Good security risk management begins with a master plan — a vision of the security department, its roles and responsibilities, and how it fits into the overall organization. We have found that security is more effective when you look at your organization as a whole.
Accordingly, we address all aspects of security planning simultaneously to provide our clients with a security master plan that serves as a coordinated and cohesive security solution.
While built on best practices, our master security plans are customized for your unique needs. In our experience, the most effective plans will incorporate responsibilities not only for preventing, detecting, investigating, and responding to incidents, but also for ongoing monitoring and updating of the plan itself.
Security master plan goal: effective and evolving security risk management
Our approach to creating a security master plan starts with an assessment of the current risk environment. We will identify any high-risk areas in your organization based on the severity of impact and likelihood it will occur. This process can include both interviewing a variety of personnel as well as examining technical resources such as electronic security systems. Our goal is to ultimately produce a plan that will enable you to prioritize, estimate the cost, and implement risk mitigation measures that can be adapted if your needs change. The four major components for developing a security master plan typically include:
- Asset Definition to establish priorities for the security master plan. It is not realistic to assume that every asset can be or should be protected against every possible threat. Assets will be identified on how critical each is to the organization.
- Threat Assessment that includes the identification and analysis of potential threats against your organization. Events are typically categorized as criminal, natural, or accidental.
- Vulnerability Analysis where we correlate assets and threats and define the method or methods for compromise. We will analyze the existing security program to identify any physical, operational, and procedural weaknesses that may exist and identify potential countermeasures that could be implemented to minimize the probability of an event. The primary goal of this analysis is to develop a profile that defines overall threats that may affect your organization. A profile is developed that would categorize threats as highly probable, possible, or unlikely.
- Security Measures are selected for implementation. The selection process is intended to channel resources to protect the most vital assets against the most probable threats. Security measures for a comprehensive security master plan typically addresses the following:
- Architectural elements
- Operational elements
- Electronic security systems
- Policies and procedures (guidelines)