What is encapsulated in the terms Security Review and Vulnerability Analysis?
Most organisations have a security structure, some based upon a prescribed security model others having evolved organically or based upon perceived organisational requirement. The majority have been implemented to meet generic threats rather than being implemented in a proportionate manner to mitigate specific threats identified through threat assessments.
Irrespective of how the security structure has been implemented, good practice identifies that regular reviews should be conducted, and the security measures evaluated against the assessed current threat, industry standards and organisational policy, if available, to establish continued relevance.
Identified vulnerabilities should be characterised against an impact assessment and remedial measures implemented as appropriate.
Undertaking a review of Security and an analysis of Vulnerability is a healthy business practice promoting preparedness and resilience.
How can this input help you/your organisation?
The inappropriate management of a Critical Incident has, in a number of organisations, directly led to loss of reputation and ultimately the failure of the business.
There is ample evidence to demonstrate that the more prepared you are for an incident, the better you are able to manage it.
Without regular review, management processes may remain static or degrade over a period of time whereas the operating environment most certainly will have evolved. Consequently a regular appraisal of processes is an imperative.
When considering engaging an internal or external reviewer; it is likely that an internal reviewer would be familiar with the organisational structure and processes. Such familiarity may subconsciously perpetuate common myth beliefs or legend rather than discerning the actuality. An external reviewer is less likely to be influenced by organisational culture or preconceived ideas, but should ask critical questions, adopting a more objective approach.
A blend of the two styles within a rolling program, periodically engaging an external reviewer and conducting the annual internal reviews is a balanced approach.
Who should engage?
Any individual having responsibility for planning for or managing Critical Incidents or Crises, developing organisational responses, Security Managers, or Health and Safety managers within an organisation irrespective of the size.
What is involved?
Working with your staff, support4rs will undertake the review through:
establishing a clear understanding of organisational approach to risk
undertaking a comprehensive threat assessment
evaluating the continued relevance of organisational policy
observed adherence to such policies
comparing the results against organisational security doctrine and the evaluated threat
reviewing and benchmarking existing measures to current standards both within business hours and during the hours of darkness, to include:
Intruder Detection Systems
the suitability and conformity of Physical Security Measures including stand-off, access control systems and associated administrative functions and the impact of fire detection and control systems
CCTV capability, integration and system effectiveness to BS EN 50132
organisation knowledge levels regarding security, including operating protocols, associated policies and guidance documentation
encapsulating the findings into a comprehensive report detailing identified vulnerabilities and associated recommendations