The relationship between public law enforcement and private security has historically faced strain due to several key issues:

Perceived competition (A): Concerns over overlapping roles and professional rivalry.

Borderline responsibilities (B): Unclear jurisdiction or operational boundaries can lead to friction.

Moonlighting policies (C): Concerns about law enforcement officers working off-duty in private roles may create conflicts of interest.

All of these issues contribute to the strained relationship.

Risk assessment is a foundational step within the risk management process—not an alternative to managing risk. Alternatives to optimize risk management include:

Risk avoidance: eliminating the activity causing the risk

Risk transfer: shifting the risk to another party (e.g., through insurance)

Risk spreading: distributing the risk to reduce overall impact

Risk assessment, in contrast, is the evaluation of threats and vulnerabilities and precedes these treatment decisions.

References from PSP: Risk Treatment Options – ASIS POA; PSP Study Guide – Risk Management and Analysis

Risk avoidance means eliminating a threat entirely by discontinuing the activity or removing the condition that creates the risk. For example, if transporting valuable goods through a high-risk area poses too much danger, a company might choose to stop shipments through that route altogether.

References from PSP: Risk Treatment Options – ASIS POA; PSP Study Guide – Security Strategy Planning

A non-delegable duty is a legal responsibility that cannot be entirely transferred to another party (such as an independent contractor) under agency law. While a company may hire third-party providers, the courts often hold that certain responsibilities—particularly those involving safety and legal compliance—remain with the hiring entity. This is particularly significant in the context of security services, where liability can still rest with the client company even if services are outsourced.

Delegable duty (B) is the opposite and not applicable in this context.

Non-Crime duty (C) is not a recognized legal term.

An initial threat or hazard evaluation must include an assessment of how likely each threat is to occur. This probability, when combined with impact analysis, forms the foundation for risk assessments. Understanding likelihood allows prioritization of mitigation strategies.

A (Estimate costs) and C (Develop business case) are later steps.

D (Develop response plan) comes after risk characterization.

The first step in a risk analysis is to identify or recognize potential threats. Before assessing vulnerabilities or selecting countermeasures, a security practitioner must know what they are defending against. This forms the foundation for the rest of the risk assessment process.

A (Selecting countermeasures) is done after analyzing risks.

B (Vulnerability assessment) follows threat identification.

C (Determining costs) happens later in the risk evaluation phase.

Security system maintenance specifications should ensure that updates and upgrades are formally included under a software maintenance agreement. This provides for continuous support, ensures compatibility with evolving platforms, and addresses security vulnerabilities.

A and C refer to warranty and product life, which may not include proactive updates.

B (Service level agreement) addresses performance metrics, not software specifically.

The primary purpose of analyzing data collected during a risk analysis is to support informed decision-making regarding identified risks. In Human Resource and organizational management, data-driven decisions are essential for effectively prioritizing threats, allocating resources, and implementing appropriate security measures. By evaluating collected data, a Physical Security Professional can understand the likelihood and impact of risks, identify vulnerabilities, and determine the most suitable mitigation strategies. While options such as identifying peak activities, selecting technologies, or communicating with management may result from the analysis, they are secondary outcomes. The core objective remains to guide sound and informed decisions that enhance organizational safety and operational efficiency. Therefore, option A is correct because it reflects the fundamental purpose of risk analysis in supporting strategic and evidence-based decision-making.

Nuisance alarms, particularly from doors, are often caused by mechanical failures such as worn hinges, faulty magnetic switches, or misaligned contacts. Regular inspections and maintenance are the most effective way to reduce false alarms.

Signage (A) helps inform but doesn’t fix the mechanical issue.

Patrols (C) are reactive, not preventative.

Janitorial scheduling (D) can reduce traffic but doesn’t address faulty hardware.

Comprehensive Detailed Explanation:

A Business Impact Analysis (BIA) identifies and prioritizes critical business functions that are essential to the survival and continuity of operations. The results of the BIA help guide recovery strategies, resource allocation, and business continuity planning.

A (Budget) and B (Personnel allocation) are determined later, informed by the BIA.

C (Number of hot sites) is a strategic outcome but not the direct purpose of the BIA.