SOLOMON BARNES CONSULTANCY
Security Risk
HomeDomain AssessmentsCustomised AnalysesWorkshopsStrategy ConsultingTechnology ConsultingScenario BuildingEnterprise RiskSecurity RiskRed Team Exercises

Adapting to a Converged Security Risk Environment

Our security risk analyses brings the most current thought-leadership and models on mitigating ‘converged' risk: combining cyber & physical security testing, intelligence, and exercise assessments.

We can provide innovative ‘real world' security scenarios and support clients through in threat modelling and scenario-building processes.

Consolidating assessments allows us to evaluate specific company priorities for systems, processes, policy and organisation.


 

The Challenges We See

Firms are challenged to fully identify the emerging reality they will face in the immediate future, whether because of the evolving threats, the capabilities of new technology, or the impact of the economic climate on their industries.

There is less reason now more than ever, to assume that risk mitigation strategies are valid year-on-year, and can remain effective by incrementally refining, rather than re-defining security & contingency plans.

There are limitations of techniques that take a static view of risk within conceptual boundaries, which fail to account for ‘external' factors, and flows of information through connected processes & technologies. Firms need to question the assumptions that underlie their decision-making, particularly regarding inter-dependencies and the ‘inherited' risks they bring.

Broader consideration of lower probability incidents, requires a better appreciation of the dynamic and converged risk environment Systematically challenging current thinking & attitudes to these converged risks,  needs to be intelligence-driven, through a more relevant dynamic risk methodology. New risk assessment methodologies need to consider risk upstream or downstream, and for different types of risk...from operational security to operation management.
 
Cross-departmental cooperation & organisation, are required to develop more collaborative & inclusive practices to examining operational risk scenarios. The rising profile of cyber threats, require a considerable repositioning of the various information technology and operations technology stakeholders within any team tasked to assess risk. 

Greater focus on cyber security, & information assurance risk, need to adopt a broader view of threats to IP and other information assets. Security risk managers need to become more conversant with IT concepts in order to develop effective integration with the physical security ‘world'. 

Risk management responsibility through senior management and to Chief Risk Officer level, needs to address internal issues surrounding the ultimate ‘ownership' for risk management.


webassets/SecurityRiskUniversewhite.jpg
CLICK ON THE IMAGE TO ENLAGRE

• The Security Risk OrbitTM diagram illustrates a view of the concerns and risks that require consideration from both IT and physical security risk teams, and senior management.

• The categories of threats can be classified into seven groups, though not exhaustive, covering: Physical Assets, Intangible Assets, Crime, Disaster, Liability, Product Risk, and Continuity Risk

• Organisations need to consider the role of physical and IT security in representing a threat to all the elements in these threat categories, and the potential effect of their interdependencies.




Why a Converged Risk Approach is Essential

• Converged risk combines IT and physical security risk into one over-arching risk landscape, driven by the convergence of systems technology: As physical security systems are increasingly networked & more IT dependent, IT & network security is now crucial to the integrity these systems, and is forcing an conceptual and organisational convergence.

• Converged risk recognises that cyber security is now developing the potential to be a more effective and attractive route to attack an organisation; that physical security can be undermined by cyber means, and cyber defences can be circumvented in most cases when attacked from within.

• Converged risk assesses the combined risk, rather than domains in isolation, in order to mitigate multiple and simultaneous threats.

• Converged risk recognises the key role of interdependencies both internally, and with other external organisations that can threaten physical and information assets.

• By bringing together IT and physical security, a converged risk approach considers vulnerabilities dynamically across the three recognised dimensions of physical risks, people risks, and process risks across infrastructure, operations, and specific events.


Copyright©2010/11 The Solomon Barnes Consultancy