Risk assessment frameworks and methodologies
Businesses today are faced with a range of security challenges unlike any of those that their predecessors have ever faced. Among these different challenges are the physical protection of the building and the protection of data and intellectual property. This may sound like a relatively easy mission; however, each of these two types of security has a number of different elements to it, and the interplay of these elements can make the process of keeping a company or organization secure.
For example, in terms of keeping a building physically safe, a security plan must cover the physical building itself, any equipment or supplies inside the building secure, and the staff and any visitors to the building must also be kept safe. (Moreover, the staff and visitors must feel that they are being kept safe, which appearance can be even more difficult than actually keeping individuals safe.)
In terms of keeping data safe, a security system must include everything from appropriate encryption policies, password protocols, and staff training on what information must remain within the confines of the business. This last provision must also include instructions on which members of the staff have access to what information.
The following security assessment and design has been designed for RAI, which is a for-profit kidney dialysis chain. The chain is currently expanding from three offices to eight sites (a process that should take about 18 months). As a part of this expansion, the company CEO has asked for a complete overview of its security procedures.
This review is based on the following definition of providing security, which includes serious consideration of the nuts and bolts of security while also focusing on the too-often-neglected factors of organizational structure. This definition of security can be phrased as the "intentional actions whose purpose is to provide guarantees of safety to subjects, both in the present and in the future'