Security & Risk Management Consulting

 

JH & Associates provides customized security and risk management services customized to meet your unique challenges.

Many consulting engagements begin with an assessment of threats and risks. The methodology used to conduct that assessment follow established standards or be customized to focus on specific areas.

Assessment often lead to the identification of gaps and opportunities to strengthen security program elements. JH & Associates can provide the support and guidance you need to improve your physical security.

Additional service offerings include:

  • Security Program Design

  • Standard Operating Procedures

  • Emergency Response Plans

  • Electronic Security System Design and Procurement

ASIS General Security Risk Assessment Guideline

The ASIS General Security Risk Assessment Guideline is the security industry standard methodology for conducting threat and risk assessments of physical assets.  As shown in the excerpt below, the guideline prescribes a step-by-step methodology that begins with identifying the assets to be evaluated and progresses toward making defensible recommendations to address vulnerabilities and mitigate risk.  Recommendations to invest in security program elements are always considered in the context asset criticality, the severity of risk, and the net benefit of the investment.  In the simplest terms, we would never recommend spending a thousand dollars to protect something worth ten dollars unless it’s going to be stolen ten thousand times.  That may seem like an oversimplification but that is how asset protection decisions should be made if they’re to be defensible.

Most of the Risk Assessments we conduct are based on the ASIS Methodology

 

Security Program Goals

 

Best practice for protective security programs requires that they be deigned to "Protect-in-Depth" via four fundamental objectives.  Those include Deter, Detect, Delay, and Disrupt sources of threat.  Each of the recommendations made in this report are intended to achieve one or more of these objectives.

Deterrence is achieved by implementing measures that are perceived by potential adversaries as undesirable to attempt to defeat (cost, time, difficulty, exposure, etc.). Deterrence can be very helpful in discouraging attacks by casual adversaries who may be displaced onto a less protected target.

Detection of an adversary is essential. Early detection at the site perimeter increases the available response time following a detection. Adversary paths (typical routes taken by the adversary to reach an asset) should be anticipated, and detection elements deployed along that path with specific consideration given to how the chosen countermeasure works in relation to the direction of movement. 

Delay provides time for detection to take place.  The delay should be sufficient not only to allow for assessment, but also to hold back the adversary at the point of detection until the intervention of a response.  Some adversarial actions favour one type of attack over another or may use a combination of approaches.  More commonly, stealth may be the primary tactic employed by the adversary until he or she is detected, at which point the tactic may change to force to minimise the chances of disruption.  The protective security program should be designed to address this.

Disrupt is a term that can take on several meanings.   The nature and extent of incident response will depend on the capabilities of an asset’s caretaker.  There are also serious safety considerations when incorporating response into a security program.  For the most part, security guards are professional witnesses who are not expected to intervene in an incident in the same way that a Police Officer might.  An attentive Security Guard can intervene to disrupt an incident safely, when given the proper training.  That training should emphasize the importance of calling Police when appropriate.