1 / 21

Introduction to Security

Introduction to Security. Chapter 5 Risk Management: The Foundation of Private Security. Risk defined:. A known threat that has unpredictable effects in either timing or extent 2 types of Risk: Pure risk Dynamic Risk. 1. Pure Risk.

menora
Download Presentation

Introduction to Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Introduction to Security Chapter 5 Risk Management: The Foundation of Private Security

  2. Risk defined: • A known threat that has unpredictable effects in either timing or extent • 2 types of Risk: • Pure risk • Dynamic Risk

  3. 1. Pure Risk • The potential for injury, damage or loss with no possible benefits. • Examples: • Crime • Terrorism • Natural Disasters

  4. 2. Dynamic Risk • This has potential for both benefits and losses. • Examples: • Accepting checks to stimulate business • Hiring our own security personnel

  5. Risk Management: The Big Picture • Anticipating Risk • Recognizing Risk • Analyzing Risk • Taking steps to reduce or prevent such risks • Evaluating the Results

  6. Risk Management: The Big Picture • Asset Worth • An important part of any risk management program is the worth of the asset being protected. • 3 Factors: • Overall value of the asset to the organization • Immediate financial impact of losing the asset • Indirect business impact of losing the asset.

  7. Risk Assessment • Risk Assessment is the process of identifying and prioritizing risks to a business. • “A risk assessment serves as the foundation upon which an organization builds its physical security plan.” (Fredrick, 2006, p. 19)

  8. Sources of Information on Risk • Local police crime statistics • UCR reports • Internal organization documents • Prior complaints • Prior civil claims against security • Industry-related information • Law enforcement intelligence

  9. 3 Factors of Risk Analysis • Vulnerability – where and how could losses occur • Probability – analyzing those factors that favor loss • Criticality – deciding the consequences of a loss if it should occur

  10. How to handle identified risks: • Risk elimination • Risk reduction • Risk spreading • Risk transfer • Risk acceptance

  11. 1. Risk Elimination • The best alternative, if it is realistic. • For example, we can eliminate the risk of losses from credit card fraud if we don’t take credit cards. However, the loss of business would be more than the loss from credit card fraud.

  12. 2. Risk Reduction • We can not eliminate all pure risk, but we can reduce it. • We reduce it by establishing control and procedures. • Lighting, installing locks and alarm systems are all examples of methods of risk reduction.

  13. 2. Risk Reduction – attack trees • These give us a visual representation of our risk.

  14. 3. Risk Spreading • Related to risk reduction • This approach uses methods that reduce the potential loss by splitting up the risk into several areas.

  15. 4. Risk Transfer • We can transfer the risk by either raising prices or insurance. • Insurance has a couple of important principles: • Indemnity: states the insurer pays only the actual amount of the loss and no more • Subrogation: substitution of the insurer in place of the insured for the purposes of claiming indemnity from a third party for a loss covered by insurance

  16. 5. Risk Acceptance • It is never cost effective, practical, or indeed possible, to provide 100% security, thus some risks we simply have to accept. • Some risks are simply the costs of doing business.

  17. Qualitative and Quantitative Risk Assessment • Quantitative – calculate the objective values for each component during risk assessment and cost benefit analysis. • Qualitative – identifies the most important risks quickly by assigning relative values to assets, risks, control and effects. • This balances cost and effectiveness.

  18. Conducting the Security Survey • A survey instrument needs to be developed • A thorough, physical walk-through should be done • Walk-through should include talking to and observing personnel and observing the environment as a whole

  19. Reporting the Results • Introduction • A discussion of the risk analysis • Strengths of the system • Weaknesses of the system • Recommendations for alternatives for managing the risks, including the estimated cost and savings, and who should be responsible for making the changes

  20. Implementing the Recommendations • It is important to note that most companies will not have the money to implement all the changes at once. • It is important to establish a schedule for implementation of the recommendations, in order to accommodate budget issues and ensure items do not get overlooked.

  21. Keys to Success • Executive sponsorship • Well defined list of stakeholders • Clear definition of roles and responsibilities • Atmosphere of open communication • Spirit of teamwork • Holistic view of organization • Authority throughout process

More Related