S
electing a risk-based security solution doesn’t have to be daunting; by using a sound process can make it rewarding and enjoyable.
What is a risk-based security solution?
A risk-based security solution refers to an organisation’s approach to security which assesses and manages security risks in a proactive and prioritised manner. This approach can be a combination of manned guarding, systems and technology.
Selecting a
risk-based security solution
Rather than implementing a one-size-fits-all security strategy, using a risk-based approach allows those organisations to identify and address their most critical assets and from there, understand the risks they face by knowing what it is that they need to protect, decide how much risk to tolerate and then act to reduce those risks.
All organisations will have a different approach to security. They will face different risks, threats and vulnerabilities, but no matter the size of the organisation and its approach to security, one of the key principles behind a risk-based approach is to allocate the right amount of resources.
Some of those resources can be time, effort, personnel, information and budget and will be based on the findings from the organisation’s risk, threat and vulnerability assessments. Bringing those key principles together allows for a systematic evaluation which, in turn, allows an organisation to determine its most effective security measures. This involves researching for and writing the operational requirement for your security solution.
Define the operational requirement for your security solution
Once you have completed the risk assessment process, you will have an idea of the areas that require the most attention and a broad understanding of what type of products you are looking for. It is this middle area of the process where you will complete an operational requirement, then it is time to start looking for your security solution. I have been involved in many security projects across different sectors over the years, and this
© CITY SECURITY MAGAZINE – AUTUMN 2023
doesn’t have to be a complicated process and it’s one that security professionals should not be scared of. It can be broken down into these steps:
• Evaluate your existing infrastructure. This is one of the first things you should do. This can include network infrastructure, power, floor layout, access points, existing security measures and the design of your facilities. The worst thing is to find a solution you like and then find that it can’t be implemented because your infrastructure doesn’t support it.
• Research the market for some products that align with your needs and requirements. It’s key to consider what a product’s features are, what its scalability is like, what integration capabilities it has and if it is compatible with your existing infrastructure.
• Request manufacturers’ demonstrations. This will give you a look and feel of what the solution looks like. If you have the ability to trial the solution, even better, this will give you a hands-on experience with the product and show how well it meets your requirements. During the demonstrations, assess the scalability and flexibility of the solution. As your organisation grows and the treats change, you need something that can adapt to those changing circumstances. Can it accommodate future expansion? Can it adapt to changing infrastructure? These demonstrations and trials can provide you with valuable insights and help you make informed decisions.
• Vendor and manufacturer support should be up there when reviewing the solutions
www.citysecuritymagazine.com
considered. I have been there at 2 a.m. hoping to get a system back up and running with vendor support. Knowing that someone is on the end of the phone gives you and your team comfort that issues can be resolved quickly. Use your network too, and ask fellow professionals for their opinion on your choice of solution; those close in your network will give you an honest opinion.
• Analyse the effectiveness of the solutions that you have looked at. Consider all the risks that you have identified and evaluate if those solutions can address those identified risks and meet your security objectives.
• Costs: we can’t ignore costs and usually costs are a major factor, especially if budgets are tight. Some solutions will have an upfront cost, but may have ongoing support cost models. Another consideration with costs is some solutions will have licensing costs, this can be each time you add to the system or yearly costs. Look at the long term ROI.
Ensure you look at all cost models and options
The security solution you are likely to choose will be in place for at least the next seven years until you start to carry out an assessment on its suitability. Time and effort should be given to the whole process and that starts by firstly carrying out a comprehensive risk assessment for the areas that you are looking at protecting.
Once this has been carried out, use those results to complete an operational requirement for the solution you are looking for. This helps with making an informed decision when selecting a security solution that best fits your specific needs.
Remember, security is an ongoing process, so regularly reassess your solution to ensure it continues to meet your evolving requirements and remember your risk assessment process should not be seen as a box-ticking exercise. Closely manage and monitor those identified security risks and the threats your organisation faces on an ongoing and regular basis.
Ashley Watson, PSP, MSyI
www.linkedin.com/in/ashleywatsonpsp
>
32
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36
