Risk Mitigation Measures

risk towards north indicated by compass

Risk mitigation measures can be classified as controls that are physical, technical, procedural, or compliance based. A physical control would be a fence, lock, or barrier.  A technical control might be alarms, cameras, or IT firewall software.  Procedural controls could be incident response processes or visitor access procedures. A compliance control could include having adequate insurance coverage or providing staff training.  Typically, an organization will use multiple controls in unison to create an in depth defense to thwart potential security risks.  These controls are designed to work proactively to deter potential man-made threats.  For example, a well-lit facility with prominent security patrols is often a deterrence to criminals who will look for an easier target.   The following is a simple list of potential risk mitigation measures:

  • —  Physical security (barriers, locks, fencing)
  • —  Electronic security systems (alarms, cameras, access control systems, IT security)
  • —  Visitor procedure (sign in sheet, badge requirement, escort policy)
  • —  Security officers (actively patrolling the facility)
  • —  Security officer training (CPO accredited)
  • —  Security procedures checklist (reviewed every shift)
  • —  Employee training and awareness (first aid, security policies)
  • —  Insurance
  • —  Business continuity and crisis preparedness plan
  • —  Training with local law enforcement and emergency responders
  • —  Corporate emergency response team (CERT)
  • —  Secure parking facility
  • —  Crisis communications plan
  • —  Proper facility maintenance
  • —  Incident response process

Once an organization has identified vulnerabilities to their security program, the necessary risk mitigation measures will be put in place to create multiple layers of security. These integrated security controls are designed to counteract, avoid, or minimize risks to the organization.

Posted in Physical Security, Security at July 16th, 2013. .

Risk Matrix


When developing a risk assessment, a simple way to evaluate risk is to visualize the various risk levels by creating a risk matrix.  A risk matrix is a graphical representation categorizing risk as negligible, low, moderate, or high — based on the criteria of consequences and likelihood of occurrence.  The more likely a risk is to occur, the higher the ranking.  Additionally, the greater the consequences on business operations, the higher the risk will rank.  The risk matrix will have anywhere from four to sixteen boxes depending on the ranking scale.  The result will be a prioritizing of risk, based on quantitative measures.  A risk matrix can also be color coded to add additional emphasis to certain levels of risk within the ranking.

A risk matrix can be easily created using a spreadsheet software program.  For each risk that is being evaluated, a detailed description of the risk is necessary.  Then, a careful discussion with your risk management team is necessary to rank the risk within the matrix.  Some organizations may want to include a monetary value from the financial impact of a risk. This will be included in the risk description and used to better quantify the consequences of the risk.

One critical issue when developing a risk matrix is the discussion of organizational tolerance for certain levels of risk.  Without this discussion, the risk matrix may indicate tolerability much different than what the organization as a whole desires.  This is where a good risk management team is crucial to discuss these issues in depth.  Having outside consultants or industry experts included in these discussions is a good idea to evaluate risk from multiple angles.

riskmatrix    Risk Matrix


Posted in Physical Security, Security at July 16th, 2013. .

Vulnerability Checklist

venn diagram defenition of risk

A vulnerability check list provides a simple process for evaluating the strengths and weaknesses of an organization’s security program.  The check list walks the user through the building and site, as well as evaluates the existence of certain policies and procedures.  Each item on the checklist will require documentation to determine where vulnerabilities exist.  For example, if an evaluation of the site lighting reveals burned out bulbs, then a note regarding this vulnerability should be documented.  The vulnerability check list must be evaluated in context of a larger risk and threat assessment conducted by the risk management team.  The types of threats facing an organization and the level of risk for each threat will determine how vulnerable a structure is.  If there have been numerous assaults in the local area, then a burned out street lamp is more problematic.  The following is an example of a vulnerability checklist:

  • Site Perimeter
    • Fencing
    • Lighting (site perimeter)
    • Parking
    • Traffic flow
    • Landscaping
    • Unoccupied structures
    • Camera system (site perimeter)
  • Building Perimeter
    • Lighting
    • Architectural design/Envelope
    • Windows
    • Exterior doors
    • Landscaping
    • Utilities
    • Roof
  • Building Interior
    • Interior Doors
    • Interior Lighting
    • Utility Systems (plumbing, gas, water)
    • Mechanical Systems
    • Electrical Systems
    • Access Control
    • Camera System
    • Alarm System
    • Communications/IT Systems
  • Miscellaneous Information
    • Visitors policy
    • Cash handling
    • Key control
    • Security guards
    • Security education
    • Security Policy/Procedures

A more detailed building vulnerability check list can be found in “Primer for Design Safe Schools Projects in Case of Terrorist Attacks” (FEMA 428) from the Federal Emergency Management Agency (FEMA) website.


Posted in Physical Security, Security, Uncategorized at July 16th, 2013. .

Security Patrol Communications

Security Patrol Communications

Security Patrol CommunicationsHow do your roving security patrols communicate with your security base? What about retail loss prevention specialists or your special event security officers? Do your security professionals have a fallback plan? And, importantly, has the fallback plan been tested?

Training in Action

Recently in New York City, a man fell onto the tracks in an underground station. A transit worker, Danny Hay, recognized the seriousness of the situation. Danny attempted to contact the control center — both via radio and through the person in the stations booth.

Meanwhile, two subway patrons went onto the track to assist the fallen man. Upon his return, Danny saw the three people on the track. He knew the third rail was still electrified. He could feel the rush of air from an approaching train.

What was Danny’s last line of communications? He used a flashlight to warn the oncoming train. The full story is in this article of why training is so important over at Urgent Communications.

Communications in the Security Training Plan

In today’s connected world, it is easy to become complacent using a radio for communications and using a cell phone in case there is a problem with the radio. When a real-world incident occurs, it is not uncommon that emergency communications networks become overloaded. When reviewing the security emergency communications plan, include the ‘worst-case’ scenario.

The security plan may be a fine looking document, but exercising the plan is critical to find ‘assumptions’ that should be factored into the projected operating environment. In the above scenario, it may have been reasonable for the transit system to rely upon radios. Surely they purchased more radios than they expected to field at once. The transit system probably has more batteries than radios. None of that helped Ray; he went directly to the backup man in the booth. Certainly the man in the booth talks with the central station many times during a shift; most likely the man in the booth has the central station’s land-line number on a yellow sticky. Again, no help to Ray.

Fortunately Ray’s training kicked in, and he reverted to hand signals, which have been in use since the times when ‘trains’ were powered by horses and mules.

Online Security Training

High Impact Training Solutions offers many online courses supporting physical security protection, retail loss prevention  and public events security. Courses are available individually to security professionals or as part of a customized online training library.

High Impact Training Solutions (HITS) Institute Launches Español for Law Enforcement

HITS now offers the popular online course within a secure, propriety learning management system with robust tracking features.

Female Police Officer

“The accurate gathering of information in emergency situations is so critical in those situations where time is of the essence.”

High Impact Training Solutions, a division of Smart Horizons, announced today that public safety and emergency communications professionals can now access their required Español for Law Enforcement courses from within the NexPort Campus learning management system. Training supervisors report that the added tracking and audit capabilities within NexPort address risk management concerns.

The secure, proprietary NexPort Campus learning management system allows program administrators, directors, or training coordinators to track and report on student progress in real time. The next generation online learning and knowledge management platform also provides fully integrated synchronous learning using the NexMeeting online conferencing system that includes integrated telephone and computer-based audio, slide presentations, chat, white boards, and recording capability. Instructors and administrators are able to conduct web-based seminars and classes that are accessible to subscribers in even the most remote regions. NexPort Campus also supports interactive engagement within learning communities through the use of videos, wikis, blogs, collaborative web pages, and threaded discussions.

The Español for Law Enforcement courseware library provides a general understanding of common Spanish language phrases to aid in daily duties. It allows learners to see and hear key Spanish words and phrases. Students can choose the entire package of language training or select individual modules on subjects such as field interviews, law enforcement procedures, or basic Spanish language training.

“The Field Interviews courses are particularly helpful to law enforcement personnel who work in dispatch situations,” said Mark Tibbert, Director of High Impact Training Solutions. “The accurate gathering of information in emergency situations is so critical in those situations where time is of the essence.”

There are eight Field Interview courses offered. They provide instruction for interview situations that law enforcement professionals encounter on a regular basis: Felony Interview, Motor Vehicle Accident, Burglary, Cross Complaint, Missing Child, Protective Order, Noise Complaint, and Violent Spouse.

Posted in Press Releases, Security at April 30th, 2013. .

High-Value Asset Protection

Security professionals responsible for protecting high-value assets need to frequently re-evaluate their measures and procedures. Not only from an “actual versus planned security posture” standpoint, but also from a “how would I defeat our security posture?” mindset. Security processes and procedures that are not evolving are out of date — and are therefore targets for exploitation.

Although this article from CNN.com discusses a diamond theft in Belgium, it can serve as the basis for a case study to evaluate your own high-value assets.

High Impact Training Solutions offers many online courses supporting retail loss prevention and physical security protection. These courses are available individually to security professionals or as part of a customized online training library.

Posted in Physical Security, Retail Loss Prevention, Security at March 12th, 2013. .

Myths of Stairwell Reentry

Lori Greene (@LoriGreeneAHC) the manager of Codes & Resources for Ingersoll Rand Security Technologies, wrote an excellent article over at securityinfowatch.com (@SecInfoWatch) regarding stairwell reentry code requirements.

Before you jump to the article, test yourself first. For this assessment each statement is either a myth or not:

  • Only high-rise buildings are required to comply with stairwell reentry requirements.
  • The door to every x-th floor must be unlocked, but the doors to the rest of the floors can be locked.
  • A fail safe electric strike can be used on a stair door to provide reentry.
  • The stairwell reentry requirements state that stair doors must unlock automatically upon fire alarm.
  • Both sides of a stair door can be locked as long as the door unlocks upon fire alarm.
  • Stair discharge doors opening to the exterior must unlock automatically upon fire alarm to allow firefighter access to the stair.

Lori’s blog site contains a plethora of information regarding door, hardware, and code questions.

Posted in Access Control, Security at March 12th, 2013. .

Sensitive Document Disposal

Hurricane Irene aftermath

Image courtesy Hans Pennink/FEMA

If this was your house or business, would you want your important papers flying around the neighborhood?

Many security personnel are part of small businesses and it is particularly important for small businesses to have an up-to-date disaster preparedness and response plan. Federal Emergency Management Agency (FEMA) estimates that up to 40% of small businesses impacted by emergencies, such as fire or weather related disasters, do not re-open for business.

Part of any disaster plan includes insuring access to important documents such as banking and insurance information. FEMA’s READY campaign, in partnership with Operation HOPE, has created an Emergency Financial First Aide Kit (EFFAK) for individuals. The EFFAK assists  in collecting useful information. For a small business the EFFAK may act as a guide, for larger businesses FEMA also offers an Emergency Management Guide for Business & Industry.

Collecting the personal and business related information provides a good opportunity to look at how the information is stored and the age of the information. Old statements and documents that no longer need to be retained should be destroyed in a secure manner. Imminent Threat Solutions (ITS Tactical) outlines How to Securely Dispose of Sensitive Documents on their website. The article details secure disposal and provides very good information on different types of shredders.

Posted in Security at March 4th, 2013. .

Security Related Links

Security Guard Guide (CA): A summary of laws governing the security guard profession, in PDF format.

Posted in Links, Security at February 14th, 2013. .

Meeting and Conference Security

Is your company or organization planning an offsite meeting or conference?

Security departments should be involved in the event planning process from the very beginning; preferably before the event location is even selected.

This article from CIO.com outlines 10 steps to help you increase event security. Some considerations:

  • Access Control
  • Credentialing
  • Medical Capabilities
  • Parking
  • Proprietary Information Control
  • Recording Opportunities
  • Signage
  • Vehicle Access
  • Venue Site Knowledge
  • Venue Staff

Over at CSO Online, a slideshow is available.

Posted in Public Events, Security at February 14th, 2013. .
Smart Horizons The Smart Choice for Innovative Training Solutions
© 2011 Smart Horizons - All rights reserved. | Terms of Service | Privacy Policy