Abstract
The American Risk Management Association, defines risk management as “taking action to remove or lower the risk to a bearable level.” It is necessary to identify specific risks or vulnerabilities, research and investigate them, optimize risk management choices, and routinely assess security programs to ensure a successful risk management plan. Risk management is a never-ending endeavor. A company undertakes further risk evaluations and security surveys regularly to analyze and improve security and operations and deal with any new difficulties that may occur.
Introduction
Building owners and municipal governments cannot defend high-rise structures from catastrophic attacks like those that occurred on September 11, 2001. As a result, minimizing the consequences of an assault is critical. Criminal acts and natural disasters are challenging to forecast or avoid. Security systems, operations, personnel, and planning, can’t foresee or avoid these tragedies. It is the responsibility of business owners and organizations to avoid them and handle them if they do occur. In the private security industry, risk management is critical. A lot has been learned from the terrible attack of September 11, 2001.
The attacks resulted in the deaths of around 3,000 individuals and the loss of monetary investments. They have taken unprecedented precautions to prevent the recurrence of these calamities and developed several systems and safeguards to counter their repercussions if they occur again through a continuous risk management program (Asisonline, n.d.). This paper discusses the necessary steps I would take to remove or lower terrorist attack risks in our high-rise building in response to preparation reinstated by the FBI.
Risk Analysis (or Risk Assessment)
Risk avoidance
I implemented Protective measures to eliminate or decrease the remaining threats. Risk mitigation was aided by implementing technical security controls and safeguards and personnel education and training. It was to be accomplished with the help of policies (Aus, n.d.). The most important approach for reducing the severity of an assault is to detect and neutralize as many dangers as possible.
PARKING GARAGES
After the 1993 World Trade Center bombing occurred in a parking garage beneath a tower, I completed a risk analysis of such parking spaces.
The following was my conclusion:
- In a carjacking, assault, theft, or other threats to the driver or passengers were to be assessed
- Assessed the chances for a terrorist attack on our parking structure
- Lighting, cameras, and security officers in the parking space were evaluated
The perimeter and adjacent buildings were assessed with the roofs, windows, shared occupancy, valuables areas, nighttime and extra-hours, entrance control and monitoring system, keys and key management, fire dangers, computer access, and electronic video surveillance.
Entrance and exit
The inspections covered everything from employee access and exit to access control, storage area security, and truck driver and crew interaction.
Data processing
Included auditing approaches, information confidentiality, off-site storage solutions, programs, computer usage monitoring, and access control in the building.
Access Control Systems
People and vehicles entering and exiting a region or facility were monitored using devices and identification systems. Employees must display their ID badges or access cards; every building facility was similarly secured by a locking system and required a card reader to access every door (security magazine, n.d.). The human resources database was linked to the ID database. Employee terminations and other changes to access privileges are reported to the security department via this interface.
Canine Security
Because dogs’ noses are significantly more sensitive than ours and more advanced electronic bomb-detection equipment, bomb detection was easier for dogs than humans. The human resources manager was handed a $200,000-per-year contract for one canine and its handler.
Computerized Guard Tour Systems
Every visit, including the time and location of security patrols, is logged. They assist in keeping track of officer performance and ensuring records’ accuracy. These documents are crucial to the organization when sued for safety breaches. I used a security officers tour tracking software to ensure that all security guards completed allotted rounds on time while recording compliance, legal, and insurance requirements (City Security, 2020). For security guards, scanners attached to checkpoint stations are standard equipment. Many checkpoints were located at major intersections or the route’s extreme ends.
Security Survey
Our security audit included a physical inspection of all building amenities and a keen evaluation of every safety measure. It proved to be a successful approach in assisting our building’s corporate security staff in reducing crime. The survey’s findings were used to advise the high-rise building’s Corporate Security Manager (CSM) on facilitating the building’s dangers.
Smart Cards
Its functions included photo identification, access control, and billing purchases.
Command or Control Centre
They also listened in on phone calls to see whether any threats were made. Their responsibility was to respond to situations such as crimes, fires, and invasions. Automated approaches were used to save money on staff, improve response times, and improve command center operations.
Risk transference
“is the risk transfer to another region or an outside entity.”. Things like security services come to mind while discussing risk transfer methods. It was possible to outsource software development and IT support (SecurityOrb, 2014). I worked with a third party to be more advantageous in the building. When you outsource the development to a third party, you’re transferring the risk to them.
Proprietary and Contract Security
I looked at everything from security to receptionists to cleaning crews regarding in-house services. Contract security guards are less dependable and consistent than in-house security personnel. Employees and visitors alike appreciated having a guard on duty every day. However, to ensure that a complete and up-to-date program is in place, I entrusted the safety of our workers and physical assets to private security contractors.
Crisis Management Teams
They coordinated all activities with the building and FBI personnel. They were centered in the control center to perform regular internal assessments or comparative benchmarking of their crisis management methods to gauge their effectiveness against terrorist attacks.
Overt and Covert Security
They monitor the building’s tenants for unusual activities and conduct covert surveillance to prevent theft
Risk mitigation
I made it difficult for an attacker to exploit the vulnerability. Risk mitigation expects something will happen, not if, but when. If something goes wrong, rules and processes must be developed. Disaster recovery and business continuity planning are examples of risk mitigation strategies (BCPs).
Private Security Systems Convergence
All corporate subsystems, such as electronic video surveillance (EVS), time and attendance (T&A), or intrusion detection (ID), were consolidated into one repository so that all data could be seen at once. Convergence refers to merging several systems, such as IT, physical security, access control, electronic surveillance, building management, human resource management, and fire safety. One approach will be built from the building’s front door to each employee’s workstation to monitor access and other functions. One of the essential advantages of networking is using human resources remotely.
Risk acceptance
I was willing to take the risk by understanding the repercussions since it is impossible to eliminate the danger. The initial step in this procedure is to determine the threat level of the data. It helped me weigh the possibility of an attack versus the vulnerability’s likelihood of being exploited. I decided on Risk acceptance by examining the controls and ensuring that risk acceptance is justified.
Electronic Video Surveillance
It is possible to capture and playback video footage at scheduled intervals by security staff or a combination of the two. The reduction of crime and disturbance, improving public safety, and providing evidence to law enforcement agencies are all objectives of electronic video surveillance.
Alarm Systems
Sensors like motion detectors were put at the building perimeter, entrance and exit doors, building windows, and other entry points to detect locomotion or intrusion. They used telephone lines to send a silent warning signal to a central monitoring center
Armed or Unarmed Guards
In a terrorist assault, armed security personnel served as a deterrence. I tried to combat guards’ turnover (losing employees through retirement and termination) to have a protected environment for the employees
Biometric Access Control Systems
The first biometric identification method used was fingerprinting. Looking at someone’s face or iris, studying their retina, assessing their hand geometry, or analyzing their facial thermogram can all be used to identify them. The most precise method is iris scanning. Facial features can be mapped and saved in databases or on a microchip inserted in the paper using cameras and computers. The strategy fails because the group of suspected terrorists and criminals lacks near-perfect illumination and fascinating topics.
Conclusion
It is necessary to identify specific risks or vulnerabilities, research and investigate them, optimize risk management choices, and routinely assess security programs to ensure a successful risk management plan. Risk management is a never-ending endeavor. A company undertakes further risk evaluations and security surveys regularly to analyze and improve security and operations and deal with any new difficulties that may occur.
References
Asisonline. (n.d.). A Brief Guide to ESRM Implementation. Www.asisonline.org. Retrieved May 7, 2022, from https://www.asisonline.org/security-management-magazine/articles/2019/11/a-brief-guide-to-esrm-implementation/
Aus. (n.d.). What Executive Protection Professionals Need to Know about Enterprise Security Risk Management (ESRM) | Allied Universal. Www.aus.com. Retrieved May 7, 2022, from https://www.aus.com/blog/what-executive-protection-professionals-need-know-about-enterprise-security-risk-management
City Security. (2020, October 28). Enterprise Security Risk Management. City Security Magazine. https://citysecuritymagazine.com/editors-choice/enterprise-security-risk-management/
security magazine. (n.d.). What is Enterprise Security Risk Management (ESRM), and How Can Your Organization Benefit From Taking This Approach? Www.securitymagazine.com. https://www.securitymagazine.com/articles/91788-what-is-enterprise-security-risk-management-esrm-and-how-can-your-organization-benefit-from-taking-this-approach
SecurityOrb. (2014, December 20). The Four Basic Strategies to Controlling Risks. SecurityOrb.com. https://securityorb.com/general-security/four-basic-strategies-controlling-risks/
write