Physical Security Risk Management: Know Your Assets

In recent years, growing concerns about physical security—from theft, crime, terrorism, and vandalism—have prompted more organizations to prioritize security risk management. While cyber risk often dominates headlines, the physical aspects of security risk sometimes receive less attention in corporate agendas.

A fundamental step in establishing effective security risk management is gaining control over your assets. This might seem straightforward, but in reality, large organizations managing multiple assets often struggle with accessibility. Without easy access to comprehensive asset information, it becomes exceedingly difficult, if not impossible, to begin formulating a robust risk management strategy. Therefore, the first step is cataloging and thoroughly understanding all your assets. This foundation is crucial for developing tailored security measures that safeguard your organization’s tangible and intangible resources.

Many companies and institutions recognize the need to control their assets, sometimes accomplishing this task with Excel sheets and Word documents that are hard to navigate, manage, and share. Alternatively, they often employ sophisticated Geographic Information Systems (GIS). While these systems are excellent and offer extensive capabilities in geography, topology, and vegetation analysis, they are not specifically designed for asset management. This focus can be overkill in one aspect and insufficient in another, making them less accessible and transparent for managing and controlling assets from a risk perspective.

As mentioned, having control over your assets is just the first step. So, what would an optimized system look like for controlling your assets? It would need to clearly identify:

• Type: What type of asset is it?
• Location: Where is it located? This should include the country, town, road, or even maritime coordinates.
• Visual Mapping: The assets should be visually mapped on a geographic interface.
• Criticality: How critical is this asset to your operations?
• Ownership: Is the asset self-owned, rented, or part of a joint venture?
• Contact and Manager Site: The asset's location, contact, and management information should be specified.
• Connectivity to In-house Systems (CRM, ERP, etc.): Integration capabilities for better information flow and management.

The system must also be flexible and capable of adding attributes specific to the organization's needs.

It should be an integrated part of the overall risk management system, where any changes to the assets would affect the algorithms and methodology of the risk factors, including threats, barriers, intelligence, and so forth.

An ideal system would start with these points as a foundation, building a methodology of risk that includes the many aspects of risk management, starting from control over assets with accessibility, the ability to edit, update, and add valuable information. It must be clear, visible, transparent, and accessible so that all departments involved will have the same information. This forms the basis of any effective security risk management system, setting the stage for addressing and managing threats at subsequent layers.

We at Acumen Risk have the perfect system for you. Call us and we will be happy to discuss further.

For more information: [email protected] Acumen Risk