Truth or dare?

June 2016 Editor's Choice, Security Services & Risk Management

I came across an article the other day that discusses how a report writer does not always provide the reader with all the information. For example, a crime may be covered in regards to who was killed, when he was murdered and where it happened. But the aspect of the how and the why is not mentioned. This could be because they may not have that information, or for other reasons have decided not to include this in the report. The former reason got me thinking as to how this is the same with the security risk assessment.

Confidentiality

There are many applicants that are looking for an assessing position with my security risk consultancy. They provide me with their CV and sometimes a copy of an assessment they have conducted. The breach of confidentiality and the actual content is often a shocker to me.

Before we review the content, I would just like to discuss the confidentiality issue. These individuals are using previous assessments in a bid to win me over for employment. In other words, to make new business. As a professional and an independent who has been in the security field for over two decades; not even I advertise my previous clients to get new ones. This in itself creates a security risk for the client and this is why confidentiality is vital.

All the assessment reports that I have reviewed by job seekers are extremely limited in content. The document usually consists of a few pages with photographs. They will point out to the client where the risk is and what could be a probable area of risk. It is not explained why it is a risk; how to remedy it or even who needs to make changes to fix this. In this case, it is general that the assessor does not have that information or does not have the necessary knowledge to solve it. The client is not provided with this important information.

Who did the assessment, a salesperson or a risk assessor?

Another regular occurrence is that the assessor will focus more on the what of products that can be used as a remedy. This does not include other methods or items that are not in his inventory that can work in how to fix the problem. Such assessments are what we refer to in the industry as a product assessment. The assessor is simply a salesman from a security company peddling his wares. Sales or service contracts make the money, not the investigation or the assessment. This is provided for free or dirt cheap.

The whole point of the independent security risk assessment is to investigate the site at several levels. This investigation will positively identify and explain all weaknesses within the physical security status. These are points and areas that provide the opportunity for the criminal to commit a crime. Probability is not valid in security risk assessment. To be able to practice proactive crime prevention, these opportunities need to be eliminated or at least minimised.

This is where the second major part of the security risk assessment begins. Active research into the client’s unique security solutions is conducted. The final and extensive report will provide the client with an in-depth security plan. The plan will give the client the necessary security knowledge and know-how. This empowers him to make good security decisions that will effectively deal with his security risk.

Understand that the security risk and threat assessment cannot be covered partially. The client is not always any the wiser if only the what and where is provided to him. He needs all the other information ranging from the HOW, WHY and WHO to be able to benefit in full from the service provided by the independent security risk consultant.

For more information, contact Alwinco, +27 (0)62 341 3419, [email protected], www.alwinco.co.za



Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

AI-enabled tools reducing time to value and enhancing application security
Editor's Choice
Next-generation AI tools are adding new layers of intelligent testing, audit, security, and assurance to the application development lifecycle, reducing risk, and improving time to value while augmenting the overall security posture.

Read more...
Perspectives on personal care monitoring and smart surveillance
Leaderware Editor's Choice Surveillance Smart Home Automation IoT & Automation
Dr Craig Donald believes smart surveillance offers a range of options for monitoring loved ones, but making the right choice is not always as simple as selecting the latest technology.

Read more...
AI enables security solutions to define business strategies
Regal Distributors SA Editor's Choice
While allowing technologies to do exactly what they should do with even more efficiency and precision, AI is also empowering these same technologies to break through their traditional boundaries and create an ecosystem where one interface delivers outcomes across highly segmented verticals.

Read more...
Putting cyber into surveillance
Dallmeier Electronic Southern Africa Cathexis Technologies Technews Publishing Editor's Choice
Cybersecurity has become an essential part of the physical security industry. However, unlike other IoT technologies, of which security products are a part, surveillance technologies have more to protect.

Read more...
2024 State of Security Report
Editor's Choice
Mobile IDs, MFA and sustainability emerge as top trends in HID Global’s 2024 State of Security Report, with artificial intelligence appearing in the conversation for the first time.

Read more...
Cyberthreats facing SMBs
Editor's Choice
Data and credential theft malware were the top two threats against SMBs in 2023, accounting for nearly 50% of all malware targeting this market segment. Ransomware is still the biggest threat.

Read more...
Are we our own worst enemy?
Editor's Choice
Sonja de Klerk believes the day-to-day issues we face can serve as opportunities for personal growth and empowerment, enabling us to contribute to creating a better and safer environment for ourselves and South Africa.

Read more...
How to spot a cyberattack if you are not a security pro
Editor's Choice
Cybersecurity awareness is straightforward if you know what to look for; vigilance and knowledge are our most potent weapons and the good news is that anyone can grasp the basics and spot suspicious activities.

Read more...
Protecting IP and secret data in the age of AI
Editor's Choice
The promise of artificial intelligence (AI) is a source of near-continuous hype for South Africans. However, for enterprises implementing AI solutions, there are some important considerations regarding their intellectual property (IP) and secret data.

Read more...
Super election year increases risks of political violence
Editor's Choice
Widening polarisation is expected in many elections, with terrorism, civil unrest, and environmental activism risks intensifying in a volatile geopolitical environment. Multinational businesses show an increasing interest in political violence insurance coverage in mitigation.

Read more...