Physical Security Risk Assessments answer three questions. What can go wrong? What is the likelihood that it would go wrong? And what are the consequences?
Every security breach at any facility you operate has the potential to inflict serious harm upon your employees and the general public. Staying on top of these risks allows you to identify weaknesses in your security’s framework, well before an incident occurs.
These assessments also protect your image and reputation by helping you avoid negative publicity or loss of trust. No organization wants to become a high-profile headline due to a physical security incident that could have reasonably been prevented.
Physical Security Risk Assessments are best used for small and medium businesses that have minimal or no security measures in place.
CARVER is an acronym that stands for
C: Criticality (Identify critical points of security failure and the degree of importance to the organization)
A: Accessibility (Ease of access to the facility or system)
R: Recoverability (The time and effort it takes to recover from a breach of security)
V: Vulnerability (The organization's level of exposure to a breach of security based on the adversary's capability)
E: Effect (The scope and significance of a security breach resulting from malicious activity)
R: Recognizability (The ability of an adversary to recognize a potential target and how important the target is)
CARVER is both quantitative and qualitative in nature and is used by US Army Special Forces, US Intelligence Agencies, and others. We use CARVER with medium sized businesses that have 30+ employees and/or multiple facilities.
A physical penetration test is a simulated security compromise (access control breach, ID card cloning, etc.) to check for exploitable weaknesses in your security’s framework. Insights provided by the penetration test can be used to fine-tune your security policies and fix detected vulnerabilities.
That’s simple. Physical Security Assessments and Testing help ensure the fidelity of a company’s security, helping business owners protect their people, customers, and assets.