Threat and Risk Assessment: What You Need to Know

Threat and Risk Assessment: What You Need to Know

Security guard assessing threat and risk during the alert

In today’s day and age, a detailed and comprehensive Threat and Risk Assessment (TRA) is necessary for developing and implementing an effective physical security program. With more sophisticated crime operations spreading across North America every year, security management needs to keep up and address the risks.

A TRA provides a more thorough assessment of security risk than simply taking steps in isolation, such as studying threat statistics, historical data, or conducting a walk-through of the facility. Condor Security consultants can prepare assessments in compliance with applicable standards and industry best practices. They take data and information from a number of methods and combine the pieces together to form an extensive plan for sound security management.

The objective of a TRA is to protect against liability through identifying and understanding the risks facing the client community and property. A TRA aims at identifying exposures by determining potential security weaknesses and taking appropriate action to manage the risks and reduce the impact of threatening events.

Raising Awareness of Risk

TRAs are intended to raise the awareness of risks in an organization. The goal is to reach a level where risk-based decisions are effectively implemented on a continuous basis. TRAs ensure that all information is protected according to its sensitivity.

As a boutique security company, our team can prepare a TRA which is narrow and specialized to areas of particular concern or one which is broader in scope and covering a multitude of possibilities (including the development of a Business Continuity Plan or Emergency Response Plan).

The objectives and scope of the TRA are carefully outlined. Then the various risks and threats to the assets, systems and environment are systematically identified and quantified. An action plan is formulated on that basis.

The Process

The standard process of a comprehensive TRA consists of asset identification, threat analysis, risk assessment, and risk management. At the asset identification stage, assets are itemized and prioritized. A cost versus benefit analysis is a key factor of approaching improvement of security countermeasures.

For each asset, threat analysis is conducted to uncover the potential threats based on historical research and future projections. The root causes of each threat are considered and categorized by how likely an occurrence of damage or harm is to take place.

Information on assets and threats is compared via a risk assessment, which is the stage at which risk patterns emerge. Considered in an evaluation are the likelihood, severity, impact, cost, and time required to return operations to normal.

Risk management consists of providing recommendations and suggestions for improvement based on industry best practices and local laws, acts, and standards. Cost-effective measures that are realistic with appropriate solutions are taken, including practical mitigation strategies.

Aspects to Consider

  • Controlling secure areas
  • Reviewing access controls
  • Closing up or monitoring non-standard entry points to secure areas
  • Visitor supervision
  • Segregating access points
  • Physical penetration test
  • Random checks for unauthorized items
  • Fire detectors, carbon monoxide detectors, other detectors
  • Documentation discarding best practices
  • Monitoring and recording via security cameras
  • Measures to prevent unauthorized people from following authorized personnel into a secure area

A number of tools are used in a TRA to assess physical security risk, including law enforcement crime data and statistics available regarding the neighbourhood, spreadsheets and reports. It is valuable for the security team to speak on the phone or in person with local law enforcement to ask what types of crime are common in the area and what the response times are like for that department when a crime is reported.

Institutions should partner with local law enforcement to collect information about what equipment and procedures have worked, and which need to be improved, which can be helpful when making spending decisions regarding resources.

The Importance of a Continuous Presence

Security must be addressed from a 24-hour approach. Institutions are often highly conscious during the day of performing checks and guarding reception areas with greeters and other staff. But after hours, secure areas may become more open because the cleaning crew is inside and may prop a door open to a secured area to keep from having to open it. Yet physical security requires constant vigilance.

Penetration testing as part of the physical security risk assessment is very important. In today’s world, the focus of security is often on remote access to systems, but threats can come from criminals using social engineering to access a physical server or console onsite within the building.

The physical vulnerability that can happen involves multiple points of contact along the chain of physical security, which are the areas that need to be subject to a risk assessment. Reception procedures, locks and access, stairway access, windows and doors, all of these aspects must be covered.

Subcategories of TRAs in the Digital Age

Mobile Security Risk Assessment (MSRA): An assessment of mobile device security measures, such as for smartphones and tablets, and mobile applications.

Application Security Risk Assessment (ASRA): An assessment of the applications and software used on-site, including rogue software downloaded without authorization by employees.

Cloud Security Risk Assessment (CSRA): Assessing the cloud services and assets residing in the cloud.

Information Security Risk Assessment (ISRA): An assessment of the services, operating systems, and systems hardware, including servers, workstations, and network appliances.

Taking the Next Step

Condor Security can also provide a full security audit, which provides additional insight into existing and proposed security infrastructure, including personnel training and performance, applicable procedures and policies, and physical security design. Implementing a full security plan can be less expensive than you may think. Often it is a case of shifting or redistributing resources rather than acquiring new ones.

Insurance rates can be reduced depending on the extent of the security plan, and items or resources purchased for security purposes can be funnelled into tax write-offs. The insights provided by a detailed TRA and other security assessment systems can be invaluable, as they can often save lives. Rather than waiting for a security breach to occur, prevention is important to stop a threat before it occurs.

For more information, please call Condor Security at 416 665 1500 or contact us here.

The rise of food delivery services are a challenge for condo security

Food Delivery Services: A Challenge For Condo Security

“Tailgating” is a common security term for when an unauthorized or unknown person follows a resident into an apartment or condominium to bypass the security on the doors. This has long been a problem for corporations owning apartments and condos. Even if the resident notices that they are being followed, they don’t tend to feel comfortable engaging in a confrontation with that person.

The most traditional remedy for this issue is education about security awareness for the residents. Also commonly employed are detailed signage solutions. But recently, delivery services have undergone innovations that might make security risks even more prevalent. These risks mostly involve lack of access control.

Uber Has Always Security Acceptance Issues

In particular, Uber has struggled to receive security acceptance. Critics of the company point out that Uber doesn’t have any registration system for its drivers. This means that any driver can sign up for the company regardless of their past history. They can use said driving accreditation to breach security protocols in buildings to which they wouldn’t otherwise have access.

Now the corporations that own condos face an all-new challenge to security because Uber has entered into the food delivery service industry. One potential legal issue is the fact that delivering employees are not actually employed by the franchise that created the food.

Increased Lack of Accountability

This also points to a problem with accountability. In the usual setup of food delivery – in which an employee of the associated franchise delivers the food – the driver is then accountable to the people in charge of the franchise. But Uber drivers have no such accountability. This can lead to issues in which food reaches the home in poor condition, and both parties blame each other for the overall cause.

In this way, Uber drivers are acting as contractors for the food delivery companies. If the driver causes any damage to the condominium, the condo would only be able to move against the specific driver, and would not be able to move against the franchise, because the franchise does not employ the driver.

Even ascertaining the location of the driver might prove challenging to the condo corporation, because the food provider isn’t required to keep records of who delivered the order. That information would have to be obtained directly through Uber.

Optimize of Access Control

Security measures are meant to deter, delay, or detect unauthorized intrusions into a building. Condo corporations generally use two security measures: surveillance systems and access control. Access control refers to the keys, locks, and fob system on the building. Any electronic or mechanic devices that prevent the unauthorized entry of a person count as access control. Access control exists to deter and delay potential breaches in security.

Corporations that run security-conscious condos use a considerable amount of resources when designing and maintaining their access control systems. They undertake projects like fob audits, which ensure fobs are being used for the correct reasons and that they work like they’re supposed to. They also have to ensure that their system has all the relevant computer patches and system upgrades.

Developing Layers of Security

When you talk about protection of a large facility like a condo or apartment building, it’s helpful to discuss the different layers of security. Property boundaries are the most outlying layer of security. These boundaries might be enforced through signage, fences, or hostile vegetation. Then, the next layer of security is the building envelope. This is protected through the updated access control system. The innermost layer of security is the door to each unit, which are protected with individual resident locks.

In-depth protection exists as a concept, and it dictates that each security circle become slightly more stringent as a person travels toward the interior of a facility. Traditional security should be enough to discourage trespassers. But what do these new security concerns mean for overall condominium security?

New Risks to Condominium Security

With the increase of third-party delivery services, which fail to audit their drivers properly and leave the food franchise free from liability, new security solutions are necessary. One of the simplest is that residents of apartments and condos are going down to the lobby of the building to meet their delivery drivers.

This is safer for the resident, as the driver does not breach the innermost layer of security and find out exactly where they live. Lobbies usually have surveillance cameras and multiple other individuals either working at the desks or passing through. If a potential driver has ill intentions, they’d have a difficult time following through on them when in this environment. This is also a safer solution for the condo in general because it restricts the access of unauthorized people.

Unknown Personnel Present A Risk

Some grocery delivery services are designed to allow their delivery people to be admitted entrance through both the outer and inner security layers of a complex. These services allow groceries to be delivered to the building; they also have the delivery person enter the consumer’s unit and put groceries away for them. This poses security risks as the condo has extra foot traffic from unknown personnel, and these personnel do not need to use a key to bypass different security levels.

If an item was to go missing from a particular unit, and a master keys system is maintained, it might be difficult to ascertain what party is responsible for the disappearance of the item. If the item was not noted as missing during the actual delivery, it’s easy to assume that it was taken during a different time period such as when a fire inspection was conducted or a site superintendent entered the property. Condo security managers will need to address these concerns with new policies regarding what parties can enter the units, and under what circumstances they can enter under.

These new services are an increased convenience for condo residence, but the security risks they pose need to be evaluated by condo managers. Solving these issues might be simple or complex depending on your location; a blurb may be included in the condo newsletter advising residents to be cautious, or the corporation might update and upgrade their current condo security plan. Experts recommend that condo managers regularly discuss new developments and potential security issues.

Condor Security is a Canadian company that provides security services in Toronto. If you’re a condo owner looking for more integrated security solutions, contact us here.