1. Describe effective risk assessment approaches and frameworks related to physical security. Address responsible parties, regulatory compliance, security in layers (defense in depth), and expected key controls. Assume a large organization with multiple sites responsible for sensitive / confidential data. (500 words)
2. Discuss regulatory requirements related to physical security, such as HIPAA and PCI. What approaches from a testing and security maturity standpoint are beneficial to overall risk management and why.