Tag Archives: Risk Identification

The Difference Between an Assessment Conducted By a Security Company and an Independent Security Risk Assessment

Photo Credit: http://glenmarietemasyasuria.blogspot.com/
Photo Credit: http://glenmarietemasyasuria.blogspot.com/

An offer to assess a property has become a mere “money making tool” for Security Companies, vendors and installers. This sort of assessment is not a full Security Risk Assessment but actually a Product Assessment. Solutions are determined according to the assessor’s inventory as the main purpose is to get the end-user to purchase various security items or to sign up for security services. The assessor is, in this case, simply a salesman justifying why his products need to be purchased to fix your security problems. This is why such an assessment is done free of charge or offered at a very low rate.

The downside here is that often a weakness in your security that cannot be remedied by an item in the salesman’s stock could be ignored and never brought to your attention. The salesman can only fix what he can provide for and therefore his knowledge and role as an advisor is somewhat limited. Many have found themselves in the unfortunate position of spending thousands on their security and systems, only to still fall victim of a crime.

The independent Security Risk Assessor on the other hand will ensure that you are provided with the truth concerning your security status. Consequent recommendations and the individually tailored Security Plan are based only on the outcome of an extensive Security Audit and on functionality of the hardware suggested. The role of this assessor is purely advisory and all fixes to your security problems are generic and unbiased, meaning the final choice lies in your hands. You will be in full control of your security and be able to tell the Security Company exactly what you want instead of sitting back and allowing him to decide for you.

An integral part of the responsibilities of the independent Security Risk Consultant is continuous and in-depth research covering the latest releases, technological advances, crime trends and all other pertinent information regarding the trade of security. Should the assessor find that he may not have the answer to a specific problem as revealed by the initial inspection of the property, he will not hesitate to make use of an expert who can provide specialised and expert advice concerning a specific security field. Furthermore any additional costs incurred in the buying in of a specialist is covered by the advisor with no extra charge to the client. The independent Security Risk Consultant goes to great lengths to ensure that you receive the best possible advice and an honest and professional perspective regarding your security.

Security in the Workplace

Too many businesses have neglected to fully consider security due to the fact that that nothing has happened, yet. Security is seen as an unnecessary expenditure and is usually the first to go when the budget is reviewed. IT security is often viewed as much more important and thousands upon thousands are spend by companies to protect their valuable data and the details of their clientele from hackers or fraudsters. What does this help if your server and all your workstations are stolen due to the fact that your physical security is not up to par or may have been neglected?

By having a Security Risk Assessment commissioned, company management will be provided with the means in which to better plan budget in regards to security. Spending becomes more stabilised and the Security Plan allows for solutions to be implemented in phases over time. Unnecessary costs incurred by ineffective security measures and failures will be eliminated from the get-go. The assessment report further provides the means in which to measure security and makes this concept communicable. In this case the Security Threat Assessment report becomes an invaluable tool to the Security Manager.

assessment security risk new blue risk threat crime preventionThe investigation and analysis of the security status does not only involve the actual physical structure of the site, security hardware or procedures that are in place but also considers the ‘human element’ which is often overlooked by other assessors. The attitude and actions of the employees can affect the status of the company’s security greatly. With the correct training in regards to Security Awareness and a conscious mindset of the accepted responsibility of security by the employees the status of security will be all the more stronger and will allow for crime to be proactively and effectively prevented before an incident occurs.

The key to security is not what equipment you may make use of to protect your business or even the Security Officer at the gate, but the actual control thereof. This includes good management and planning. The Security Risk Assessment provides a strong, solid foundation on which to build your security both in the present and into future. Solutions are purely based on the outcome of the investigation and specifically tailored and thoroughly researched to provide your company with a unique and workable security fit.

The Independent Consultant is the Ally of the Experienced Security Manager

Unfortunately many experienced Security Managers either oppose the external, independent Security Consultant or do not fully realise the benefits that this professional can actually provide to them through the Security Risk Assessment. The assessor is in no means there to undermine the Security Manager, or to affect his respected position in the company, and should actually be seen as an ally who has the ability to dispense knowledge and advice that the Security Manager can not only use to  his advantage, but to that of the entire company, including the financial aspect of the corporation, Health & Safety and Emergency & Disaster Management Planning.

Several Security Managers have found it difficult to present the board or management with a security problem that requires funding or backing. When doing so alone his opinion or his case remains unheeded by the decision makers. Having the detailed Security Risk Assessment report in hand and having the facts presented by an expert and professional outsider will enable the board members to fully understand the risks and threats present. This in turn allows for budget planning in regards to security to be better managed and fairly allocated. Furthermore most companies feel that security is not a problem as they have not yet been targeted by a crime or experienced loss through such an attack. Only after such an incident has occurred and it is too late are large amounts of money assigned to remedy the problem. Unfortunately this is only a temporary fix until either another similar incident occurs or a new one replaces the original problem. Ultimately this still results in excessive and unnecessary spending on behalf of the company. 

Another influencing factor is that the Security Manager may feel he is unable to reveal the full truth in regards to the security status, drawbacks or the losses of the company to the board. This could be that he may not wish to offend anyone or incur the wrath or doubt of management, which in turn could adversely and directly affect his employment and position at the company. As an outsider, the independent Security Consultant feels no such obligation and will reveal the actual status as is in an unbiased, honest and factually supported manner. The detailed Security Risk & Threat Assessment report explains all weaknesses and vulnerabilities within the security status in a concise, clear and understandable way. 

Photo Credit: www.theglobeandmail.com

Many professionals make use of outside experts on a daily basis. Think of your GP who may call in the assistance of a specialist, such a neurosurgeon or a podiatrist, should his training not be able to identify or remedy the patient’s specific problem. This is the manner in which the Security Manager should view the independent assessor. The Security Consultant has the relevant experience and up-to-date knowledge due to extensive and ongoing research in regards to security solutions, practices, necessary documentations and technology to provide the Security Manager with the best of guidance and expert advice.

The Necessity of the Security Risk Assessment

Recently it came to our attention that the US has begun to make it legislation that the Security Threat Assessment is required before any security installations and upgrades can be sanctioned and put into action. In fact, this is the correct manner and best approach in which security should be addressed as the Security Risk Assessment report will reveal all vulnerabilities and weaknesses within your security status.  Once these potential risks and threats have been positively identified and you aware of them and understand them, the necessary steps can be taken to deal with them appropriately and grant elimination. This is the first step in taking control of your security.

In an ideal world, the Security Risk Assessment should actually be conducted in the initial planning phases and development of a raw site or property. Security would be considered in the architectural design of the structure before construction even commences. All too often many issues in regards to security are actually created simply because a building, an entrance, a door or a gate have just been built wrong. Additional costs are then procured in the future in an attempt to remedy the situation.

Often security is only considered after it is too late and an incident or crime has already occurred. Companies and businesses then allocate huge amounts of money to the problem to either alleviate it temporarily or to have it replaced by a new one, which in turn results in even more over expenditure.  By having your Security Threat Assessment report in hand, you will be able to stabilise such spending as better budget planning is immediately achievable. The independent assessor will provide you with the best advice that has been extensively researched for your unique security situation. All recommendations are generic and focused on functionality as there is no affiliation to any specific brand, product or installation service. In the event that a solution contains a specific hardware or software item, this is purely due to the fact that our studies have indicated this to be the best and most workable option for you. All benefits and shortcomings will be clearly pointed out and explained to ensure that you have the most knowledge available to you in assist in good decision making regarding your security.

SRA Process - Security Risk Assessment LayersFurthermore the solutions provided in the Security Plan are solely based on the outcome and findings as revealed within the extensive investigation phase of the assessment. Security is definitely not guesswork or even a quick and easy checklist to determine risk. Nothing can be predetermined and the examination of yours security is done in a variety of levels that are analysed individually, in more than one state and then reviewed as a whole. Too many factors affect others which could adversely result in a negative impact of your overall security status. Moreover, this does not only involve the physical aspect of your security such as hardware and structural layout, but extends over other elements that are often overlooked. This is then followed by in-depth, ongoing and active research before the Security Plan may even be formulated.

The Importance of Confidentiality

Photo Credit: www.hsj.co.uk

When we are commissioned to conduct a full Threat & Security Risk Assessment on a property for a client, we ensure that we present them with a full, honest and accurate overview of their security status. All weaknesses and vulnerabilities present that create an opportunity for a crime to occur are positively identified and explained it full.  A comprehensive Security Plan is then derived upon these findings and various solutions that are extensively researched to remedy the problem areas are supplied. Due to the fact that the rollout of such projects are usually large and consist of various factors, these solutions are provided in such a manner so that they can occur over a period of time. This in turn also assists in better budget planning for necessary upgrades and relevant installations.

All this information needs to be kept highly classified as divulgence of any part will increase the risk and can be used by organised criminals to plan their attack. Before the commencement of the assessment, we as the assessing party will ensure that these documents are in place and signed as we take the matter of confidentiality very seriously. The identity of our clients and the details of the Security Risk Assessment are never shared or revealed to anyone, even for self promotional purposes.

Photo Credit: www.devriesinc.com

When conducting research into the best security solutions for each individual Security Risk Assessment, it is often required that we consult 3rd parties or experts within various fields of the security realm for more information and advice. Any additional costs that this may incur are covered fully by us and will not affect the initial pricing structure in the proposal as accepted and agreed upon by our clients. Before any details are provided for such recommendations, these external parties must also sign the necessary nondisclosure documents.

Although we do our utmost to protect this valuable information on behalf of our clients and consequently our reputation, the client must realise that this is actually a shared, joint responsibility. In the past we have found that some corporate entities have published their Security Threat Assessments (in full or in part) online and some have even revealed which solutions have been implemented and which still need to occur. The latter clearly indicates which problem areas have not been rectified and since these details could be considered as public domain once published, it therefore accessable to anyone with access to a computer or a smart device. Through the clever usage of keywords typed into a search engine, this can be obtained by any criminal and used to his / her advantage. Attack points can be planned as the vulnerabilities are clearly evident and have been literally handed to the lawbreaker on a silver platter.

Changing Security: What the independent Risk Assessor Can Provide

Our approach in regards to crime and security is vastly different from the norm and scores of other companies strongly oppose the manner in which we conduct our Security Risk Assessment, as it directly contradicts their own and is ultimately proven to be very much more accurate in the long run. Although disagreement can be healthy and opens one’s mind to new things if a diverse idea is equally and duly considered, too many individuals are so set in their ways to even give proper thought to change. It can be presumed that this is a South African trait perhaps, as it appears rather very common and widespread. This is actually unfortunate as security and crime prevention needs to evolve due to the fact that the criminals do so with ease and using old technology or out-dated ideas will no longer suffice. An everyday misconception is that criminals are unintelligent but this is very much off the mark and totally unrealistic.

Picture Credit: Quebec Memes
Picture Credit: Quebec Memes

All too often we have found that when we supply a proposal to a corporate or governmental entity, the company policy requires that 3 quotations be requested before any decisions can be made. This practice could be deemed as very fair in any other field, but not that of security consultancy and risk analysis. In this case such a task can be deemed as impossible. At this stage there are simply no other companies who conduct an independent Security Risk Assessment like we do and those that offer such a service, usually at a much cheaper rate or even for free, are actually providing the client with a Product Assessment. The extra quotes received will not provide the same results as an independent. Regretfully this is only realised too late and after various upgrades and installations have been already completed and paid for.

The problem here is that solutions are usually predetermined. Security cannot be based on guesswork either. The Security Plan and recommendations for security answers can only be developed and be founded upon the findings as revealed by an extensive and in-depth investigation of the security system. All threats and vulnerabilities need to be positively identified, explained in detail and fully understood. A lot of research and sometimes the services of a 3rd party who is a highly trained expert in a specific security area are necessary before the problems within your security can be resolved and advised upon accordingly. Should such specialists be required to be consulted with, we cover all additional costs procured and the initial proposal as presented to our clients is in no way affected.

Furthermore, when considering security, the general consensus is this is just hardware such as an alarm or a CCTV system. No, another myth as there are other elements that are nonphysical that need to be thoroughly examined to gain an accurate overview of one’s overall security status. This is applicable to both the home and any type of business. Product assessments or those based on a point system, have proved to be incorrect in our experience as not all these extenuating factors are reflected on or viewed as an entirety along with the physical elements. Most of these elements are actually not even acknowledged at all. A risk remains a risk and cannot be graded. To ensure that your security status is truthfully analysed and that the recommendations provided are unbiased and based on functionality, it is in your favour to strongly consider a professional and independent assessor.