I Have Conducted My Security Risk Assessment Now What?
Posted on Fri, May 06, 2011
By Jeffrey A. Slotnick CPP, PSP, President Setracon, Inc. & Keynote Speaker at The Great Conversation, ASG Security Summit & Expo
Having conducted risk, threat, and vulnerability assessments for some years now, I have encountered an issue which seems common to many organizations.
How do I manage and utilized the data I have collected on my assessment?
Most small businesses to large enterprises have conducted some sort of assessment. Whether it was for Security, Business Continuity, or Continuity of Operations, the first step in this process for all of these is a comprehensive risk assessment. If the organization is serious about risk identification they have revisited these assessments and refreshed them several times.
The question now becomes, what do I do with all this data I have collected? Producing actionable data from all of this information becomes extremely important when making risk, operational, and financial decisions.
I have observed many companies with multiple facilities who purchase one type of physical security system for one facility and a different type for another. Down the road this creates maintenance and service problems. Wouldn’t it be better to purchase like systems for all facilities?
Trend analysis is another important factor. Are you suffering the same types of loss and shrinkage at multiple facilities? You will never know unless you have the ability to collate data.
Organizational Resilience
So where am I heading with this? The Cloud offers some unique opportunities for storage and manipulation of large amounts of data. When the power of the Cloud is coupled with appropriately designed SharePoint consoles you have a real opportunity to take all of the collected data from these assessments and collate them into searchable information - which is critical to risk resilience.
The ability to make timely risk decisions based on fact instead of speculation is a significant achievement in making the business case for the security function. Customized SharePoint consoles can provide information which is sorted by threat level, level of risk, or any other user defined search parameter. Imagine at the click of a mouse identifying each of your facilities with a tier one threat!
The natural progression from risk assessment is Organizational Resilience. Organizational Resilience permits you to apply cost effective risk treatments to the highest hazards before a high consequence event occurs, thus insuring the financial success of your enterprise.