/law enforcement issues/trends, and researched security/law enforcement alliance
Organization: the arrangement of people with a common objective or purpose
Managerial function: plan, direct, coordinate, control, and organize
Line item budget (or plan in financial terms): oldest and simplest method of budgeting
Capital and program budgeting: also common
Zero-based budgeting: estimate of cost and revenues with a built-in warning mechanism
Ethics: rules by which members of a profession regulate their conduct
Security processes: information, physical, and personnel
Security’s main objectives: protection of assets and the prevention of losses
Security’s most conspicuous role: protective services
Security functions: cut across departmental lines and consist of involvement into every activity of the company without significant interference
Security department’s performance: most dependent upon officer performance
Each employee must know (POP): policy (what), objective (why), and procedure (how)
Job analysis: activities/responsibilities, interaction, qualifications, and conditions
Personnel security programs: to address job specifications via of a job description
Personnel security process: recruitment/hiring/discrimination safeguards and controls
Security awareness program: state of mind (separate but related to training)
Security managers motivate: through constructive discipline; not punishment
Discipline: the primary responsibility of the supervisor; training to correct, mold, strengthen
Discipline: management tool to condemn unacceptable behavior (not employee)
Discipline: to be administered immediately; any mistake of fact can be corrected at the next performance appraisal
3 basic management roles: interpersonal, informational, and decisional
Communication: most important management tool according to Sennewald
Written communication: best form of communication
Listening: first skill a manager must learn
Non-directional counseling: primarily involves good listening
Leadership: the influence one has on others in the pursuit of organizational objectives
Leadership styles: autocratic, bureaucratic, diplomatic, participative, free rein (avoids decision making),compelling (threats), and impelling (group force)
Supervision: goal of performance as outlined by management
Security manager (head of security): to report to a vice-president or higher
Security manager: conducts the inspection of a security department
Chain of command: path along which authority flows
Management by objective (MBO/ Peter Drucker): systematic method of achieving agreed upon Goals set in advance between a manager and subordinate
Program evaluation and review technique (PERT): controlling efforts toward a common goal
Douglas McGregor’s concept: every executive relates to his subordinates on the basis of a set of
assumptions termed Theory X and Y
McGregor’s Theory X (autocratic): emphasizes negative aspects of employee behavior
McGregor’s Theory Y (supportive): suggests that employees do not inherently dislike work, and will actually seek responsibility and better performance if encouraged to do so
Theory Z: recent Japanese style of humanized working conditions and close relationships
Custodial theory: employees will be content through economic benefits (non-motivating)
3 main theories of organizational behavior: autocratic (Theory X), custodial, and supportive (Theory Y) theories
Chris Argis (immaturity/maturity theory): work climate should provide for maturity
Warren Bennis: employee satisfaction vs. organizational requirements
Dr. Frederick Herzberg (motive-hygiene theory, or work motivation theory): motivation comes from the work itself, not from factors such as salary and job security
Dr. Mazlow (hierarchy of needs): physiological, safety, love, esteem, self-actualization
Loss prevention: any method (guards, insurance, etc.) to prevent and control loss
Loss prevention: determines probability, frequency, and cost of loss
Predatory prevention matrix: proactively promote, plan, and implement
Four D’s of loss prevention: deter, detect, delay, and deny
Protection program primary objective: motivate every employee to be part of the team
Most effective deterrent to shoplifting: well-trained store personnel
Defensible Space (Oscar Neuman): ideas and applied strategies from the New York public housing project to reduce the risk of victimization, and fear of street crime
Building site: first factor to be considered in facility construction
Environmental security (E/S): urban planning and design process integrating crime prevention with neighborhood design
Image and milieu: area design to counteract the perception of isolation/vulnerability
CPTED: crime prevention through environmental design
Security: stable and relatively predictable environment free of fear of disruption or injury
5 security levels: minimum, low, medium, high, and maximum
5 security level interventions: progresses from impede only at minimum level to impede, detect, assess, internal-external, and neutralize at maximum level
Security in-depth: progressively difficult barriers placed in the path of the aggressor
Security analysis: an in-depth study of risk management
4 security matrix factors: policy, control, risk, and phases of attack
Security survey: critical examination/analysis of the present security status of a property in terms of deficiencies/excesses, protection required, and recommendations
Crime prevention survey: focuses on deterrence regardless of physical safeguards in place
Crime control: ID root cause, opportunities (general/specific), develop a systems approach
Vulnerability study: establishes a priority in the protection of assets
Degree of protection: based upon criticality and vulnerability
Loss event profiling: typing risks, their probability, and degree of protection
Loss event probability: probability of risks becoming actual loss
Loss event criticality: impact on the enterprise if the loss occurs
PML: Possible Maximum Loss (destroyed), or Probable Maximum Loss (likely to sustain)
ALE: Annualized Loss Expectancy of not doing something (e.g., adding a back-up generator); used when computing return on Investment (ROI)
Risk abatement: reduction of risk
Risk analysis: used to match security measures with threats in order to minimize risks
Risk assessment: determining the probability and cost of potential loss
Risk assumption: the organization assumes the loss
Risk avoidance: the decision to avoid risks
Risk cells: intent, capacity, and opportunity
Risk exposure: identifies types of risks/losses, and their probabilities of occurrence
Risk management: pre-loss arrangements to ensure post-loss business continuation
Manpower: major resource required for a risk analysis
Risk spreading: reducing the likelihood of total loss (e.g., disks stored off-site)
Risk transfer: to transfer risk to insurance
4 risk countermeasures: personnel, electronics, hardware, and procedural/policy
Pure risk: no potential for benefit (e.g., earthquake)
Dynamic risk: can produce gain or profit (e.g., Las Vegas)
Quantified loss potential: the impact or severity of the loss on business
Insurance rates: dependent upon cost and frequency claims
Best basic types of protection: fidelity/surety bonds, burglary/theft/robbery insurance
Fiduciary bonds: assures trustworthiness of persons appointed by the court
Fidelity bond: insurance company indemnifies the employer against employee dishonesty
Surety bond: protects against another’s failure to perform specified acts on time
Indemnity bond: protects an individual/organization against losses of a specified type
Span of Control principle: ideal 1:3, good 1:6, acceptable 1:12
Employee theft: causes 1/3 of all business failures
Computer security incidents: 80% by dishonest and disgruntled employees
Hackers: only 1% of annual computer security incidents
Alcoholism candidate: white male over 40 and living alone
Heroin: semi-synthetic narcotic (white to dark brown [1- 98% pure], black tar 20- 80%)
False alarms: 95% to 99% of activated alarms
Growth: 1% per year for police, and 2.3% per year for security
2000 expenditures: $44 billion for police, and $104 billion for security
Guardianship: nearby people who can protect an intended victim
The security and loss prevention program begin: identifying threats, hazards and risks that face an organization
Risk analysis interchangeable: risk assessment, risk evaluation
The survey document consist of a: checklist
Risk analysis is to be done quantitatively (when): organization is large, exposure cannot be evaluated
Those who plan protection should have a: clear understanding of organization needs, corporate culture, customer needs
A risk analysis provides input for: planning protection
Security strategies generally take the form of: Personnel, systems and policies and procedures
The system prospects looks at interactions among: Sub systems
Standard and regulations serves for employees as: Resource
The concept of what a reasonable person with similar training and equipment would do in a similar situation, is called: Standard of care
Leadership style: influence success
Autocratic style: managers taking all decision
Democratic style: opinions from employees
Authority: right to act
Power: the ability to act
Policies: control employer decision making
Procedure: way of doing
Line personnel: authority and function (chain of command)
Defensible Space: a substitute term for the range of mechanisms – real and symbolic barriers, strongly defined areas of influence, improved opportunities for surveillance that combine to bring an environment under the control of its residents.
Risk management theory draws on probability and statistics, mathematics, engineering, economics, business and the social sciences among other disciplines. The study of risk has expanded to include the understanding of the psychological, cultural, and social context of risk.
Risk perception theory focuses on how humans learn from their environment and react to it. The psychometric approach is another method of research risks; it involves a survey to measure individual views of risks.
Risk communication theory concerns itself with communication perception of experts, and lazy citizens. Risk communication theory is important because it holds answers for educating and preparing citizens for emergencies.
Predictive Modeling: The ultimate value of loss reporting will be in the opportunities created for avoiding future losses. By carefully analyzing the statistically valid data developed in the loss files, future loss avoidance can be identified.
Delphi Approach (developed during World War II): consists of sending a structured questionnaire to a group of experts and then conducting a statistical analysis to generate probabilistic forecasts
Game theory: likelihood and targets of a future terrorists attack can be modeled by understanding the operational and behavioral characteristics of terrorist’s organization (helps insurance companies understand risk and set premiums)
Key training concepts: learning, retention and transfer, socialization, education, training & development
Learning (domains) cognitive (knowledge based), affective (attitudinal / perceptual), psychomotor (physical skills)
Moral turpitude: Violation of trust (contrary good morals, justice, honesty)
Job offer: (After background investigation)
Blind add: non entry level (skilled, technical, managerial)
Applicant first contact: Personnel department
Initial interviews: With security representative (supervisor)
Secondary interviews: By manager
Applicant claim (discrimination): HR Department
Initial Interviews (purpose): interest & qualification, need of department
Interviewer preparation: Study written application (in private)
Employment interview should be: sensitive and empathetic fashion
Job qualification: acquired skills, experience, education, temperament, personality
Goal is objectivity: problem is subjectivity
Best candidate not selected : bias (interviewer)
Paper and pencil test: identify (attitude)
Security employees serve: manner above reproach
Military discharge form: DD form 214
Performance (security dept): depends on: care and attention of (personnel selection)
Background investigation and screening: before job offer
discrimination: yes (for normal unsuitability) (Standard SI)
Moral turpitude: not felony conviction
Security officer must not: suffer (felony conviction)
Initial screening: by HR dept
Discrimination: Yes (moral turpitude)
Standard (lowest entry level): no conviction (moral turpitude), responsible, nature, honest, no (physical or emotional disorder, no handicap,
Advertising salary: controversial
Reduce resume filter (efforts): hire external recruiters
Coy impress (candidate): overview of the company and benefit of working
Interviewer examine (candidates) objective capabilities and subjective fit (with team)
Policy: Organization monitor, expect employee behavior conform
Procedure: how to be done (with specific items)
Policies: Useful but not to overload employees
Developing police work: with manager (whose items will be affected )
Procedure (articulation): prevent confusion
Procedure (concern): daily operation
Policy & procedure (reflect): ideal functionality of organization
key metrics and performance indicators: determine process reflect organization strategy
Metrics (alignment): with (organization strategy)
Internal training (improve): current job better
Employees (performance measured): how will with (current jobs) and contribute with (growth of cay as a whole)
2nd most valuable asset (after employee): corporate knowledge
Convince need of security: By (qualifying and prioritizing loss potential)
Security awareness program (impact): through courtesy and efficiency by SO
Number of officer required: physical complexity and size of the facility
Number of officer required: number of employees and nature of work
Number of support personnel (depend): size and complexity of SF
Developing security organization (first): identify tasks (required to perform)
Primary function of SO: access control
Officer patrol observe: people, asset and location
Patrols categories: foot patrols, vehicular patrols
Patrols: Systematically, frequently back tracking
Prime tasks of patrol: observation
Visitor escorted by: who invited a visitor
Dealing disturbed person (require): sensitivity
S/O qualification (based): on the duties (in job description)
Initial interview: by a human resource specialist
SO honestly: is obvious (custodians of company)
Difference (life and death): continued alertness
Factor related behavior: Courtesy, restraint, interest
Restraint: Without haste or undue emotion, a / abusive language and force and arguing
Learning SO: ongoing process
Without ethics: the package is incomplete
Greatest liabilities for organization: issuing deadly weapon to SO
Decision to issue (weapon): life safety of SO, expect fatal force
Organization structure: pattern of interactions and coordination
Efficiency SF (depends): adequacy and skill of its supervisors
S/Supervisions (selected): basing on knowledge of the job, abilities (administrative and leadership)
Testing S/operation program: identify residual risk, changes in organization
Vertical models: authority comes from top
Effective manorial (style): acknowledge good performance and objective noting deficiencies
Art of delegation: giving responsibility with authority and making accountable for that authority
Sham rook model (three leafed): professional manager, technician, supplier and part time worker
Network model: flattered, horizontal or open model
Net model (emphasis): on people coming together for particular task
Hybrid SF: proprietary supervisors oversee contract SO
Principle agent: relationship (p/supervisor oversee contract SO
To sell security firm projects: usually reduce costs
Bid specification consist: requirement, wages, benefits, performance expectations.
S/officer primarily liable: for their own conduct
Employing contract organization: verify (existence and adequacy of Insurance coverage)
Security personnel: vital component (asset protection program)
Security personnel: not place as sub operation of another department
Protection of assets: important management function
Develop managing effective A/P program (method): loss prevention, system approach
To be successful (A/P program): current technology, relate security with objective enterprise
Protection of assets (function): in a single organization
benefit (single organization): use system approach, utilize personnel efficiently, possible hire qualified A/P management
Qualified management (attend): with responsibilities, job content and growth opportunities
System approach (cover): entire spectrum protection, neutralize risks to a maximum extent
Protection program (basic requirement): Top official show interest
Important (consideration): setting limitation on authority of protection organization
Limitation (impose): for the protection of protection organization
protection organization act: in a staff or sr4vice capacity to line supervisors
A/P program plan / implement (consideration): anyone with protection organization has a relationship
Protection program (prime objectives): motivate every employee part of protection team
E/employee should (encourage): assume responsibility to protection asset as his own job
Assume responsibility and performing A/P role (ensure): by supervisors at all levels
Central (success A/P program): effective communication
To test (a/p program): feedback from individual at all levels
Methods of obtaining feedback should be (include): in program design of P/A
Methods (feedback): one group from (protection program), another (all other employees)
Feedback (effective techniques): discussion and interviews with e/supervisor
Listening and reacting to feedback: important
Key element in success of A/P: selection of top professional (P/A)
Protection executive (familiar): protection problems, technique
Protection executive (main force) implementation and management of system approach
Delegation of authority and responsibility: by operating head of enterprise
Delegation authority and responsibility (implemented): through issuance of policy
D/A and responsibility (important): P/O operate 24H, 7 days a week
Lack of delegation: a serious limitation on effectiveness
Important performance factor of PO: reporting level of top protection executive
Reporting level (should): be high enough
Reporting level high (why): s/activity not prematurely or improperly terminated or redirected
Indispensable for A/P (program): planning
Manager (no plan): reacts to events already occurred, s/problem which can be avoided
Planning p/o (1st step): determine overall goals and objectives
Planning (p/o): continuing process (as objectives changes or revised)
Planning of p/o (focus): avoidance or control of losses
Planning (should be): practical commitment to obtain results
Planning (flexible): to cope with (unpredictable or unexpected event)
Plans (p/o): related (overall objective / plans of enterprise
Achieving objectives of p/o: through (costs effectiveness)
Primary factor in determining size or existence of A/P program: cost effectiveness to T/Management
Final analysis (A/P) program (measured): in financial terms
Cost effective manager (makes) optimum use of assets and exercise controls over items of costs
Cost – effective in A/P (means): balance expenditure against achieved results and to revise plan
Revise plan (involve) application of critical judgment
Critical judgment (based): complete understanding of the enterprise operations and knowledge of state of the art security
Examining C/E of A/P (first): asses the overall program
Examining C/E of A/P (next aspect): assets protection operation itself
A/P program must (assessed): economically and functionally
Common language in (enterprise): finical number
Senior management (view) all (operations) from a financial perspective
S/professional lack (financial perspective): unable to justify funding
Sales forecast: dollar amount of sales revenue (in a year / Q)
Basic goal (for an corporate organization) to earn the planned profit
To be C/E S/program (consider): major loss events to prevent, incidental cost avoidances and asset (value recoveries)
Major loss events (expressed): as dollars of cost (S/program justification)
Methods of C/E: cost reduction, cost avoidance
Cost of operation (increase): “we have always this way” syndrome
One way to achieve C/E: to avoid costs or expense (through A/P resources)
Every actions in cost avoidance (should): documented and qualified financially
Acceptable technique of C/E: assigning a value or dollar amount to the avoided cost
CE/ actions (generate revenues): through (proof of loss, recovery, establishment of claims or legal cause of actions against parties, non security actions – “bad checks”
Full C/E achievement (require): a formal loss reporting system
L/R system (does): provides (history of dishonesty, theft losses), and basis for effort to asset recovery
Security incident reporting (provides): A data base
S/I database (used): to persuade management, can be utilized as a valuable tool
Dept benefits from S/I database: line management, HR, internal audit, business ethics
Good L/R (provide): a number of statistics (makes quick / assessment & decision)
L/R accomplish (functions): notification of actual suspected dishonesty loss, information (event profile and modus operands), cost of loss for individual loss, accountability for losses, source of information, management control device, basis instituting insurance claims
L/R (benefit): Identify target L/items,, place of exposure, loss trends, recovery loss, apprehension of thieves, indicate countermeasures effective
Loss Reporting (created): for future loss avoidance (in opportunities)
Categories of loss (tracked): most vulnerable asses, when highest probability of loss occur, the locations loss occurred, countermeasures (useful or ineffective), value and frequency of loss rations
Future loss avoidance (identification): carefully analysis (statically vital data)
80-20 rules: 20% of total reported instances of loss, the loss occurrence will represent 80% of the lost value the cost of loss
80-20 rule (applies): spent or eliminating or reducing losses that represent 80% cost of the loss
Loss value / frequency ratios (indicate): countermeasure needed to prevent future losses
Security officer (one element): in a complete protection plan
The activities of SO integrated into plan: through (system approach)
Security officers are: costly
Other element or technique of protection: Hardware and electronics
Duties performed by SO (determines): Scope and nature of training required
SO training requirement (address): Legal aspects, OPS duties, fire arms, admin responsibilities, E/countermeasure, use of force
Training of SO (also based): on capabilities of officer in training
General Security Instruction (given) as soon as SO reports
Specific equipment issues (governed by) the duties performed, the policy of the organization, the statues
Efficiency of SF (depends): on adequacy and skill of its supervisors
SO supervisor personnel (selected): based on (knowledge of the job and demonstrated (admin and leadership abilities)
Rotation of assigned (supervisors): to prevent cliques and ensure familiarity
Contract security (advantages): monitor savings, schedule flexibility and staffing issues
Proprietary / S (advantages): tighter (control + supervision), better tracing, and employee loyalty
Business principles dictate SO (deployment): only where required and most effective
Deployment of SO (guided) by: a rational and objective B/criterion
After criterion (next important tasks): scheduling, assignment of SO are accomplished in C/E manners.
Number of officer (required): complexity of facility, number of employees, character of work completed, number of entrances and hours open, number of patrols to protect facilities, number of escort and special assignments
40H/W, 24H/D, 7 D/W (required): 4.2 officers
Compensate (sick, vacation, h/ leave): 4.5 officers
A security officer post (defined): any location or combination of activities
SO post (key concepts): a location or combination of activities, necessary human being, training and competence required to accomplish activities
Human being concept (means): particular characteristics and reactions required
Post (common set of environmental concern) working space, heat, light and noise
Prolonged elevation of heat levels: cause (rapid loss of vigilance and result becoming drowsy)
SO sleeping on post: may be extenuating circumstances
CCTV (can): enhance and extend the effectiveness of SO
Watching TV monitors: passive activity, result (hypnotic effect)
In designing CCTV console (consider): Ergonomics
Design system should (incorporate) display and annunciation features
Sequential display of camera images (reduce): number of monitor and hypnotic effect
Video motion detector (sense): a changed scene in a camera image and a least SO
High efficiency anti-reflecting coating (on glass): eliminate the glare factor as a performance obstacles
Monotony of work (lead): gradual loss of alertness
Road hypnosis: sleep walking
Operator perform efficiency (peak): not more than 30+60 minutes without a relief
Proficiency in a skill (remain): incorporate (random performance tests and feedback routine into duties of post)
Physiological phenomenon (are): nature cyclical decrease relative lack of external stimulus, length of time on duty and repetitive monotonous tasks
Prohibition (more than 1 shift in a day): prevent (unnecessary disruptions to the human circadian biorhythm)
Basic tool (in hiring process): an (accurate and detailed Job description)
Complete job analysis: provide (documentation to support qualification requirement)
Alleviate the stress (factors): through (job modifications technique)
If performance discrepancies not due to (physical or psychological stress): a training problem
Skill Deficiency (Corrected): by additional training
On the job instruction: a basic training technique for SO
Adequate functional job analysis: possible (identify specific skill deficiencies)
Skill performance (deteriorate): no opportunity to practice skill to receive feedback
SO not: overqualified for the job
Highly qualified SO in routine job: may (engender psychological job stress and performance deficiencies
Frustration and boring aspects job (induce): non performance
Adequate job analysis (allows): to begin implement changes to job performance
Decisions to train (based on): favorable return on training investment
Increase job content (helps): to overcome psychological stress factors
Main effort to (increase job content): reduce sense of isolation and positive and timely feedback.
Daily but interactions minor / positive between SO & employee: diminish (latest hostility, sense of alienation)
Ultimate solution (performance problem): training
Performance failure (due to): undesirable behavior patterns
Key to improve effectiveness SO (operations): remove or reduce obstacles that hinder optimum job performance
Communication dependence with SO: written instructions
Important written instructions: post orders
Criteria (PO): one subject, brief, simple terms, indexed
Partial solution to (performance ratings): regular assessment and recording (after every post visit)
Performance assessment (include): personal appearance and condition of officer, condition of post, availability and condition of personnel, post equipments, quality of response to training questions, quality of response to actual situation
Central to the protection mission: observations by security officer
SO report (forms): force positive statements
Central report (document): security log
Security log: records (events affecting facility protection)
Use of report & logs: has (historical value, audit opportunities and value for G/management of facility)
SL is authorizing source to establish: whether condition, receipt T/call, time when event occurred, presence of particular people in facility.
SR and logs admissible (legal proceedings) because (entries made in the regular course of business)
To qualify for (legal proceedings): be (regularly maintained, maintained by a person as part of his regular duties)
Work should be divided: According to logical plan
Responsibility cannot be given: without delegating commensurate authority
5 primary ways to divide work: purpose, process or method, clientele, time & geography
Failure to explain organizational structure: unnecessary confusion
Major contributor to ineffective job performance: confusion
Unity of command principle: employee should be under the direct control of only one immediate
Span of control principle: one supervisor can effectively control only a limited number of people (ideal 1:3, good 1:6, acceptable 1:12)
Functional authority: delegated by a senior executive to a security manager
Security management failure: delegation of responsibility with accompanying authority
Staff duties (supportive in nature): security manager advises senior executives
Line duties (operational in nature): security manager carries out security operations
Line supervisor: ultimate responsibility for the internal security in a department
Line authority: security personnel to be supervised by security management
Line function: a direct relationship between a supervisor and subordinate
Work breakdown structure (WBS): breaking down a project into manageable parts
CSO’s role: Managerial, administrative, preventive, investigative
Effective communication: central to the success of any asset protection program
Management skills (general): conceptual, interpersonal, technical & political
Key asset element: selecting top professionals to design, implement and manage the asset protection program
Essential: knowledgeable, skilled executive
Important: Development policy
4 specific monument management functions: planning, organizing, leading and controlling
Management roles: interpersonal, informational and decisional
Organizational structure: Horizontal plan & vertical plan
Horizontal plan: Indicates division of areas of responsibility
Vertical plan: defines levels of authority
Functional authority: When a senior executive delegates par of his authority to a security director
ISO (International Organization for Standardization): Central point where stands bodies from around the world and the organizations that participate with them – develop standard jointly
American National Standard Institute (ANSI): Administrator and coordinator of the US private sector voluntary standardization system
Underwriters Laboratories (UL): For alarm products and installation (this system assists insurers in setting premiums for customers)
The National Fire Protection Associations (NFPA): Standards for fire protection equipment
The American Society for Testing and Materials (ASTM): nonprofit organization providing a forum for produces, consumers, government and academia to meet to write standards for materials
ISO/TC 223: Societal Security (security, business continuity, crisis management, disaster management and emergency response)
Assets: Resource of value requiring protection
3 types of assets: Tangible, intangible and mix
Valuing assets: through the use of dollars, by using consequence criteria and by policy
Costs: Direct and indirect
Probability of occurrence: Likelihood of an adversary event
Factors affecting PO: physical, social and political environment, historical experience, procedures and process and criminal capabilities
Annual Loss Expectancy (ALE): ALE = 10 (f+i-3)/3
Elements affecting frequency estimation: access, natural disaster, environmental hazard, facility housing, work environment and value
3 stage approach of assessing criticality: prevention control and recovery
Risk: Uncertainty of financial loss
Risk VS Peril and Risk VS Hazard: Risk should not be confused with perils, which are the causes of risk- such things as fire, flood, and earthquake. Nor should risk be confused with a hazard, which is the contributing factor to a peril. Almost anything can be a hazard- a loaded gun, a bottle of caustic acid, a bunch of city rags, or a warehouse used for storing highly flammable products, as an example.
Risk (classification): Personal (people assets), property (material assets), and liability (legal issues)
Risk analysis: Identify the assets in need of protection
Identify the kinds of risks (or threats)
Determine the probability of the identified risks occurring
Determine the impact or effect on the organization in dollar values
Major resource (for performing RA): trained manpower
Quantitative RA: assigns the probability of occurrence of identified hazards and determines their impact or consequence, usually resulting in a value such as Annual Loss Expectancy (ALE) or Annual Cost
Qualitative RA: more a kin to risk assessment or vulnerability analysis, concentrates less (or not at all) on probability and looks at threats, vulnerability
Risk Assessment VS Risk Management: Using probabilistic risk assessment is more formal, scientific, technical, quantitative, and objective when compared to risk management, which involves value judgment and heuristics and is more subjective, qualitative, societal, and political
Risk management (four basic steps): identification of risks, analysis and study of risks, optimization of risks, ongoing study of the security program
Cost/Benefit analysis (three basic criteria): cost, reliability and delay
RA vs VA: VA is process is part of the larger risk assessment process
3 phases of VA: planning, the VVA and reporting & using the result
VA (protection system): facility characterization, threat definition, target identification
Threat definition (methodology): List the information needed to define the threat
Collect information on the potential threat
Organize the information to make it usable
Insurance (definition): transfer of risk from one party (the insured) to another party (the insurer), which the insurer is obligated to indemnify (compensate) the insured for economic loss caused from an unexpected event
Indemnity: Protection against future lost
Large number of policy holders: crates a shared risk
2 variables for Insurance rate: the frequency of claims and the cost of each claim
2 forms of control: competition among insurance companies & government regulations
Financial health of an insurance company: Company rating (A+ or better)
2 broad categories of insurance: government and private
Private insurance industry in USA: property and liability, insurance and life and health insurance
Commercial Package Policy (CPP): multiple coverage in single policy, fewer gaps in coverage, lower premiums, because individual policies are purchased and convenience.
2 basic protection against crime losses: fidelity and surety bonds and burglary, robbery and theft insurance
Bond: Legal instrument whereby one party (the surety) agrees to indemnify another party (the oblige)
Bonding contracts involves 3 parties: Insurance contract involves two parties
Insurance is easier to cancel: Bond is not easy to cancel
Surety bond: Three party instrument between a surety (insurance company), the contractor and the project customer
Surety bond: compensation because of performance failure
Insurance: Transfer of risk from one party to another
Fidelity bonds: Employee be investigated by the bonding company to limit the risk of dishonesty
Contract construction bond: common surety bond
Fiduciary bond: Person appointed by the court to supervise the property of the others will be trustworthy
Litigation bond: Specific conduct by defendants and plaintiffs
Bail bond: Ensures a person will appear in the court
Burglary Insurance claim: Requires the unlawful taking of property from a closed business that was entered by force
10% of loss to property: from ordinary crime is insured
Fire policy: First kind of insurance developed
Factors influence fire insurance: ability of the community’s fire alarm, fire department and water system to minimize property damage once a fire begins
Class 1 community: greatest suppression ability
Class 10 community: least ability
Installing sprinkler system in the building: Produce ROI
Business Income Insurance (business interruption insurance): indemnifies the insured for profits and expenses lost because of damage to property from an insured peril
Bid Bond: Guarantees the bidder on a contract will enter into the contract and furnish the required payment and performance bond
Performance bond: Indicates that the company has necessary skills and capabilities to carry out the required work
Payment bond: Guarantees payment from contractor to person who furnishes labor, materials etc.
Comments
Post a Comment