Introduction to Security Chapter 5 Risk Management: The Foundation of Private Security
Introduction to Security
Feb 25, 2016
Introduction to Security. Chapter 5 Risk Management: The Foundation of Private Security. Risk defined:. A known threat that has unpredictable effects in either timing or extent 2 types of Risk: Pure risk Dynamic Risk. 1. Pure Risk. - PowerPoint PPT Presentation
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Introduction to Security
1Introduction to SecurityChapter 5Risk Management: The Foundation of Private Security
2Risk defined:A known threat that has unpredictable effects in either timing or extent2 types of Risk:Pure riskDynamic Risk
31. Pure RiskThe potential for injury, damage or loss with no possible benefits.Examples:CrimeTerrorismNatural Disasters
42. Dynamic RiskThis has potential for both benefits and losses.Examples:Accepting checks to stimulate businessHiring our own security personnel
5Risk Management: The Big PictureAnticipating RiskRecognizing RiskAnalyzing RiskTaking steps to reduce or prevent such risksEvaluating the Results
6Risk Management: The Big PictureAsset WorthAn important part of any risk management program is the worth of the asset being protected.3 Factors:Overall value of the asset to the organizationImmediate financial impact of losing the assetIndirect business impact of losing the asset.
7Risk AssessmentRisk Assessment is the process of identifying and prioritizing risks to a business.A risk assessment serves as the foundation upon which an organization builds its physical security plan. (Fredrick, 2006, p. 19)
8Sources of Information on RiskLocal police crime statisticsUCR reportsInternal organization documentsPrior complaintsPrior civil claims against securityIndustry-related informationLaw enforcement intelligence
93 Factors of Risk AnalysisVulnerability where and how could losses occurProbability analyzing those factors that favor lossCriticality deciding the consequences of a loss if it should occur
10How to handle identified risks:Risk eliminationRisk reductionRisk spreadingRisk transferRisk acceptance
111. Risk EliminationThe best alternative, if it is realistic.For example, we can eliminate the risk of losses from credit card fraud if we dont take credit cards. However, the loss of business would be more than the loss from credit card fraud.
122. Risk ReductionWe can not eliminate all pure risk, but we can reduce it.We reduce it by establishing control and procedures.Lighting, installing locks and alarm systems are all examples of methods of risk reduction.
132. Risk Reduction attack treesThese give us a visual representation of our risk.
143. Risk SpreadingRelated to risk reductionThis approach uses methods that reduce the potential loss by splitting up the risk into several areas.
154. Risk TransferWe can transfer the risk by either raising prices or insurance.Insurance has a couple of important principles:Indemnity: states the insurer pays only the actual amount of the loss and no moreSubrogation: substitution of the insurer in place of the insured for the purposes of claiming indemnity from a third party for a loss covered by insurance
165. Risk AcceptanceIt is never cost effective, practical, or indeed possible, to provide 100% security, thus some risks we simply have to accept.Some risks are simply the costs of doing business.
17Qualitative and Quantitative Risk AssessmentQuantitative calculate the objective values for each component during risk assessment and cost benefit analysis.Qualitative identifies the most important risks quickly by assigning relative values to assets, risks, control and effects.This balances cost and effectiveness.
18Conducting the Security SurveyA survey instrument needs to be developedA thorough, physical walk-through should be done Walk-through should include talking to and observing personnel and observing the environment as a whole
19Reporting the ResultsIntroductionA discussion of the risk analysisStrengths of the systemWeaknesses of the systemRecommendations for alternatives for managing the risks, including the estimated cost and savings, and who should be responsible for making the changes
20Implementing the RecommendationsIt is important to note that most companies will not have the money to implement all the changes at once.It is important to establish a schedule for implementation of the recommendations, in order to accommodate budget issues and ensure items do not get overlooked.
21Keys to SuccessExecutive sponsorshipWell defined list of stakeholdersClear definition of roles and responsibilitiesAtmosphere of open communicationSpirit of teamworkHolistic view of organizationAuthority throughout process
Related Documents
