Security and Risk Management Essay Example

  • Category:
  • Document type:
  • Level:
  • Page:
  • Words:

Security and risk management 14


Risk management is an essential aspect of an institution because it allows the administration to make effective decisions to combat the menace. Understanding risk management and the components that entail assessing it is the most significant factor for an institution. Security is the important sector of a nation. In Australia, there are several bodies that work together to ensure that risks are managed and security maintained. It is important to identify the likelihood and consequence components of risks. The identification simplifies the management of security because the persons responsible can establish solutions based on the findings. Australia and New Zealand have a standard security detail that ensures homeland security for all their citizens. The standard security is recognised by the ISO 31000:2009 which gives the guidelines to identifying and dealing with risk management in national security. Security risk management is applied to vast extends of the nation from hospitals, police department, government to marine and homeland security. The Australian security standards are applied to all these sectors where the fundamental risk management procedures are imposed on the sectors.

(a) Why does identifying the likelihood and consequence components of risk facilitate the effective and efficient mitigation of identified security risks?

Mitigating security risk entails reliable information to allow the security personnel perform efficiently. There are different types of risks that are identified by the security risk management system (Fink, 1986). The different types of risks have indicators that show the likelihood of security risks. The security system implements procedures of analysing risks. The basic approach is identifying the likelihood of the risks identified. The next step is evaluating their consequence components in case they occur (Fischer et al, 1998). Following the process allows security risk management of the identified risk efficient and effective. The team working to combat the identified security risk is able to analyse and evaluate the best measures against the potential risk and consequence component of the risk in case the risk occurs.

Identifying Likelihood of Risk

The technique of discerning the likelihood of risks allows the security department to mitigate the risk. The likelihood of a risk is indicated by a threat that could harm people or an organisation (Fennelly, 1989). One of the significances of identifying the risk likelihood is that all potential risks are known at the commencement of the security evaluation process. The security risk management team is able to forecast the likelihood of the risk and consider possible solutions to mitigate the problem. All risks identified can be handled through a standard process that allows the security personnel manage the risk at a basic stage without affecting other sectors (Brooks, 2010). The process of identifying the likelihood of the risk enhances the facilitation of efficient mitigation since suppositions about the risk are analysed and eliminated. The analysis allows the security detail focus on other issues of risk management.

Assessment of assumptions eliminates inaccuracies and inconsistencies during the fundamental processes of risk management. The analysis facilitates the efficiency of extenuating security risks (Fennelly, 1989). Identification of the possibility of risk facilitates the effective and efficient mitigation of security risk identified because the firm will be aware of the impending risks. A plan on how to curb likelihood of the risk is established before they become a course for alarm (Fischer et al, 1998). Efficiency is facilitated since identification of the likelihood of risk calls for proper mitigation since the objectives of the organisation are jeopardised. Identification digs into the security information system to find the effective means of combating the risk at hand (Fay, 1995).

It is important for the likelihood of risk to be known for proper information to be retrieved regarding the security risk thus; propelling effective alleviation. Effective and efficient alleviation of security risks is propelled by identification of likelihood of risks since; the security team can apply the standard security risk management skills (Fennelly, 1989). Identifying likelihood of risks fuels the process of risk management thus; allowing sufficient mitigation of the security risk identified (Walsh & Healy, 1989). Most security risks are able to be discerned at an early stage through identification of possible risks. The organisation at risk can establish effective frameworks in accordance to the standard risk management to combat the risk.

Identifying Consequence Component of Risk

Consequences components of the risk entail the possible outcome of security risk in case it occurs (Cohen, 1955). Identifying such components allows the firm to investigate mitigation measures to avoid the consequences since they are likely to deter the objective of the organisation. Consequence components may include loss of essential data, loss of clients, state emergencies due to homeland security issues, loss of cargo in the maritime or aviation fronts (Cohen, 1955). These consequence components may occur depending on the firm involved in the security risk. The ability to identify such components is a driving force towards mitigation of the security risk. Identifying the consequence component in a security risk facilitates effective mitigation since the firm is aware of the outcome in case the risk is not stopped. Consequence components predict the extent of the risk on a firm’s objectives propelling efficiency and effectiveness in curbing the security risk (Fischer & Halibozek, 1998).

Depending on the risk, consequence components show the possible repercussions in case the security risk is overlooked (Gill, 1994). Effective response to security risk is enhanced by the consequence components in that, the components become benchmark for the firm to evaluate their efficiency. Some consequence components have dire effects on the development of the firm or state hence; it is essential to ensure effective mitigation of the security risk (Fennelly, 1993). Resources available for alleviating a security risk may be minimal within the firm thus; identifying consequence components informs the firm of the effective measures of countering the risks (Fischer et al, 1998). Most consequence components affect the internal operations of a firm. Identifying the consequence components allows the firm to strategise a framework that is efficient in mitigating the security risk (Nunes-Vaz et al, 2011). The firm can avoid the consequence component through an efficiently structured security risk management work plan.

Efficient mitigation of security risk is aided by the knowledge of anticipated results in case the risk is not managed (National Research Council, 1988). Consequence components provide such knowledge for the firm thereby, enhancing efficiency in security risk alleviation. The security risk identified within the company or state has unique consequence components, therefore, each component becomes a facilitating power for efficiency in addressing the risk (Fay, 1992). It also calls for promptness of the management system considering the level of risk. Efficiency of the risk management framework is constructed around consequence components of the risk. The identified security risk can be eliminated by considering the intensity of the consequence components. Therefore, identifying consequence components facilitates efficiency and effectiveness in risk alleviation (National Research Council, 1988).

Based on the outcomes from part a, how does knowledge in the domains of criminology and law inform the mitigation process?

The criminology and law departments are entitled with the mandate to inform the security department the correct measures of mitigating security risks (John, 2011). The criminology domain follows the criminal aspect of security risk. The department can evaluate the consequence components of the risk and outline possible measures to use against the components. The law domain focuses on the legal aspects of combating the security risks (Attorney-General’s Department, 2011). The standard risk management approach is a legal and binding act that all institutions must oblige to for the risk management strategies to hold water. Facilitating efficiency in security risk mitigation depends on the law to discern the correct measures recommended. The information acquired from both criminology and law domains feed the security risk management department for effective action to taken.

Law defines security risk management in the light of the ISO 31000:2009 standards (Cooper, 1985). The organisational risk management frameworks are established and implemented in accordance to the standard approach. Since the standard approach is internationally recognised, it is vital that the legal expectations within Australia are met by all firms (National Research Council, 1988). The standards are not selective thus; they apply to all firms within the Australian territory. On the criminology front, the consequence components of the risks are examined (McCrie, 2012). Since identification of the components facilitate effective mitigation of risks, criminology plays a vital role in outlining the consequence components. The security risk mitigation process is therefore, reliant on criminology to establish the consequence components of a risk. The criminology department of Australia is apportioned depending on the topic of investigation (Cornish & Clerk, 1986). There are several departments under the criminology umbrella, they include medicine, Information Technology, business, police and, homeland criminology. The departments are as many as the firms that operate under the ISO 31000:2009 standards. The domain provides detailed information of the consequence components of security risk from a criminal point of view (Post & Schachtsiek, 1986).

The mitigation process of a security risk starts from identification of the likelihood and consequence components of the risk (Sanderson, 1994). The law domain provides the relevant information on how the identification process should be done. The standard procedures stipulated in the ISO 31000:2009 standards are recommended in the law domain (McCrie, 2012). The information is simplified to relate to firms depending on their identified security risk (Brooks, 2011). Identification of the likelihood of a risk follows an analytical procedure that analyses the risk indicators in the firm. Law in this case plays the role of adviser where the required analysis is approached from a legally approved point of view (Cumming, 1992). The different firms have different methods of analysing the possibility of risks. Law ensures that the strategies are in concurrence with the standard procedures (Stewart, 2013). The information is important since the firm is enlightened on the legal view of risk identification. Information regarding legality of procedures is limited to the law domain. Firms with identified security risks rely on the law department to facilitate proper mitigation of the risks.

The law department also aids in establishing consequence components of identified security risks. The standard security risk management procedures outline the proper measures to consider when establishing consequences components of risk (Cumming, 1992). Similar to identification of possibility of risk, the laws for identification of consequence components are binding for all firms (Brooks, 2011). Since knowledge of the consequence components of risk is vital for efficiency in mitigation of security risks, the legal framework provides the information needed (Hillman, 2011). The law domain highlights the process of determining consequence components of risk. A chronological process is given to help in the mitigation of the security risk identified.

The legal information gathered on the standard recommended procedures allows the security risk identified to be tackled effectively (Crowe, 1991). The mitigation process relies on the information given by the law domain to establish correct measures of addressing the security risk. Most of the information given is general thus; it applies to all firms with identified security risk. The legal approach of mitigating identified security risk works hand in hand with the ISO 31000:2009 standards (Crowe, 1991). The standards are internationally acknowledged therefore, international security risks identified can also be addressed. The procedures for establishing consequence components of international risks are similar to those for local risks (Sperling, 1967).

How knowledge in the Criminology Domain Inform the Mitigation Process

Criminology provides information for the mitigation of identified security risk through different avenues depending on the risk involved (Prenzler & Milroy, 2012). Since the criminology domain has different departments, identification procedures of consequence components of risk are simplified (Vold & Bernard, 1986). The consequence components of risk are identified through investigative procedures performed by the criminology department. The knowledge acquired generates the foundation of evaluating and analysing both likelihood and consequence components of security risk. The department uses evidence based methodologies to gain information. In the criminology domain, practical and approved application of security risk management measures is considered (Stewart & Muller, 2008). The consequence components of risk are evaluated on the basis of evidence.

Solid confirmations of the consequence components of risk are established and the information channeled to the security risk management department (Bennett & Wright, 1984). The information is vital in the mitigation process since, it is based on proof. Providing proof valid information makes the risk mitigation process easy because the possible outcome of the identified security risk is predicted (Prenzler & Milroy, 2012). Information from the criminology department undergoes scrutiny to eliminate possible inconsistencies and inaccuracy that may jeopardized the risk mitigation process (Nunes-Vaz et al, 2011). Several experts look into to the current affairs of the identified risk to establish the consequence components of the risk. Analysis and comparisons are done to derive the correct information that aids in the risk alleviation process.

The criminology domain also looks into the identification likelihood of risk. The role of criminology in this segment of the mitigation process is to give valid information on the security risk situation (Whitman, 2003). The department incorporates investigative measures help in accumulating information on the identification process of establishing the likelihood of risks. Developing the procedures of determining the likelihood of security risk is based on the information gathered from the criminology domain (Broder, 1984). The information gives guidelines to be used in security risk management processes of attaining adequate results.

The assessment of the risk likelihood from a criminology point of view evaluates the category of risks that are bound to arise in a firm. The knowledge obtained helps in the mitigation process such that, the procedures outlined are applied to combat security risks (James, 2011). Criminology focuses on level of risk and uses evidence of previous procedures and outcomes to evaluate potential security risks (Prenzler & Milroy, 2012). The knowledge of criminology has been employed in most security risk mitigating process because of the ability to read between lines (Dalton, 1995). Criminology enables the security risk management domain to look beyond the surface of the likelihood of risk. The information collected is therefore, detailed and clear for mitigating the identified security risk.


In conclusion, Security risk management entails following of procedures to establish potential risks and consequence components of identified risks. The management of risks is stipulated in the internationally acknowledged ISO 31000:2009 to govern security risk management in Australia. Identifying the likelihood of risks facilitates the effective mitigation of identified security risks through elaborate legal procedures. Managing security risk is aided by the criminology and law departments. The law domain gives knowledge on the legal requirement of the procedures of identifying likelihood of risks. The information provides the basis for efficient mitigation of security risks. The influence of consequence components of risk on the process mitigating risks entails observation of the ISO 31000:2009 standards. Firms within Australia have their procedures that aid in establishing the components. However, the procedures are expected to be in accordance with the ISO 31000:2009 standard. The law domain gives this knowledge to the security risk management department to eliminate chances of inaccuracies. The effectiveness of alleviating identified risks is based on the timely identification of likelihood of risk and consequence components. The knowledge generated by the criminology and law domain also influences the pattern of risk mitigation.


Attorney-General’s Department. (2011). Physical security management guidelines:

Security zones and risk mitigation control measures. Creative Commons, P.170-247

Bennett, T., & Wright, R. (1984) Burglars on Burglary: Prevention and the Offender.

Aldershot: Gower

Broder J. F. (1984). Risk Analysis and the Security Survey. Boston MA: Butterworth


Brooks, D. J. (2011). Security risk management: A psychometric map of expert knowledge

13(1/2), 17-41. Risk Management, structure.

Security Brooks, D. J. (2010). What is security: Definition through knowledge categorization.

23(3), 225-239.Journal,

Cohen, A. (1955). Delinquent Boys: The Culture of the Gang. London: Routledge &

Keegan Paul.

Cooper, M. G. (1985). Risk: Man-made Hazards to Man. Oxford, OX: Clarendon Press

Cornish, D. B., & Clarke, R. V. G. (1986). The Reasoning Criminal. New York, NY: Springer

Crowe T. D. (1991). Crime Prevention through Environmental Design: Applications of

Architectural Design and Space Management Concepts. Boston MA: Butterworth.

Cumming N. (1992). Security: A Guide to Security System Design and Equipment

Selection and Installation (2nd.ed). Boston MA: Butterworth Heinemann.

Dalton, D. R. (1995). Security Management: Business Strategies for Success.

Boston MA: Butterworth-Heinemann.

Fay J. J. (1987). Butterworth’s Security Dictionary: Terms and Concepts.

Boston MA: Butterworth-Heinemann

Fay J. J. (1993). Encyclopaedia of Security Management: Techniques and

Technology. Boston MA: Butterworth-Heinemann

Fennelly L. J. (1992). Effective Physical Security: Design Equipment and Operations.

Boston MA: Butterworth-Heinemann.

Fennelly, L. J. (1989). Handbook of Loss Prevention and Crime Prevention,

Stoneham. MA: Butterworth Heinemann.

Fink, S. (1986). Crisis Management: Planning for the Inevitable. New York, NY: Amacom

Fischer R. J., Halibozek E., & Green G. (1998). Introduction to Security (8th Edition).

Boston MA: Butterworth Heinmann

Gill, M. (1994). Crime at Work: Studies in Security and Crime Prevention.

England, Leicester: Perpetuity Press

58(3), 28-31.In Tech, Hillman, S. (2011). Physical Security 101: Evolving ‘defense in depth’.

James L. (2011). Integrating Strategic Intelligence with Organisational Risk Management.

Australasian Environmental Law Enforcement and Regulators Network

24(3), 225-236.Security Journal, Johns, T. L. (2011). Risk analysis in loss prevention research.

McCrie, M. (2012). Progress and problems of security in millennial society: An essay for the

25(3), 191-198. Security Journal, 25th volume of Security Journal.

National Research Council (NRC) (1988). Improving Risk Communication.

Washington, DC: National Academy Press

Nunes-Vaz, R., Lord, S., & Ciuk, J. (2011). A more rigorous framework for security-in-depth.

6(3), 372-393. Journal of Applied Security Research,

Post R. S., & Schachtsiek D. A. (1986). Security Manager’s Desk Reference.

Boston MA: Butterworth.

Prenzler, T., & Milroy, A. (2012). Recent inquiries into the private security industry in

25(4), 342-355.Security Journal, Australia: Implications for regulation.

Sanderson, J. (1994). Criminology Textbook (5th ed.). England, London: HLT Publications.

Sperling, A. (1967). Psychology Made Simple. England, London: Butterworth-Heinemann.

Stewart, M.G., & Mueller, J. (2013). Aviation Security, Risk Assessment, and Risk Aversion

for Public Decision-making. Journal of Policy Analysis and Management, 3(23), 615-633.

Stewart, M.G. (2008), Cost-Effectiveness of Risk Mitigation Strategies for Protection of

Buildings against Terrorist Attack. Journal of Performance of Constructed Facilities, 22(2), 115-120.

Vold, G. B., & Bernard, J. (1986). Theoretical Criminology. Oxford, OX: Oxford University

Walsh, T. J., & Healy, R. J. (Eds.). (1989). Protection of Assets Manual. Santa Monica

CA The Merritt Company.

Communications of the Whitman, M. (2003). Enemy at the gate: Threats to information security.

46(8), 91-95.ACM,