The concentric circle approach is used to
A.
Evaluate environmental threats.
B.
Assess the physical security facility,
C.
Assess the communications network security.
D.
Develop a personnel security program.
Explanation:
The original answer for this question was C (assess the communications network security) however I
think the concentric circle is defining what in the krutz book is know as the security perimeter. To
this end this is a reference “A circular security perimeter that is under the access control defines the
area or zone to be protected. Preventive/physical controls include fences, badges, multiple doors
(man-traps that consists of two doors physically separated so that an individual can be ‘trapped’ in
the space between the doors after entering one of the doors), magnetic card entry systems,
biometrics (for identification), guards, dogs, environmental control systems (temperature, humidity,
and so forth), and building and access area layout.” -Ronald Krutz The CISSP PREP Guide (gold
edition) pg 13 This is a standard concentric circle model shown in Figure 1 . If you’ve never seen this,
you haven’t had a security lecture. On the outside is our perimeter. We are fortunate to have some
defenses on our base. Although some bases don’t have people guarding the gates and checking IDs
any longer, there’s still the perception that it’s tougher to commit a crime on a Naval base than it
would be at GM. The point is: How much control do we have over fencing and guards? The answer:
Not much. The next circle, the red circle, contains your internal access controls. For our purposes,
the heart of the red circle is the computer. That’s what I want to zero in on. The internal controls are
the things you can do to keep people out of your PCs and off your network.
http://www.chips.navy.mil/archives/96_oct/file5.htm