final Project: Case Study
Risk Assessment/Security and Safety Plan
I. The Setting: As a new aspiring professional with PLP Security Solutions, an upstart consulting firm specializing in conducting risk assessments and developing effective management strategies for mitigating threats and protecting assets from harm or loss, you have been assigned your first project after completing your initial company orientation and on-the-job-training. Your supervisor offers you the opportunity to select any one of the following enterprises from a list of clients who have just contracted with PLP Security Solutions to conduct risk assessments of their facilities and operations that include a security plan designed to effectively protect their assets:
- A full-service grocery store
- Acceptable: national/regional food store chain (e.g., Giant, Kroger, Win-Dixie, military base commissary, etc.)
- Not acceptable: local mini-mart (e.g., 7-Eleven, Wa-Wa, Highs, etc.)
- A full-service department store
- Acceptable: national/regional department store (e.g., Macys, Sears, Wal-Mart, military base PX, etc.)
- A full-service hardware store
- Acceptable: national/regional chain hardware/lumber retailer (e.g., Lowes, Home Depot, 84 Lumber, military base PX, etc.)
- A local public library
- If the library is contained within another building or structure, then the risk assessment/security plan should address the structure in general, and the library in particular as the security target.
II. Important Project Identification Procedural Note: As a PLP security consultant, you must select only one of the entities (sites) listed above that is located in the most conducive geographic area for you to visit, observe, and complete this project. To avoid any confusion about acceptable sites, you are to provide your PLP supervisor (instructor) the following information before commencing any work on this project: 1) name of the organization you have selected; 2) location (address); and 3) name and title of the site point of contact, if one is established.
Site selection and supervisor (instructor) notification must be made using the classroom Assignments Folder for the project marked “Final Project Selection Approval” by the listed due date.
III. Project Background and Requirements: According to the Department of Homeland Security, “risk management is the process for identifying, analyzing, and communicating risk and accepting, avoiding, transferring, or controlling it to an acceptable level considering associated costs and benefits of any actions taken” (DHS Risk Lexicon, September, 2010, p. 31). As result of your academic study at UMUC and your military and civilian work experiences, you know that enterprise risk assessment and management are key job responsibilities for security practitioners. More significantly, you recognize that assessing and managing risk are actually critical competencies required of a security practitioner, such as yourself, and proficiency in completing these tasks must be demonstrated consistently throughout one’s security career to be fully successful as a bona fide security professional (Enterprise Security Risks and Workforce Competencies: Findings from an Industry Roundtable on Security Talent, Summer 2013, p. 8).
As a part of any risk management process, PLP Security Solutions requires you to employ your knowledge, skills, and abilities in applying the risk assessment and management principles and methodology outlined by ASIS International’s “General Security Risk Assessment Guideline,”which includes the following: identifying all the assets requiring protection at the site you have selected and “understanding” the organization you are evaluating; determining all the possible criminal and non-criminal risk events confronting the organization; establishing the probability and impact of loss risk events; identifying physical, procedural, and virtual security control options for mitigating risks; assessing the feasibility of implementing those security options; and conducting a cost-benefit analysis of the security options under consideration or specifically recommended.
Within the context of protecting a client’s assets from harm or loss, PLP also expects you to address the following general topics in the Risk Assessment/Security and Safety Plan:
- Cyber/communications security
- Workplace violence prevention and response, including active shooter threats
- Crisis (emergency) management and response (natural disasters, fire, terrorism, lone wolf attacks, etc.); business continuity planning
- Employee selection, screening, rescreening (insider threats)
- Physical plant intrusion (e.g., burglary)
- Property damage, interior and exterior (e.g., vandalism, theft, etc.)
- Personal security (e.g., assault, personal property loss/damage, robbery, etc.)
- Information/records physical security
- Litigation for inadequate security, including negligent hiring/supervision/retention, and other legal issues unique to the site
- OSHA safety standards potentially applicable at the site and violations
- Training practices
- Unethical business practices
- Liaison activities with first responders, security professional organizations
- Other security issues germane to the site.
These topics were discussed throughout the course of study and include, in broad terms, the various risks to assets; security and safety control operating standards, guidelines, and procedures; and management and operational issues and challenges confronting security practitioners. You will incorporate into the Risk Assessment/Security and Safety Plan a succinct discussion for each of the topics as they relate to the organization and the site under review.
PLP also expects that you include in the project “deliverable” (paper) specific recommendations for enhancing security and protecting the organization’s assets from harm or loss. As the consultant on site, you understand the client is entitled to the results of any and all analyses you complete, along with a description of any necessary actions the client should consider in view of your observations and findings.
Since this is your first project with PLP, you are keenly aware of the significant opportunity you have for demonstrating your technical and analytic competence in assessing and managing risk and applying the associated core principles. Moreover, the project also serves to establish your literacy in other crucial areas of the security industry, including business and financial management, written and oral communication skills, anticipatory and strategic planning, decision-making, critical thinking, persuasive influencing, and maximizing others’ performance (Security Industry Survey of Risks and Professional Competencies, Fall 2013, p. 9). For you, the “bottom line” is to provide a credible, comprehensive product to the client and, at the same time, show the PLP Security Solutions corporate executives that your skills, abilities, and work ethic and product adds tremendous value to the organization.
IV. Risk Assessment/Security and Safety Planning Instrument: Instructions for Conducting Site Observations and Research
Note: PLP consultants must visit the selected site at least one time to gather the information required to complete this project; however, two visits are recommended, one during the day and one during the evening. Be sure to note in the project deliverable (paper) the dates and times you visited the site. If applicable notify the supervisor immediately after the course begins to explain the issue or challenge that prohibits you from making a site visit.
PLP consultants are required to use the “Risk Assessment/Security and Safety Planning Instrument” (See attachment.) as a template or guide when visiting the selected site and conducting your independent research to record the following:
- Onsite observations in response to the survey questions and other information required to be collected
- Discussions with security or other company executives, only if arrangements can be made
- Drafts of any necessary diagrams that will be finalized and included in the final project
- Completed research notes and accompanying draft references.
Note: PLP consultants may be unable to collect all the information listed on the planning instrument for a number of reasons. This is particularly true when they are unable or reluctant to secure the assistance of an organization representative. However, with thorough, unobtrusive, and discreet observations and independent research, along with the review and application of the concepts, principles, and standards presented in all the online educational resources listed in the classroom, PLP consultants will be able to gather and record sufficient information to successfully complete this project.
Refer to the instructions for completing the “Risk Assessment/Security and Safety Planning Instrument” for additional information and guidance for this project. This document will be maintained as a “work paper” and submitted to the supervisor as described below.
V. Writing Assignment Requirements: PLP consultants will write a Risk Assessment/Security and Safety Plan based on their personal observations of the documented, authorized site; conversations with security or other executives with knowledge of security operations at the site (if arranged), and the consultant’s general and specific research conducted about the organization selected for the project. The paper will total between 1,700 (minimum) to 2,500 (maximum) words (about 7-10 pages, not including the title page, abstract, reference page, or attachments depicting photographs and diagrams). Consultants must select Microsoft Word’s Tools >Word Count to confirm conformity with word count requirements.
Consultants are required to systematically apply the risk management principles and processes discussed throughout the course and as discussed above. Consultants will also ensure:
- The Risk Assessment/Security and Safety Plan includes a strong introductory section at the beginning that thoroughly explains the purpose of the document and incorporates a brief summary of the facility under review (organization name, address, building description, business and/or purpose of building, hours/days of operation, etc.). Included in the introductory section should be a brief overview of security issues that will be addressed in your security plan. You should review the project description to complete this section. The dates and times you visited the site must be cited and the loss prevention measures and security controls currently in place must be described.
- Include in a section of the paper a brief discussion of the risk management methodology used to rank order or quantify security risks to ascertain the most serious risks based on the probability of occurrence and impact (e.g. very likely to occur, extreme impact), requiring the organization’s urgent action and those less critical and/or less likely to occur that may be addressed later. Note: To enhance the presentation of the risk assessment findings, consultants will employ a criticality/probability matrix for all identified risks.
- The general topic areas previously described are discussed in the Risk Assessment/Security and Safety Plan as they relate to the organization and the site under review.
- Based on the results of the risk assessment, consultants will identify and detail security vulnerability areas in the paper and provide recommendations for security improvement by initiating and/or updating specific physical, procedural, and virtual controls, contingency procedures for emergencies or other non-criminal and criminal risk events, along with any policy revisions required to enhance the organization’s overall security apparatus.
VI. Format and Related Requirements: Consultants will include a minimum of four (4) attachments of photographs or sketches capturing security concerns or general references in the Risk Assessment/Security and Safety Plan. Do not incorporate these attachments into the narrative of the paper. Locate them after the last page of the narrative, before REFERENCES, and be sure to number them so you can effectively refer to them in your narrative. When doing so, be sure to provide a cogent explanation of the attachments. Also be sure to provide citations for each of the photos and sketches. Note: Attachments and the descriptive information listed on them are not included in the project word count constraints.
Other requirements include:
- References must include at least three (3) external (not class instructional material) scholarly sources. that support the points made in the report. Refer to the following UMUC link for information about scholarly sources: http://sites.umuc.edu/library/libhow/articles.cfm .
- No directly quoted material may be used in this project paper. Resources should be summarized or paraphrased with appropriate in-text and Resource page citations.
- Paper must be a Word document, double-spaced, 12 pt. font, 1” margins.
- American Psychology Association (APA) in-text citations for all sources must be used.
- Reference page titled References using APA format guidelines must be included (not included in word count).
- DON’T forget to follow APA format and place page numbers on the deliverable.
- A cover page for the assignment that includes name, course title and number, project title, and date of submission must be included (not included in word count). No other information or drawings or designs are permitted.
VII. Submission Requirements: Consultants will submit the “Risk Assessment/Security and Safety Plan” with the listed attachments (Photos and/or Sketches). Additionally, as a separate document, consultants will submit the “Risk Assessment/Security and Safety Planning Instrument” (work product), complete with responses (which may be handwritten) to the questions and other information required. Both documents must be submitted separately to the Assignments Folder by the designated due date.
VIII. Project Grading Rubric Review: Consultants are encouraged to closely review the grading rubric used to assess performance on the final project before planning, writing, and submitting the paper. The initial element of the rubric relates to the submission of the planning instrument and its degree and quality of responsiveness to the requirements. The rubric elements then evaluate the diligence demonstrated in conforming to the requirements for completing the introduction and stated purpose of the paper, the level of responsiveness in addressing the general topics listed in the project description, and the levels of conformity with grammar and format standards. Several rubric elements assess your ability in applying the various risk assessment and management core principles.