Risk assessment in the security sector

Residential Estate Security Handbook 2016 - Vol 1 Residential Estate (Industry), Security Services & Risk Management, Editor's Choice

At the present time, risk and threat analysis is often based on a qualitative classification system, for example the use of risk matrices. Risks are identified and grouped according to criteria such as likelihood of occurrence and impact if the risk event occurs. These criteria are typically ranked in categories, for example ‘low’, ‘medium’ and ‘high’.

This is a useful starting point, particularly in requiring decision-makers to identify the key risks facing a particular entity or location.

Once this classification has been completed, a host of follow-up questions present themselves. Some examples are:

• What are the relationships and dependencies between the risks? How strong are these relationships?

• Does the occurrence of one risk event make another more likely? How much more likely?

• What factors are associated with particular risk events happening? How strong is the influence of a particular factor on a given outcome?

• What if we can’t afford to tackle all of the high impact/high probability risks? Which risk events should be targeted first, given there is only a limited budget available?

A more quantitative approach

In order to be able to address these sort of questions, a more quantitative approach is needed. This will require the use of various mathematical models that will provide a numerical output, as well as data to drive the analysis.

In the world of insurance, actuaries have been studying risk for centuries, using just such an approach to understand the cover that insurance companies can safely provide to their policyholders. In this context, ‘safely’ means that the insurer will be able to pay all future claims when these are made. The threat of becoming insolvent otherwise has provided a strong incentive to develop a more granular understanding of risk. Regulation to protect policyholders relying on this cover also plays a part.

In the field of probability and statistics, the scientific study of uncertainty has become ever more sophisticated as the possibilities afforded by soaring computer power and increased availability of data. Decades of academic research have developed powerful modelling tools that have been used to analyse all sorts of situations, from determining whether a new medicine is truly effective, based on clinical trials, to what economic factors have the most effect on the share market.

Risk models

There are a wide range of different types of models that offer many different ways of exploring risk. Some seek to link ‘explanatory’ factors with a particular outcome, answering questions such as: how strong is the influence of each factor? Can some factors be ignored, once others have been taken into account? Other models look at how certain variables change over time and whether there are trends and patterns in how they do so. Yet more models can be used to understand how risk events are distributed over a geographic area: is there clustering? Is this a coincidence, or a genuine effect?

All models share the feature that only those effects and relationships that can be clearly justified by the data/evidence in a rigorous manner are accepted. This scientific process of elimination can lead to some surprising results: commonly-held beliefs and ­‘commonsense’ conclusions do not always stand up to the test. This suggests interesting new avenues for further analysis and sometimes a novel or powerful approach for managing a given risk that would not otherwise have been identified.

Of course, the use of models involves judgement and subjectivity and it is important not to overstate their accuracy. They are important tools to assist decision makers in thinking about risk: they are not crystal balls that can predict the future. However, with the increasing amounts of data becoming available in a form that can be processed and analysed they offer a powerful way of exploring and understanding risk and the related uncertainties.





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Empower individuals to control their biometric data
Information Security Access Control & Identity Management Security Services & Risk Management
What if your biometrics, now embedded in devices, workplaces, and airports, promising seamless access and enhanced security, was your greatest vulnerability in a cyberattack? Cybercriminals are focusing on knowing where biometric data is stored.

Read more...
Strategies for combating insider threats
Information Security Security Services & Risk Management
In Africa, insider threats pose an increasingly significant risk to businesses, driven by economic uncertainty, labour disputes, and rapid digital transformation. These threats can arise from various sources, including disgruntled employees and compromised third-party service providers

Read more...
World-first safe K9 training for drug detection
Technews Publishing SMART Security Solutions Editor's Choice News & Events Security Services & Risk Management Government and Parastatal (Industry)
The Braveheart Bio-Dog Academy recently announced the results of its scientific research into training dogs to accurately detect drugs and explosives without harming either the dogs or their handlers.

Read more...
New firearms training modules from ITA
News & Events Security Services & Risk Management
The International Firearm Training Academy has launched two new firearms training modules to support career development in the firearms industry: the Maintenance Fitter and the Firearms Custodian modules.

Read more...
Empower individuals to control their biometric data
Information Security Access Control & Identity Management Security Services & Risk Management
What if your biometrics, now embedded in devices, workplaces, and airports, promising seamless access and enhanced security, was your greatest vulnerability in a cyberattack? Cybercriminals are focusing on knowing where biometric data is stored.

Read more...
Background checks: risk levels and compliance
iFacts Access Control & Identity Management Security Services & Risk Management
Conducting background checks is a vital step in the hiring process for employers or when engaging service providers; however, it is crucial to understand the legal framework and regulations governing these checks.

Read more...
Smart access for a safer community
neaMetrics Suprema Access Control & Identity Management Residential Estate (Industry) Products & Solutions Commercial (Industry)
Suprema has released its BioEntry W3 facial authentication access control device with multiple authentication options, including RFID cards as well as mobile credentials, designed for durability and resilience.

Read more...
On the ball or unaware
Technews Publishing Information Security Security Services & Risk Management
Whether an organisation is operating at a high level of information security maturity or has dangerous vulnerabilities that could put an entire business at risk, advanced, strategic penetration testing can uncover its true state of IT security.

Read more...
The bane of burnout
Editor's Choice Security Services & Risk Management
The World Economic Forum has recently formally acknowledged burnout as an occupational syndrome, giving it a status that is even more worthy of being taken seriously and resolved as quickly as possible.

Read more...
A winning combination for modern cybersecurity
Information Security Security Services & Risk Management
Companies are compelled to comply with legislative mandates and, more importantly, implement appropriate security measures for their customers and their most valuable asset – their data.

Read more...