Risk Management can be defined as the process of identifying, evaluating, and preventing or reducing risks, with the primary goal of reducing risk to an acceptable level. Managing and reducing risk to your client can make up a large part of your job description as a security professional.
How can one manage risk if one does not know what the risks are? First, you will want to complete a risk analysis, the risk analysis can be completed in one of two ways: Qualitative or Quantitative.
For a quantitative assessment, we would assign dollar figures to assets, while a qualitative assessment would lead us to assign subjective values to assets. A hybrid of the two can be used since it is the case that not every asset can be attached to a specific dollar figure (for example- brand, reputation, employee loyalty, etc.).
Time to get mathematical- there are six steps to completing a quantitative assessment:
1. Assign Asset Value (AV)
2. For each threat, calculate Exposure Factor (EF)
3. Find your Annualized Rate of Occurrence (ARO).
4. Calculate Annualized Loss Expectancy (ALE) Annualized Loss Expectancy (ALE) = Single Loss Expectancy (SLE) x Annualized Rate of Occurrence (ARO)
5. Research countermeasures for each threat, then calculate the changes to the ARO and ALE based on the newly applied countermeasure.
6. Perform a cost/benefit analysis of each safeguard, for each threat, to each asset.
If you are interested in finding out more about how you can become a bodyguard, contact ESI today and register for the next course.