CSS CSS Threat Intelligence and Risk Communication

Question 1

When communicating security risk to a non-technical client, the most effective approach is to:

Accepted Answer

Translate threats into financial, operational, or reputational terms the client already cares about

Answer

Use technical jargon to establish credibility

Answer

Provide a comprehensive technical threat briefing document

Answer

Rely primarily on crime statistics from national databases

Question 2

A CSS is presenting to a retail client about shoplifting trends. Which data source provides the most credible and actionable local threat intelligence?

Accepted Answer

Local law enforcement crime mapping data combined with the client's own loss prevention incident logs

Answer

Global cybersecurity reports from major vendors

Answer

Social media posts from the area

Answer

Industry association membership directories

Question 3

Which of the following best describes the 'threat landscape' as used in security sales communications?

Accepted Answer

The full range of current and emerging threats relevant to a specific industry, geography, or organization type

Answer

A physical map of the client's property perimeter

Answer

A list of all security incidents from the past year

Answer

A vendor comparison chart for security products

Question 4

A CSS is presenting to a healthcare client about recent physical security incidents at hospitals. The primary regulatory framework they should reference is:

Accepted Answer

HIPAA's physical safeguard requirements

Answer

PCI DSS

Answer

NFPA 101 only

Answer

SOX compliance standards

Question 5

When a client questions whether their business is a realistic target for crime, the CSS should:

Accepted Answer

Present industry-specific victimization statistics and local incident data relevant to their business type and location

Answer

Agree with them to avoid appearing alarmist

Answer

Use fear-based tactics to override their objection

Answer

Refer them to law enforcement for an assessment

Question 6

What is 'vulnerability assessment' in the context of a CSS pre-sales security review?

Accepted Answer

A systematic identification of physical, procedural, and technological weaknesses in a client's current security posture

Answer

A cybersecurity penetration test

Answer

An audit of the client's insurance policy coverage

Answer

A review of the client's employee background check records