Chapter 7 SIS 210

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

what area is generally the most vulnerable to major loss due to crime?

accounting

why do cost-effectiveness studies need to be made?

as part of a periodic review of protection systems even though such studies cannot be used as a general rule in devising a magic formula for computing the cost-per-$1000 actually saved in cash or goods that would otherwise have been lost

if the security director cannot assign a probability or criticality to a certain item what should they do?

assume the criticality to be fatal and the probability virtually certain

what systems in the accounting sector must be reevaluated regularly?

cashier, accounts receivable, accounts payable, payroll, company bank accounts

what is 3-D coverage?

comprehensive dishonesty, destruction, disappearance coverage. these policies are designed to provide the widest possible coverage in cases of criminal attack of various kinds

risk spreading?

decentralizing a procedure or operation so that a security or safety problem at one location will not cause a complete loss

risk reduction?

decreasing the potential ill effects of safety and security problems when it is impossible to avoid them

what does a security survey do?

determine existing state of security, locate weaknesses, determine degree of protection required, make recommendations

what is the fidelity coverage insurance type?

employee honesty insurance (coverage provides payment for losses due to employee acts of dishonesty which can include falsifying expense reports, stealing cash, etc)

terrorism risk insurance act of 2002

established a federal program to share the burden of commercial property and casualty losses resulting from acts of terrorism with the private sector. was to cease in 2005, but was extended for 15 years via the TRIREA

what are the additional types of insurance?

fire insurance, business property insurance, liability insurance, workers' compensation insurance, portfolio commercial crime insurance, cyber liability coverage

describe kidnap and ransom insurance

generally cover all costs associated with recovery of a kidnapped executive/key employee certain security measures must be followed with this coverage: -execs and key employees must maintain secrecy about the existence of coverage -verifiable education and awareness training including countermeasures and defensive driving may also be called out in the policy -every reasonable effort must be made to contact the police, FBI, and insurance company before payment is made -serial numbers on ransom money must be recorded -a plan of action for dealing with kidnapping must be in place

what can security be considered as?

insurance against unacceptable risk

why is it wise to "bond" employees with the fidelity coverage insurance?

it is a further check on backgrounds of employees who handle cash/high value merchandise

risk management definition

making the most efficient before-the loss arrangement for an after-the-loss continuation of business it allows risk to be managed in a logical manner

do insurance companies usually provide coverage against loss of use and extra expense coverage?

no, but both of these losses can be covered either by endorsement or by additional policies that will provide that coverage on a broad basis

can insurance be used to replace security program?

no; adequate safety and security measures be in place before coverage. it is impossible to insure against all possible losses. insurance is supportive of security operations rather than principal defense

what may asset assessments include (not limited to)?

people, buildings, machines, raw materials, paperwork/info stored in computer systems

when one is analyzing the facility what should one look at?

perimeter, parking lot, adjacent building windows/rooftops, doors/windows less that 18 feet above ground level, the roof, lock control, shared occupancy, all areas containing valuables, the off hours of the facility, nighttime hours, control and entry into the facility, keys/key control (traditional & electronic), fire control/suppression, computer access, video surveillance, computer systems & network, landscaping

what are the basics of probability calculations?

physical location, physical aspects of the facility, procedures, policies, history of the industry, specific site history, state of the art of the criminal element

what are key areas of internal concern?

pilferage/theft, sabotage, corporate espionage, money storage/handling, drug storage, mail/postal operations, high-value item storage, shipping/receiving, chemical/explosives storage, fuel pumps/storage, utilities, telecommunications distribution rooms

self-assumption of risk?

planning for an eventual loss without the benefit of insurance

what is the probability/criticality/vulnerability matrix? (pretend they are side by side)

probability 1) virtually certain 2) highly probable 3) moderately probable 4) probable 5) improbable 6) probability unknown criticality A) fatal B) very serious C) moderately serious D) Serious E) relatively unimportant F) criticality unknown

describe federal crime insurance program

provides federally funded crime insurance at reasonable rates

describe surety coverage

provides protection for failure to live up to contractual obligations

what is the first step in risk management

recognize the threat

what is risk avoidance?

removing the problem by eliminating the risk

risk transfer?

removing the risk to the company by paying for the protection of an insurance policy

what else constitutes as dollar loss

replacement cost, temporary replacement, downtime, discounted cash, insurance rate change, loss of market place advantage, impact to company reputation

what is an example in a threat assessment?

retailer less concerned about fire hazards than a manufacturing firm (retailer is more concerned with shoplifting). each individual firm has problems and threats that are unique

what are the alternatives for optimizing risk management?

risk avoidance, risk reduction, risk spreading, risk transfer, self assumption of risk

who is a security survey conducted by?

staff security personnel/qualified security specialists must be trained in the field and have achieved high level of ability

how do you determine the cost-effectiveness of security?

the average losses suffered by the industry in general, or the reduction in losses by the organization over a given period

what is the definition of criticality?

the impact of a loss as measured in dollars

what is the risk equation

threat x vulnerability x impact (on asset value)= RISK

when does graft become a security matter?

when the agent succumbs to the extent of paying for goods never delivered or paying invoices twice

what can some security files contain/provide information on?

-certain days/seasons/times emerge when problems occur -targets for crime become evident as data is gathered -profile of the types and incidences of crimes may emerge -patterns and modus operandi may become evident -criminal assaults on company property many take a definable shape or description

what is a risk analysis

-identification of areas of potential loss -to develop and install appropriate security countermeasures must be a comprehensive, integrated function

what are some considerations when looking at the information systems (to analyze computer-related security problems)?

1) are adequate auditing procedures in effect on all programs and systems? 2) what are the protocols governing system access? 3) how is computer use logged? how is the accuracy of this record verified? 4) how is remote access tracked for LANS, WANS, WLANS? 5) firewalls adequate? 6) outside access through internet? 7) download audits to laptops/tablets? 8) offsite storage procedures? updates? 9) key control to information system? authorization? 10) access control authorization and updates? 11) fire prevention/protection/suppression procedures? 12) off-sire back-up hardware? how secured? 13) hard copies of confidential information procedures?

what would the security manager consider to ensure personal information is properly protected?

1) can the Human Resources are be isolated from the rest of the facility and/or building after hours? 2) how are the door and file keys secured? how is access control to Human Resources areas managed? if human resource records are stored on computer systems, are proper controls in place? can computer files be accessed from remote locations? 3) are hard copy files kept locked during the day when they r not in use? 4) what system is followed with regard to the payroll department when employees are hired or terminated? 5) what are the relationships between personnel and payroll staff? 6) what are the employment procedures? how are applicants screened? 7) how closely do personnel work with security on personnel employment procedures? 8) are new employees given a security briefing? by whom? 9) does the company have an incident reporting system? are employees aware of the program? does the company have a follow-up security awareness training program?

what are some concerns in the purchasing function in which security is involved?

1) double payment of invoices? 2) competitive bids for purchases (lowest bids)? 3) forms used for ordering? 4) scrap/waste haulaway?

what does a good risk-management program involve?

1) identification of risks through the analysis of threats and vulnerabilities 2) analysis and study of risks, which includes the probability and severity of an event 3) optimization of risk-management alternatives (risk avoidance, risk reduction, risk spreading, risk transfer, self-assumption of risk, any combination of the above) 4)on-going study of security programs

what are some questions to consider when looking at the shipping/receiving security aspect?

1)inspection of employees entering/leaving? 2) traffic control into facility? 3) storage of merchandise? 4) accountability of shipments and receipts? 5) areas guarded? 6) losses in these departments? 7) merchandise left unattended in these areas? 8) driver facilities? 9) authorized personnel in storage areas?

what are the two terms that signify the potential consequences of taking security risks

1)investment in loss-prevention techniques 2)insurance

what are some general department evaluation questions?

1)vulnerable to embezzlement? 2) cash funds/negotiable instruments on hand? 3) confidential records? 4) heavy external/internal traffic? 5) target items? (drugs/jewelry) 6) special fire hazards?

what is the definition of probability?

a mathematical statement concerning the possibility of an event occurring

what is a security survey (vulnerability analysis)?

a robust physical exam of the premises and thorough inspection of all operational systems/procedures

what is a vulnerability analysis

a thorough analysis that is comprehensive and accurate and leads to effective counter measures (also called a security survey or audit)


Kaugnay na mga set ng pag-aaral

nclex chapt 12 apply quality improvement and Anita Finkelman

View Set

Module 12 - US Parties & Interest Groups

View Set

Organizational Behavior Exam #2 Ch. 8-13 Quizzes

View Set

ACCT 302 Conceptual MC Earnings Per Share

View Set

Técnicas de investigación 3er examen

View Set