AP Cybersecurity Unit 2 Case File 2: Walk the Floor

AP Cybersecurity • Unit 2 • Case File 02

Walk the Floor

You are assessing physical security at Harbor Point Credit Union after a tailgating incident. Read each finding and decide how bad it is.

Points: 0 / 14

Case closed.

You worked every finding. Finish the prioritized remediation report, then take the cold case.

Case briefing

A branch reported someone slipping through a secure door behind an employee. Management wants a full physical security assessment. Work each finding and classify it.

Stage 1 • Cyber Foundations

Classify the impact

CED 2.1.C-D • Lesson 2.1.5 Risk Assessment (CIA)

Finding 1

A teller screen showing member balances faces the open lobby.

Finding 2

A nightly job was altered so the transaction ledger no longer matches the receipts.

Finding 3

The branch's only server lost power; the loan system was down all morning.

Finding 1 (C, I, or A)

Finding 2 (C, I, or A)

Finding 3 (C, I, or A)

Stage 2 • Physical Vulnerabilities

Name the physical attack

CED 2.2.A • Lesson 2.2.3 Six Physical Attack Types, 2.2.4 Piggybacking vs Tailgating

Someone follows close behind an employee and slips through the secure door before it closes, without the employee noticing.

An attacker stands behind a member at the counter and watches them enter their PIN.

An attacker pulls discarded printouts of account numbers from the branch trash.

Attack A

Attack B

Attack C

Stage 3 • Protecting Physical Spaces

Preventive or detective?

CED 2.1.F, 2.3 • Lesson 2.1.7 Security Controls Framework, 2.3 Physical Controls

A vestibule (mantrap) that lets only one person through at a time.

A camera that records everyone at the entrance.

Card-reader locks on the data-room door.

Control A (preventive or detective)

Control B

Control C

Stage 4 • Risk Assessment

Rate the risk

CED 2.2.C • Lesson 2.2.6 Risk = Likelihood x Impact

Threat	Likelihood	Impact
A. Tailgating into the teller area	High	High
B. Theft of a wiped, decommissioned monitor	Low	Low
C. Shoulder surfing a PIN at the public counter	Moderate	Moderate

Risk A (High / Moderate / Low)

Risk B

Risk C

Stage 5 • Detecting Physical Attacks

Place the detection

CED 2.4 • Lesson 2.4 Detection Controls, Placement and Pairing

Incident

A motion sensor in the records room triggers at 02:13. The only camera was aimed down the hallway, so nothing in the room was recorded.

Is a motion sensor a preventive or a detective control?

The lesson stresses placement and pairing. What should change so the trigger is captured?

Analyst's report

List the findings in priority order, highest risk first, with one control for each.

Model answer. Highest risk is the tailgating exposure into the teller area, rated High by likelihood and impact, so it leads. Next is the shoulder-surfing at the public counter, rated Moderate. The wiped-monitor theft is Low and comes last.

Controls, one per finding: a vestibule (mantrap) plus card-reader locks at the secure door, both preventive, with a camera as a detective layer; privacy screens and counter repositioning for the teller and PIN exposure; standard asset disposal for the monitor. The screen-facing-lobby finding is a confidentiality loss, the altered ledger is an integrity loss, and the downed server is an availability loss. Defense in depth means layering: a single camera can fail or miss, so pair detective controls with preventive ones and good placement.

Cold case

Defense in depth. You have one camera on the entrance. Name one more control layer so a single failure does not leave it unprotected.

Field glossary (terms from the lessons)

CIAconfidentialityintegrityavailabilitylikelihoodimpacttailgatingpiggybackingshoulder surfingdumpster divingpreventive controldetective controlmanagerial controlphysical controlmantrap (vestibule)motion sensorplacement and pairingdefense in depth

← Unit 2 Study Guide Course Guide

Get in Touch

Whether you're a student, parent, or teacher — I'd love to hear from you.

Typically responds within 24 hours

✓

Message Sent!

Thanks for reaching out. I'll get back to you within 24 hours.

Name *

Email *

I am a... (optional)

Which course? (optional)

Phone (optional)

How did you find us? (optional)

🏫 Welcome, fellow educator!

I offer curriculum resources, practice materials, and study guides designed for AP CS teachers. Let me know what you're looking for — whether it's classroom materials, a guest speaker, or Teachers Pay Teachers resources.

Message (optional — leave blank if just subscribing)

✉

[email protected]

📚

Courses

AP CSA, CSP, & Cybersecurity

⏱

Response Time

Within 24 hours

Prefer email? Reach me directly at [email protected]