Plan and Manage Security

Ask a group of people to put a definition around the word ‘security’ and you will receive a wide range of different ideas. ‘Security’ is a very broad term and one that is often mis-understood and undervalued. Today however, security should describe an important part of any modern organisation’s internal control environment.

BRG facilitates the planning, development and implementation of specific areas of security – or, as the first part of a project conduucts a security risk analysis to define the breadth and depth of the security requirement of a specific client, in partnership with that client.

The various parts of the field include:

Prevention Response Measurement

BRG facilitates plans, the development of protective mechanisms and supports the implementation of all of the above-listed areas either individually or as packages of some or all of them.

To be successful, protective mechanisms must contain organisational, systemic and technological components combined into homogeonous controls that are appropriate to the organisational context. BRG’s methodology prioritises the development and implementation of the controls that have been mutually agreed between the client and ourselves based on the clients knowledge of their operating environment and our Inter-organisational experience.

Our methodologies are also based on Industry accepted Standards such as ISO 17799 Information Security, COBIT in the areas of IT & Information Security particularly.

For further information we invite you to contact us.

Prevention

In today's complex business environment there is a need to manage security holistically as a key component of "business as usual". This means that as organisations begin to look and re-assess their security efforts there is a need for some degree of convergence in managing the chance that a security incident will occur. BRG offers integrated security solutions, in partnership with a number of Licensed outsourced providers, that seamlessly cut across the organisation to enhance security convergence and hence security governance. Our focus areas include:

- Physical security (property and buildings)
- Personnel protection (security of personnel at risk)
- Human resource security (protection of the organisation from its personnel or persons entering the recruitment process)
- Information protection (protection of proprietary information in all its forms)
- Information systems security (security over the electronic systems on which information is recorded, stored, manipulated, transmitted and deleted)

Response

Planning and managing the response to security is an integral part of business continuity and contingency planning. However, there are differences in the overall wherewithall of organisations' response capabilities based on the degree of integration between their emergency management, incident management, investigative capacity and contingency planning.

BRG facilitates a review of these organisational processes with the aim of identifying gaps in the response capability of our clients and to ensure any recommended options are aligned with their business objectives. Once any gaps are identified we assist with the implementation of cost effective improvement strategies.

Measurement

We are all aware of the cliche of "what gets measured gets done". However, what happens when what you are trying to measure does not easily lend itself to "measurement"? Security often falls into this category and some even rely on it as an excuse for inaction. This situation is often worsened by methodologies that focus on "measurement" as the first step in the "security management" process. However, unless your organisation has been collecting security data for eons, has an ongoing experience of security incidents or is in its third cycle of security risk measurement activity, this is very difficult to achieve. Why - because the type of security information companies need for robust measurement is often not readily available and, they do not understand what it is they actually need to measure. Even more so - because security mangement is an iterative process .

We know that the diversity of today’s risks comes in a complex matrix of interrelated threats, vulnerabilities, and impacts, the measurement of which must therefore be interdependent. The ability to measure security so that it influence business strategy and address matters of internal risk exposure in an integrated fashion requires what has been termed “security convergence”.

BRG assists clients to identify they key drivers of security risk through business as usual risk analysis. This includes establishing what "lessons" can be learned from any previous security incidents and/or industry related events in the form of security risk triggers and key impact areas (KIA). These then form the basis of measurement that enables clients to determine the answers to questions such as:

How much security is enough? What is the organisation's ROSI?
How do I allocate scarce resources to a plethora of security risk strategies?
What is the relationship between critical infrastructure protection, business continuity, emergency management and incident management?
How can I review my organisation's security performance?
How can my organisation leverage its security risk management efforts with other risk management intiatives?