Introduction
The reader will become familiarised with the term risk and it definitions from specifically the ISO 31000 standard of risk management and also the definition of risk from the criminology crime triangle. Which one of these two definitions that are the most suitable for usage within the security industry will be discussed and evaluated. How and why consequence is important when assessing risk priorities and determining where to allocate resources will be examined and answered.
1. Definitions
Security risk management is “the culture, processes and structures that are directed towards maximizing benefits and minimizing disbenefits in security, consistent with achieving business objectives”. (Australia, 2006) And where
…show more content…
There are three elements that must exist for a crime to occur:
• motivation
• capability
• opportunity
This concept is called the crime triangle. With knowledge of the elements within the crime triangle the risk of a crime being committed can be estimated and preventative measures may be put in place. Motivation according to Vellani is created by the actual target for the crime which is the asset or assets. An asset contains of people, property and information. Vellani states that removal of motivation probably is impossible, and therefore the focus for security programs should be reducing the opportunity to commit crime. Vellani suggests that the crime triangle is an easy and effective method of illustrating how crime can be prevented.
1.3. Consequence
Consequence is described in the risk management standard as the “outcome of an event affecting objectives”. (Australia, 2009) According to this a consequence can be both positive and negative.
2. What are the needs of the security industry?
To answer that question one must first know what the security industry is. According to Brooks (2009) security is not easily defined and can even be considered being the national military defence. To exactly know what the security industry is it therefore quite intricate. However the assumption is made that the security industry and security in general has the same needs. As previously mentioned security risk management should
How does Department of Homeland Security Enterprise manage to satisfy on the shareholders, risk management. Risk management is defined as “a systematic and analytical process to consider the likelihood that a threat will endanger an asset, individual, or function and identify actions to reduce the risk and mitigate the consequences of an attack” (Decker 2002, page 1). Risk management acknowledges that “threats and risks will never be completely eliminated, but enhancing protection from known or potential threats can reduce it” (Decker 2002, page 1).
To understand the role(s) of a Security Manager, a person must know what security is and what it means to an organization. According to Ortmeier, “security may be defined as a public or private service-related activity that provides personnel, equipment, and creates policies and procedures designed to prevent or reduce losses. These losses, caused by criminal action as well as by noncriminal events resulting from human error, emergencies, man-made and natural disasters, and business intelligence collection by competitors”. (2009).
Risk is what may occur or, that which is likely to occur, as a result of a particular incident. Risk is part of everyday life and it exists in every activity undertaken by humanity. However, some risks can be avoided and are not as grave as others. To evaluate a risk, careful consideration is given to its nature and consequences. Risk is calculated relative to the damage an incident causes and the level, size, and extent of exposure to said damage. Hazard is the apparatus that causes the damage or harm, and exposure is the degree, depth, and scope of the risk as influenced by the nature of the source of danger. In other words, risk can be determined by multiplying hazard by exposure (Nemeth,
Opposite to what some might believe, according to BOA’s Smith, “senior management is not the biggest hindrance to better security. Rather, the middle management might represent one of the largest challenges because they impact the organization daily.” Many organizations find it difficult to stay in compliance with different government laws and regulations like Sarbanes-Oxley Act and HIPAA in addition to Payment card industry Data security Standards. It does not help the fact that there is a scarcity in security professionals who have the technical and engineering skills that know how to explain the risks/rewards and the trade-off and can sell solutions within the organization.
* There are three (3) schools of thought regarding risk. The first considers the positive and negative aspects of risk, but sees them as separate. The second group believes that there are benefits from treating threats and opportunities together, while the third school does not label uncertainties, but addresses uncertainty as part of “doing the job.” Argue the value of having a risk strategy despite the cost associated with it. Include an example to support
The Main Purpose of Security Management and Security Measures must be Commensurate with the Threat
Make risk management an integral part of your organization’s management approach. Emphasize the need to communicate and consult with both external and internal stakeholders, Continuously monitor and review your organization’s risk management process (including SOC playbooks and CSIRT response scenarios).
Identify what you see as the main purpose of security management and discuss what is meant by the statement that ‘security measures must be commensurate with the threat’.
In order to perform project risk management effectively, the organization or the department must know the meaning of the risk clearly. With regards to a project, the management must focus on the potential effects on the objectives of the project, for example, cost and time (Loosemore, Raftery and Reilly, 2006). Risk is a vulnerability that really matters; it can influence the objectives of the project
Risk management is the term applied to a logical and systematic method of establishing the context, identifying, analyzing, evaluating, treating, monitoring and communicating risks associated with any activity, function or process in a way that will enable organizations to minimize losses and maximize opportunities. (Lecture notes)Risk Management is also described as 'all the things you need to do to make the future sufficiently certain'. (The NZ Society for Risk Management, 2001)
Good security management requires risk management to mitigate or reduce risk to an acceptable level within an organization. Security management’s objective is to protect the company and its assets. A proper risk analysis will identify the company’s major assets, threats that put those assets at risk, and estimate the possible damage and loss a company may endure if any of the threats were to become real. With a good risk analysis, management can determine the type of budget they want to set to mitigate threats. Risk analysis justifies the cost of the countermeasures against the threats and determines the benefit or worth of security
In this paper, I have discussed risk communication and risk management. In the first part of the paper, I have identified and explained the risk communication management and its significance. Later, I have discussed the importance of risk communication for security managers in any organization.
One well accepted description of risk management is the following: risk management is a systematic approach to setting the best course of action under uncertainty by identifying, assessing, understanding, acting on and communicating risk issues. In order to apply risk management effectively, it is vital that a risk management culture be developed. The risk management culture supports the overall vision, mission and objectives of an organization. Limits and boundaries are established and communicated concerning what are acceptable risk practices and outcomes. Since risk management is directed at uncertainty related to future events and outcomes, it is
Concept of risk, risk assessment, risk management and how uncertainty affects the process will be discussed.
A threat agent is the facilitator of an attack however; a threat is a constant danger to an asset.