Why Moving To A Risk-Based Approach Helps Business

Download PDF version

Today’s security leaders encounter many challenges. They have to operate with reduced budgets and face challenging and evolving risks on a daily basis. Security leaders are often ignored and only called upon when needed or in disaster situations. Many don’t have an ongoing relationship with the C-suite because the C-suite doesn’t understand the value they bring to the whole business.

In order to resolve these challenges, a security leader can apply a risk-based approach to their security program. According to dictionary.com, risk is “exposure to the chance of injury or loss; a hazard or dangerous chance”. Risk is broader than a security concern and involves the entire business.

Through utilizing a 3R model - considering resources, risks and resolutions - a security leader can evaluate the output from the model to build the foundation of a strong plan. This allows the leader to make security decisions based on a quantified risk measure.

A business determines what resources it wants to protect, what risks it needs to protect the resources from and what resolutions it can put in place to mitigate the risk. Decisions are based on measurable evidence. Free online risk assessment tools are available to provide a fast, easy way to determine an organisation's basic security risks through an investigative approach

The 3 Rs

The first step in the 3R model is to figure out what resources need protection. This could be physical - such as buildings, critical infrastructure or valuable equipment, knowledge-based - such as intellectual property, or organizational - such as people or governance structure. Understanding the business will help the security leader develop a list of critical elements. Look for tangible resources such as buildings and machinery, and intangible resources like reputation, knowledge and processes.

Second, determine what the resources need to be protected from. Anything that threatens harm to the organization, its mission, its employees, customers, partners, its operations or its reputation could be at risk. These can include contextual risks (workplace safety or natural disasters), criminal risks (theft or cybercrime) or business risks (compliance or legal issues).

Anything that threatens harm to the organisation, its mission, its employees, customers, partners, its operations or its reputation could be at riskFree online risk assessment tools are available to provide a fast, easy way to determine an organization's basic security risks through an investigative approach. The tools ask several questions and determine risk based on an organization’s location and the answers provided. Security leaders can also work with security companies and consultants that offer risk assessments to determine their company’s needs, and then offer solutions based on that assessment.

The third objective is to determine how businesses can best protect the identified resource. The last of the 3 Rs - resolutions - are those security activities that enable the business to mitigate the impact of security risks. Resolutions can potentially prevent a security incident from occurring, contain the impact to resources if an event does occur and also assist the organization in recovering from an impact more quickly or easily.

The first step in the 3R model is to figure out what resources need protection, this could physical such as buildings or critical infrastructure

The Path Forward

Understanding what risks a business faces in totality provides an opportunity for the security leader to collaborate with other department heads. This gives security leaders an opportunity to engage with functions outside their norm as well as a chance to demonstrate their subject matter expertise. A risk-based approach also helps security leaders fully understand an organization’s needs and concerns, which they can communicate to the C-suite to help them make better business decisions. Metrics can also help business leaders understand the cost/benefit of resolutions

C-suite and executives help define an acceptable level of security risk tolerance to resources and make quality, educated decisions about mitigating security risks. Through collaborating with security leaders using a risk-based approach and the 3R model, metrics and reports show the impact of security expenses, and there is a transparent view of security risk.

The final decision about how to mitigate and resolve risks is up to the business owner of the resource and the risk stakeholders. To obtain funding, show the risk and value of resources exposed to potential impact. Then present the recommended resolution that reduces the potential level of impact and the associated cost benefit savings. By providing this information, security leaders can ensure that the business owners can make an educated decision.

Measuring Success

A risk-based approach aligns the security mission with the organization’s mission. Security leaders should have these conversations with their business leaders on a regular basis. Understanding the thresholds of risk tolerance and showing when incidents or activities are trending outside of acceptable boundaries will help business leaders make educated decisions. The 3R model also helps a business to track occurrences, quantify the direct and ancillary impact and make continuous adjustments to the security program

Determining a baseline of acceptance gives a foundation for security leaders to point out when the organization is not meeting its own requirements. Metrics can also help business leaders understand the cost/benefit of resolutions and demonstrate when costs may be trending outside of acceptable boundaries.

The 3R model also helps a business to track occurrences, quantify the direct and ancillary impact and make continuous adjustments to the security program. It is important to note that this process is not stagnant, and needs to be constantly revisited.

Examining risks, resources and resolutions in a systematic way will help security leaders understand what they are protecting

Defining Risks And Vulnerabilities

Continuous conversations using the 3R model also help business leaders understand what security risks could interfere with meeting business objectives. It also aligns the total cost of ownership for the security program with the business value of the resources at risk. The approach puts the security risk decisions in the hands of the ones impacted by those risksAnd it defines the security role as risk management, not just task management. The approach puts the security risk decisions in the hands of the ones impacted by those risks…the “owners” of the resources.

Examining risks, resources and resolutions in a systematic way will help security leaders understand what they are protecting, what they are protecting it from, and how they can help prevent, contain or recover against a specific risk. Followers of this approach are in a better position to ask for funding because they can clearly define and quantify risks and vulnerabilities.

Applying these principles will equip security leaders with the knowledge needed to have better dialogue with colleagues in other departments, encouraging more proactive discussions about security.

Download PDF version

Author profile

Kim Rahfaldt Public Relations Manager, AMAG Technology, Inc.

Related companies
AMAG Technology, Inc.

View all news from
AMAG Technology, Inc.

Related links
Articles by Kim Rahfaldt

In case you missed it

AI Powers Rekor’s License Plate Reader Systems

Artificial intelligence (AI) is expanding the capabilities of license plate readers and vehicle identification systems. Within a smart/safe city scenario, automatic license plate reader solutions are used to help analyze real-time video streams for site surveillance, inspection and public safety, and to offer actional information through a network of connected camera systems. Outside of law enforcement, this can include other public safety initiatives such as traffic tolls, car counting, and parking security. Vehicle recognition systems Rekor Systems is a provider of vehicle recognition systems in more than 60 countries Using AI to enable video cameras, Rekor Systems is a provider of vehicle recognition systems in more than 60 countries. Applications include security and surveillance, public safety, electronic toll collection, brand loyalty, parking operations, banking and insurance, logistics, and traffic management. AI allows Rekor’s products to recognize and read license plates, while also providing information about each vehicle, including color, make, year, and model. Rekor’s products are powered by OpenALPR software, an AI-based solution that enables any IP (internet protocol) surveillance camera to scan license plates and provide vehicle data including tag number, make, model, and color in real time with 99% accuracy, according to the company. Rekor’s products are powered by OpenALPR software Integrated solutions “Rekor's software started as an open source project, and we have done our best to keep the commercial software as open as possible,” says Rod Hillman, Chief Operating Officer, Rekor Systems. “One of the challenges we see with others in our space is a tendency to ‘close off’ and ‘silo’ their solutions. Our goal is to make it as simple as possible to deploy, integrate, and ultimately use.” Rekor has numerous application programming interfaces (APIs) and ways the solution can be integrated into partners' solutions with a software development kit (SDK). Rekor solutions can be purchased directly or through a worldwide partner network of integrators, wholesalers, and within integrated solutions such as Nokia's smart city platform. Electronic toll collection Rekor’s solutions have viable applications within multiple markets While many systems are hardware-based, Rekor’s software-as-a-solution offering can turn an IP camera into an automatic license plate reader. Rekor’s solutions have viable applications within multiple markets, including law enforcement, security and surveillance, electronic toll collection, parking operations, banking and insurance, logistics, traffic management, and customer experience. “Rekor offers a cost-effective alternative to traditional LPR systems with a much higher accuracy rate at 99% allowing more cameras to be present and active at any given time,” says Hillman. “Traditional LPRs need someone to go through hours of footage to find what they are looking for while Rekor’s technology will send alerts in real time, resulting in much quicker response times.” Move Over Camera mounts onto roadside worker’s vehicles to capture ‘Move Over’ violations Two-Part authentication Rekor’s products include: NUMERUS, a cloud-based solution for high-volume vehicle recognition, designed to reduce costs and increase efficiencies for the electronic toll collecting industry. Two-part authentication instantly identifies the vehicle’s make, model, color and body type along with the license plate read. Machine-learning-enabled software recognizes license plates from all 50 U.S. states, in addition to plates from more than 70 countries on six continents. Edge, an all-in-one camera and vehicle recognition system that instantly reads vehicle license plates, along with the vehicle’s make, model, color and body type. Move Over Camera, which mounts onto roadside worker’s vehicles (police, tow truck, etc.) to capture ‘Move Over’ violations. ‘Move Over’ laws state that vehicles must move over one lane and/or slow down if they cannot move over to avoid incident while roadside workers are in the shoulder lane. The camera can detect what lane vehicles are in and how fast they are moving. Violators are flagged in the system for law enforcement’s review.

What Are The Security And Surveillance Challenges Of The Casino Market?

When it comes to security and to ensuring the integrity of gaming operations, today’s casino market is risk-averse. Regulations direct the required surveillance of table games and slot machines, while modern casinos are often sprawling complexes that have a variety of other risks to be addressed, too. We asked this week’s Expert Panel Roundtable: What are the challenges of the casino market relating to security and surveillance technology?

Video Systems Are More Valuable Than Ever At Education Facilities

Video surveillance cannot address all the security challenges in education, but it is a valuable tool and among the least obtrusive options available. And the list of security challenges that video can address grows every day. Video systems can provide real-time monitoring of school premises and facilitate rapid response to incidents. New advances such as video analytics are currently underutilized in the education arena. Historically, video has been used as a forensic tool in the education market, providing critical information about an incident after the fact. But that generalization is changing. Today, networking enables video images to be shared throughout a school system, traveling over existing networks, empowering a more centralized security management structure, and making video more valuable. In particular, higher education institutions are more likely to view live video, given the larger campuses, greater number of buildings, and more public areas where staff and students congregate. Challenges for securing a school environment Panoramic cameras are one tool to address challenges, as a single 360-degree camera can replace between 4 and 5 PTZ camerasMultiple challenges in the education market for security goods and services (from a video perspective) include wide open spaces that make securing schools with video surveillance cameras difficult since the vast amount of coverage required can be cost-prohibitive. Second, state and federal regulations must be taken into account and balanced with the need to protect student privacy. Finally, schools and colleges face dwindling budgets, which means security solutions must deliver more coverage and functionality, while also being cost-effective to deploy. Panoramic cameras are one tool to address these challenges, as a single 360-degree camera can replace between four and five traditional pan-tilt-zoom cameras, resulting in fewer cameras and more coverage – all at a lower cost for hardware and licensing. Data capture form to appear here! Intelligent cameras with video analytics Video surveillance with video analytics can be deployed to monitor areas at certain times of day. For example, once school starts, there shouldn’t be a lot of activity in the parking lot or in particular areas around the school. For these situations, intelligent cameras with video analytics can be used to detect activity in those areas of interest to alert school security that something may need their attention. Radar detection is ideal for perimeters, where a device can be set up unobtrusively to alert when someone enters a particular area. ACC 6 video management software with Avigilon Appearance Search technology provides advanced video analytics search The goal in a potentially dangerous situation is to speed up response times. The faster you’re able to detect something using technology, the faster you’re able to respond. Therefore, being able to identify something happening in a parking lot and alert school resource officers could provide 30 seconds or a minute head start for response, which can get the school into a lockdown situation and get first responders on site more quickly. Video cameras with low-Light capability There are video cameras available with extreme low-light capability to see in near-dark or complete darknessIt’s been shown that using lighting at night can deter crime. However, it can be expensive to keep a building and grounds illuminated all night, every night. To mitigate these concerns and potential costs, there are video cameras available with extreme low-light capability that allows them to see in near-dark or in some cases complete darkness. This allows a school to save money by turning lights off while achieving a level of surveillance performance similar to daytime deployments. Facing above-average student incident rates and student disciplinary concerns at some schools, a school system in the United States sought to upgrade its video surveillance system to allow better local and remote monitoring in important areas. Avigilon high-definition cameras with self-learning video analytics and access control solutions were installed in 101 schools, and ACC 6 video management software with Avigilon Appearance Search technology provides advanced video analytics search. A deep learning artificial intelligence search engine can sort through hours of footage and allow operators to click on a button and search for all instances of a person or vehicle across all cameras on a site, quickly and efficiently.