Access Control.docx

Full Transcript

Access Control

**a**

The control of persons, vehicles and materials through the
implenmentation of security measures for a protected area.

**2**

**q**

Alarm System

**a**

Combination of sensors, controls, and annunciators (devices that
announce an alarm via sound, light, or other means) arranded to detect
and report an intrustion or other emergency.

3

**q**

Asset

**a**

Anything that has tangible or intangible value to the organziation.

4

**q**

Auditor

**a**

Person with competence to conduct an audit. (ISO 9001:2011)

5

**q**

Closed-Circuit Television

**a**

(CCTV) See Video Surveillance.

6

**q**

Color Rendition Index

**a**

(CRI) A quantitative measure of 0 to 100 that indicates a light's ablity
to show a true color when compared to a reference source. A higher CRI
number indicates a light's ability to render a truer rendition of the
color.

7

**q**

Conformity

**a**

Fulfillment of a requirement.

8

**q**

Consequence

**a**

Outcome of an event affecting objectives. (ISO Guide 73:2009)

NOTE 1: An event can lead to a range of consequences.

NOTE 2: A consequence an be certain or uncertain and can have postive or
negative effects on objectives.

NOTE 3: Consequences can be expressed qualitatively or quantitatively.

NOTE 4: Initial consequences can escalate through knock-on effects.

9

**q**

Continual Improvement

**a**

Recurring process of enchancing the physical assest protection
management system (PAPMS) to achieve improvements in overall physical
access protection (PAP) management performance consistent with the
organizations's PAP management policy.

NOTE: The process need not take place in all areas of activity
simultaneously.

10

**q**

Continuity

**a**

Strategic and tactical capability, pre approved by management, of an
organziation to plan for and respond to conditions, situations, and
events to continue operations at an acceptable predefined level.

11

**q**

Corrective Action

**a**

Action to eliminate the cause of a detected nonconformity (ISO
14001:2004)

12

**q**

Crime

**a**

An act or omission that isin violation of a law forbidding or commanding
it for which the possible penalties for an adult upon conviction include
incarceration; for which a corporation can be penalized by a fine or
forfeit; or for which a juvenile can be adjudged delinquient or
transferred to criminal court for prosecution. The basic legal
definition of cime is all punishable acts whatever the nature of the
penalty.

13

**q**

Crime Prevention Through Enviromental Design

**a**

(CPTED) An approach to reducing Crime or Security incidents through the
strategic design of the built enviroment typically employing
organizational, mechanical, and natural methods to control access,
enhance natural surveillance and territoriality, and support legitmate
activity.

14

**q**

Crisis

**a**

An unstable condition involving an impending aburpt or significant
change that requires urgent attention and action to proect life, assets,
property or the enviroment.

15

**q**

Critical Activity

**a**

Any function or process that is essential for the organization to
deliver its products and/or services. (ISO/PAS 22399:2007)

16

**q**

Criticality Analysis

**a**

A process designed to systematically identify and evaluate an
organizations's assets based on the importance of its mission or
function, the group of people at risk, or the significance of a
disruption on the continuity of the organization.

17

**q**

Denial

**a**

Frustration of an adversary's attempt to engage in behavior that would
constitute an incident.

18

**q**

Detection

**a**

The act of discovering an attempt (successful or unsuccessful) to breach
a secured perimeter (such as scaling a fence, opening a locked window,
or entering an area without authorization).

19

**q**

Disruption

**a**

An intentional, unintentional, natural event that interrupts normal
business functions, operations, or processes, whether anticipated or
unanticipated.

NOTE: A disruption can be caused by either positive or negative factors
that will disrupt normal functions, operations, or processes.

20

**q**

Document

**a**

Information and supporting medium. (ISO 9000:2000)

NOTE: The medium can be paper, magnetic, electronic, or optical computer
disc; phtography or master sample; or a combination thereof.

21

**q**

Due Diligence

**a**

The care that a prudent person might be expected to exercise in the
exmination and evaluation of risks.

22

**q**

Evacuation

**a**

Organized, phased, and supervised dispersal of people from dangerous or
potentially dangerous areas. (ASIS International Business Continuity
Guideline: 2005)

23

**q**

Event

**a**

Occurrence or change in a particular set of circumstances. (ISO Guide
73:2009)

NOTE 1: Nature, likelihood, and consequence of an event cannot be fully
knowable.

NOTE 2: An even can be one or more occurrences and can have several
causes.

NOTE 3: Likehood associated with the event can be determined.

NOTE 4: An event can consist of a non-concurrence of one or more
circumstances.

NOTE 5: An event with a consequence is sometimes referred to as an
"incident."

24

**q**

Executive Protection

**a**

Executive, or Personnel, Prorection (EP) is the process of safeguarding
key people from harm.

25

**q**

Exercises

**a**

Evauluating physical asset protection (PAP) management programs,
rehearsing the roles of team members and staff, and testing the recovery
or continuity of an organization's systems (such as technology,
telephony, administration) to demonstrate PAP management competence and
capablity.

NOTE 1: Exercises include activities performed for the purprose of
training and conditioning team members and personnel in appropriate
responses with the goal of achieving maximum performance.

NOTE 2: An exercise can involve invoking response and operational
continuity procedures but is more likely to invovle the simulation of a
response and/or operational continuity incident, announced or
unannounced, in which participants role-play to assess what issues might
arise prior to a real invocation.

26

**q**

External Context

**a**

External enviroment in which the organization seeks to achieve its
objectives. (ISO Guide 73:2009)

NOTE: External context can include:

The cultural, social, political, legal, regulatory, financial,
technological, economic, natural, and competitive enviroment whether
international, national, regional, or local;

Key driver and trends having impact on the objectives of the
organization; and

Relationships with, and perceptions and values of, external
stakeholders.

27

**q**

Facility Infrastructure

**a**

Plant, machinery, equipment, property, buildings, vehicles, information
systems, transportation facilities, and other items of infrastructure or
plant and related systems that have a distinct and quantifiable function
or service.

28

**q**

Hazard

**a**

Possible source of danager or conditions (physical or operational) that
have a capacity to produce a particular type of adverse effect.

29

**q**

Impact

**a**

Evaluated consequence of a particular outcome.

30

**q**

Incident

**a**

Event that has the capacity to lead to human, intangible, or physical
loss or a disruption of an organization's operations, services, or
functions. If not managed, an incident can escalate into an emergency,
crisis, or disaster.

31

**q**

Intangible Asset

**a**

Assets that do have a physical from to protect (such as reputation,
relationships, creditworthiness).

32

**q**

Intergrity

**a**

The property of safeguarding the accuracy and completeness of assets.
(ISO/IEC 13335-1:2004)

33

**q**

Interested Party

**a**

Person or group having an interest in the performance or success of an
organization. (ISO/PAS 22399:2007)

NOTE: The term includes people and groups with an interest in an
organizatio, its activities, and its achievements, such as customers,
clients, partners, employees, shareholders, owners, vendors, the local
community, first responders, government agencies, and regulators.

34

**q**

Internal Audit

**a**

Systematic, independent, and documented process for obtaining audit
evidence and evauluating it objectively to determine the extent to which
the management system audit crieria set by the organization are
fulfilled.

NOTE: In many cases, particulary in smaller organizations, independence
can be demonstrated by the freedom from responsiblitity for the activity
being audited.

35

**q**

Internal Context

**a**

Internal environment in which the organization seeks to achieve its
objectives (ISO Guide 73:2009)

NOTE: Internal context can include:

Governance, organizational structure, roles, and accountabilities;

Policies, objectives, and the strategies that are in place to achieve
them;

The capablities understood in terms of resources and knowledge (such as
capital, time, people, processes, systems, and technologies);

Perceptions and values of internal stakesholders;

Information systems, informatoin flows and decision-making processes
(both forma and informal);

Relationships with, and perceptions and values of, internal
stakeholders;

The organizations's culture;

Standards, guidelines, and models adopted by the organization; and

Form and extent of contractual relationships.

36

**q**

Intrusion Detection System

**a**

(IDS) A system that uses sensors to detect an impending or actual
security breach and to initiate an alarm or notification of the event.

37

**q**

Investigation

**a**

A systematic and thorough examination or inquriy into something or
someone and the recording of that examination in a report.

38

**q**

Investigation Team Lead

**a**

(ITL) The person directly responsible for the team of personnel assigned
to investigate an incident and has overall responsiblity for ensureing
that an investigation is thorough, complete, and well documented in teh
final report.

39

**q**

Investigation Unit Manager

**a**

The person directly respobible for the investigative function in an
organization, sometimes referred to as the project manager or case
manager, who may hold the title of chief security officer, security
director, director of investigations, director of human resources, or
something similar.

40

**q**

Lighting

**a**

Degree of illumination; also, the equipment, used indoors and outdoors,
for increasing illumination - usually measued in lumens, lux, or
foot-candle units.

41

**q**

Likelihood

**a**

Chance of something happening. (ISO GUide 73:2009)

NOTE 1: In risk mamagement terminology, the word "likelihood" is suded
to refer to the chance of something happening, whether defined,
measured, or determined objectively or subjectiviely, qualitatively, or
quantitatively, and described using general terms or mathematically
(such as a probability or a frequency over a given time period).

NOTE 2: The English term "likelihood" does not have a direct equivalent
in some languages: instead, the equivalent of the term "probability" is
often used. HOwever, in English, "probability" is often narrowly
interpreted as a mathematical term. THerefor, in risk management
terminology, "likelihood" is used with the intent that is should have
the same broad interpretation as the term "probability" has in many
languages other than English.

42

**q**

Lock

**a**

A piece of equiment used to prevent undesired opening, typically of an
aperture (gate, window, byilding door, or vault door, for example),
while still allowing opening by authrorized users.

43

**q**

Management Plan

**a**

Cleraly defined and documented plan of action, typically covering the
key personnel, resources, services, and actions needed to implement the
incident management process.

44

**q**

Mitigation

**a**

Limitation of any negative consequices of a particular incident.

45

**q**

Nonconformity

**a**

Non-fulfillment of a requirement (ISO 9000:2005)

46

**q**

Objective

**a**

Overall goal consisten with teh policy that an organization sets itself
to achieve. (ISO 14001:2004)

47

**q**

Organization

**a**

Group of people and facilities with an arrangement of responsibilities,
authorities, and relationships.

NOTE: An organization can be a government or public entity, company,
corporation, firm, enterprise, institution, charity, sole trade or
association, or parts or combinations thereof.

48

**q**

Organizational Resilience

**a**

Ongoing management and governance process supported by top management
resourced to ensure that the neccesaary steps are taken to identify the
root causes of potential disruptions and the likelihood and impact of
potential losses; maintain viable adaptive, proactive, and reactive
strategies and plans; and ensure stability and sustaainablity of
activities/functions/products/services through planning, exercising,
rehearsal, testing, training, maintenance, and assurance.

49

**q**

PAP

**a**

Physical asset protection.

50

**q**

PAPM

**a**

Physical asset protection management.

51

**q**

PAPMS

**a**

Physical asset protection management system.

52

**q**

PEST

**a**

See STEP

53

**q**

Physical Security

**a**

That part of security concerned with physical measures designed to
safeguard people; to prevent unauthorized access to equipment,
facilities, material, and documents; and to safeguard them against a
security incident.

54

**q**

Policy

**a**

Overall intentions and direction of an organization as formally
expressed by top management.

55

**q**

PPS

**a**

Physical protection system.

56

**q**

Preparedness

**a**

Activities, Programs, And systems developed and implemented prior to an
incident that may be used to support and enchance mitigation of,
response to, and recovery from disuptions, disasters, or emergencies.

57

**q**

Prevention

**a**

Measures that enable an organization to avoid, preclude, or limit the
likelihood and consequences of an event.

58

**q**

Prevention Action

**a**

Action to eleminate the cause of a potential nonformity. (ISO
14001:2004)

59

**q**

Procedure

**a**

Specified way to carry out an activity. (ISO 9000: 2008)

NOTE: Procedures

60

**q**

Proprietary Security

**a**

Typically, a department within a company that procides security services
for that company.

61

**q**

Protection in Depth

**a**

The strategy of forming layers of protection for an asset.

62

**q**

Protection Systems

**a**

The intergration of people, procesdures, equiment, and technology for
the protection of assets.

63

**q**

Record

**a**

Document stating results achieved or providing evidence of activities
performed. (ISO 9000:2008)

64

**q**

Residual Risk

**a**

Risk remaining after risk treatment. (ISO Guide 73:2009)

NOTE 1: Residual risk can contain unidentified risk.

NOTE 2: Residual risk can also be known as "retained risk."

65

**q**

Resilience

**a**

The adaptive capacity of an organization in a complex and changing
evniroment.

NOTE 1: Resilience is the ability of an orgainzation to resist being
affected by an event or the ability to return to an acceptable level of
performance in an acceptable period of time after being affected by an
event.

NOTE 2: Resilience is the capability of a system to maintain its
functions and structure in the face of internal external change.

66

**q**

Resilience Management

**a**

Systematic and coordinated activities and practices through which an
orgainzation manages its operational risks and the associated potential
threats and impacts therein.

67

**q**

Resources

**a**

Any asset (human, physical, informatoin, or intangible), facilities,
equipment, materials, products, or waste that has ptoential value and
can be used.

68

**q**

Response Plan

**a**

Documented collection of procedures and information tat is developed,
complied, and maintained in readiness for use in an incident.

69

**q**

Risk

**a**

Effect of uncertainty on objectivies. (ISO Guide 73:2009)

NOTE 1: An effect is a deviation from the expected either postive or
negative.

NOTE 2: Objectives can have different aspects such as financial, health,
safety, and environmental goals and can apply at different levels such
as strategic, organization-wide, project, product, and process.

NOTE 3: Risk is often characterized by reference to potential events,
consequiences, or a combination of these and how they can affect the
achievement of objectives.

NOTE 4: Risk is often expressed in terms of a combination of the
consequences of an event or a change in circumstances and the associated
likelihood of occurrence.

70

**q**

Risk Acceptance

**a**

Informed decision to take a particular risk. (ISO Guide 73: 2009)

NOTE 1: Risk acceptance can occur without risk treatment or during the
process of risk treatment.

NOTE 2: Risk acceptance can also be a process.

NOTE 3: Risks accepted are subject to monitoring and review.

71

**q**

Risk Analysis

**a**

Process to comprehend the nature of rsi and to determine the level of
risk. (ISO Guide 73:2009)

NOTE: Risk analysi provides the basis for risk evaluation and decisions
about risk treatment.

72

**q**

Risk Appetite

**a**

Amount and type of rsik that an organization is prepared to pursue,
retian, or take. (ISO Guide 73:2009)

73

**q**

Risk Assessment

**a**

Overall process of risk identification, risk analysis, and risk
evaluation. (ISO Guide 73:2009)

NOTE: Risk assessment involves the process of indentifying internal and
external threats and vulnerablities, indentifying the probality and
impact of an event arising from such threats or vulnerablities, defining
ciritical funuctions necessary to continue the organizations's
operations, defining the controls in place necessary to educe exposure,
and evaluating the cost of such control.

74

**q**

Risk Criteria

**a**

Terms of refernce by which the significance of risk is assessed. (ISO
Guide 73:2009)

NOTE: Risk Criteria can inlude associated cost and benefits, legal
statutory requirements, socio-economic and evnironmental aspects, the
concerns of statke holders, priorites, and other imputs to the
assessment.

75

**q**

Risk Management

**a**

Coordinated activities to direct and control an organization with regard
to risk. (ISO Guide 73:2009)

NOTE: Risk management generally inculdes risk assessment, risk
treatment, risk acceptance, and risk communication.

76

**q**

Risk Reduction

**a**

Actions taken to lessen the probability, negative consqequiences, or
both, associated with a risk. (ISO Guide 73:2009)

77

**q**

Risk Tolerance

**a**

Organization's readiness to bear the risk after risk treatments in order
to achieve its objectives. (ISO Guide 73:2009)

NOTE: Risk tolerance can be limited by legal or reulatory requirements.

78

**q**

Risk Transfer

**a**

Sharing with another party the burden of loss or benefit or gain for a
risk. (ISO Guide 73:2009)

NOTE 1: Legal or statutory requirements can limit, prohibit, or mandate
the transfer of certain risk.

NOTE 2: Risk transfer can be carried ot through insurance or other
agreements.

NOTE 3: Risk transfer can create new risks or modify existing risks.

NOTE 4: Relocation of the osurce is not risk transfer.

79

**q**

Risk Treatment

**a**

Process to modify risk (ISO Guide 73:2009)

NOTE 1: Risk treatment can invovle avoiding the risk by deciding not to
start or continue with the activity that gives rise to the risk; taking
or increasing risk in order to pursue an opportunity; removing the risk
source; changing the likelihood; changing the consequences; sharing risk
with another party or parties; and retaining the risk by informed
choice.

NOTE 2: Risk treatments that deal with negative consequiences are
sometines referred to as risk mitigation, risk elimination, risk
prevention, and risk reduction.

NOTE: 3: Risk treatment can create new risks or modify existing risks.

80

**q**

Security

**a**

The condition of being protected agaisnt hazards, threats, risks, or
loss.

81

**q**

Security Aspects

**a**

Those characteristics, elements, or properties that reduce the risk of
unintentionally, intentionally, and naturally caused crisies and
disasters that disrupt and have consequences on the products and
services, orperation, critical assets, and continuity of the
organization and its stakeholders.

82

**q**

Security Manager

**a**

An employee or controactor with management-level responsbility for the
security program of an organization or facility.

83

**q**

Security Measure

**a**

A practice or device designed to protect people and prevent damage to,
lost of, or unauthorized access to equipment, facilities, material, and
information.

84

**q**

Security Officer

**a**

An invdividual, in uniform or plain clothes, employee to protect assets.

85

**q**

Security Survey

**a**

A thorough physical examination of a facility and its systems and
procedures conducted to assess the current level of security, locate
deficiencies, and guage the degree of protection needed.

86

**q**

Site Hardening

**a**

Implementation of enchancement measures to make a site more difficult to
penetrate.

87

**q**

Source

**a**

Element which alone or in combination has the intrinsic potential to
give rise to risk. (ISO Guide 73:2009)

NOTE: A risk source can be tangible or intangible.

88

**q**

Stakeholder

**a**

Person or group having an interest in the performance or success of an
orgainziation. (ISO/PAS 22399:2007)

NOTE: THe term includes persons and groups with an interest in an
organization, its activities, and its achievements, such as customers,
clients, partners, employees, shareolders, owners, vendors, the local
community, first responders, government agencies, and regulators.

89

**q**

Standard

**a**

Set of criteria, guidelines, and best practies that can be used to
enhance the quality and reliability of products, services, or processes.

90

**q**

Stand-off Distance

**a**

The distance bewtween the asset and the trehat; typically regarding an
explosive threat.

91

**q**

Social, Technological, Environmental, and Political Model

**a**

(STEP) Points out potential sources of threats. The security manager can
then conduct an analysis to determine whether such threats are likely
and where they may orginate.

92

**q**

Strengths, Weakness, Opportuninties, and Threats

**a**

(SWOT) A model for Analyzing proposed organizational projects. The
concept is to analyze an issue or proposal from each of the four points
of view, thereby giving security management a profile of potential
issues to address.

93

**q**

Supply Chain

**a**

The linked set of resources and processes that begins the acquisition of
raw material and extended through the delivery of products or services
to the end user across modes of transport. The supply chain may include
suppliers, vendors, manufacturing faciltiies, logistics provides,
internal distribution centers, distributors, wholesalers, and other
entities that lead to teh end user.

94

**q**

Surveillance

**a**

Observation of a location, activity, or person.

95

**q**

Tangible Assets

**a**

Generally, assets that can be seen, touched, or directly mesasured in
physical form (such as people and property).

96

**q**

Target

**a**

Detailed performance requirement applicable to the organization (or
parts thereof) that arises from the objective and the needs to be set
and met to achieve those objectives. (ISO 14001:2004)

97

**q**

Testing

**a**

Activivies performed to evaluate the effectiveness or capabilities of a
plan relative to specified objectives or measurement criteria. Testing
usually involves exercises designed to keep teams and employees
effective in thier duties and to reveal weaknessses in the prepardeness
and response/continuity/recovery plans. (ASIS International Business
Continuity Guideline: 2005)

98

**q**

Threat

**a**

Potential cause of an unwanted incident whic may results in harm to
individuals, assets, a system or organization, the environment, or the
community.

99

**q**

Throughput

**a**

The average rate of flow of people or vehicles through an access point.

100

**q**

Top Management

**a**

Persons or group of people who directs and controls an organization at
the highest level. (ISO 9000:2008)

NOTE: For example, directors, managers, and officers of an organization
who can ensure that effective management systems, including financial
monitoring and control systems, have been put in place to protect
assets. earning capacity, and the reputation of the organization.
(ANSI/ASIS SPC.1-2009)

101

**q**

Video Survellance

**a**

A surveillance system in which a signal is transmitted to
monitors/recording and control equipment. Includes closed-circuit
television (CCTV) and netword-based video systems.

102

**q**

Vulnerablity

**a**

Intrinsic properties of somethign that create susceptibility to a source
of risk that can lead to a consequence. (ISO Guide 73:2009)

103

**q**

Vulnerability Analysis

**a**

The process of identifying and quantifying vulnerabilities.

104

**q**

Waste, Accidents, Error, Crime, Unethical Practices

**a**

(WAECUP) Can be used as a blueprint for developing security objectives.