Exam (elaborations)
SEP3701 Assignment 2 Semester 1 Memo |
Due 29 April 2025
Course
Applied Security Risk Management (SEP3701)
Institution
University Of South Africa (Unisa)
SEP3701 Assignment 2 Semester 1 Memo | Due 29 April 2025. All questions
fully answered.
QUESTION 1 1. Draft the Unisa Security Risk Management Model and give
reasons for the addition of steps 9 and 10 respectively.
UNISA Security Risk Management Model
The UNISA Security Risk Management Model outlines the steps for managing and mitigating
security risks effectively. This model is designed to help the institution identify, assess, manage,
and reduce security risks in order to ensure the safety of students, staff, facilities, and
information systems.
Here is the general Security Risk Management Model for UNISA (or any similar institution),
broken down into key steps:
1. Risk Identification
This step involves recognizing potential security threats and risks that could impact the
institution. It includes identifying physical, cyber, environmental, and operational risks
that may affect the safety, integrity, and operations of the university.
2. Risk Assessment
Once risks are identified, they must be evaluated for their likelihood of occurrence and
potential impact. This assessment involves determining the severity of risks and
classifying them based on priority (low, medium, or high).
3. Risk Analysis
This step involves analyzing the identified risks in greater detail. The goal is to
understand the root causes of the risks, the potential vulnerabilities in the system, and the
extent to which these risks can affect UNISA’s operations.
,4. Risk Evaluation
After analyzing the risks, the next step is to evaluate the level of each risk in relation to
the university’s strategic objectives, policies, and operational priorities. This step allows
the institution to determine which risks require immediate attention and which can be
managed over time.
5. Risk Control and Mitigation
This step involves developing strategies to control, reduce, or eliminate identified risks. It
includes implementing preventive measures (e.g., physical security measures like locks,
or cybersecurity measures like firewalls) and contingency plans for addressing risks
should they materialize.
6. Risk Response
In this step, the institution responds to the identified and evaluated risks by taking
appropriate actions, whether through risk avoidance, reduction, transfer, or acceptance.
The university may decide to avoid a certain risk by altering its processes, reduce its
impact through mitigation strategies, transfer the risk (e.g., through insurance), or accept
the risk and prepare for its consequences.
7. Monitoring and Review
Continuous monitoring is crucial to ensure that the security measures and strategies
remain effective. This step involves tracking the effectiveness of the implemented
controls and continuously evaluating the risk landscape.
8. Communication and Consultation
Effective communication with all stakeholders, including students, staff, and external
partners, is essential for a comprehensive risk management approach. This ensures that
everyone is informed of the security policies and any changes in security procedures.
9. Incident Response and Reporting (Reason for addition)
Why is this step important? The addition of this step allows for a structured approach to
responding to incidents when they occur. By having a dedicated incident response plan,
UNISA ensures that security breaches or emergencies are handled swiftly, minimizing
potential damage. The reporting component is crucial because it ensures that incidents are
documented and communicated to the appropriate authorities and stakeholders. It also
helps in learning from these incidents to improve future security protocols.
, Reason for addition: Security incidents are inevitable, so the institution needs a clear
process for managing them. Without such a step, there may be confusion and
inefficiencies in responding to emergencies. Additionally, having a documented incident
reporting system helps in continuous improvement of security policies and practices.
10. Continuous Improvement and Feedback Loop (Reason for addition)
Why is this step important? The continuous improvement step ensures that the
university’s security policies and practices evolve based on past experiences, changing
circumstances, and emerging risks. After incidents or routine evaluations, the feedback
loop helps refine strategies, policies, and technologies used in security risk management.
It contributes to making security risk management a dynamic and adaptable process.
Reason for addition: Security is an ever-changing landscape, and risks evolve as new
threats emerge. Therefore, it is crucial to have a continuous improvement process in
place. This allows the institution to adapt and update security measures, keeping them
relevant and effective over time. A feedback loop ensures that the lessons learned from
past risks and incidents are integrated into future planning, improving the overall security
framework.
Summary:
Steps 9 and 10 (Incident Response and Reporting, and Continuous Improvement and
Feedback Loop) are crucial additions to the UNISA Security Risk Management Model
because they ensure that the university is prepared for security incidents, can respond
effectively, and continuously improves its security systems based on past experiences and
emerging threats.
These steps contribute to creating a robust and adaptable security framework that is
proactive, responsive, and continuously evolving to ensure the long-term safety and
security of the institution.
QUESTION 2 2. Discuss the sociological factors that causes crime (do not
copy examples from your study guide).
Sociological Factors That Cause Crime
Crime is a complex phenomenon influenced by a variety of sociological factors. Sociologists
have long studied the ways in which society, its structures, and the conditions individuals face
can lead to criminal behavior. Below are some key sociological factors that contribute to crime:
SEP3701 Assignment 2 Semester 1 Memo |
Due 29 April 2025
Course
Applied Security Risk Management (SEP3701)
Institution
University Of South Africa (Unisa)
SEP3701 Assignment 2 Semester 1 Memo | Due 29 April 2025. All questions
fully answered.
QUESTION 1 1. Draft the Unisa Security Risk Management Model and give
reasons for the addition of steps 9 and 10 respectively.
UNISA Security Risk Management Model
The UNISA Security Risk Management Model outlines the steps for managing and mitigating
security risks effectively. This model is designed to help the institution identify, assess, manage,
and reduce security risks in order to ensure the safety of students, staff, facilities, and
information systems.
Here is the general Security Risk Management Model for UNISA (or any similar institution),
broken down into key steps:
1. Risk Identification
This step involves recognizing potential security threats and risks that could impact the
institution. It includes identifying physical, cyber, environmental, and operational risks
that may affect the safety, integrity, and operations of the university.
2. Risk Assessment
Once risks are identified, they must be evaluated for their likelihood of occurrence and
potential impact. This assessment involves determining the severity of risks and
classifying them based on priority (low, medium, or high).
3. Risk Analysis
This step involves analyzing the identified risks in greater detail. The goal is to
understand the root causes of the risks, the potential vulnerabilities in the system, and the
extent to which these risks can affect UNISA’s operations.
,4. Risk Evaluation
After analyzing the risks, the next step is to evaluate the level of each risk in relation to
the university’s strategic objectives, policies, and operational priorities. This step allows
the institution to determine which risks require immediate attention and which can be
managed over time.
5. Risk Control and Mitigation
This step involves developing strategies to control, reduce, or eliminate identified risks. It
includes implementing preventive measures (e.g., physical security measures like locks,
or cybersecurity measures like firewalls) and contingency plans for addressing risks
should they materialize.
6. Risk Response
In this step, the institution responds to the identified and evaluated risks by taking
appropriate actions, whether through risk avoidance, reduction, transfer, or acceptance.
The university may decide to avoid a certain risk by altering its processes, reduce its
impact through mitigation strategies, transfer the risk (e.g., through insurance), or accept
the risk and prepare for its consequences.
7. Monitoring and Review
Continuous monitoring is crucial to ensure that the security measures and strategies
remain effective. This step involves tracking the effectiveness of the implemented
controls and continuously evaluating the risk landscape.
8. Communication and Consultation
Effective communication with all stakeholders, including students, staff, and external
partners, is essential for a comprehensive risk management approach. This ensures that
everyone is informed of the security policies and any changes in security procedures.
9. Incident Response and Reporting (Reason for addition)
Why is this step important? The addition of this step allows for a structured approach to
responding to incidents when they occur. By having a dedicated incident response plan,
UNISA ensures that security breaches or emergencies are handled swiftly, minimizing
potential damage. The reporting component is crucial because it ensures that incidents are
documented and communicated to the appropriate authorities and stakeholders. It also
helps in learning from these incidents to improve future security protocols.
, Reason for addition: Security incidents are inevitable, so the institution needs a clear
process for managing them. Without such a step, there may be confusion and
inefficiencies in responding to emergencies. Additionally, having a documented incident
reporting system helps in continuous improvement of security policies and practices.
10. Continuous Improvement and Feedback Loop (Reason for addition)
Why is this step important? The continuous improvement step ensures that the
university’s security policies and practices evolve based on past experiences, changing
circumstances, and emerging risks. After incidents or routine evaluations, the feedback
loop helps refine strategies, policies, and technologies used in security risk management.
It contributes to making security risk management a dynamic and adaptable process.
Reason for addition: Security is an ever-changing landscape, and risks evolve as new
threats emerge. Therefore, it is crucial to have a continuous improvement process in
place. This allows the institution to adapt and update security measures, keeping them
relevant and effective over time. A feedback loop ensures that the lessons learned from
past risks and incidents are integrated into future planning, improving the overall security
framework.
Summary:
Steps 9 and 10 (Incident Response and Reporting, and Continuous Improvement and
Feedback Loop) are crucial additions to the UNISA Security Risk Management Model
because they ensure that the university is prepared for security incidents, can respond
effectively, and continuously improves its security systems based on past experiences and
emerging threats.
These steps contribute to creating a robust and adaptable security framework that is
proactive, responsive, and continuously evolving to ensure the long-term safety and
security of the institution.
QUESTION 2 2. Discuss the sociological factors that causes crime (do not
copy examples from your study guide).
Sociological Factors That Cause Crime
Crime is a complex phenomenon influenced by a variety of sociological factors. Sociologists
have long studied the ways in which society, its structures, and the conditions individuals face
can lead to criminal behavior. Below are some key sociological factors that contribute to crime:
