StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Security Planning and Risk Assessment - Essay Example

Cite this document
Summary
The writer of the essay "Security Planning and Risk Assessment" seeks to address the issue of misuse of organizational resource for the sake of secure management. Therefore, the essay would justify the importance of risk management within organizations…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER96.9% of users find it useful
Security Planning and Risk Assessment
Read Text Preview

Extract of sample "Security Planning and Risk Assessment"

Security Planning and Assessment One of the most important, and often overlooked, aspects of security assessment and planning is the human impact that employees and other casual contacts have on the security of an organization. Security threats are often thought of as external, physical threats such as robbery or terrorism, but major organizational losses stem from the "misuse of equipment and facilities, careless handling of raw materials and finished goods, sloppy documentation and poor inventory controls" (ASIS International, 2008, p.2-III-1). The human element is significant for two major reasons. First, the employees are typically responsible for regular loss within an organization and should be the first line of defense against such incidents. And second, the workforce is the most valuable source of intelligence that a manager has concerning threats, vulnerabilities, and alternative security measures. Adequate employee awareness and training are some of the most vital components of risk assessment and planning. Failing to include employee training in risk planning leaves one of the manager's most valuable resources unused. Employees have the best and most current knowledge of security vulnerabilities. Employees will often accept these vulnerabilities as being someone else's job, or fail to recognize their importance. Making employees aware of the problem, and their individual responsibility, can often disclose security risks that might be otherwise overlooked. In addition, they may be a significant source of intelligence concerning an impending, or ongoing, threat. Good employee awareness and communication are the first steps in designing and implementing a risk reduction program within an organization. 2.) The roles that the government and private-sector play in the protection of private-sector critical infrastructure facilities is usually determined by two factors; budgetary concerns, and expertise. Currently the federal government plays a significant part during the mitigation phase to train and organize security for these concerns. This is appropriate, as it insures that executives and managers have the latest information concerning research and threats that are constantly changing. This also gives the public a reassurance that the security of these high value assets is coordinated on the federal level. While the government brings considerable expertise to the scenario, the private concern is expected to assume the budgetary requirements. In a free market economy the private corporation is generally responsible for the immediate security of their assets. This includes physical security and access control. However, the protection of some assets that are critical to the economy, or health and safety, is in the interest of all citizens. The nature of the threat may demand a level of security that is not economically practical for a private business. According to Ortmeier (2008), "Industry standards indicate that the protection cost should be less than 2 percent of the value of the asset to be protected" (p.186). When the cost of security becomes excessive, it is not unreasonable to expect the taxpayer to bear a portion of the cost. Examples would be federal marshals on selected airline flights, or securing material that has a high value to a terrorist for use in explosives. The government should also pass and enforce legislation that mandates security and inspection at critical facilities. The programs that the DEA and EPA currently have that require securing, monitoring, and accounting for drugs and toxic chemicals could be expanded to include other assets. 3.) It is a significant challenge to build employee morale and professionalism in a security organization that has historically suffered from low wages and budget constraints. Maslow's need hierarchy continuum indicates that self-actualization is a higher priority to the individual than wages or a promotion. Self-actualization is achieved when "one's desires for personal growth, self-fulfillment, and reaching one's full potential are realized" (Ortmeier, 2008, p.133). This forms the basis of professionalism that increases an employee's self-esteem and meets their "desire for self-respect, personal; achievement, and recognition from others" (Ortmeier, 2008, p.133). Building professionalism within the group adds uniqueness to the group and gives the individual members a feeling of belonging - a sense of camaraderie. In the absence of higher wages and more money, there are several other methods that can be used to enhance professionalism. Above all, the manager needs to reflect an image of professionalism and leadership. Titles can convey a sense of prestige and can be given to employees to fulfill their need for status, as well as giving them something to strive for. Personal recognition, especially in a public forum, can also boost morale. This can be as simple as recognizing an employee for perfect attendance, or honoring employees for their length of service. Additional training can also give the employee a greater sense of value to the company. This adds to their professional level as well as giving them a validated set of goals and expectations. This can be incorporated as part of a career path development program, which gives the employee a sense of planning their future with the company. These activities can help to develop better morale within an organization, as well as improving productivity and increasing retention rates. 4.1) According to the case study, Jones was hired during a labor shortage and was hired based on his technical expertise. Though the case study was not specific about Jones' problems, in all likelihood adequate pre-screening would have indicated a problem. Psychological tests are available that could have uncovered emotional instability or mental health issues, while Jones' arrest records are open to the public and "criminal history checks are imperative" (Ortmeier, 2008, p.122-123). In addition, a credit check may have also uncovered a pattern of irresponsibility. These checks could have supplemented a thorough check with Jones' previous employers. However, as the study indicates, Jones was not who his credentials indicated, and this would have been discovered with a more complete pre-screening process. 4.2) In retrospect, it is easy to conclude that Apollo exercised poor judgement when hiring Jones. This is indicated by two red flags. First, the company was in a hurry to fill the position and based their judgement solely on Jones' technical ability. If an employee is hired hastily, more people should be involved in the decision, which could have mediated the emotional component that led to the poor judgement. Second, Jones had a history of work experiences that lasted less than one year. Apollo had a responsibility to protect not only their own assets, but also the safety of the other employees. According to Ortmeier (2008), "failure to complete a diligent inquiry into the suitability of persons employed may constitute negligent hiring" (p.126). Apollo certainly falls into the category of failing to complete a thorough investigation into Jones' aptitude and background. 4.3) The first, and most important, action that Apollo should take in regards to Jones is to involve law enforcement. The threats and ongoing danger are a legal matter that needs to be pursued by the legal system. Apollo should address the problem by meeting with the employees, stressing the seriousness of the situation, informing them of the potential for a threat, and educating them in regards to the appropriate response. Employees should know how to report an incident involving Jones, as well as be given phone numbers to call in the case of a crisis (United States Office of Personnel Management, 1998, p.19). Apollo and its employees should keep records of all contact with Jones and give them to law enforcement. It is critical that Apollo handles each incident on a personal level with the employee to assure them that the incident is being followed up on (United States Office of Personnel Management, 1998, p.11). Employees may be reluctant to report an incident if they feel like nothing will be done. 4.4) Workplace violence prevention is primarily the responsibility of the private employer. Police can react to the incident, but the employer needs a prevention plan to reduce the risk of the threat. As we see in this case study, adequate pre-screening is critical. In addition there should be a plan to prevent violence, inappropriate, or other criminal behavior in the workplace. According to the FBI, "Employers have a legal and ethical obligation to promote a work environment free from threats and violence" (Rugala and Isaacs, n.d., p.15). While it is important to work closely with local law enforcement agencies, the primary responsibility for prevention lies with the employer. References ASIS International. (2008). Protection of assets manual. Alexandria, VA: Author. Ortmeier, P. J. (2008). Introduction to security: Operations and management (3rd ed.). Upper Saddle River, NJ: Prentice Hall. Rugala, E. A., & Isaacs, A. R. (Eds.). (n.d.). Workplace violence: Issues in response. Quantico, VA: FBI Critical Incident Response Group. United States Office of Personnel Management. (1998). Dealing with workplace violence: A guide for agency planners. Washington, DC: Office of Workforce Relations. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Security Planning and Risk Assessment Essay Example | Topics and Well Written Essays - 1250 words”, n.d.)
Security Planning and Risk Assessment Essay Example | Topics and Well Written Essays - 1250 words. Retrieved from https://studentshare.org/management/1505408-security-planning-and-assessment-essay
(Security Planning and Risk Assessment Essay Example | Topics and Well Written Essays - 1250 Words)
Security Planning and Risk Assessment Essay Example | Topics and Well Written Essays - 1250 Words. https://studentshare.org/management/1505408-security-planning-and-assessment-essay.
“Security Planning and Risk Assessment Essay Example | Topics and Well Written Essays - 1250 Words”, n.d. https://studentshare.org/management/1505408-security-planning-and-assessment-essay.
  • Cited: 0 times

CHECK THESE SAMPLES OF Security Planning and Risk Assessment

Information Security Risk Assessment Framework

Computer Sciences and Information Technology Annotated Bibliography Topic: Information Security risk assessment Framework and Metrics in the South Australia Real Estate Sector.... Supervisor: Information Security risk assessment Framework and Metrics in the South Australia Real Estate Sector Australian Prudential Regulation Authority (2010) Prudential Practice Guide: PPG 234- Management of security risk in information and information technology.... An efficient network security is related to a well structured risk assessment....
15 Pages (3750 words) Annotated Bibliography

Security Planning

good first step for prevention in all workplaces consists of a general assessment designed to evaluate the presence of any specific risks of violence, both from within and outside the organization.... Such an assessment will help the organization to fully understand the particular safety and security needs of the workplace - information that will help shape its prevention efforts.... The taxicab industry has the highest risk, nearly 60 times the national average for potential workplace violence....
14 Pages (3500 words) Assignment

Information Security Issues

hellip; As the technology enhanced it brought in some technological issues such as Information Security risk.... The security Risks involved with the various information systems need to be addressed in order to better the performance of the organization in the dynamic global market.... The management of Information security Risks and to implement various methodologies to mitigate the security risks is a growing challenge in the filed of Information technology....
11 Pages (2750 words) Essay

Security Risk Assessment in SCD

The paper "Security risk assessment in SCD" gives advice on how to protect the confidentiality of personal and company data stored on the laptops.... hellip; Implementing an IT security risk assessment is absolutely critical to the overall security posture of any organization.... An effective security risk assessment can prevent breaches, reduce impact created by the realized breaches, and keep the company's name from appearing in the spotlight for all the wrong reasons....
6 Pages (1500 words) Case Study

Risk Assessment

The risk assessment undertaken will help in the assessment of all the participants.... hellip; The management of Hewlett-Packard undertook this risk assessment to meet the requirement of risk management ISO 27005 in order to perform an extensive assessment of the system.... The participants involved in the risk assessment include: Jack Philips, Hewlett-Packard chief IT officer who reviewed the safety of the entire report after completion....
30 Pages (7500 words) Essay

Discussion Topic -Forum for Current Events

n as far as Security Planning and Risk Assessment are concerned, it can be noted that the US Justice Department erred by creating a fake Facebook account thought they had a noble intention for doing that.... In order to avoid the scenario highlighted above, it is important to carryout risk assessment of the course of action likely to be taken in order to avoid complications with regards to security breach.... In such a case, it is imperative for the responsible authorities to properly plan their strategies they would use in carrying out investigations relating to this case without posing a security risk to the third party involved....
1 Pages (250 words) Article

Security Plan: Mecklenburg County Courthouse

Such an assessment will entail a one on one assessment of all the units inside the building and determine the source of the threats.... For instance, the external risk factor, high occurrence areas as well as grievous risk areas will get the first priority in making the security plan.... he Security Coordinator at Mecklenburg County Courthouse will first analyze the security condition of the entire building and identify high-risk areas of the building....
6 Pages (1500 words) Research Paper

Security Threat Assessment

12 Pages (3000 words) Essay
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us