The Intersection between Security and Risk Management - Report Example

The Intersection between Security and Risk Management Name Institution Date The Intersection between Security and Risk Management Introduction The security industry functions within a multi-disciplines and diverse base, having risk management as an essential domain of knowledge within security. Similar to other management subjects, security has embraced the application and principles of risk management, especially a probabilistic threat approach to gauge risk and help in decision making. This approach has received support from many individuals, who see probabilistic risk as an instrument that generated informed, rational and objective options from which sound decision might be made. Based upon qualitative, semi-qualitative and quantitative evaluation of probability and outcomes of future incidents, probabilistic risk intends to offer security professionals with the computation of such threats. The measurements are then utilized in the formulation of cost-effective resolutions which then shape a future that tries to lessen probable harm, while exploiting on probable opportunities. Nevertheless, several individuals claim that probabilistic risk is not enough to deliver anticipated coherent computations of security risks in an increasingly changing and uncertain environment. It is thus disputed that probabilistic approach is not effective for security, because security risk management takes a more heuristic approach (Brooks, 2011). The concept of security risk management Over the last two decades, risk management concept as a recognized discipline has come forward through the public and private sectors. Risk management is presently a well-founded discipline, having its own domain practitioners, as well as body of knowhow. According to Brooks (2011) nations all over the globe possess their own standards of risk management and in majority of these states, the senior organizational executives have the obligation of making sure that suitable practices of risk management match the external and interior compliance requirements. However, majority of these compliance requirements and standards only take into consideration risk management, and does not consider a security risk management. Safety or security risk management might be regarded as distinctive from other types of risk management because majority of the more common risk models do not have the essential key concept for efficient design, alleviation, and application of security threats (Aven, 2008). Generally, security might be regarded guaranteed liberty from want or poverty, safety measures taken to prevent theft or intelligence Green and Fischer (2012) note that security means a stable, comparatively predictable atmosphere whereby a group or an individual might pursue their activities in the absence of harm or interruption and with lack of fear of injury or disturbance. Areas of security practices might be regarded civic security, national security or private security, but merging of these fields are increasing within the present political and social environment. The development of security risk management The exposure of the world to rebel attacks has increased societal concern over the capability of state and national governments to protect their citizens. These attacks and other security issues have increased both global and national need for defense that can efficiently safeguard the nationals at a rational cost, attained to some extent via the utilization of security risk management. Security is usually considered in a private, organizational or commercial context for the safeguarding of assets, information, and people. Disrupting and preventing terrorist attacks, safeguarding citizens, vital infrastructure, and major resources, as well responding to incidents are key components in ensuring the safety of a nation. To be able to keep a country, it is the responsibility of all security stakeholders to strengthen the systems, structures, institutions and principles that are concern with security ASIS International, 2009). The management and assessment of risk lie beneath the full range of a nation’s security activities, entailing decisions on how, when and where to put in resources that control, mitigate or eliminate risks. In the visage of diverse and multiple catastrophic probabilities, it is at acceptable that risk which is a function of vulnerabilities, consequences, and threats. Risk-based frameworks must be applied in all security efforts so as to recognize and evaluate probable threats, entailing their downstream impacts, establish the acceptable levels of relative risk, prioritize and allocate resources among both private and public security partners, to prevent, respond to, respond to and recover from all form of events (Manunta, 2011). Security risk management approaches There are several security risk management and risk management frameworks utilized within the security industry. Nowadays, all portions of a company utilize threat management to a certain level and security is not any different. International standards like ISO 31000:2009 is possibly the benchmark, but the identified perspective of this framework is presently being assesses by an international survey, utilizing several diverse groups. In addition, the safety utilization of ISO 31000:2009 might be defected, because it disregards to raise and to incorporate certain safety concepts of risk like criticality, threat and vulnerability, unlike the HB 167:2006 safety risk management standard that integrates these security concepts into an incorporated framework (Dali, 2011). ISO 31000:2009 risk management was published in 1992 is regarded an almost international standard and is internationally recognized as excellent practice on addressing risk. This framework has been used in several countries such as United States, Canada, Japan, Spain and Korea. This standard is broadly utilized by security practitioners in Australia. Several industries utilize this risk management framework, and it possesses wide applications across finance, governance, project management, engineering, environmental protection, security and life safety (Standards Australia, 2009). Standards Australia is the key standards organization and has the responsibility of offering general governance and oversight of Standards in Australia. The organization focuses on four major areas which include international and national coordination, design assessment, accreditation of other bodies to develop standards and creation and update of frameworks or standards (Standards Australia, 2011). Australian Standards are published documents that set out procedures and specifications designed at ensuring systems, services and products are reliable, safe and perform consistently. This approach makes sure that a universal language is attained in an industry, driven by progressive portions of industry, community expectations and legislation. According to Standards Australia (2009), ISO 31000:2009 risk management offers a standard or framework for management of risk, staring with the establishment of context, the setting of the scope and identification of stakeholders. The next step involves assessment of risks, integration of risk recognition, analysis, and valuation. The last step entails treatment of risks. Simultaneously with risk assessment phases, there is the monitoring and reviewing of the process, as well as consultation of the stakeholders. The major limitation of ISO 31000:2009 risk management framework is that it fails to consider safety risk concepts like criticality, threat and vulnerability, which are significant in security risk management. Nevertheless, this limitation was dealt with by Standards Australia through the development of a precise security threat management book called Handbook HB167:2006 security risk management. According to Standards Australia (2011), this handbook offers a way of having a better comprehension nature of safety threats. For instance, the handbook puts into consideration concepts of security risks such as vulnerability, criticality and threat, which are unique and important in the risk management domain. Within Standards Australia, there exists other specific risk related frameworks covering fields like management of business continuity and health. ISO28000 supply chain security management tries to minimize risk to cargo and individuals in the supply chain. The framework tackles probable security matters at every phase of the supply procedure, therefore targeting risks like fraud, piracy and terrorism. This standard spells out the requisites for the security management scheme to enhance safety within supply chain. The NFPA 1250 practice in emergency service organization risk management establishes criteria for the development, evaluation or implementation of emergency service organizations threat management program for efficient risk recognition, financing and control of fire organizations and departments. This standard integrates frameworks that fire authorities can implement and utilize as a model of ensuring compliance in the broad jurisdiction of threat management as well as contingency planning (Standards Australia, 2010). According to Talbot and Jakeman (2012), the necessity to raise safety risk management knowhow was demonstrated via Australia government supported program with RMIA leading to SRMBOK guide for security practitioners. This guide tries to solve safety risk management aspects like a framework for vital knowhow, competency as well as practice fields which academics, students, managers and practitioners can employ in recruiting, training, educating and measuring performance. However, SRMBOK fails to offer clear recognition of the numerous elements and their relationships that could be regarded as safety risk management. The use of psychometric safety risk management concept map to inform understanding of safety risk management The psychometric security risk management concept map can be used to offer a better understanding of security risk management. A concept map is a depiction of a situation. Individuals might be able to better comprehend the world around them through creating a model map of an idea, a situation or principle. A concept map is a thinking instrument that is utilized to explore diverse features of a theme. A concept map is usually imaged, vibrant and result based simulation that is utilized in daily life to think about and understand the globe. A concept map allows an individual to share an idea with others, have shared knowhow, offers a universal language, and guides one’s actions (Brooks, 2009). McGill et al (2010) note that a concept map shows that threat is closely related to both culture and perception. This relationship takes into consideration that to a certain extent, the background of an organization defines the perception level to menace based upon cultural acceptability. This means that culture and perception notify the degree of threat that a society, organization, individual or community is ready to accept. The component of threat is perhaps the vaguest element of safety risk problem because it needs subjective presumptions to predict the aims of probable adversaries. If menace is highly uncertain, then its cultural and perception drivers further makes the issue complex (McGill et al, 2010). According to Brooks (2009), security does not have a clear definition and it is yet a distinctive field of study and practice. Security threat management is a distinctive knowhow group of security. However, security industry is a sundry and a unique industry that requires both domain-specific and generic skills. As proposed by ISO31000:2009, risk management has been the principal practical approach for the security practitioners. As suggested by Standards Australia in the handbook of safety risk management, the security risk management field is swiftly changing and thus the handbook can’t be able to cover every aspects as well as variant approaches. The safety risk management concept map clearly displays that menace is a vital factor during consideration of security risk (Bier, 2010). Nevertheless ISO31000:2009 does not offer the threat concept as well as other security connected concepts like criticality and vulnerability, although this standard is still the principal resource for the security practitioners during their consideration and application of safety risk management (Dali, 2011). Majority of organizational safety courses have been created from related subjects such as criminology, or justice studies although these disciplines must be discrete and separate from security. At tertiary level, there is no academic safety program, with most of courses being focused on crime prevention, risk management or criminal justice. This deformation of organizational safety discipline will subsequently lead to safety research that isn’t essential for the present day security industry. However, According to Smith (2009), security knowhow is been created although there has been development of suitable domain concepts. This view is supported by Simonsen (2011) who argues that security threat management is a knowhow category that is central to corporate safety discipline. A safety threat management concept map offers a level of particular safety body of knowhow. Understanding the threat and security threat management concepts that security practitioners put into consideration when evaluating security threat, the way these concepts are relate and incorporate , and the manner in which security practitioners consider these thoughts all promote understanding. Conclusion Risk management and security risk management have flourished over the last two decades and are being used to offer informed and robust mitigation strategies in safeguarding people and assets. Nevertheless, majority of risk management standards offer a process or framework that has a probabilistic approach to management of risk, possibly not entirely appropriate for security. There are numerous approaches to security and risk management, like ISO 31000:2009 risk management, HB167:2006 and RMIA SRMBOK. However, these processes or standards do not essentially offer a detailed understanding to safety risk management. These basic risk management standards are short of central risk management concepts like vulnerability, threat and criticality. References Brooks, J. (2011). Security risk management: A psychometric map of expert knowledge structure. International Journal of Risk Management, 13(1/2), 17–41. Aven, T. (2008). Risk analysis: Assessing uncertainties beyond expected values and probabilities. West Sussex: John Wiley & Sons Inc. Standards Australia. (2011). HB 167:2006 Security risk management. Sydney: Standards Australia International Ltd. Standards Australia. (2009). AS/NZS ISO31000:2009 Risk management - Principles and guidelines. Sydney: Standards Australia International Ltd. Talbot, J., & Jakeman, M. (2012). SRMBOK: security risk management body of knowledge. Carlton South: Risk Management Institution of Australasia Ltd. Bier, M. (2010). Challenges to the acceptance of probabilistic risk analysis. Risk Analysis, 19(4), 703-710. Garlick, A. (2007). Estimating risk: a management approach. Aldershot: Gower Publishing Company Smith, L. (2009) Security science: An emerging applied science. Journal of the Science Teachers Association of Western Australia 37 (2): 8–10. Green, G., & Fischer, J. (2012). Introduction to Security. Boston, MA: Butterworth Heinemann. Brooks, J. (2009). Key Concepts in Security Risk Management: A Psychometric Concept Map Approach to Understanding. Saarbrucken, Germany: VDM Verlag. Simonsen, C.E. (2011). The case for: Security management is a profession. International Journal of Risk, Security and Crime Prevention 1 (3): 229–232. ASIS International. (2009). Security body of knowledge (BoK): substantive considerations. ASIS InternationalAcademic/Practitioner Symposium 2009, ASIS International. McGill, L., Ayyub, M., & Kaminsky, M. (2010) Risk analysis for critical asset protection. Risk Analysis 27 (5): 1265–1281. Standards Australia. (2010). Imagine a world without standards. Brochure. Homebush. Dali, A. (2011). Global survey on ISO 31000 risk management standard Retrieved March, 24,2015, fromhttp://www.linkedin.com/groups?mostPopular=&gid=1834592 Manunta, G. (2011). Risk and security: Are they compatible concepts? Security Journal, 15(2), 43-55. Read More