Security cannot be applied to an organisation in a cook book recipe style. Each entity is unique and requires a specific solution. In order to supply specific security processes and technology to an organisation, it is best practice
to carry out a risk analysis that will lead to a solid plan that actually addresses specific needs. The following is a general framework which may vary slightly based on the client.
Please Note: The explantation for each image is below.
1. Understand the organisation and identify assets
Your assets include your people, property, core business and information. We want to get to know them so we can specify a solution that will encompass all aspects of your business.
2. Specify risks/vulnerabilities
We are going to identify points of weakness based on the above and design a framework to manage those risks. That means that we are going to look at things like your past security incidents, the local environment, norms in the same
industry, the intrinsic value of your assets, and sometimes in the case of terrorism even use our intuition!
3. Establish probability & frequency of a loss event
We are going to quantify not only how often negative events take place, but also what the likelihood is of them taking place so that you have a solid reason on which to base your security spend!
4. Ascertain the impacts of events
In this important step we are going to determine the financial and psychological impact that the loss of an asset will have on the organisation.
5. Develop ways to mitigate risks
Different avenues are pursued to either prevent or mitigate losses through physical and procedural process, technology and includes risk avoidance and transferral techniques such as outsourcing and insurance.
6. Examine the feasibility of implementation
Now we make sure that the options developed can be implemented without seriously affecting or intefering with the operation and profitabilty of the organisation.
7. Perform a cost benefit analysis
Now we help you see if it's worthwhile comitting funds to a specific vulnerability by analyzing the benefits that will be derived from an expenditure.