All Topics > Business Services > Security Risk Management > Virginia >

Security Risk Management Springfield VA

Security risk is a function of the likelihood of attack, consequence of successful attack, and security system ineffectiveness. To estimate relative security risk, the qualitative estimates for likelihood of attack, system ineffectiveness, and consequence are logically combined.

Local Companies

Barton Protective Services
703-998-5740
2800 S Shirlington RD
Arlington, VA

Washington Security Systems
703-532-5832
1622 N Mckinley RD
Arlington, VA

Protection Strategies Inc
703-553-0561
2300 9th St S
Arlington, VA

Total Security Services International Inc
703-294-4100
880 N Pollard St
Arlington, VA

Locksmith Arlington – Local Lock and Key Locksmiths in Arlington
(703)-652-4299
3844 Fairfax Dr,
Arlington, VA

Polimaster Inc
703-525-5075
2300 Clarendon Blvd
Arlington, VA

Integrity First Inc
703-521-1260
1400 S Joyce St
Arlington, VA

National Security Research Inc
703-647-2200
2231 Crystal DR
Arlington, VA

Tenable Protective Services
703-465-0201
1901 N Moore St
Arlington, VA

Cognisa
703-528-3507
1911 Fort Myer DR
Arlington, VA

Risk Estimation
Security risk is a function of the likelihood of attack, consequence of successful attack, and security system ineffectiveness. To estimate relative security risk, the qualitative estimates for likelihood of attack, system ineffectiveness, and consequence are logically combined. A simple method, based on expert judgment, for combining the three risk parameters to estimate security risk will be discussed. The security risk estimates are relative, not absolute, but they can be used to make risk management decisions. A relative risk level is valuable to:

Compare risk levels for a spectrum of malevolent threats

Compare risk levels for a spectrum of facilities, industries, or organizations

Compare the cost-effectiveness and other impacts of potential improvements

Comparison of Estimated Risk Levels
Estimated risk levels are compared to a predetermined risk threshold to decide whether further analysis is required. The threshold is determined by the analysis team and the security risk managers.

Risk Reduction Strategies
If the estimated baseline risk level for the threat spectrum is judged to be above the established threshold (too High), risk reduction strategies for the system may be considered. Risk reduction strategies focus on reducing the levels of the parameters of the security risk equation: likelihood of attack, system ineffectiveness, and consequence. In practice, risk reduction is made most successful by improving protection system effectiveness and mitigating consequences. Risk Reduction Upgrades – Security system planners must address how to reduce security risk. Planners might consider adding features to increase physical or cyber-protection system effectiveness and/or to reduce or mitigate consequences. Sitespecific vulnerabilities identified in the system effectiveness analysis provide guidance for adding/modifying features. Upgrades to the system might include retrofits, additional safeguard features, or additional consequence mitigation features. Consequence analysis and system effectiveness analysis should then be repeated for the upgraded system in order to estimate a risk level associated with the upgraded system. If the estimated risk for the upgraded system is below the threshold, the upgrade is completed. If the risk is still above the threshold, the upgrade process should be repeated until the risk level is judged to be below the threshold. Impact Analysis – Once the system upgrade has been determined, it is important to evaluate the impacts of the risk reduction on the mission of the facility and the cost. If system upgrades put a heavy burden on normal operation, a trade-off would have to be considered between risk and operations. Budget can be the driver in implementing security upgrades. A trade-off between risk and total cost may have to be considered. The assessed level of risk and the upgrade impact on cost, mission, and schedule are valuable information to security risk managers.

PRESENTATION TO MANAGEMENT
The final step in the risk assessment process is the preparation of a presentation package for the risk managers and stakeholders. The presentation generally includes the threat description, the security risk estimates for the baseline system, descriptions of any risk reduction packages, and the results of the impact analysis for the risk reduction package(s). By using comparison to the baseline risk levels, managers are able to understand what the upgrade package is buying them in risk reduction as well as other potential impacts. The total presentation package provides invaluable information for risk management decision makers.

RISK MANAGEMENT DECISIONS
Building owners, stakeholders, and risk managers have the risk assessment information package to help them make difficult security decisions. Most importantly, risk managers must decide on the design basis threat or the threat level to which the security system will be designed.

INFORMATION PROTECTION
The risk assessment process provides valuable, detailed information for risk managers; likewise, the information could provide valuable information to any potential adversaries. Because the process begins with basic facts and assumptions and each step builds on previous step(s), allowing the information to get into the wrong hands could provide a roadmap for the malevolent threat. Each step of the process provides security sensitive information:
1. Facility characterization identifies the security concerns, critical asset(s), and their locations.
2. Threat analysis ultimately defines the level of protection to which the security system is designed. If the perceived highest threat level is the terrorist, the security system will be designed to be much stronger than if the perceived threat is the vandal.
3. Consequence analysis prioritizes the assets in terms of criticality or value.
4. System effectiveness assessment provides possible attack scenarios and documented system weaknesses or vulnerabilities. For these reasons, once the process is applied to a specific facility, the entire analysis package must be protected. Most sites will have to develop the infrastructure for protecting, storing, and sharing the risk assessment package.

Click Here to Purchase this Book

Featured Local Company

Barton Protective Services

703-998-5740
2800 S Shirlington RD
Arlington, VA

Read more about Security Risk Management

- Executive Protection Springfield VA

In many cases, executive protection comes in the form of a security advisor – a bodyguard of sorts – who works one on one with a high level executive. In other cases, executive protection is provided by a team of individuals who work together to identify which executives need security and what possible threats may be.

- Security Control Springfield VA
- Information Security Springfield VA
- Managing IT Risk Springfield VA
- Employee Verification for SMBs Springfield VA
- Risk Management at Hedge Funds Springfield VA
- Risk Analysis Springfield VA
- Forex Trading Online And Money Management Springfield VA
- Smart Outbound Content Management Springfield VA
- Identity Theft Springfield VA

- Executive Protection Springfield VA

Related Local Events

ICC - International Code Council Annual Conference
Dates: 11/1/2009 - 11/4/2009
Location: Baltimore Convention Center
Baltimore, MD
View Details

MID-ATLANTIC ALL HAZARDS FORUM & EXHIBITION 2009
Dates: 11/1/2009 - 11/1/2009
Location: Baltimore Convention Center
Baltimore, MD
View Details

SANS WhatWorks in Virtualization Security Summit
Dates: 8/17/2009 - 8/21/2009
Location: Fairmont Washington DC
Washington, DC
View Details

Firehouse Expo
Dates: 7/21/2009 - 7/26/2009
Location: Baltimore Convention Center
Baltimore, MD
View Details

International Aid & Trade Event
Dates: 7/9/2009 - 7/10/2009
Location: Ronald Reagan Building & International Trade Center
Washington, DC
View Details

Advertising	Food & Beverage	Nightlife
Business Services	Franchise	Online Database
Career	Health	Pets
Cars	Holidays	Real Estate Resources
Computer Hardware	Home Appliances	Retail & Consumer Services
Construction	Home Electronics	Software
Education	Home Services	Technology
Entertainment	Industrial Goods & Services	Telecommunications
Environmental	Insurance	Trade Shows
Family	Internet	Travel
Fashion	Legal	Weddings
Financial Services	Miscellaneous	World History

Advertising	Family	Home Services	Real Estate Resources
Business Services	Fashion	Industrial Goods & Services	Retail & Consumer Services
Career	Financial Services	Insurance	Software
Cars	Food & Beverage	Internet	Technology
Computer Hardware	Franchise	Legal	Telecommunications
Construction	Health	Miscellaneous	Trade Shows
Education	Holidays	Nightlife	Travel
Entertainment	Home Appliances	Online Database	Weddings
Environmental	Home Electronics	Pets	World History