A Cygnus Business Media Website

News

Corporate & Office Parks

Educational & Institutional

Financial

Gaming

Government & Public Buildings

Healthcare Facilities

Homeland Security

Hospitality & Entertainment

IT Asset & Technology Centers

Manufacturing & Industrial

Residential Security

Retail

Transportation Facilities

Utilities & Public Works

Cabling & Connectivity

CCTV/Surveillance

Central Station Monitoring

Computer & Network Security

Security & Guard Services

Security Technology Executive

Security Dealer & Integrator

Home » Magazine Archives » June 2007

Security Technology Executive

Assess the Probability of Business Loss

Objective: To estimate the probability of loss in areas of concern, given known vulnerabilities.

The Latest from SIW

Mace to launch dealer program, acquire central station CEO says company also refocusing product line with plans to add access control and burglar alarms products Basics of establishing an employee ID badging system From photos to badge design and ensuring HR buy-in, here's what you need to know The security week that was: 1/02/09 The top 40 security stories of 2008 Homemade bombs force evacuations in Aspen, Colo. Toronto wraps up municipal surveillance pilot project

By George Campbell

Results Sought: Help management to recognize that the business contains vulnerabilities that may affect customers. Eliminate plausible denial and engage management for follow-up. Obtain support for elimination of vulnerabilities. Increase participation in essential areas of risk ownership and accountability. Ideally, you want to hear: �I support your objectives in assessing these risks. I accept our responsibility to ensure remedial action on each of these corporate risks and will ask our general auditor to track resolution of each of these findings.�

Strategy : To obtain this information, conduct multiple tests of policy-based or common-sense safeguards in a variety of protection categories over a six-week period. It's important to advertise the tests and methodology in advance and to include objectives in an annual plan. Think of the strategy in four levels or steps:

* Your protection programs and tactics are built around the achievement of clear, measurable results in terms of reduced exposure to risk. Your first step should be to clearly outline those expected results.

* Make sure that assessment programs are an essential component of corporate governance. Present assessment results to senior management and the audit committee.

* Structure your assessments around measurable criteria of effectiveness (success or failure), and measure your risk and protection elements as you have advertised in your annual plan.

* When you know the results of your metrics, thoroughly analyze and report them in a way that is responsive to management's format for action and accountability.

Where Is the Data? The data is in the risk assessments you routinely perform, which examine the adequacy of key protection measures and uncover gaps in the quality of internal controls around critical assets and business processes. If you have appropriately structured your ongoing recorded measures, and have planned your risk assessment processes to provide comparative metrics, you will have:

1 2 next

Today's Most Read SIW Articles

SIW eNews

Event Calendar