If you are not aware of the threats faced by your organization, how can you ensure that your security program is effective?

In our practice, we often deal with clients that spend hundreds of thousands of dollars on security manpower and technology solutions, without knowing what it is they are trying to protect against. Such programs only result in an "illusion of security" because absent an understanding of what the threats or risks are, an effective security risk management program is not possible.

It is like the old adage, "if you do not know where you are going, you will not get there".

Definition of a Risk Assessment courtesy of the Whole Building Design Guide.

The first step in a risk management program is a threat assessment. A threat assessment considers the full spectrum of threats (i.e., natural, criminal, terrorist, accidental, etc.) for a given facility/location. The assessment should examine supporting information to evaluate the relative likelihood of occurrence for each threat. For natural threats, historical data concerning frequency of occurrence for given natural disasters such as tornadoes, hurricanes, floods, fire, or earthquakes can be used to determine the credibility of the given threat. For criminal threats, the crime rates in the surrounding area provide a good indicator of the type of criminal activity that may threaten the facility. In addition, the type of assets and/or activity located in the facility may also increase the target attractiveness in the eyes of the aggressor. The type of assets and/or activity located in the facility will also relate directly to the likelihood of various types of accidents. For example, a facility that utilizes heavy industrial machinery will be at higher risk for serious or life-threatening job related accidents than a typical office building.

For terrorist threats, the attractiveness of the facility as a target is a primary consideration. In addition, the type of terrorist act may vary based on the potential adversary and the method of attack most likely to be successful for a given scenario. For example, a terrorist wishing to strike against the federal government may be more likely to attack a large federal building than to attack a multi-tenant office building containing a large number of commercial tenants and a few government tenants. However, if security at the large federal building makes mounting a successful attack too difficult, the terrorist may be diverted to a nearby facility that may not be as attractive from an occupancy perspective, but has a higher probability of success due to the absence of adequate security. In general, the likelihood of terrorist attacks cannot be quantified statistically since terrorism is, by its very nature random. Specific definitions are important to quantify the level of each threat. The more specific the definition, the more consistent the assessments will be especially if the assessments are being performed by a large number of assessors. Example assessments are provided below:

• Defined: Man-made: There are aggressors who utilize this tactic who are known to be targeting this facility or the organization. There is a history of this type of activity in the area and this facility is a known target. Specific threats have been received or identified by law enforcement agencies. Natural: Events of this nature occur in the immediate vicinity on a frequent basis.
• Credible: Man-made: There are aggressors who utilize this tactic who are known to target this type of facility. There is a history of this type of activity in the area and this facility and/or similar facilities have been targets previously. No specific threat has been received or identified by law enforcement agencies. Natural: Events of this nature occur in the immediate vicinity periodically (i.e. once every 10 years).
• Potential:Man-made: There are aggressors who utilize this tactic, but they are not known to target this type of facility. There is a history of this type of activity in the area, but this facility has not been a target. Natural: Events of this nature occur in the region on a sporadic basis.
• Minimal: Man-made: No aggressors who utilize this tactic are identified for this facility and there is no history of this type of activity at the facility or the neighboring area. Natural: There is no history of this type of event in the area.

Not sure where to begin? Get in touch with us... we can help - [email protected] https://brianclaman.com