Loss prevention
Loss prevention focuses on what one's critical assets are and how they are going to protect them. A key component to loss prevention is assessing the potential threats to the successful achievement of the goal. This must include the potential opportunities that further the object (why take the risk unless there's an upside?) Balance probability and impact determine and implement measures to minimize or eliminate those threats. Security management includes the theories, concepts, ideas, methods, procedures, and practices that are used to manage and control organizational resources in order to accomplish security goals. Policies, procedures, administration, operations, training, awareness campaigns, financial management, contracting, resource allocation, and dealing with problems like security degradation are all included in this vast sector.Security risk management
The management of security risks applies the principles of risk management to the management of security threats. It consists of identifying threats (or risk causes), assessing the effectiveness of existing controls to face those threats, determining the risks' consequence(s), prioritizing the risks by rating the likelihood and impact, classifying the type of risk, and selecting an appropriate risk option or risk response. In 2016, a universal standard for managing risks was developed in The Netherlands. In 2017, it was updated and named: Universal Security Management Systems Standard 2017.Types of risks
External
* Strategic: Competition and customer demand. * Operational: Regulations, suppliers, and contract. * Financial: FX and credit. * Hazard: Natural disasters, cyber, and external criminal acts. * Compliance: New regulatory or legal requirements are introduced, or existing ones are changed, exposing the organization to a non-compliance risk if measures are not taken to ensure compliance.Internal
* Strategic: R&D. * Operational: Systems and processes (H&R, Payroll). * Financial: Liquidity and cash flow. * Hazard: Safety and security; employees and equipment. * Compliance: Concrete or potential changes in an organization's systems, processes, suppliers, etc. may create exposure to a legal or regulatory non-compliance. Risk optionsRisk avoidance
The first choice to be considered is the possibility of eliminating the existence of criminal opportunity or avoiding the creation of such an opportunity. When additional considerations or factors are not created as a result of this action that would create a greater risk. For example, removing all the cash flow from aRisk reduction
When avoiding or eliminating the criminal opportunity conflicts with the ability to conduct business, the next step is reducing the opportunity of potential loss to the lowest level consistent with the function of the business. In the example above, the application of risk reduction might result in the business keeping only enough cash on hand for one day's operation.Risk spreading
Assets that remain exposed after the application of reduction and avoidance are the subjects of risk spreading. This is the concept that limits loss or potential losses by exposing the perpetrator to the probability of detection and apprehension prior to the consummation of the crime through the application of perimeter lighting, barred windows, and intrusion detection systems. The idea is to reduce the time available for thieves to steal assets and escape without apprehension.Risk transfer
The two primary methods of accomplishing risk transfer is to insure the assets or raise prices to cover the loss in the event of a criminal act. Generally speaking, when the first three steps have been properly applied, the cost of transferring risks is much lower.Risk acceptance
All of the remaining risks must simply be assumed by the business as a part of doing business. Included with these accepted losses are deductibles, which have been made as part of the insurance coverage.Security policy implementations
Intrusion detection
* Alarm device.Access control
* Locks, simple or sophisticated, such as biometric authentication and keycard locks.Physical security
* Environmental elements (ex. Mountains, Trees, etc.). *Procedures
* Coordination withSee also
* Alarm management * IT risk * IT risk management * ITIL security management, an information security management system standard based on ISO/IEC 27001 *References
Further reading
* ''BBC NEWS , In Depth.'' BBC News - Home. Web. 18 Mar. 2011.