structured approach to corporate security
We start with the highest level, and identify the general goals of the security plan. From there, policies and procedures are developed, and then we detail the resources and methods that support those policies and procedures in order to meet the goals of the overall plan.
corporate security consulting
4 categories where a security director can begin: Threat Identification, Threat Assessment, Risk Assessment; and, Risk Management.
Bug Detection – TSCM
Are you being monitored? inquiṡitóres Company provides eavesdropping protection and counter-surveillance security – Technical Surveillance Countermeasures (TSCM).
Physical Security
Physical security measures when properly designed deny unauthorized access to facilities, equipment and resources. They also protect personnel and property from damage or harm.
About US
Corporate Security Consulting
Eavesdropping Detection and Physical Security Audits and Assessments
Thteat Identification
Let’s start with Threat Identification. Simply stated, this is a list of all the bad things that can happen. Consider a general threat of burglary, and break it down in to detailed occurrences – listing each potential point of intrusion. In addition to theft, consider things like vandalism, espionage, active shooter, and even kidnapping. Workplace violence is a huge category by itself, from minor acts to extreme acts of violence that we see on the news. These are security related threats, but safety related threats can be part of the plan. A detailed list of occurrences not just “someone breaks in” but… …Intrusion through broken window on south side, or… …Forced door at back of building …Propped door on west side of building #4 Theft of individual items (list them) Theft of any item Vandalism Kidnapping Violence – a list of different events – from minor to extreme Safety related threats, such as fire, hurricane, tornado, flood.
Threat Assessment
Next, for each threat, make a determination, or an estimate if you can, of the likelihood of that threat occurring, as well as the related target vulnerability. Very likely to unlikely. Vulnerability assessment.
Risk Assessment
Risk is defined as the result, or consequence, of a given threat having been carried out. It is a loss, many times measured in money, but that is not the only measurement. Espionage can result in loss data or intellectual property, which can lead to financial loss. Injury and loss of life are also risks, as are some intangibles, such as employee unease. If such an employee quits, we have a financial measurement of the cost to hire and train a replacement. Here we also determine the degree, or amount of risk. The result of a threat occurring? A consequence or loss? Measured in money? Measured in injury or loss of life? Loss of property or data Intangibles, such as employee unease? Amount of risk – large, medium, small?
Risk Management
Once we have identified the risks involved with threat occurrence, we figure out how to address those risks. There are 3 general categories – assumption, transfer, and mitigation. When a risk is assumed, that implies a minimal effort, or no effort at all is made, so the loss or consequence is accepted. Assumption is typically employed when the risk is very small, or if the threat is very unlikely. Risk transfer means that we get someone else to assume the risk. An example of risk transfer is to purchase insurance. A museum can purchase an insurance policy for the threat of theft of an individual statue or painting, or for theft or damage of an entire exhibit. Keep in mind there is residual risk, which is the remaining loss when the assuming party compensates you for that loss – such as a deductible, and the cost of processing a claim. This is voluntary assumption. The assuming party may also require you to mitigate some risk, reduce threat likelihood and target vulnerability (like requiring smoke alarms for a fire policy). Involuntary assumption occurs when you install a security system at your store, but the store across the street does not. A thief would rob the store across the street because it’s an easier target. That store is involuntarily, and even unknowingly assuming your risk. Risk mitigation – this is the name of the game – that’s what we do in the security industry – we take steps to reduce risk. Let’s talk about this in more detail.
