The document discusses the importance of conducting thorough site surveys and risk management assessments. It outlines a 6-step process for assessing assets, threats, vulnerabilities, risks, countermeasures, and making risk management decisions. The process involves identifying critical assets, potential threats, existing vulnerabilities, likelihood and impact of risks, cost-effective countermeasures, and selecting strategies to reduce risks to acceptable levels. Conducting a comprehensive risk assessment is essential to developing effective security plans to protect clients and personnel.

1. Site Surveys It provides a logical and consistent methodology of quantifying and qualifying assets, vulnerabilities, impact and the associated risks Why? Tony Ridley Security Consultant [email_address]

22. Questions??

23. Factor Analysis Risk Management Process Flow Assess Assets Assess Threats Assess Vulnerabilities Determine Countermeasure Options Assess Risks Make Risk Management Decisions Cost Analysis Benefit Analysis 1 5 4 3 2 6

27. Centre of Gravity Decisive Points Decisive Points Conditions of service Wages Pricing Procedures Policy Client Complaints Vocabulary Equipment Competitor Actions Image Equipment and Materials Facilities Information Activities and Operations People Centre of Gravity

28. Centre of Gravity Decisive Points Decisive Points Conditions of service Wages Procedures Policy Client Complaints Vocabulary Competitor Actions Adversary Equipment and Materials Facilities Centre of Gravity

29. Asset/Event Impact Assessment Chart Equipment Facilities Information Activities People Impact Level Consequence of Event Potential Undesirable Events Critical Assets

32. Asset/Event Impact Assessment Chart High 2 Theft/ Damage to communications equipment Theft/Damage to transport fleet Equipment Medium 5 Destruction of buildings Damage/Destruction of Power supply Facilities High 3 Theft/Compromise of Classified Information Commercial Espionage Information Medium 4 Disruption to Project/Operations Disruption to Communications Activities Critical 1 Death Assault Accident/Injury/Medical Emergency People Impact Level Consequence of Event Potential Undesirable Events Critical Assets

33. Impact Level Decision Matrix Low No No No No No Medium No/Yes No/Yes No/Yes No/Yes No/Yes High Yes/No Yes/No Yes/No Yes/No Yes/No Critical Yes Yes Yes Yes Yes Overall Impact Level 5 Destruction of buildings 4 Disruption to Production 3 Theft or compromise of information 2 Damage or theft of transportation 1 Injury or loss of life

34. Questions??

44. Adversary Threats-Intent Criminal Employee Terrorist Indicators Wants Needs INTENT Adversary

45. Adversary Threats-Capability Community Employee Criminal Terrorist Trashint Dataint Osint Imint Sigint Humint Capabilities Adversary

46. Adversary Threats-History Employee Community Criminal Terrorist Successful Incidents Attempted Incidents Suspected Incidents History Adversary

47. Adversary Threat-Tracking Community Employee Criminal Terrorist History (Incidents) Capability (Methods) Intent (Interest/Need) Adversary

48. Threat Level Decision Matrix Low No Yes or No No Medium Yes or No No Yes High No Yes Yes Critical Yes Yes Yes Threat Level History Capability Intent

50. Intelligence Cycle Collection Dissemination Direction Processing

52. Questions??

58. Vulnerabilities-Existing Countermeasures Low Chain of command Critical Medium Continuous reviews High Vehicle checks Low Medium Security Awareness training Medium Low High Physical Guard force Medium Low Medium Alarms Low Door and locks Critical High Low Direct communication Low High Medium Low Specific training Low Critical High Corrective Policies Low Critical Protective Barriers Community Demonstration Information Theft Physical Attack Terrorist Bomb Existing Countermeasures

59. Vulnerability Level Decision Matrix High No Yes No Critical No No No Medium Yes Yes Yes (Multiple) Low Yes Yes Yes (Single) Vulnerability Level Multiple layers of countermeasures Difficult to exploit? Vulnerable through one weakness?

61. Questions??

63. Overall Risk Assessment Destruction of property Fire Theft of goods Loss of equipment Medium Disruption to project / production YES / NO Low Medium Low Medium Low Medium High High Assault Accident / Injury / Medical Emergency Risk Acceptable? Overall Risk Vulnerability Rating Threat Rating Impact Rating Potential Undesirable Events

64. Questions??

68. Countermeasures Identification New Risk Level Countermeasures Options Related Vulnerabilities Existing Risk Level Undesirable Events

69. Cost of Countermeasures Least Expensive Most Expensive COST Manpower Written Procedures Hardware $

71. Countermeasures Options Package USD$50,000 High to Medium Overall Risk / Total Cost USD$5,000 High to Medium Community Engagement Sponsorship Community Projects Law Enforcement Liaison Community Unrest USD$15,000 High to Low Policies development Procedure implementation Training Liability Vehicle / Residence protection Armed assault USD$30,000 Critical to Medium Physical barriers Stand off areas Approach Inhibitors Bombing Cost Risk Level Reduced From/To Countermeasures Undesirable Events

73. Shields’ Site Review Process Client’s Request for assistance / offer of services Operations Warning Order given Review Conducted Site Review Team dispatched Initial appraisal conducted Task de-brief and preliminary findings Report Construction Report submitted to Marketing and Management for review Operations feedback and confirm final draft Present findings Client Review Final Plan implemented

74. Intelligence Cycle Collection Dissemination Direction Processing

75. Questions??

77. Site Surveys It provides a logical and consistent methodology of quantifying and qualifying assets, vulnerabilities, impact and the associated risks Why? Tony Ridley Security Consultant [email_address]