Beruflich Dokumente
Kultur Dokumente
What is RISK?
Is the potential damage or loss of an asset.
Risk Analysis
The process used by security professionals in
determining his priorities in the protection of
assets. The analysis of risk include
examinations of the vulnerability, probability
and criticality of potential threats and include
natural and man-made risk.
MAJOR RISK
Among the major categories of risk which are arranged
according to Criticality are:
Nuclear Attack
Natural Catastrophe
Civil Disturbances and Malicious Destruction
Other Crimes
Conflict of Interest
Other Risk
Risk Management
The process of selecting and implementing security
countermeasures to achieve an acceptable level of risk at
an acceptable cost.
ASSET
Any person, facility, material, information, or
activity which has a positive value to its owner
whether it is an individual, private or
government entity.
The asset may have value to an adversary, as
well as to the owner, although the nature and
magnitude of those values may differ.
VULNERABILITY
Any weakness that can be exploited by an adversary to
gain access to an asset.
An action taken or a physical entity used to
reduce or eliminate one or more
vulnerabilities.
The cost of a possible countermeasure may be
monetary, but may also include non-monetary
costs such as: reduced operational efficiency,
adverse publicity, unfavorable working
conditions, and political consequences.
Useful definition of a security problem requires that three
things be recognized and evaluated in quantitative terms:
K= (Cp+ Ct+Cr+CD) - (I - a)
where:
K= Criticality Cost of the Loss
Cp= Cost of Permanent Replacement
Ct = Cost of Temporary Replacement
Cr = Related Cost
Cd= Discounted Cash
I= Insurance
a= Allocable Insurance Premium
Percentage of Impact:
100% Fatal
75% Very Serious
50% Average
25% Less Serious
0% Unimportant
An effective method of designing and
implementing an assets protection program is the
systems approach. The systems approach has
been defined as “a comprehensive solution to a
total problem.” It is an orderly and rational method
of problem solving and, if properly carried out,
should insure an effective assets protection
program.
THREE GENERAL STEPS IN THE
IMPLEMENTATION OF THE SYSTEMS
APPROACH :
1. a vulnerability analysis
2. installation of countermeasures :
• software
• hardware
• people
3. a test of the operating program to
insure its effectiveness.
Risk Management Alternatives
and Strategies
• Risk Avoidance
Eliminating or removing the risk totally from the
business, government, or industrial environment for
which the security manager has responsibility.
• Risk Reduction
Decreasing the risk by minimizing the
probability of the potential loss. This
reduction of criminal opportunity is often
accomplished by situational crime
prevention strategies to discourage, deter,
or deny criminal incidents.
• Risk Spreading
Spreading the risk(s) through
compartmentation or decentralization to
limit the impact (criticality) of the potential
loss.
Areas within Complex “Compartmentalized” and fenced
0.999
0.75
0.050
0.25
0.001
0% 25% 50% 75% 100%
1. Security Surveys are often
called ‘RISK ANALYSIS
SURVEYS’ or ‘RISK
ASSESSMENT SURVEYS’
2. A Security Survey is defined as the
process of conducting an exhaustive
physical examination of all operational
systems and procedures of a facility for
the following purposes :
a. To determine existing state of security
b. Identifying weaknesses in defenses;
i. To investigate
environmental
conditions in the
community from
a standpoint of
interaction
with the facility.
13.There is a similarity between a physical security
surveys and crime prevention surveys, but the
primary differences are;
__________________
Date
To : ____________________________
Subject : ____________________________
From : _____________________________
A. INTRODUCTION