Category Archives: Understanding Security

The Difference Between an Assessment Conducted By a Security Company and an Independent Security Risk Assessment

Photo Credit: http://glenmarietemasyasuria.blogspot.com/
Photo Credit: http://glenmarietemasyasuria.blogspot.com/

An offer to assess a property has become a mere “money making tool” for Security Companies, vendors and installers. This sort of assessment is not a full Security Risk Assessment but actually a Product Assessment. Solutions are determined according to the assessor’s inventory as the main purpose is to get the end-user to purchase various security items or to sign up for security services. The assessor is, in this case, simply a salesman justifying why his products need to be purchased to fix your security problems. This is why such an assessment is done free of charge or offered at a very low rate.

The downside here is that often a weakness in your security that cannot be remedied by an item in the salesman’s stock could be ignored and never brought to your attention. The salesman can only fix what he can provide for and therefore his knowledge and role as an advisor is somewhat limited. Many have found themselves in the unfortunate position of spending thousands on their security and systems, only to still fall victim of a crime.

The independent Security Risk Assessor on the other hand will ensure that you are provided with the truth concerning your security status. Consequent recommendations and the individually tailored Security Plan are based only on the outcome of an extensive Security Audit and on functionality of the hardware suggested. The role of this assessor is purely advisory and all fixes to your security problems are generic and unbiased, meaning the final choice lies in your hands. You will be in full control of your security and be able to tell the Security Company exactly what you want instead of sitting back and allowing him to decide for you.

An integral part of the responsibilities of the independent Security Risk Consultant is continuous and in-depth research covering the latest releases, technological advances, crime trends and all other pertinent information regarding the trade of security. Should the assessor find that he may not have the answer to a specific problem as revealed by the initial inspection of the property, he will not hesitate to make use of an expert who can provide specialised and expert advice concerning a specific security field. Furthermore any additional costs incurred in the buying in of a specialist is covered by the advisor with no extra charge to the client. The independent Security Risk Consultant goes to great lengths to ensure that you receive the best possible advice and an honest and professional perspective regarding your security.

Security in the Workplace

Too many businesses have neglected to fully consider security due to the fact that that nothing has happened, yet. Security is seen as an unnecessary expenditure and is usually the first to go when the budget is reviewed. IT security is often viewed as much more important and thousands upon thousands are spend by companies to protect their valuable data and the details of their clientele from hackers or fraudsters. What does this help if your server and all your workstations are stolen due to the fact that your physical security is not up to par or may have been neglected?

By having a Security Risk Assessment commissioned, company management will be provided with the means in which to better plan budget in regards to security. Spending becomes more stabilised and the Security Plan allows for solutions to be implemented in phases over time. Unnecessary costs incurred by ineffective security measures and failures will be eliminated from the get-go. The assessment report further provides the means in which to measure security and makes this concept communicable. In this case the Security Threat Assessment report becomes an invaluable tool to the Security Manager.

assessment security risk new blue risk threat crime preventionThe investigation and analysis of the security status does not only involve the actual physical structure of the site, security hardware or procedures that are in place but also considers the ‘human element’ which is often overlooked by other assessors. The attitude and actions of the employees can affect the status of the company’s security greatly. With the correct training in regards to Security Awareness and a conscious mindset of the accepted responsibility of security by the employees the status of security will be all the more stronger and will allow for crime to be proactively and effectively prevented before an incident occurs.

The key to security is not what equipment you may make use of to protect your business or even the Security Officer at the gate, but the actual control thereof. This includes good management and planning. The Security Risk Assessment provides a strong, solid foundation on which to build your security both in the present and into future. Solutions are purely based on the outcome of the investigation and specifically tailored and thoroughly researched to provide your company with a unique and workable security fit.

The Independent Consultant is the Ally of the Experienced Security Manager

Unfortunately many experienced Security Managers either oppose the external, independent Security Consultant or do not fully realise the benefits that this professional can actually provide to them through the Security Risk Assessment. The assessor is in no means there to undermine the Security Manager, or to affect his respected position in the company, and should actually be seen as an ally who has the ability to dispense knowledge and advice that the Security Manager can not only use to  his advantage, but to that of the entire company, including the financial aspect of the corporation, Health & Safety and Emergency & Disaster Management Planning.

Several Security Managers have found it difficult to present the board or management with a security problem that requires funding or backing. When doing so alone his opinion or his case remains unheeded by the decision makers. Having the detailed Security Risk Assessment report in hand and having the facts presented by an expert and professional outsider will enable the board members to fully understand the risks and threats present. This in turn allows for budget planning in regards to security to be better managed and fairly allocated. Furthermore most companies feel that security is not a problem as they have not yet been targeted by a crime or experienced loss through such an attack. Only after such an incident has occurred and it is too late are large amounts of money assigned to remedy the problem. Unfortunately this is only a temporary fix until either another similar incident occurs or a new one replaces the original problem. Ultimately this still results in excessive and unnecessary spending on behalf of the company. 

Another influencing factor is that the Security Manager may feel he is unable to reveal the full truth in regards to the security status, drawbacks or the losses of the company to the board. This could be that he may not wish to offend anyone or incur the wrath or doubt of management, which in turn could adversely and directly affect his employment and position at the company. As an outsider, the independent Security Consultant feels no such obligation and will reveal the actual status as is in an unbiased, honest and factually supported manner. The detailed Security Risk & Threat Assessment report explains all weaknesses and vulnerabilities within the security status in a concise, clear and understandable way. 

Photo Credit: www.theglobeandmail.com

Many professionals make use of outside experts on a daily basis. Think of your GP who may call in the assistance of a specialist, such a neurosurgeon or a podiatrist, should his training not be able to identify or remedy the patient’s specific problem. This is the manner in which the Security Manager should view the independent assessor. The Security Consultant has the relevant experience and up-to-date knowledge due to extensive and ongoing research in regards to security solutions, practices, necessary documentations and technology to provide the Security Manager with the best of guidance and expert advice.

The Necessity of the Security Risk Assessment

Recently it came to our attention that the US has begun to make it legislation that the Security Threat Assessment is required before any security installations and upgrades can be sanctioned and put into action. In fact, this is the correct manner and best approach in which security should be addressed as the Security Risk Assessment report will reveal all vulnerabilities and weaknesses within your security status.  Once these potential risks and threats have been positively identified and you aware of them and understand them, the necessary steps can be taken to deal with them appropriately and grant elimination. This is the first step in taking control of your security.

In an ideal world, the Security Risk Assessment should actually be conducted in the initial planning phases and development of a raw site or property. Security would be considered in the architectural design of the structure before construction even commences. All too often many issues in regards to security are actually created simply because a building, an entrance, a door or a gate have just been built wrong. Additional costs are then procured in the future in an attempt to remedy the situation.

Often security is only considered after it is too late and an incident or crime has already occurred. Companies and businesses then allocate huge amounts of money to the problem to either alleviate it temporarily or to have it replaced by a new one, which in turn results in even more over expenditure.  By having your Security Threat Assessment report in hand, you will be able to stabilise such spending as better budget planning is immediately achievable. The independent assessor will provide you with the best advice that has been extensively researched for your unique security situation. All recommendations are generic and focused on functionality as there is no affiliation to any specific brand, product or installation service. In the event that a solution contains a specific hardware or software item, this is purely due to the fact that our studies have indicated this to be the best and most workable option for you. All benefits and shortcomings will be clearly pointed out and explained to ensure that you have the most knowledge available to you in assist in good decision making regarding your security.

SRA Process - Security Risk Assessment LayersFurthermore the solutions provided in the Security Plan are solely based on the outcome and findings as revealed within the extensive investigation phase of the assessment. Security is definitely not guesswork or even a quick and easy checklist to determine risk. Nothing can be predetermined and the examination of yours security is done in a variety of levels that are analysed individually, in more than one state and then reviewed as a whole. Too many factors affect others which could adversely result in a negative impact of your overall security status. Moreover, this does not only involve the physical aspect of your security such as hardware and structural layout, but extends over other elements that are often overlooked. This is then followed by in-depth, ongoing and active research before the Security Plan may even be formulated.

The Importance of Confidentiality

Photo Credit: www.hsj.co.uk

When we are commissioned to conduct a full Threat & Security Risk Assessment on a property for a client, we ensure that we present them with a full, honest and accurate overview of their security status. All weaknesses and vulnerabilities present that create an opportunity for a crime to occur are positively identified and explained it full.  A comprehensive Security Plan is then derived upon these findings and various solutions that are extensively researched to remedy the problem areas are supplied. Due to the fact that the rollout of such projects are usually large and consist of various factors, these solutions are provided in such a manner so that they can occur over a period of time. This in turn also assists in better budget planning for necessary upgrades and relevant installations.

All this information needs to be kept highly classified as divulgence of any part will increase the risk and can be used by organised criminals to plan their attack. Before the commencement of the assessment, we as the assessing party will ensure that these documents are in place and signed as we take the matter of confidentiality very seriously. The identity of our clients and the details of the Security Risk Assessment are never shared or revealed to anyone, even for self promotional purposes.

Photo Credit: www.devriesinc.com

When conducting research into the best security solutions for each individual Security Risk Assessment, it is often required that we consult 3rd parties or experts within various fields of the security realm for more information and advice. Any additional costs that this may incur are covered fully by us and will not affect the initial pricing structure in the proposal as accepted and agreed upon by our clients. Before any details are provided for such recommendations, these external parties must also sign the necessary nondisclosure documents.

Although we do our utmost to protect this valuable information on behalf of our clients and consequently our reputation, the client must realise that this is actually a shared, joint responsibility. In the past we have found that some corporate entities have published their Security Threat Assessments (in full or in part) online and some have even revealed which solutions have been implemented and which still need to occur. The latter clearly indicates which problem areas have not been rectified and since these details could be considered as public domain once published, it therefore accessable to anyone with access to a computer or a smart device. Through the clever usage of keywords typed into a search engine, this can be obtained by any criminal and used to his / her advantage. Attack points can be planned as the vulnerabilities are clearly evident and have been literally handed to the lawbreaker on a silver platter.

Defense Against Unexpected Attack – Security likened to 3 Man Chess

Triad Chess - 3 Man Chess
Triad Chess – 3 Man Chess

Daily we make use of analogies when explaining security and the Security Risk Assessment as this seems to aid in understanding. One such successful analogy is comparing this to the unique and complex game of 3 Man Chess or Triad chess. Traditionally chess involves a player having to defend his pawns from attack from one singular opponent. If logic and strategy are correctly applied and you are able to predict the moves of the other player, you will win the game. But when playing 3 Man Chess, the chances that a strike will be unexpected are all the greater because there is more than one unknown against you now. The third participant adds a new dimension to this already complicated game as several new unanticipated and open-ended intricacies are now possible.

This can be directly compared to dealing with the criminal who makes a volatile adversary, especially when he is determined and prepared. Furthermore he is actively involved in the crime game and will not be passive in his action. As crime is an unknown territory to us as ‘normal’ citizens, our ability to forecast our opponents’ next move is hindered and rage, mental instability, alcohol or military planning on the behalf of such individuals or groups, but to name a few determining factors, makes it even more likely that our predictions will not be accurate and therefore, our defenses ineffective. Without the correct insight our attempts at crime prevention will prove inane and in the case of the groups that have planned their attacked, all possible defense will be prepared for and counterattacked upon accordingly.

Most security systems fail in their purpose as there are simply not enough contingencies built into the original design to handle all these new variables. The element of surprise and the lack of effective planning by those the criminals intend to target; are used by them to their utmost advantage. This can very often be blamed directly on the Security Risk Assessment that has been conducted incorrectly. The findings and conclusion of the assessment can be inaccurate when the assessor has not carefully considered all extenuating factors or a point system was used and the outcome is actually more subjective as risk cannot be predefined into a low-to-high rating.

In this sense, the independent Security Risk Consultant is a “chess guru”. Years of experience and the ability to conduct reverse crime engineering when examining all the variables and influential factors of a property, provide the assessor the means to accurately determine and consequently the deflection of the variety of moves his opponents may make next, and into the future, even if there is now more than one challenger involved in this high stake game of crime.