RISK

What is RISK?
Is the potential damage or loss of an asset.

The level of risk is a combination of two factors:

1) The value placed on that asset by its owner and the

consequence, impact adverse effect of loss or damage
to that asset;
2) The likelihood that a specific vulnerability will be
exploited by a particular threat.
TYPES OF RISK:
1) Pure Risk
2) Dynamic Risk

Risk Analysis
The process used by security professionals in
determining his priorities in the protection of
assets. The analysis of risk include
examinations of the vulnerability, probability
and criticality of potential threats and include
natural and man-made risk.
 MAJOR RISK
Among the major categories of risk which are arranged
according to Criticality are:

Nuclear Attack
Natural Catastrophe
Civil Disturbances and Malicious Destruction
Other Crimes
Conflict of Interest
Other Risk
 Risk Management
The process of selecting and implementing security
countermeasures to achieve an acceptable level of risk at
an acceptable cost.
 ASSET
Any person, facility, material, information, or
activity which has a positive value to its owner
whether it is an individual, private or
government entity.
The asset may have value to an adversary, as
well as to the owner, although the nature and
magnitude of those values may differ.
 VULNERABILITY
Any weakness that can be exploited by an adversary to
gain access to an asset.
An action taken or a physical entity used to
reduce or eliminate one or more
vulnerabilities.
The cost of a possible countermeasure may be
monetary, but may also include non-monetary
costs such as: reduced operational efficiency,
adverse publicity, unfavorable working
conditions, and political consequences.
Useful definition of a security problem requires that three
things be recognized and evaluated in quantitative terms:

1) the kinds of threats or risks affecting the assets to be

safeguarded;
2) the likelihood or probability of those threats becoming
actual loss events;
3) the impact or effect upon the assets or upon the
enterprise responsible for the assets if the loss occurs.
The first we may call Loss Event Profile, the second
Loss Event Probability or Frequency and the third Loss
Event Criticality.
•The kinds of threats or risks affecting
the assets to be safeguarded.
 SECURITY VULNERABILITY

No security plan or program can be effective unless it is

based upon a clear understanding of the actual risks it is
designed to control.
That statement should be the basis for all security
activity. It makes no difference whether the problem
being considered involves quick assets like cash or
negotiable instruments, more permanent assets such as
equipment, inventory and fixtures, or intangible assets
like trade secrets.
Until the actual act threat to those assets is assessed
accurately, precautions and countermeasures, even
those of the highest quality, reliability and repute, cannot
be chosen except by guesswork.
The value of a security program depends not only upon
the excellence of the resources but upon their
appropriateness and relevance. Problem definition
comes first; then comes countermeasures design.
Reversing this order would result in needless expense
and possibly, a substantially non-responsive security
program.
 PROBABILITY

The chance or likelihood that a loss

will take place. Indicated by a
mathematical statement concerning
the possibility of an event
occurring.
Probability
0<P<1
Probability known or
unknown

0.999 Virtually Certain

0.75 Very Probable
0.50 Average Probability
0.25 Less Probable
0.001 Very Improbable
The impact of a loss as measured in financial
terms. How important it is in terms of the
survival or existence of the organization.
Criticality includes the following cost
considerations

K= (Cp+ Ct+Cr+CD) - (I - a)

where:
K= Criticality Cost of the Loss
Cp= Cost of Permanent Replacement
Ct = Cost of Temporary Replacement
Cr = Related Cost
Cd= Discounted Cash
I= Insurance
a= Allocable Insurance Premium
Percentage of Impact:

100% Fatal
75% Very Serious
50% Average
25% Less Serious
0% Unimportant
An effective method of designing and
implementing an assets protection program is the
systems approach. The systems approach has
been defined as “a comprehensive solution to a
total problem.” It is an orderly and rational method
of problem solving and, if properly carried out,
should insure an effective assets protection
program.
THREE GENERAL STEPS IN THE
IMPLEMENTATION OF THE SYSTEMS
APPROACH :

1. a vulnerability analysis
2. installation of countermeasures :
• software
• hardware
• people
3. a test of the operating program to
insure its effectiveness.
 Risk Management Alternatives
and Strategies

• Risk Avoidance
Eliminating or removing the risk totally from the
business, government, or industrial environment for
which the security manager has responsibility.
• Risk Reduction
Decreasing the risk by minimizing the
probability of the potential loss. This
reduction of criminal opportunity is often
accomplished by situational crime
prevention strategies to discourage, deter,
or deny criminal incidents.
• Risk Spreading
Spreading the risk(s) through
compartmentation or decentralization to
limit the impact (criticality) of the potential
loss.
Areas within Complex “Compartmentalized” and fenced

Entire Complex fenced

• RISK TRANSFER

Moving the financial impact of

the potential loss over to an
insurance company.

ABC Insurance company

RISK SELF-ASSUMPTION

Planned assumption and acceptance

of the potential risk(s) by making a
deliberate managerial decision of (a)
doing nothing about the threat, or (b)
setting aside resources for use in case
of a specific loss incident.
• COMBINATION OF THE ABOVE

Using a combination of two or more of the above

strategies to manage potential risk and threats.
PROBABILITY AND CRITICALITY MATRIX

0.999

0.75

0.050

0.25

0.001
0% 25% 50% 75% 100%
1. Security Surveys are often
called ‘RISK ANALYSIS
SURVEYS’ or ‘RISK
ASSESSMENT SURVEYS’
2. A Security Survey is defined as the
process of conducting an exhaustive
physical examination of all operational
systems and procedures of a facility for
the following purposes :
a. To determine existing state of security
b. Identifying weaknesses in defenses;

c. To determine the degree of protection

required;
d. To produce recommendations for a total
security system.
3. The survey should be undertaken
by either suitably trained staff
security personnel, or a fully
qualified independent security
specialist.
4. No universal checklist can be applied
to all sites for survey purposes, as
no two facilities are alike.
5. Before commencing a security survey:
a. Written authority should be obtained
from the site director;
b. Previous surveys should be reviewed;
c. An orientation tour should be made;
d. Photographs should be taken of things
will be difficult to describe in a report.
(Only with authority)
6. After completing the survey an
immediate review of the findings should
be undertaken with the plant supervisor
so that urgent deficiencies can be
addressed.
7. A follow-up survey should always be
conducted to ensure improvements and
recommendations have been made.
8. Any survey report including lists of
recommendations is incomplete without
including a cost-benefit analysis, which
is ;
“ a direct comparison of the cost of
operation of the security unit and all the
existing security measures with the
amount of the corporate assets saved or
recovered as well as reduction of losses
caused by injuries and lost production.”
9. No security measure should be
recommended which is not cost effective.
10. Key stages in the risk assessment process
are:
a. To determine the value, impact and
cost of any asset should it be lost due
to natural or man-made forces;
b.To determine the degree of vulnerability of
the facility to damage or attack by
natural or manmade forces; and
c. To determine the degree of probability
that natural or man-made forces will
strike any given facility.
11. The vulnerability of a facility to
damage or attack may be determined
in a number of ways:
a. By an inspection of the
facility by an experienced
inspector;
b. An examination of the facility’s record
of losses ; and
c. Determining whether the high-value
property or items are properly protected
from theft by insiders.
12. Security surveys have a number of
objectives:
a. To determine existing vulnerabilities to
injury, death, damage or destruction by natural
causes;
b. To determine existing vulnerabilities of corporate
assets due to outside criminal activities;
c. To determine existing vulnerabilities to corporate
assets due to criminal activities within the
company:
d. To determine existing conditions of physical
security regulations;
e. To measure effectiveness of current
manning;
f. To measure compliance by employees to
company security regulations;
g. To conduct an internal audit to determine fraud;
h. To inspect the overall condition within the facility
which causes security problems;

i. To investigate
environmental
conditions in the
community from
a standpoint of
interaction
with the facility.
13.There is a similarity between a physical security
surveys and crime prevention surveys, but the
primary differences are;

a. Physical security measures are oriented more

towards security of property and facilities
whereas;
b. Crime prevention measures focus on the
deterrence of criminal activity regardless of the
physical safeguards in place.
SECURITY SURVEY REPORT FORMAT

__________________
Date

To : ____________________________

Subject : ____________________________

From : _____________________________
A. INTRODUCTION

1. Authorized for the survey

2. Date and Hour Survey was made

B. NAME AND MISSION OF INSTALLATION

1. Description of Surveyed Unit

2. Mission of the Installation

C. PHYSICAL SECURITY
1. Perimeter Barriers
a. Situation as surveyed
b. Recommendation

2. Guard Force and Guard System

a. Situation as surveyed
b. Recommendation

3. Personnel Identification &

Movement Control
a. Situation as surveyed
b. Recommendation
4. Protective Lighting
a. Situation as surveyed
b. Recommendation
5. Alarm and Communication System
a. Situation as surveyed
b. Recommendation
6. Restricted Areas
a. Situation as surveyed
b. Recommendation
7. Utilities
a. Situation as surveyed
b. Recommendation

D. OTHER SITUATIONS AND

RECOMMENDATIONS
a. Situation as surveyed
b. Recommendation
E. PERSONNEL SECURITY
1. Data Concerning Key Personnel
2. Clearance Program
a. Situation as surveyed
b. Recommendation
3. Security Education Program
a. Situation as surveyed
b. Recommendation
 4. Morale of Employees
a. Situation as surveyed
b. Recommendation

5. Absentee Rate and Labor Turn-over

a. Situation as surveyed
b. Recommendation

F. DOCUMENT AND INFORMATION SECURITY

1. Rules and Regulations to
Safeguard Sensitive Information
a. Situation as surveyed
b. Recommendation
 Note : Discuss each items like:
a. Classified system
b. Receipting System
c. Storage of Sensitive Information
d. Transmission System
e. Reproduction System
f. Destruction System
g. Preparation and Marking System
G. ENCLOSURE AND EXHIBITS
(State the number and title of three
enclosures / exhibits)