Threat Assessment – Have a Look at Most Up-to-Date Buyer Comments.
Companies operating in hostile environments, corporate security has historically been a source of confusion and sometimes outsourced to specialised consultancies at significant cost.
Of itself, that’s not an inappropriate approach, nevertheless the problems arises because, should you ask three different security consultants to handle the www.tacticalsupportservice.com, it’s possible to receive three different answers.
That lack of standardisation and continuity in SRA methodology is the primary source of confusion between those responsible for managing security risk and budget holders.
So, just how can security professionals translate the conventional language of corporate security in ways that both enhances understanding, and justify inexpensive and appropriate security controls?
Applying a four step methodology to the SRA is critical to its effectiveness:
1. What is the project under review seeking to achieve, and the way is it trying to achieve it?
2. Which resources/assets are the most crucial to make the project successful?
3. What exactly is the security threat environment when the project operates?
4. How vulnerable would be the project’s critical resources/assets towards the threats identified?
These four questions needs to be established before a security system may be developed that is certainly effective, appropriate and versatile enough to be adapted inside an ever-changing security environment.
Where some external security consultants fail is in spending little time developing a comprehensive idea of their client’s project – generally causing the application of costly security controls that impede the project as opposed to enhancing it.
With time, a standardised approach to SRA will help enhance internal communication. It will so by improving the understanding of security professionals, who make use of lessons learned globally, and the broader business since the methodology and language mirrors that of enterprise risk. Together those factors help shift the perception of tacttical security from your cost center to just one that adds value.
Security threats originate from a myriad of sources both human, such as military conflict, crime and terrorism and non-human, including natural disaster and disease epidemics. To build up effective research into the environment where you operate requires insight and enquiry, not simply the collation of a listing of incidents – regardless of how accurate or well researched those may be.
Renowned political scientist Louise Richardson, author of the book, What Terrorists Want, states: “Terrorists seek revenge for injustices or humiliations suffered by their community.”
So, to effectively measure the threats for your project, consideration has to be given not just to the action or activity conducted, and also who carried it all out and fundamentally, why.
Threat assessments have to address:
• Threat Activity: the what, kidnap for ransom
• Threat Actor: the who, domestic militants
• Threat Driver: the motivation to the threat actor, environmental damage to agricultural land
• Intent: Establishing how many times the threat actor carried out the threat activity rather than just threatened it
• Capability: Will they be capable of undertaking the threat activity now and down the road
Security threats from non-human source including disasters, communicable disease and accidents may be assessed in a really similar fashion:
• Threat Activity: Virus outbreak causing serious illness or death to company employees e.g. Lassa Fever
• Threat Actor: What could possibly be responsible e.g. Lassa
• Threat Driver: Virus acquired from infected rats
• What Potential does the threat actor have to do harm e.g. last outbreak in Nigeria in 2016
• What Capacity does the threat have to do harm e.g. most frequent mouse in equatorial Africa, ubiquitous in human households potentially fatal
Many companies still prescribe annual security risk assessments which potentially leave your operations exposed while confronting dynamic threats which require continuous monitoring.
To effectively monitor security threats consideration should be provided to how events might escalate and equally how proactive steps can de-escalate them. As an example, security forces firing on the protest march may escalate the chance of a violent response from protestors, while effective communication with protest leaders may, in the short term no less than, de-escalate the chance of a violent exchange.
This kind of analysis can sort out effective threat forecasting, rather than a simple snap shot of the security environment at any time soon enough.
The greatest challenge facing corporate security professionals remains, how to sell security threat analysis internally specifically when threat perception varies for every person depending on their experience, background or personal risk appetite.
Context is critical to effective threat analysis. Many of us recognize that terrorism can be a risk, but as being a stand-alone, it’s too broad a threat and, frankly, impossible to mitigate. Detailing risk in the credible project specific scenario however, creates context. By way of example, the chance of an armed attack by local militia in response for an ongoing dispute about local job opportunities, permits us to make the threat more plausible and offer a better variety of selections for its mitigation.
Having identified threats, vulnerability assessment is likewise critical and extends beyond simply reviewing existing security controls. It should consider:
1. The way the attractive project is to the threats identified and, how easily they may be identified and accessed?
2. How effective are the project’s existing protections up against the threats identified?
3. How well can the project reply to an incident should it occur in spite of control measures?
Just like a threat assessment, this vulnerability assessment should be ongoing to ensure that controls not just function correctly now, but remain relevant as the security environment evolves.
Statoil’s “The In Anemas Attack” report, which followed the January 2013 attack in Algeria in which 40 innocent everyone was killed, made ideas for the: “development of any security risk management system that may be dynamic, fit for purpose and aimed toward action. It ought to be an embedded and routine part of the company’s regular core business, project planning, and Statoil’s decision process for investment projects. A standardized, open and tacticalsupportservice.com allow both experts and management to have a common understanding of risk, threats and scenarios and evaluations of the.”
But maintaining this essential process is no small task and something that requires a unique skillsets and experience. According to the same report, “…in many instances security is an element of broader health, safety and environment position and something in which very few people in those roles have particular expertise and experience. Because of this, Statoil overall has insufficient ful-time specialist resources dedicated to security.”
Anchoring corporate security in effective and ongoing security risk analysis not only facilitates timely and effective decision-making. In addition, it has possibility to introduce a broader range of security controls than has previously been considered as an element of the business alarm system.