The same security assessment for different reasons

Issue 7 2020 Editor's Choice

Like everything else in life, a security risk assessment also has two sides: Side A and Side B. Side A is the proactive approach, and Side B is the approach taken ‘after the fact’.

Side A is the approach mostly taken by investors, the owner of a business, or a CEO. These individuals will contact us for an independent security risk assessment in order to understand their security and risks better and to find suitable solutions for the identified risks.

Most of these people will then follow the recommendations in the security risk assessment and implement the solutions to ultimately eliminate the opportunity for crime. In other words, they fix their security before they get caught off guard.

The other approach, Side B, is the approach people take after a crime with devastating effects. This is when they have an axe to grind and want to hold someone accountable for the loss or injury that has occurred.

Essentially, both types of assessments are done in the same way; the focus is to identify the risks and to eliminate these risks with suitable and risk-specific solutions.

In the case of Side B, we just look at the security solutions that should have been implemented to avoid a crime from occurring. The only difference is that the B assessment is requested after a crime-related incident that changed someone’s life for the worse.

It is not the owners of the property or business that request the security risk assessment, but rather the victim’s family or friends. Sometimes these family members will approach an attorney who will then request us to conduct a security risk assessment.

Fixing the unfixable

This type of assessment is mainly focused on finding out what could have been done to prevent a crime from happening. It is aimed at highlighting the things that should have been remedied to eliminate the risk that provided the opportunity for crime. It also focuses on the process that was followed to make security decisions – not only on the hardware.

The goal of highlighting the opportunities for crime is to provide a court with information that somebody is responsible for the security decisions or neglected a security aspect and that this neglect or wrong decision contributed to the occurrence of the crime.

When someone has been attacked at the office or any property has been compromised and someone has been murdered, raped, or kidnapped, and so on, people want to react. They want to know why and how, and they want to know who is responsible.

Think about this for a moment: If a building collapses and people are hurt and killed in the process, who will be blamed? The architect or the engineer. The builders will also be blamed, but remember, they built in accordance with the plan that was given to them. If they prove that they followed the instructions as per the architect, the burden of those lives that have been lost will fall on the architect.

Remember the homework or the research that you did when you wanted to purchase a vehicle? Or when you were looking at purchasing a house? Even purchasing new curtains requires some form of research.

It’s the same with security

What homework or research has been done before you made a security decision? Who has done this homework/research? What information did you use to make your security decisions? That is the type of information that the second type of assessment, approach B, wants to know after a crime has happened.

Eventually, this type of security risk assessment will be handed to the lawyers and will be used in court, or it will be used in some way against the property owner, and/or the decision-makers regarding poor security.

Remember, security hardware alone is not security. Various aspects need to be in place before you can call it security.

While these assessments are predominantly the same , and they will be accompanied by questions such as:

• Where is your risk assessment?

• Who is responsible for security?

• What have you done to eliminate the risks?


Andre Mundell.

The difference comes in at the answering of these questions. The proactive party, Side A, will have the answers to these questions while Side B, the ‘after the fact’ party, will have no answers when a crime has occurred.

The security risk assessment will have all the answers; it will show the processes that were followed, the homework that was done to get to the specific solutions as well as the what, how, and why of security.

In some cases, the reason that the security measures could not be installed at the time will also be provided by the security risk assessment. Remember that people were hurt, and either incurred an injury themselves or lost someone dear to them, and they want to hold someone accountable. They will search far and wide to find the responsible person.

Most of these people ask the questions, but they do not get satisfactory answers, which leads them to us at the end of the day.

Keep in mind that when it comes to certain properties, in accordance with the Health & Safety Act, the business/property owners have a responsibility to do everything in their power to keep the people safe. The homeowner knows who is responsible for security decisions.

‘Should have’, ‘could have’ and ‘would have’ does not undo the crime. Those words cannot change the devastating effects of crime and that is essentially the main difference between a proactive security risk assessment and a security risk assessment that is done after the fact.

Approach A wants a security risk assessment to fix their security in order to be proactive, whereas approach B is to find out who is responsible for bad security decisions.


Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

FortiGuard labs reports disruptive shift of cyber threats
Editor's Choice
Threat intelligence from the second half of 2020 demonstrates an unprecedented cyber-threat landscape where cyber adversaries maximised the constantly expanding attack surface to scale threat efforts around the world. Adversaries proved to be highly adaptable, creating waves of disruptive and sophisticated attacks.

Read more...
The worst of times
Technews Publishing Editor's Choice
Cyber resilience in terms of people, processes and technology is where it’s at when it comes to prevailing in a world beset with cybercriminals.

Read more...
Cyber trends for 2022
Editor's Choice
In the last six months, an organisation in South Africa was attacked on average 1737 times per week. This is more than double the global average (819) of attacks per organisation per week.

Read more...
Cybersecurity for the board of directors
Editor's Choice
Bike-shedding is a common distraction in boardrooms, especially when discussing issues board members are responsible for, but don’t understand – like cybersecurity.

Read more...
Cybersecurity is now a digital transformation imperative
Editor's Choice
New research from the IDC reveals cloud security is the number one priority for investment, 50 percent of South African business leaders are concerned with the consequences of security breaches.

Read more...
Providing real-time visibility
Technews Publishing Editor's Choice
Comprehensive visibility is critical, but not always attainable without the support of a managed service provider dedicated to monitoring and securing your cyber environment around the clock.

Read more...
Getting the basics right
Technews Publishing Editor's Choice
Cybersecurity is like any other discipline, you can’t start at the top, you need to get the basics right. Hi-Tech Security Solutions asks how to best do this.

Read more...
Partnering to make South Africa more cyber secure
Editor's Choice
Cybersecurity professionals from the public and private sectors as well as academia have joined forces to establish the Cybersecurity Digital Alliance.

Read more...
Turnstar ramps up countermeasures
Turnstar Systems Editor's Choice Access Control & Identity Management News Products
Turnstar has developed and patented an early warning and deterrent system which will alert security, and anyone nearby, of any attempt to place ramps over the raised spikes.

Read more...
The state of the distribution market
ESDA (Electronic Security Distributors Association Bosch Building Technologies Dark Horse Distribution Elvey Security Technologies Regal Distributors SA G4S Secure Solutions SA Editor's Choice Security Services & Risk Management
The distribution industry has evolved over the years and its current challenges simply mean another change is in the wind, for those who can take the next step.

Read more...