Security Professional

Earlier blogs on Risk Chain and Security tools gave understanding on Risk components and risk treatment (five layers of Security). Even after implementation of Security measures, ‘Risk will exist’. The fact which Security Manager and Management must accept. There are many reasons for existence of Risk even after treatment. 1. 100% risk mitigation is not possible. This is one of the facts Security Manager and especially Management must accept. Known risk but not treated may be due to lower probability or practically not possible to treat due to cost of treatment or risk is low impact-low probable. This is known as ‘Risk Appetite’ of the organization. So, the condition here is, risk still exists but in knowledge. 2. Risk Treatment is not done properly – this is where Security manager or management have not measured the risk properly or not given proper treatment. Risk not estimated or missed in assessment is possible when adequate preparation in Risk assessment is not done – old risk...

In earlier blogs overview on ‘Risk Chain’, ‘Methodology to break’ the chain and ‘Five layers’ of Security was presented. There are various Security processes which contribute to complete the de-risking need. If we try to put score on each component of Security need, we will be able to prioritize the implementation requirement vis-à-vis risk. Threat” exposure is not possible without movement of men, material, or information. Therefore, controlling, regulating, and monitoring movements to-n-fro Secured - Non-Secured area is important.   Crime is not possible without access breach therefore, reasoned ‘Access control’ establishment nearly completes the Security. Access control is “The practice of regulating entrance to a property, a building, or a room to authorised person”, access could be physical or digital. Un-authorised access could be for property or information (damaging Or stealing). Out unauthorised movement of material (property) and information is also access breach.  G...