Security Risk Analysis
Methodological approaches to identify and solve security-related problems
Type
Domain
Competency Area
Security Risk Management
Levels
Breakdown straightforward security problems and identify risks
Apply basic risk identification techniques
Follow standard operating procedures (SOPs) to identify risks
Study situations and relate to past experience for identification of risks
Discuss situations with security teams to identify risks
Determine the cause-and- effect relationships between security problems and risks
Identify potential risks affecting client security using available organisational, industry and public information sources and assess against likelihood of occurrence
Assess potential risks based on accurate and current understanding of clients’ operating environments
Develop structured action plans which identifies key roles and responsibilities associated with implementation of security risk management plans
Develop contingencies for occurrence of identified risks, and incorporate into plans
Select risk control measures in line with organisational practices, and identify and clarify implications of risk control measures approved by clients
Check risk control measures are documented and supported by suitable agreed organisational guidelines
Assess threat vulnerabilities and risks
Assess and evaluate existing security provisions and ground operations within facilities
Identify and evaluate security threats within facilities and the probability of occurrence
Analyse vulnerabilities as well as operations and activities related to threat scenarios
Assess associated loss or impact on facilities should threats occur
Develop overall risk profiles of facilities
Develop measures, which cover manpower, infrastructure, use of technology and reporting systems, to mitigate risks and reduce identified vulnerabilities
Communicate with relevant stakeholders