Risk and Security LLC

Risk Assessments, Training and More

This content shows Simple View

February 2013

Prev Month( 1th ) Next Month( 3th )

Will the Risk of the Sequester Affect Security Budgets in 2013?

Posted on February 26, 2013 9:59 am by Caroline Ramsey-Hamilton Comment

Every time the TV is on, every anchor is crying about the dreaded Sequester.

Will it have an impact on security budgets?  I have seen security budgets, especially for the facilities security departments, swing from almost unlimited budgets after 2001, to bare bones in 2009 and 2010, and thought they were trending back up for 2013.

Now, with the uncertainty about what a Sequester  actually is, (please note my use of the capital “S”), how will it affect our security departments?

Obviously, the most obvious casualty are the government contractors who’s contracts may be arbitrarily cut, and civilian managers of federal programs will see lost days and furloughs.

The trickle-down effect will probably extend to state, county and municipal governments, too.   So that means it’s even more important to start budgeting new security controls so that the most important get the funding!

One of the themes we go over in our webinar programs is how important it is to create a COST JUSTIFICATION and Return on Investment information so that you can create a business case for every control you need to improve security.

And one more thought on the Sequester – we often see an increase in crime, white collar crime and fraud when things are unsettled and people aren’t sure what’s going to happen next.

Maybe it’s a good time to do another risk assessment?  Maybe the Sequester is the next new Threat!

 

 



What Churches Need to Know About Security Risk Assessment!

Posted on February 23, 2013 11:39 am by Caroline Ramsey-Hamilton Comment

the problems that churches face has changed since the 1950s.  Churches were considered “safe”, but the Sikh temple shootings in Wisconsin, shootings in Colorado Springs Churches, and the burning of black churches, have changed the security posture of churches.

Take a look at violence in churches today.  In 2008, the FBI recorded 23,547 crimes attributed to location code for “Church/ Synagogue/Temple”.  Deaths from church attacks rose 36% in 2012 according to the January 30, 2013 edition of Christianity Today.  Guns were used in nearly 60 percent of all “deadly force incidents” at churches since 1999 according to Carl Chinn who has been tracking these incidents.

Arson incidents are so widespread that the Dept. of Justice has a National Church Arson Task Force, and “Arson at churches has been a problem for a long time,” said Patrick Moreland, an executive with the Wisconsin-based Church Mutual Insurance Co., which insures 63,000 houses of worship.

No church leader, or church member wants their place of worship to become a crime scene, as the country watches it unfold on CNN.  And there’s a pro-active way to analyze a church’s security profile

And determine:

  • How Likely the Church is to have a Violence Incident
  • What Other Churches in the area are experiencing
  • What the Threat Level is in your Geographic Area
  • Exactly What Controls You Need to Add to Stay Safe

A Security Risk Assessment is a quick, easy to use model that can take streams of data and information and use these actual events to produce a simple report that can track the threat levels, and match these to potential and existing controls to see how existing controls can be implemented, what new controls need to be added, and how to do it all in a cost-effective way.

One of the key points of a security risk assessment is that it measures solutions in terms of COST-EFFECTIVENESS.  No one wants to over-spend on something and not have enough money left for a critical security element.

Out in the field, we often find that controls are not effectively implemented, or they are not 100% implemented, and if there’s even a 10% gap, it’s just like the control never existed at all.

And you don’t need to be an expert to perform a security risk assessment on your church, school, temple or summer camp.  There are new automated software applications, like Church Facilities Risk-Pro, similar to the app on your iphone, that will do the assessment for you, showing you the data you need, and even writing and formatting the reports for you.

The Control Reports become a blueprint for improving security and can become part of a 3-year plan that will protect the physical facility, the congregation, and the entire community.



A New Threat Appears – Meteor Strikes

Posted on February 17, 2013 10:35 am by Caroline Ramsey-Hamilton Comment

After the meteor showers over Siberia this week, Russia put together a

Financial analysis of the damage from the meteors:

1200 injured by flying glass

             $33,000,000 in damage

4,000 building damaged

50 Acres of windows shattered

In the last twenty-five years, as the rate of climate change has increase, we have occasionally added new threats like Tsunami and ash pollution.

Now meteor showers have actually come to cause damage to companies so they are another factor to be included in risk assessments.

In evaluating threats for a risk assessment, many in the northeast would always tell me, “take out earthquakes”, we don’t have earthquakes in Virginia, Maryland, and Ohio. That changed in 2011 when the Mineral, Virginia earthquake hit during a mid-week business day.

RICHMOND, VA (WWBT) – Aug. 24, 2011. 

There was an earthquake in Central Virginia that measured 5.8 on the Richter scale centered about 5 miles south of Mineral in Louisa, depth 3.7 miles at about 1:51 p.m. The quake was centered at 38°N, 78°W.

The U.S. Geological Survey said the earthquake was centered about 38 miles northwest of Richmond, Va., about 84 miles southwest of Washington, D.C., and was felt as far north as Rhode Island and New York City. See a map of the quake from Chuck Bailey, professor of geology at the College of William and Mary.

Hospitals, government offices, dams and power generating plants,  including nuclear plants, were forced to suddenly reevaluate the long held idea that earthquakes just didn’t happen in the NorthEast.

The threat from meteor damage is the same idea.  It never happened before, but now it has happened again, if you count Tunguska as the first time.

Damage from meteor showers will now add a new category into the Threat index, even though this was the first event in my lifetime, if analyst factor in the previously known instances, such as the Tunguska Meteor Event, which did not occur thousands of years ago, like the meteor event in the Yucatan peninsula that killed off the dinosaurs, but
Tunguska occurred in 1908!   Almost in this century.

Over the next month, we’ll be looking at each different threat every week.  Sign up for my blog or access by following me on twitter at www.twitter.com/riskalert.

 



Data-Driven Security: The Best Way to Improve Security for Anything, Anywhere

Posted on February 5, 2013 3:44 pm by Caroline Ramsey-Hamilton Comment

How can you improve your security program?  Are we talking about a seaport?  A church?  A manufacturing facility?  A gas pipeline?  An office building?  Corporate Headquarters?   Zoo?  Hospital?  Bank?  Clinic?  City Hall?  Harbor?  Stadium?  Government Agency?

It doesn’t matter what you need to protect — if you decide it is a critical asset, it needs good, continually improving security, and
an on-going assessment program is the fastest, easiest way to get it.

If wonderful, dedicated you, (as the security pro), don’t know what’s working and what’s not, how can you improve the overall program, unless you wait for an “precipitating event”, like a THEFT, like an ASSAULT, like a FLOOD, or a HURRICANE, or a POWER LOSS, and then you immediately start working on that and making sure THAT particular disaster doesn’t happen again!
Meanwhile, everything else is slowly losing energy due to lack of constant attention.

And so let’s say you are the Super Bowl, and the power went out!  Terrible. Inexcusable.  And you’re busy getting a 2nd or 3rd backup generator to make sure THAT POWER LOSS never happens again.

This problem with this model – fixing what’s broken and ‘learning from experience’ is that it’s always a day late.  You’re always chasing after something that already happened.

Instead, you can  set up a program so that you use to continually evaluate the current condition, assess the risk, and then improve the security controls, based on THAT RISK ASSESSMENT.

Tony Robbins used to call it CANI

  • Constant And Never-ending Improvement.  You can accomplish this by setting up regular assessments and then adjusting or tweeking the security controls to adjust to the new, or more aggressive threats.
    “Regular” assessments can be monthly, quarterly, semi-annually, annually, bi-annually, whatever schedule suits you and the organization.   The idea is that by continually reassessing your last improvement,and changing the threats and risk level,
    you can create a dynamic, data-driven security program that improves the security profile dramatically, without having to
    suffer through another triggering event!
    The concept of CANI – Constant And Never-ending Improvement can breathe life into your security program, you can use it to improve your health, your fitness level, your guitar playing, your _______________________.
    You fill in the rest!

 

 




top

Prev Month( 1th ) Next Month( 3th )