Describe effective risk assessment approaches and frameworks related to physical security. Address responsible parties, regulatory compliance, security in layers (defense in depth), and expected key controls. Assume a large organization with multiple sites responsible for sensitive / confidential data. 50 of 70 possible points.
Discuss regulatory requirements related to physical security, such as HIPAA and PCI. What approaches from a testing and security maturity standpoint are beneficial to overall risk management and why. 20 of 70 points.