Security risk management provides insight into the risks of an organization in becoming a victim of crime /irregularities by an unknown third party or an employee. This risk analysis has 4 components: organizational, structural, electronic and digital, which are explained further below. On each area there are security measures to be taken, where of course, the cost/benefit plays a big role and the set-up of the organization must also still remain workable. By doing a risk analysis it becomes clear what risks the organization faces and what adjustments may be done to avoid unexpected high costs.

This risk analysis results in an advice based on the following 4 components:

• Organizational prevention measures
  The organizational prevention measures focus on how the procedures within the organization are set up. For example do they track who enter, when and why they enter the company and who has access to what documents/areas etc. But also think about internal control on for example the finances on the basis of the four-eyes principle, the IT system or use of private email for work purposes. And what is the procedure around important documents. Can an employee take home those documents to work at it at home, or should those documents not leave the property. But also the procedure, when an alarm goes off, should be clear. Who is going to inspect the property, who will be warned etc.

• Structural prevention measures
  Structural prevention measures relate to the building in which the organization is housed. Are the doors/windows and the roof secured against burglary. How is the area surrounding the property and can just anyone look inside vulnerable areas. But also notice how the safe has been anchored and has the server been placed in an open space or in a closed room.

• Electronic prevention measures
  Within the electronic prevention measures electronic measures are taken against burglary. These include alarm systems, cameras, good lighting and fog machines in and around the property. This might sound logical but what’s important in the property. Does the camera film the right spots or are there “blind spots”; is the most expensive alarm system really necessary or are important matters not stored in the property. Is it necessary to place an alarm on the fence or lamps that work with a motion sensor.

• Digital prevention system
  The digital prevention measures have to do with anything within the digital domain. Who can access what on the server and how is it protected. But also think about website security against cyber-attacks and the use of computers and phones of the organization. What is an employee allowed to do with his digital device and what is not allowed.

For advice or additional information on security risk management please feel free to contact us.