Tweet
Can anybody here share the Security Risk Contol Measures employed at your respective sites.
-
-
Probably not without getting fired. After working more than 35 years ago for a government installation I still couldn't disclose security measures.Retail Security Consultant / Expert Witness
Co-Author - Effective Security Management 6th Edition
Contributor to Retail Crime, Security and Loss Prevention: An Encyclopedic Reference -
Ok fair enough. Lets hear if its ok for others to make a contibution here. Otherwise I will provide you with some general risk contol measures later and move on from there.Originally posted by Curtis Baillie View PostComment
-
I guess all will get fired if they disclose Security Risk Control Measures in a forum. Ok I will provide you guys with my two cents worth.
Basically Security Risk Control Measures can be categorized into Physical, Personnel and Information Security. I hav a problem tabulating. So I will break it up.
PHYSICAL SECURITY
Perimeter Fencing
CCTV Camera
Biometric Devices
Locks
Security Zoning
Lighting Equipment
Smart Cards
Intrusion Detectors
Tempered Glass
Fire Alarm System
Key Control Syatem
Communication System
PERSONNEL SECURITY
Visitor Pass
Contractor Pass
Employee ID
Pre-employment checks
Security Zoning
National Security Vetting - example crimnal records
Face to Face Interviews
Personalty Questionnaires
INFORMATION SECURITY
Data Backup
SOPs
Investment in Information Security Management System
Proactive Auditing and Monitoring
Training and Education
Emergency and Evacuation Procedure
Feel free to add to the above list.Comment
-
Your question was, "Can anybody here share the Security Risk Contol Measures employed at your respective sites" - thus my response, "Probably not without getting fired."
So all you did is post areas that can be looked at as security control measures. So, are these measures you posted at your site?Retail Security Consultant / Expert Witness
Co-Author - Effective Security Management 6th Edition
Contributor to Retail Crime, Security and Loss Prevention: An Encyclopedic ReferenceComment
-
These are generic and most of which are at my site and many other sites. I think the measures will vary according to the nature of the sites and if the budgets permit.Originally posted by Curtis Baillie View PostComment
-
A few items notably missing from your list:- Guards
- Intelligence and analysis
- "Blue light" call boxes
- 1-800 reporting number for employees (usually anonymous)
- Opsec measures (numerous)
- Professional networking/relationships (police, other security professionals)
- Executive protection
- Asset tracking (GPS, RFID, etc.)
- Asset marking/tagging
- Inventory control measures (numerous)
- Document security measures (numerous)
- Intrusion detection system (infosec)
- "Security culture"
Risk is also controlled/managed by means other than mitigation - transference, avoidance (also called "elimination"), dispersion, sharing and acceptance.
You mention problems tabulating. Use the tools circled below when posting if you want to create numbered, bulleted or indented lists (like the one above).Attached FilesLast edited by SecTrainer; 11-02-2011, 04:59 PM."Every betrayal begins with trust." - Brian Jacques
"I can't predict the future, but I know that it'll be very weird." - Anonymous
"There is nothing new under the sun." - Ecclesiastes 1:9
"History, with all its volumes vast, hath but one page." - Lord ByronComment
-
Speaking for myself: absolutely not.Originally posted by kelvin View Post"I'll defend with my life your right to disagree with me" - anonymousComment
-
In general, which is as specific as I can get into, I check up... on everything: all measures, all assigned tasks, and all systems. In turn, my reporting point/boss (I leapfrog local management and report directly to the corporate CEO) checks up on my work.Originally posted by kelvin View Post
To achieve accountability (verify effectiveness and performance of either measures or people), someone's gotta be looking.
The B-side of this system is that I've empowered certain members of my team to check up on me as well, in certain areas, which has paid off several times in the past. No one's perfect; I'd much prefer to give my team members kudos for catching me slipping up, than to have the CEO contact me with a "Have you done the _____________ lately?" query. And I believe in leading by example: if I'm expecting them to accept my checking and critiqueing their every little task, my humble acceptance and ready praise for their catching me in a sin of omission is a dandy motivator; cheap, easy and immediate, and it builds trust within the team.Last edited by 5423; 11-03-2011, 02:38 PM."I'll defend with my life your right to disagree with me" - anonymousComment
-
I like to add a few more points:Originally posted by 5423 View Post
Feedback forms can give some idea of the effectiveness and performance.
Getting a third party source to conduct a documented survey.
A suggestion box where people can write in and express their views.
Data on insurance claims is another source.
Number of Incident Reports is also a barometer.
Regular audit to check on deviations (as you mentioned).Comment
-
Security Risk control Measures
Risk management is a process of thinking systematically about all possible risks, problems or disasters before they happen and setting up procedures that will avoid the risk, minimize its impact, or cope with its impact.Comment
Comment