Risk assessment in the security sector

Residential Estate Security Handbook 2016 - Vol 1 Residential Estate (Industry), Security Services & Risk Management, Editor's Choice

At the present time, risk and threat analysis is often based on a qualitative classification system, for example the use of risk matrices. Risks are identified and grouped according to criteria such as likelihood of occurrence and impact if the risk event occurs. These criteria are typically ranked in categories, for example ‘low’, ‘medium’ and ‘high’.

This is a useful starting point, particularly in requiring decision-makers to identify the key risks facing a particular entity or location.

Once this classification has been completed, a host of follow-up questions present themselves. Some examples are:

• What are the relationships and dependencies between the risks? How strong are these relationships?

• Does the occurrence of one risk event make another more likely? How much more likely?

• What factors are associated with particular risk events happening? How strong is the influence of a particular factor on a given outcome?

• What if we can’t afford to tackle all of the high impact/high probability risks? Which risk events should be targeted first, given there is only a limited budget available?

A more quantitative approach

In order to be able to address these sort of questions, a more quantitative approach is needed. This will require the use of various mathematical models that will provide a numerical output, as well as data to drive the analysis.

In the world of insurance, actuaries have been studying risk for centuries, using just such an approach to understand the cover that insurance companies can safely provide to their policyholders. In this context, ‘safely’ means that the insurer will be able to pay all future claims when these are made. The threat of becoming insolvent otherwise has provided a strong incentive to develop a more granular understanding of risk. Regulation to protect policyholders relying on this cover also plays a part.

In the field of probability and statistics, the scientific study of uncertainty has become ever more sophisticated as the possibilities afforded by soaring computer power and increased availability of data. Decades of academic research have developed powerful modelling tools that have been used to analyse all sorts of situations, from determining whether a new medicine is truly effective, based on clinical trials, to what economic factors have the most effect on the share market.

Risk models

There are a wide range of different types of models that offer many different ways of exploring risk. Some seek to link ‘explanatory’ factors with a particular outcome, answering questions such as: how strong is the influence of each factor? Can some factors be ignored, once others have been taken into account? Other models look at how certain variables change over time and whether there are trends and patterns in how they do so. Yet more models can be used to understand how risk events are distributed over a geographic area: is there clustering? Is this a coincidence, or a genuine effect?

All models share the feature that only those effects and relationships that can be clearly justified by the data/evidence in a rigorous manner are accepted. This scientific process of elimination can lead to some surprising results: commonly-held beliefs and ­‘commonsense’ conclusions do not always stand up to the test. This suggests interesting new avenues for further analysis and sometimes a novel or powerful approach for managing a given risk that would not otherwise have been identified.

Of course, the use of models involves judgement and subjectivity and it is important not to overstate their accuracy. They are important tools to assist decision makers in thinking about risk: they are not crystal balls that can predict the future. However, with the increasing amounts of data becoming available in a form that can be processed and analysed they offer a powerful way of exploring and understanding risk and the related uncertainties.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Convergence of cyber and physical security
Integrated Solutions Security Services & Risk Management
The overlap between cybersecurity and physical security will necessitate the integration of cyber and physical security in order to enable the sharing of events to the same security operations centre.

Sustainability School opens for enrolment
Education (Industry) News Security Services & Risk Management
Three-part programme, first developed for Schneider Electric employees, is now available for free for companies worldwide. Attendees learn how to future-proof their businesses and accelerate their decarbonisation journeys.

Success in business process best practices
Technews Publishing Kleyn Change Management Editor's Choice Integrated Solutions Security Services & Risk Management
This month we commandeer time with the woman who is spearheading our national conversation on Women in Security, Lesley-Anne Kleyn, to get to know the lady herself a little better.

Security awareness training
Training & Education Security Services & Risk Management
It is critically important to have a security awareness solution that uses the limited time available to train effectively, and one that provides targeted education that is relevant to users.

Technology to thwart solar panel thieves
Asset Management, EAS, RFID Security Services & Risk Management Products
A highly efficient industrial network is coming to the rescue of the solar industry, as solar panels, inverters and batteries are being targeted by thieves and threaten to destabilise the industry.

Banking the unbanked comes with security risks
Financial (Industry) Security Services & Risk Management
As grim as it was, the pandemic of recent years and its resultant global economic crisis were a prime catalyst for record number of first-time bank users, the previously unbanked.

Vulnerabilities in industrial cellular routers’ cloud management platforms
Industrial (Industry) Cyber Security Security Services & Risk Management
Research from OTORIO, a provider of operational technology cyber and digital risk management solutions, unveils cyber risks in M2M protocols and asset registration that expose hundreds of thousands of devices and OT networks to attack

SAFPS to launch a platform to combat fraud
Editor's Choice News Security Services & Risk Management
In response to the growing need for a proactive approach to fraud prevention, the SAFPS is developing a product called Yima, which will be a one-stop-shop for South Africans to report scams, secure their identity, and scan any website for vulnerabilities.

End the scourge of solar panel theft
Guardian Eye IT infrastructure Security Services & Risk Management
Modern solar installations are designed so they can be put together very quickly, but this means they can also be dismantled very quickly, and so there has been a massive spike in the theft of solar panels from roofs.

Troye and Arctic Wolf join forces
News Cyber Security Security Services & Risk Management
Troye has announced a strategic partnership with Arctic Wolf to enable Troye to provide customers with enhanced cybersecurity solutions and services that help protect their businesses from advanced cyber threats.