New Security Projects
The consequences of failing to plan properly for new security projects, or upgrades of existing security measures can be costly – in terms of increased financial burden and resultant loss of board investment support, inappropriate measures to mitigate the risk, and lack of strategic security vision.
There are two fundamental stages when planning new security projects:
- Understanding and identifying the security risks that your organisation faces
- Developing a strategic security plan to show how your organisation’s security needs will be met through the implementation of new measures (an operational requirement or statement of need)
This section will help organisations understand the principles behind these stages. Click on the links below for further information.
Protective Security Risk Management
A risk assessment will help you review the threats you might be facing, including their likelihood and impact. You can then identify your vulnerabilities to these threats in a prioritised and proportionate manner and where necessary develop new mitigation strategies.
Is a process to create protective security mitigations, to address security risks.
Using this process will help your organisation to take a proportionate and defence-in-depth approach to the adoption of protective security measures in the reduction of identified security risks.
CPNI recommends the use of the OR process as the starting point for any new security projects or any changes to existing security measures.
Digital Built Assets and Environments
The adoption of building information modelling (BIM) and the increasing use of digital engineering and technologies in the management of assets and built environments, including smart cities, will have a transformative effect on those involved in their design, construction, operation and management. For example, it will enable more transparent open ways of working including cross-sector collaborative approaches and sharing of data and information.
A strategic security-minded approach is essential to ensure that appropriate and proportionate security measures are in place to reduce the risk of loss or disclosure of valuable assets that could impact on the wider security of your business, personnel and/or services.