Security Risk Management

Security Risk Assessments

Security risk management is a somewhat unique and niche field of risk management that incorporates threat assessments, vulnerability assessments and criticality assessments.

In addition to providing a safe and secure workplace environment for staff, clients and others who attend the workplace, the security risk assessment process may need to demonstrate compliance against work health and safety legislation, the Australian Government’s Protective Security Policy Framework (PSPF) and/or international and Australian Standards in security risk management – AS ISO 31000:2018 Risk management – Guidelines and HB 167:2006 Security risk management.

Ulong Risk Management has extensive experience in providing detailed security risk assessments to complex risks and threats with outcomes that are supported with current security science principles and criminological thinking. Our risk assessment outcomes are communicated in a concise and easy to understand format that allow decision-makers to make informed decisions or communicate those outcomes to others such boards of directors, department heads and other senior management.

We have wide-ranging expertise in the assessment of security risks in the areas of:

• Workplace Violence – where there is a risk of harm to persons or property arising from an intentional malicious human action by an issue motivated individual/fixated person, extremist group (political and religious), financially motivated individuals (armed robbery), and/or incidents of expressive aggression (in response to anger-inducing conditions – assaults).
• Hostile Vehicle Mitigation – while this risk falls within the ‘threat’ category hostile vehicle mitigation is a highly specialised risk assessment discipline. Hostile vehicle risk assessments require a vehicle dynamics assessment to calculate potential vehicle impact velocity and impact energy along possible attack pathways to ensure the mitigation solution is both task appropriate and cost-effective.
• Fraud & Theft – asset loss via fraud or theft can result from external sources where the perpetrator or perpetrators are external to the organisation (non-employees) or internal sources where an employee or a person with a formal working relationship with the organisation (contractor) is the perpetrator.
• Information Security – the terms “cyber security” and “information security” are often used interchangeably, however they are not the same thing. Information security relates to the protection of information (data with meaning) and focuses on the confidentiality, integrity and availability of the information. While cyber security, on the other hand, relates to the securing of things that are vulnerable through information and communications technologies and the ability to protect or defend the use of cyberspace from cyber-attacks. Regulatory bodies in some sectors are increasingly requiring organisations to have separate information security and cyber security policies.

Security Planning

The security plan reflects an organisation’s security requirements and its mitigation strategies appropriate to the levels of threat, risks to its assets, and risk tolerances in context with the organisation’s strategic goals and objectives.

Ulong Risk Management can develop a security plan to ensure your organisation:

• Applies appropriate controls effectively and consistently,
• Can adapt to change while safeguarding the delivery of business and services,
• Improve organisational resilience to threats, vulnerabilities and challenges, and
• Drive security performance improvements.