7/31/2019 PSP 1 Phoenix 3-27-08

1/32

8/4/2012 1

PSP Review CourseSession 1

7/31/2019 PSP 1 Phoenix 3-27-08

2/32

8/4/2012 2

Purpose of PSP/CPP Review Class

This is a Review Course not a trainingprogram.

It offers a good foundation for the body

of knowledge expected to prepare forthe Physical Security Professional(PSP) exam.

It should help to identify areas within therequired knowledge and skills in whichyou may be weak.

7/31/2019 PSP 1 Phoenix 3-27-08

3/32

8/4/2012 3

PSP Certification Development

Job Analysis Study Development of Domains, Tasks, Knowledge statements and

test specifications.

Three Domains/Subject Areas identified by Physical SecurityPractitioners as major areas involved in Physical Security.

The subjects and approximate percentage of test questions are:

Physical Security Assessment (41%)

Selection of Physical Security Measures (24%)

Implementation of Physical Security Measures (35%)

Reference Material Selected Test questions developed

7/31/2019 PSP 1 Phoenix 3-27-08

4/32

8/4/2012 4

PSP Examination

Multiple Choice questions, no True/False, fill in theblank or others.

Four possible answers,None of the Above and All

of the Above are NOT used.

Incorrect answers are NOT subtracted from correctanswers, only correct answers are counted. No

penalty for guessing.

125 questions

7/31/2019 PSP 1 Phoenix 3-27-08

5/32

8/4/2012 5

Physical Security Assessment

Identifying Assets

Identifying and Assessing Threats

Physical Security Surveys

Risk Analysis

41%

7/31/2019 PSP 1 Phoenix 3-27-08

6/32

8/4/2012 6

Physical Security Assessment

Understanding the Security Process

To manage risk, and be cost effective and responsive to yourcustomers actual needs, security planning should follow astructured reasoning or logic process.

This includes proper identification and assessment of assets,threats, and vulnerabilities, which subsequently leads to plans oroptions to mitigate risk.

No security plan or program can be effective unless it is basedupon a clear understanding of the actual risks it is designed tocontrol.

7/31/2019 PSP 1 Phoenix 3-27-08

7/32

8/4/2012 7

Physical Security Assessment

What is Risk ?Potential Areas of Loss

Asset

Threat

Vulnerability

Security programs or Processes

Risk Management

7/31/2019 PSP 1 Phoenix 3-27-08

8/32

8/4/2012 8

Physical Security Assessment

Risk Management Principals

Assess

Vulnerability

Assess

Threats

Assess

Assets

Analyze RisksMitigation

Countermeasures

Risk

Management

7/31/2019 PSP 1 Phoenix 3-27-08

9/32

8/4/2012 9

Physical Security Assessment

Asset Identification begins with aneeds assessment

Nature and Types of Assets

Determining Asset Value

Tangible and Intangible Assets

One-of-a-kind or Critical Assets Core Facility Functions

7/31/2019 PSP 1 Phoenix 3-27-08

10/32

8/4/2012 10

Physical Security Assessment

Asset Identification

What needs to be protected?

Why does the asset need protection (liability, loss/value,continuation of business etc)

What is the risk of loss, damage or compromise?

The process of quantitative and qualitative Risk Analysis beginshere.

7/31/2019 PSP 1 Phoenix 3-27-08

11/32

8/4/2012 11

Physical Security Assessment

Nature and types of Assets

Tangible - People, Property, Bldgs,Equipment, Value$

IntangibleProcesses,Information/Data, Reputation

7/31/2019 PSP 1 Phoenix 3-27-08

12/32

8/4/2012 12

Physical Security Assessment

Valuing types of Assets

Owned

Leased

Facility Losses

Tangible Intangible

7/31/2019 PSP 1 Phoenix 3-27-08

13/32

8/4/2012 13

Physical Security Assessment

Identifying Threats

Types of threats

Factors threats are based upon Demographics

Identity

Geographical Potential Aggressor(s) - Needs

7/31/2019 PSP 1 Phoenix 3-27-08

14/32

8/4/2012 14

Physical Security Assessment

Assessing the Nature of Threats

Before any planning can be considered, it is necessary to make athrough assessment of identifiable risk exposure. To accomplish this, itis essential to identify the risk or threats that can affect the assets

involved.

The first step in the process is to determine what can happen to each

asset identified.What is the Risk?

Damage or destruction Loss theft

Compromise

Liabilities

7/31/2019 PSP 1 Phoenix 3-27-08

15/32

8/4/2012 15

Physical Security Assessment

Assessing the Nature of Threats

Threat are generally identified in two categories:

Natural

Hurricane, tornado, seismic, flood, fire, otherenvironmental

Man-Made

Criminal activity, civil disturbance, industrialaccidents, labor violence, workplace violence,international or domestic terrorism.

7/31/2019 PSP 1 Phoenix 3-27-08

16/32

8/4/2012 16

Physical Security Assessment

Natural ThreatsWhat can the Security Practitioner do?

Prevention

Most cases, nothing!

Planning

Protection of assets Contingency plans

Recovery Plans

7/31/2019 PSP 1 Phoenix 3-27-08

17/32

7/31/2019 PSP 1 Phoenix 3-27-08

18/32

8/4/2012 18

Physical Security Assessment

The Nature of Threats

As noted previously the process of Threat Identification begins withthe what can happen? assessment for the items identified as

Assets. The business or enterprise, people, things, processesetc. that may be threatened or impacted by events which wouldresult in a negative event.

Man-made or human threats are generally identified in twocategories:

Internal

External

7/31/2019 PSP 1 Phoenix 3-27-08

19/32

8/4/2012 19

Physical Security Assessment

Identifying Threats

Other items with may drive threat identification include,but are not limited to:

Demographics

Identity

Geographical

Potential Aggressor(s) Needs

Political, religious, ethnic, etc.

External Organizations

7/31/2019 PSP 1 Phoenix 3-27-08

20/32

8/4/2012 20

Physical Security Assessment

Physical Security Survey

The primary vehicle used in a security assessment is thesurvey. The survey is the process whereby one gathers data

that reflects the who, what, how, where, when and why of thecustomers existing operation. The survey is the fact-findingprocess. *

Purpose of the survey: To identify critical factors affecting thesecurity of the premises or operation. To analyzevulnerabilities and recommend cost effective solutions.

(*) Charles A. Sennewald, CPP, Security Consulting 2nd ed.

Reprinted quote: James F. Broder, Risk Analysis and the Security Survey 2nd ed.

7/31/2019 PSP 1 Phoenix 3-27-08

21/32

8/4/2012 21

Physical Security Assessment

Physical Security Survey

Security Survey Techniques:

Audits vs. AssessmentsChecklists

Outside In

Protection in Depth

Concentric Layers or Circles of Protection

Inside Out

Solving the Crime Before it happens

7/31/2019 PSP 1 Phoenix 3-27-08

22/32

8/4/2012 22

Physical Security Assessment

Physical Security Survey

Security Survey Techniques:

The methodologies for conducting surveys are basically the samefor all facilities. There are most likely no hard and fast rules.Generally problems commonly encountered may include:

Multiple facilities/structures

Geographic locations

Multiple tenants Some areas may have physical security requirements while others

have no requirements or standards

Facility Infrastructure concerns.

7/31/2019 PSP 1 Phoenix 3-27-08

23/32

8/4/2012 23

Physical Security Assessment

Physical Security Survey

Collecting and Interpreting Data

Site or Building Plans/Floor Plans

Schematics

Infrastructure /Utilities

Interfacing Operations

Organization/Structure

Prior Surveys

Procedures

7/31/2019 PSP 1 Phoenix 3-27-08

24/32

8/4/2012 24

Physical Security Assessment

Physical Security Survey

Understanding Security Measures or Applications

Guard or Response force capabilities and procedures

Security technologies

Equipment applications

Personnel Security (controls)

Other types of Security Programs and Processes

Prior Surveys

Supporting Infrastructure

7/31/2019 PSP 1 Phoenix 3-27-08

25/32

8/4/2012 25

Physical Security Assessment

Physical Security Survey

Understanding Security Measures or Applications

Systems Integration

Integration of people, procedures and measures

Deterrence

Delay

DetectionAssessment

Response

7/31/2019 PSP 1 Phoenix 3-27-08

26/32

8/4/2012 26

Physical Security Assessment

Physical Security Survey

Elements to be considered during the Site Survey

Requirements What are regulations or requirements?

Needs Determine the safeguards needed based onthreat.

What exists Now Identify existing physical securitymeasures or safeguards and determine deficiencies.

7/31/2019 PSP 1 Phoenix 3-27-08

27/32

8/4/2012 27

Physical Security Assessment

Physical Security Survey

Elements to be considered during the Site Survey

What needs to be fixed Recommendation to

mitigate deficiencies.

What will make it better Recommendation toenhance the overall

security posture

7/31/2019 PSP 1 Phoenix 3-27-08

28/32

8/4/2012 28

Physical Security Assessment

Physical Security Survey

Analysis of relevant data:

Observing

Questioning

Analyzing

Verifying

Investigating Evaluating

7/31/2019 PSP 1 Phoenix 3-27-08

29/32

7/31/2019 PSP 1 Phoenix 3-27-08

30/32

8/4/2012 30

Physical Security Assessment

Physical Security Survey

Survey Documentation: Key Elements

Purpose of Survey or Inspection

Scope or perimeters of the survey

Findings - Observations

Recommendations

Conclusions

7/31/2019 PSP 1 Phoenix 3-27-08

31/32

8/4/2012 31

Physical Security Assessment

Physical Security Survey

Survey Documentation: Criteria for Good Reporting

Accuracy

Clarity

Conciseness

Timeliness

Slant or Pitch

7/31/2019 PSP 1 Phoenix 3-27-08

32/32

8/4/2012 32

Physical Security Assessment

Questions?