Threats and Risk Assessment for Solux Books Limited
Threat and Risk assessment in this organization is intended to give recommendations that will help in maximizing confidentiality, integrity as well as availability while at the same time giving rise to functionality as well as usability. In order for this company to be able to come up with these answers, it is prudent that this company performs a threat and risk assessment. Failure to do this for our company will open us to circumstances that are likely to destroy our conduct of business.
This threat and risk assessment is intended to uncover what internal and external factors affecting the performance of this organization. The assessment will explore both the negative and positive factors that have a bearing on the performance of this organization. It will make the organization become more aware of the assets in their possession.
Determining our assets
The assets in our possession include financial records, servers, computers, cables, Backup devices. We also have human assets which include our administrators, our IT staff, and technical servers and so on. These assets are likely to be destroyed by fire, theft, equipment failure
This is an assessment of how a threat to a particular asset of the company is likely to have an impact on the performance of the company. There are certain assets of the company which if affected could paralyze the operation of the company. Likewise, there are certain assets which if affected will not interfere with the operation of the company.
My company will suffer a very big disruption as well as financial loss if our financial records, computers and staff are lost. Moreover, without financial list documents we are likely to open up for legal suits with our creditors and debtors in case of a misunderstanding concerning a certain aspect of finances. Moreover loss or destruction of the company’s software is likely to paralyze the operation of the company.
An attack on our employee records will make us suffer a minor disruption as well as financial loss. We will still be able to meet our objective albeit with slight difficulties. It is only used in storing employees’ data, profile and progress. So without it we will still be in a position to meet our target as they can always be asked to furnish fresh information.
There is no asset in this organization whose loss could not deal a blow to the organization albeit small. Even if we lost a member of the staff, we could experience some disruptions before we find the replacement. No asset that is in possession of the company that does not add value to the existence and functioning of the company.
Probability of the risk occurring
The risks that are bound to occur include theft, fire, and vandalism as well as Technological hazards. There is low likelihood of theft occurring as the area where the company stands is well secured and more so, the building is under 24 hour CCTV surveillance. The risks that are most likely to occur are technological hazards as well as fire.
How security officials determine threats and risks
Security officials can be used to provide information that can be used in risk assessment. That information will help owners of business ventures or any organizations in risk assessment and planning (Groves, 2001).
In natural areas
Security officials can provide statistics on number of times a natural calamity has occurred in certain areas. This information is vital as it helps one in determining what natural calamities amount to a risk in any business venture. Natural hazards could include floods, hurricane as well as earthquake. These risks are however put into consideration if the business stands out in a area where these calamities are bound to occur. You cannot conduct a risk assessment on occurrence of hurricane in an area that is not at the coast.
In manmade areas
Police and security departments van give statistics on the frequency of occurrence of crimes in a certain locality. These crimes include theft, vandalism as well as political situations. The police could also give statistics on whether fire usually occurs within that locality. These are the biggest threat that exist that pose risks and threats to a business. This is because most of the time it is not easy to identify the culprits as well as what really transpired in the occurrence of the risk (Groves, 2001).
Technological hazards are dangers that are caused by the technology that has been used to prepare equipment. These are usually shortcomings that happen to an equipment during its performance. Security forces could be used to determine the number of times that a risk or danger has been caused due to the use of certain equipment in the course of business.
Strengths and weaknesses of the security system
Use of security system in determining risk has both advantages and disadvantages. The advantages of using the security system are that it provides one with first hand information concerning a risk that might exist in a certain locality. This is because the security system is usually involved in the investigation and management of a risk when it occurred. Moreover the police can give one advice on the safeguards that can be put in place to prevent occurrence of a certain risk in an organization as they are aware of what cause some risks especially the manmade risks.
There are certain disadvantages that are involved when one relies on the security information in assessment of risks. To start with, the security system is not in a position to access all information from previous organizations especially on internal factors in an organization that contributed to the loss occurring. The security system is only capable of assessing information on the external factors that have contributed to losses in an organization. Reliance on this information only may not give one a true picture of the actual threats that are likely to face an organization. This information from the security system can only be used to supplement other available information on the threats and risks that the organization is likely to encounter.
Secondly, in the course of their investigations, they could have arrived at the wrong conclusion about the existence of a certain risk. They could have been given wrong information by the owners of an enterprise which they rely on to make a conclusion on the existence of certain types of risk which could eventually turn out not to be true. This therefore means that at times, they could give wrong information about the existence of a certain type of risk.
Concerning the technological hazards, the security system cannot be in a position to gain access to that kind of information and at times even if they are in possession of that information, they are reluctant to share it especially where they have colluded with the manufacturers’ of certain equipment so as not to spoil the manufacturers name (Karim, 2007).
General types of threats
General types of threats are of the kinds that are bound to occur in any business organization regardless of the nature of business it is engaged in. General types of threat that exist to this type of business include, political uprising, theft, vandalism as well as fire. Others include technological hazards that are mostly associated with the breakdown of the equipment (coxxi& Ricci, 1990).
Specific types of threats
Specific threats are basically threats that are associated with a particular kind of business that one is engaged in. They are specific to a certain business. In this kind of organization where we are engaging in provision of books in the library, such risks include tearing of books, misplacement of books as well as plucking of pages from the books (Landoll, 2006).
Landoll, D. J. (2006).The security risk assessment handbook: a complete guide for performing security risk assessments. New York. United States.Auerbach Publications.
Cox, L. A. Ricci, F. L. (1990).HYPERLINK “http://www.google.co.ke/search?tbo=p&tbm=bks&q=+bibliogroup:%22Advances+in+risk+analysis%22&source=gbs_metadata_r&cad=9″Volume 6 of Advances in risk analysis. Washington D. C. United States. Springer.
Karim, H. (2007).Strategic security management: a risk assessment guide for decision makers. Carlifonia C. A. United States. Butterworth-Heinemann.
Groves, R. H. (2001). Principles of Risk Mnagement. London. United Kingdom. Csiro Publishing.