Questions

Describe effective risk assessment approaches and frameworks related to physical security.  Address responsible parties, regulatory compliance, security in layers (defense in depth), and expected key controls.  Assume a large organization with multiple sites responsible for sensitive / confidential data.  50 of 70 possible points. 

Discuss regulatory requirements related to physical security, such as HIPAA and PCI.  What approaches from a testing and security maturity standpoint are beneficial to overall risk management and why. 20 of 70 points.