Companies operating in hostile environments, corporate security has historically been a source of confusion and quite often outsourced to specialised consultancies at significant cost.
Of itself, that’s no inappropriate approach, nevertheless the problems arises because, when you ask three different security consultants to undertake the www.tacticalsupportservice.com, it’s possible to receive three different answers.
That absence of standardisation and continuity in SRA methodology is the primary cause of confusion between those arrested for managing security risk and budget holders.
So, how do security professionals translate the regular language of corporate security in a way that both enhances understanding, and justify inexpensive and appropriate security controls?
Applying a four step methodology to your SRA is vital to its effectiveness:
1. What is the project under review trying to achieve, and the way is it looking to achieve it?
2. Which resources/assets are the main to make the project successful?
3. What exactly is the security threat environment where the project operates?
4. How vulnerable are the project’s critical resources/assets towards the threats identified?
These four questions has to be established before a security alarm system might be developed that is effective, appropriate and versatile enough to be adapted in a ever-changing security environment.
Where some external security consultants fail is at spending almost no time developing an in depth comprehension of their client’s project – generally causing the effective use of costly security controls that impede the project as opposed to enhancing it.
After a while, a standardised strategy to SRA may help enhance internal communication. It can do so by increasing the comprehension of security professionals, who make use of lessons learned globally, and also the broader business for the reason that methodology and language mirrors that relating to enterprise risk. Together those factors help shift the thought of tacttical security coming from a cost center to 1 that adds value.
Security threats originate from a myriad of sources both human, including military conflict, crime and terrorism and non-human, including natural disaster and disease epidemics. To produce effective analysis of the environment that you operate requires insight and enquiry, not merely the collation of a listing of incidents – no matter how accurate or well researched those could be.
Renowned political scientist Louise Richardson, author from the book, What Terrorists Want, states: “Terrorists seek revenge for injustices or humiliations suffered by their community.”
So, to effectively look at the threats in your project, consideration must be given not just to the action or activity performed, but additionally who carried it out and fundamentally, why.
Threat assessments have to address:
• Threat Activity: the what, kidnap for ransom
• Threat Actor: the who, domestic militants
• Threat Driver: the motivation for the threat actor, environmental injury to agricultural land
• Intent: Establishing how often the threat actor conducted the threat activity rather than just threatened it
• Capability: Are they able to carrying out the threat activity now and later on
Security threats from non-human source including natural disasters, communicable disease and accidents may be assessed in an exceedingly similar fashion:
• Threat Activity: Virus outbreak causing serious illness or death to company employees e.g. Lassa Fever
• Threat Actor: What could possibly be responsible e.g. Lassa
• Threat Driver: Virus acquired from infected rats
• What Potential does the threat actor need to do harm e.g. last outbreak in Nigeria in 2016
• What Capacity does the threat have to do harm e.g. most common mouse in equatorial Africa, ubiquitous in human households potentially fatal
Some companies still prescribe annual security risk assessments which potentially leave your operations exposed while confronting dynamic threats which require continuous monitoring.
To effectively monitor security threats consideration needs to be provided to how events might escalate and equally how proactive steps can de-escalate them. By way of example, security forces firing with a protest march may escalate the potential of a violent response from protestors, while effective communication with protest leaders may, in the short term a minimum of, de-escalate the potential for a violent exchange.
This particular analysis can deal with effective threat forecasting, instead of a simple snap shot of your security environment at any point soon enough.
The largest challenge facing corporate security professionals remains, the best way to sell security threat analysis internally specially when threat perception varies from person to person based upon their experience, background or personal risk appetite.
Context is essential to effective threat analysis. All of us realize that terrorism is actually a risk, but as a stand-alone, it’s too broad a threat and, frankly, impossible to mitigate. Detailing risk in a credible project specific scenario however, creates context. As an example, the potential risk of an armed attack by local militia in response with an ongoing dispute about local employment opportunities, permits us to make your threat more plausible and present a better amount of alternatives for its mitigation.
Having identified threats, vulnerability assessment is likewise critical and extends beyond simply reviewing existing security controls. It has to consider:
1. How the attractive project is always to the threats identified and, how easily they are often identified and accessed?
2. How effective are definitely the project’s existing protections up against the threats identified?
3. How well can the project react to an incident should it occur despite of control measures?
Such as a threat assessment, this vulnerability assessment needs to be ongoing to make sure that controls not just function correctly now, but remain relevant since the security environment evolves.
Statoil’s “The In Anemas Attack” report, which followed the January 2013 attack in Algeria by which 40 innocent everyone was killed, made tips for the: “development of your security risk management system that may be dynamic, fit for purpose and aimed toward action. It should be an embedded and routine section of the company’s regular core business, project planning, and Statoil’s decision process for investment projects. A standardized, open and tacticalsupportservice.com allow both experts and management to possess a common knowledge of risk, threats and scenarios and evaluations of such.”
But maintaining this essential process is not any small task and one that needs a particular skillsets and experience. In line with the same report, “…in most cases security is a component of broader health, safety and environment position and another that not many people in those roles have particular expertise and experience. As a consequence, Statoil overall has insufficient ful-time specialist resources devoted to security.”
Anchoring corporate security in effective and ongoing security risk analysis not simply facilitates timely and effective decision-making. Additionally, it has possibility to introduce a broader range of security controls than has previously been considered as part of the business burglar alarm system.