To support a strategic, standardized and consistent approach to security governance, quantification, implementation and measurement across multiple countries and sites we can help develop a bespoke quantifiable and measurable security programme framework, based on security policy, standards, processes and programmes.
At a strategic level we can design and develop a security risk assessment and management methodology to suit a client’s needs. If requested, at the operational level we can conduct assessments and manage any resulting recommended mitigation measures.
Threats exploit vulnerabilities to target assets. Therefore, it is vital that a client understands which threats he may face and what the intent and capability of the threat may be. RiskSecure Consulting can carry out a threat assessment and develop a follow on design basis threat document as part of a wider risk assessment effort or as a standalone activity.
Security programme controls are designed to protect client assets and in the ideal world the asset will be protected by multiple layers opposed to a single point of failure. A vulnerability is a security programme or site weakness that can be exploited by a threat. The weakness can relate to a policy, procedural or process gap. A technical or physical problem or a staffing issue. To determine and evaluate these points RiskSecure Consulting can conduct a comprehensive information gathering exercise based on the clients security programme documentation. This involves onsite inspections, walkthroughs, document and process reviews and interviews with stakeholders; and site security, where present.
While certain aspects of security often lack regulatory weight, the need for an emergency response function and associated requirements in the main does not. In most countries an employer is expected to provide a duty of care to address emergencies that may be reasonably foreseable in the workplace. While evacuating a building safely is vital under the right circumstances, other circumstances may necessitate a lock-down and shelter in place.
As a follow on of the risk assessment process or by taking an all hazards approach, RiskSecure Consulting can determine what foreseeable emergencies may occur and build out an emergency response program based on the need to prepare, respond and recover.
We can conduct full or limited scope audits of a client security programme. The audit is a fact-finding exercise to determine how effective the security programme is and sometimes a rare but beneficial occasion to propose security enhancements. The audit scope could include, but not be limited to: policies and processes; physical and technical controls; training and competence of security staff; documentation and record retention, in addition to the serviceability and maintenance of equipment.
Copyright © 2019 Risk Secure Consulting - All Rights Reserved.
Powered by GoDaddy Website Builder