Posts

Security Risk Assessment & Management

[ Security-Risk-Management-Process ] [ Types of Security Risks Threats ] [ Security Assessment ] [ Information Acquisition ] [ Risk Discovery Process ] [ Security Risk Analysis Report ]

Always be on the lookout…

Security Risk Management Process

Our AR INTELL Security Risk Management Process aims to provide you with an in-depth set of security methods & threat intelligence insights. Hence we believe this will help you to clearly understand which security threats are important for your community, for you as an individual or your organization/company.

Security Risk Assessment, Threat Intelligence and Risk Management must work hand in hand.

To protect your physical & digital assets effectively, a set of security controls needs to be in place. These controls will function as deterring elements. They work in sync with detection systems, attack delay mechanisms. Other response methodologies are also to be considered.

Ask yourself how to respond to incidents.

We always start the process with an assessment of your best business practices, standard operating procedures (SOPs). We will verify your security policies, industry-standard compliance and other guidelines or regulations which should be in place at any organizational level.

Types of Security Risks & Threats:

  • physical security risks & threats
    • theft, robbery & burglary
    • vandalism
    • terrorism
    • sabotage
    • natural disasters
    • assault & physical violence
  • perimeter security risks
  • cyber secuity & digital security risks
  • computer security risks & network security threats
  • workplace security risks

Threat Intelligence is not a luxury.

Levels of Security Assessment & Process

Our security risk assessment process will look at many different areas in your organization and issues. This is done to make a preliminary security risk assessment report. These risk elements & risk areas are looked at during a specific process:

  • General context: strategic context, organizational context, risk management context
  • Threat Assessment – Vulnerability Assessment – Critical elements Assessment
    • conceptual threats
    • operational levels
    • physical levels
    • lighting
    • management levels
    • policy levels
    • training levels
    • security staff
    • electronic & digital systems
    • electrical systems
    • liability issues
    • legal issues
    • regulatory issues
    • structural design
    • perimeter & barrier security
    • analysis of security weaknesses and exploitation opportunities
  • Risk Identification (what, who, when, where, how, why)
  • Risk Assessment (likehood of something happening & the consequences or effects
    • recommendations
    • options
    • trade-offs
  • Risk Evaluation (what can we tolerate and accept)
  • Risk Mitigation (avoid risks, sharing the risk-load, exploitation scenarios, acceptance and reduction)
    • avoidance of risk
    • reduction of risk
    • spreading of risk
    • transfer of risk
    • acceptance of risk

Specific Information will be acquired by means of:

  • interviews
  • assessment of security posture
  • assessment of current security apparatus & infrastructure
  • history of security incidents
  • on site research
  • analysis of crime or incident scenes
  • documentation reviews
  • policy reviews
  • SOP reviews
  • risk simulations
  • resource optimization
  • compliance verification
  • surveillance systems check
  • disaster recovery training (what works to keep things at float and recover…)

Risk Discovery Process

The whole purpose of the security risk discovery process is to establish an effective and realistic risk management strategy that allows you to reduce or limit the threats. As it happens threats can be real, perceived or conceptual.

Consequently, we can prevent opportunities or risky situations to occur and thus reduce the negative effects of misconfigurations, lack of security, accidents, mishaps or disasters.

To conclude, by compiling a hands-on security assessment report, we will help you to identify the risks to your assets & people. Undoubtedly you can be making better security decisions.

Security Risk Analysis Report

We use 3 different methods which are reflected in our report.

  • Hybrid Methodology
  • Quantitative Methodology
  • Qualitative Methodology

Contentwise our reports contain an executive summary, list of security issues, and constructive suggestions which reflect upon:

  • your different levels of specific vulnerabilities
  • how you interact with your environment (inside / outside the organization)
  • applicable threats and their frequency of occuring
  • technical system connected
  • levels of data exposure
  • calculations of detailed Annual Loss Expectancy
  • Residual risks & treaths