THREATS, VULNERABILITY AND SECURITY RISK ASSESSMENT

This component focuses sa pag identify at pag aasses ng mga potential threats,
vulnerabilities, and security risks that could impact the organization’s operations, assets,
or personnel. Kabilang dito ang pagsasagawa ng comprehensive risk assessments
upang ievaluate ang likelihood and potential impact of various threats, including natural
disasters, technological failures, security breaches, or other disruptive events.

Such Elements should include

1. The operating environment and ground/events by which it is characterized
 It is essential for contextual understanding, risk identification, assessment,
vulnerability analysis, threat intelligence, adaptation, resilience, and
strategic planning. By incorporating these elements into security risk
management processes, mapapahusay ng mga organization ang kanilang
kakayahang mahulaan, mapagaan, at tumugon sa mga security threats
nang epektibo.

2. The Profile Of The Organization

 An Organizational Profile is a framework for understanding the internal
and external factors that shape the operating environment of a business
and affect the business decisions made.

3. The footprint and the social impact

 Footprint typically refers to the environmental, social, or economic impact
of the organization’s activities, products, or services.
 Social impact refers to the effects that an organization’s activities have on
society, including its employees, customers, communities, and other
stakeholders.
 Assessing and addressing both the footprint and social impact are
essential for promoting sustainability, corporate social responsibility, and
ethical business practices. By integrating considerations of environmental
and social impact into the management system framework, ma eenhance
ng organization ang kabuuan ng kanilang performance, reputation, and
long-term viability, while also contributing to the well-being of society.

4. The strategic
 Mayroon tayong ability to lead ourselves, our teams and our
organizations, in a way that advances the organizations missions and
goals and creates advantage for the long term.
 5. Long term objectives of the organization
 Usually include specific improvements in the organization’s competitive
position, technology leadership, profitability, return on investment,
employee relations and productivity, and corporate image.

6. Voluntary principles of security and human rights

 Are an initiative by Governments, NGOs, and companies na nagbibigay
ng guidance sa mga extractive companies on maintaining the safety and
security of their operations within an operating framework that ensures
respect for human rights and fundamental freedoms.
Assumptions and premises:

 States have to protect and promote human rights

 Companies have to respect human rights (due Diligence)
 Companies need security
 Companies can have significant influence on host country governments,
economies, communities, and civil society.

7. Legislation and local expectations

 Legislation and local expectations shape organizational behavior,
performance, and reputation. Sa pamamagitan ng pagsunod sa mga legal
requirements and aligning with societal norms, organizations can mitigate
risks, build trust, and create value for all stakeholders. Bukod pa rito, ang
aktibong pakikipag-ugnayan sa mga lokal na komunidad at mga
stakeholder ay nagbibigay-daan sa mga organisasyon na magsulong ng
mga positive relationships and contribute to sustainable development in
their operating environments.

8. Capability and intent of local criminal/terrorist elements

 Assessing both the capability and intent of local criminal or terrorist
elements requires a multi-faceted approach, incorporating intelligence
gathering, threat analysis, and risk assessment methodologies. By
understanding the capabilities, motivations, and behavior patterns of these
elements, authorities can develop effective countermeasures, enhance
security measures, and mitigate potential threats to public safety and
national security.
 9. Vulnerability and attractiveness of assets to criminal/terrorist elements
 Assessing the vulnerability and attractiveness of assets involves analyzing
their physical, cyber, human, and procedural vulnerabilities, as well as
their symbolic, economic, strategic, and soft target value. By
understanding these factors, security professionals can prioritize
resources, implement appropriate security measures, and develop
response plans to mitigate risks and protect critical assets from criminal or
terrorist threats.

10. Availability of resources

 Refers to the information about what resources you can use to service
projects, when, and under what conditions

CONTROL
This component involves implementing controls and measures to mitigate identified
risks and vulnerabilities and enhance the organization’s resilience to potential threats.
Yan ay Safeguards designed to protect against identified risks and ensure the
organization’s ability to continue operating effectively.
Security controls are measures or safeguards implemented to manage and mitigate
security risks and protect assets, information, and resources from unauthorized access,
misuse, or harm. Ang controls ay essential component of any security management
system and are designed to enforce security policies, reduce vulnerabilities, and
enhance the overall security posture of an organization.
Organizations can establish a comprehensive security framework to protect against a
wide range of security threats and risks. These controls should be tailored to the
specific needs, risks, and regulatory requirements of the organization and regularly
reviewed and updated to address emerging threats and vulnerabilities.
Ilan sa example of security control ay
Physical protection measures kagaya ng light, fences, CCtV, barriers etc
Then introduction of security procedures like ID checking, access control, mail
screening etc.
Next is intelligence networking like local social/political leaders or intelligence providers
Then electronic security like encryption, password protection at iba pa.
Resourcing include security personnel, equipment etc.
Lastly integration or corporate social responsibility programs

SECURITY RISK REGISTER

The security risk register serves as a centralized repository for recording and tracking
identified security risks, vulnerabilities, and control measures. It provides a structured
framework for documenting key information about each risk, including its likelihood,
potential impact, existing controls, responsible parties, and status. The security risk
register ay nakakatulong to ensure na ang risks ay effectively managed, monitored, and
reviewed on an ongoing basis to maintain the organization’s security posture.

By integrating these components into a cohesive management system framework,

organizations can establish a systematic approach to identifying, assessing, and
managing security risks, while also promoting credibility, alignment, and integration of
personnel throughout the organization.

Security risk register should facilitate ownership and management of security

risks
Kasi it provides a structured framework for identifying, assessing, and addressing
security threats.
It Serves as a foundational tool for effective security risk management, promoting
ownership, awareness, prioritization, and continuous improvement in safeguarding
organizational assets, information, and operations against security threats.

Provide an overview of the significant security risks that are faced by an

organization
So, providing an overview of the significant security risks parang means sya ng
pagbibigay ng mga clear picture of the biggest potential problems ng kinakaharap ng
organization pagdating sa safety and security. It helps everyone understand what they
need to watch out for and how to keep the company safe.

Record the results of threat/vulnerability security risk assessment

Recording the results of threat/vulnerability security risk assessments is essential for
maintaining a structured and systematic approach to risk management, ensuring
compliance with regulatory requirements, and enhancing the organization’s ability to
protect its assets, operations, and information from security threats and vulnerabilities.
Form an agreed record of those security risks that have been identified
By forming an agreed record of identified security risks using this structured approach,
organizations can effectively communicate, prioritize, and manage security risks,
ensuring alignment with strategic objectives and promoting a proactive approach to risk
management.
Record additional proposed actions to improve the security profile
It is essential for effective risk management, continuous improvement, resource
allocation, stakeholder engagement, documentation, accountability, risk mitigation, and
regulatory compliance. Sa pamamagitan ng pagdodokumento ng mga proposed actions
and actively pursuing security enhancements, organizations can strengthen their
security posture and better protect their assets, operations, and information from
security threats and vulnerabilities.

Facilitate the prioritization of security risks.

It is essential for effective risk management and resource allocation within an
organization
essential din to sa mga organizations to focus their efforts, resources, and attention on
addressing the most significant and impactful risks first. By prioritizing risks effectively,
kagaya lang din ng record additional proposed actions to improve the security profile,
organizations can strengthen their security posture, protect critical assets, and mitigate
potential threats more efficiently and effectively.