goal of security, as perceived by HeySec Security and Management.
Securing an organization entails a variety of proactive activities aimed at safeguarding its assets and protecting its employees, visitors and facilities from attempts made by hostile elements to harm them. It also involves preventing theft and foiling attempts to sabotage the organization’s assets or use them without authorization. Furthermore, a security plan developed for an organization will allow it to function during emergencies and quickly resume routine operation upon their conclusion.
Effective security activity creates deterrence, does not encumber the organization’s daily operation and does not annoy or irritate its employees and others arriving at its gates.
- Security is not a goal in itself, but rather a means to enable an organization to continue its routine activity, enabling it to fulfill its defined missions, goals and objectives.
- Security plans must be developed to effectively counter the specific threats faced by an organization as a whole, and by each of its facilities and interests.
- The security system is based on trained manpower and security technologies. The appropriate balance between the two will be determined based on the types of facilities and the nature of the activity carried out in them.
- The security plan must be compatible with the state’s relevant laws and regulations, and implemented in full coordination with the local authorities and security forces.
- The security plan will comply with the standards defined by the professional guiding bodies (Police, Ministry of the Environment, others).
- The security plan must take into account budgetary and other constraints.
- The security plan will include the implementation of access control and other means to prevent the intrusion of unauthorized persons into the organization’s site and facilities.
- The organization’s employees will benefit from freedom of movement in their areas of work.
Goals and Objectives of a Security Plan
- The primary goal of security is to develop and consolidate a security concept and security plan that will blend in with the organization’s activity patterns, while preserving its nature and the character of the facilities and areas in which it operates.
- The security plan will be developed to protect the lives of employees, suppliers, clients and visitors arriving at the organization’s facilities.
- The security plan will include all the elements required to protect the organization’s information assets from harm, misuse, unauthorized and illegal use.
- The security plan will safeguard the organization’s equipment and assets from damage and sabotage.
- The security plan will include all the elements required for loss prevention in the organization’s commercial and marketing processes.
- The security plan will include contingency plans and the means required to maintain continuity of operations.
Risk analysis is composed of the following three elements:
(1) Risk assessment: The full range of activities carried out to assess and grade the threats and risks faced by the organization, to analyze the adversary’s possible modes of operation (PMOs) and present the gaps between the existing and the desired situation – from the viewpoints of the suitability and quality of the security response, its cost-effectiveness and compatibility with the organization’s nature and operation.
(2) Risk management: Presentation of the optimal proactive security response to the risk – the optimal security concept and security plan, tailored to meet the particular needs of the organization.
(3) Risk communication: Presentation of the intra- and extra-organizational communication activities required to enable the implementation of the security plan, i.e., a description of the activities required to create an appropriate “perception” of the risk among position holders (so that it will not be perceived as overly threatening on the one hand; but will generate the suitable amount of attention, on the other hand), and of the activities required in order to ensure the optimal cooperation of the employees and management. Risk communication will be conducted vis-à-vis the official bodies (Police, Ministry of Internal / Homeland Security, etc.), since communication with these authorities is a prerequisite to the successful implementation of the security plan.