Assessing and Managaing Security Risks

I. The Setting: As a new aspiring professional with PLP Security Solutions, an upstart consulting firm specializing in conducting risk assessments and developing effective management strategies for mitigating threats and protecting assets from harm or loss, you have been assigned your first project after completing your initial company orientation and on-the-job-training. Your supervisor offers you the opportunity to select any one of the following enterprises from a list of clients who have just contracted with PLP Security Solutions to conduct risk assessments of their facilities and operations that include a security plan designed to effectively protect their assets:
A full-service grocery store: Food Lion
Address: 6009 Nine Mile Road Richmond, VA 23223

II. Project Background and Requirements: According to the Department of Homeland Security, “risk management is the process for identifying, analyzing, and communicating risk and accepting, avoiding, transferring, or controlling it to an acceptable level considering associated costs and benefits of any actions taken” (DHS Risk Lexicon, September, 2010, p. 31). As result of your academic study at UMUC and your military and civilian work experiences, you know that enterprise risk assessment and management are key job responsibilities for security practitioners. More significantly, you recognize that assessing and managing risk are actually critical competencies required of a security practitioner, such as yourself, and proficiency in completing these tasks must be demonstrated consistently throughout one’s security career to be fully successful as a bona fide security professional (Enterprise Security Risks and Workforce Competencies: Findings from an Industry Roundtable on Security Talent, Summer 2013, p. 8).
As a part of any risk management process, PLP Security Solutions requires you to employ your knowledge, skills, and abilities in applying the risk assessment and management principles and methodology outlined by ASIS International’s “General Security Risk Assessment Guideline,” which includes the following: identifying all the assets requiring protection at the site you have selected and “understanding” the organization you are evaluating; determining all the possible criminal and non-criminal risk events confronting the organization; establishing the probability and impact of loss risk events; identifying physical, procedural, and virtual security control options for mitigating risks; assessing the feasibility of implementing those security options; and conducting a cost-benefit analysis of the security options under consideration or specifically recommended.
Within the context of protecting a client’s assets from harm or loss, PLP also expects you to address the following general topics in the Risk Assessment/Security and Safety Plan:
Cyber/communications security
Workplace violence prevention and response, including active shooter threats
Crisis (emergency) management and response (natural disasters, fire, terrorism, lone wolf attacks, etc.); business continuity planning
Employee selection, screening, rescreening (insider threats)
Physical plant intrusion (e.g., burglary)
Property damage, interior and exterior (e.g., vandalism, theft, etc.)
Personal security (e.g., assault, personal property loss/damage, robbery, etc.)
Information/records physical security
Litigation for inadequate security, including negligent hiring/supervision/retention, and other legal issues unique to the site
OSHA safety standards potentially applicable at the site and violations
Training practices
Unethical business practices
Liaison activities with first responders, security professional organizations
Other security issues germane to the site.

Sample Solution