SEP3714 Assignment 2
(COMPLETE ANSWERS)
Semester 2 2025 - DUE 22
September 2025
For assistance contact
Email:
,Security Risk Management
Question 1: Implementing and Evaluating a Security Project
To implement and evaluate a security project aimed at preventing losses from theft, collusion,
and other threats, I would follow these practical steps:
1. Conduct a Risk Assessment: Begin by identifying and analyzing the specific threats and
vulnerabilities the company faces. This involves interviewing employees, reviewing past
incident reports, and physically inspecting the premises. For example, I'd look for areas
with poor lighting, unmonitored exits, or lax inventory procedures that could facilitate
theft or collusion.
2. Define Project Scope and Goals: Clearly state what the project aims to achieve. The
goal might be to "reduce inventory shrinkage by 50% in the next fiscal year." This
provides a measurable target for the project's success.
3. Develop a Detailed Project Plan: Create a timeline and assign responsibilities for each
task. This plan would include a list of security measures to be implemented, such as
installing CCTV cameras in high-risk areas, implementing a new access control system,
or creating an employee code of conduct.
4. Allocate Resources: Secure the necessary budget, personnel, and equipment. For
instance, if the plan involves installing new security technology, I would ensure that the
funds are available and that the technicians are scheduled.
5. Implement Security Measures: Execute the project plan by installing the new
equipment and implementing the new policies. This phase requires careful coordination
to minimize disruption to normal business operations.
6. Provide Training and Communication: Conduct training sessions for all employees on
the new security measures and policies. Explain the "why" behind the changes to
encourage buy-in and compliance. For example, I would explain how the new access
control system protects both company assets and employees.
7. Monitor and Measure Performance: Track key performance indicators (KPIs) to
measure the project's impact. I would compare inventory shrinkage rates, incident
reports, and employee adherence to the new policies to pre-implementation data.
8. Evaluate and Report: Based on the data collected, I would prepare a final report that
evaluates the project's success. The report would highlight what worked, what didn't, and
provide recommendations for future improvements.
, Question 2: Maximum Foreseeable Loss (MFL), Normal Loss Expectancy (NLE), and
Annual Loss Expectancy (ALE)
As a security supervisor in a camping retail store, I can explain the difference between these
terms to a sales representative using practical examples.
Maximum Foreseeable Loss (MFL): This is the worst-case scenario. It represents the
total value of all assets that could be lost in a single, catastrophic event, assuming all
security measures fail.
o Example: A major fire breaks out and destroys the entire store, including all
inventory, display fixtures, and cash. The MFL would be the total value of
everything in the store, perhaps $5 million.
Normal Loss Expectancy (NLE): This refers to the average, expected level of loss that
occurs under normal operating conditions, with all security controls functioning as
intended. This type of loss is often considered part of the cost of doing business.
o Example: Due to shoplifting and clerical errors, the store typically loses about
$2,000 worth of camping gear each month. This is the NLE, an expected and
recurring loss.
Annual Loss Expectancy (ALE): This is the total expected loss over a one-year period.
It is a calculated value, often used to justify the cost of security measures.
o Example: If the NLE is $2,000 a month, the ALE for the store would be $24,000
($2,000 x 12 months). This figure helps management decide if investing $10,000
in a new CCTV system is a worthwhile expense to reduce the ALE.
Question 3: Overcoming Employee Reluctance to Organizational Change
Implementing a new access control system can be met with resistance from employees. To
overcome this reluctance, I would focus on transparency, communication, and demonstrating the
benefits.
1. Communicate the "Why": I would hold a series of meetings to explain the purpose of
the new system, emphasizing that it's for enhanced security, not a lack of trust. I would
clarify that the system's purpose is to protect employees and company assets from
external threats and to ensure accurate payroll, not to monitor personal movements.
2. Highlight the Benefits: I would show employees how the new system can benefit them
directly. For example, the system could eliminate the need for manual time sheets,
making the payroll process more accurate and reducing disputes. I would also explain
how it provides a more secure and safer work environment for them.
3. Involve a Pilot Group: I would select a small group of employees to be part of a pilot
program. Their feedback would be crucial for fine-tuning the system and addressing any
usability issues. This also gives them a sense of ownership, making them advocates for
the new system among their peers.
(COMPLETE ANSWERS)
Semester 2 2025 - DUE 22
September 2025
For assistance contact
Email:
,Security Risk Management
Question 1: Implementing and Evaluating a Security Project
To implement and evaluate a security project aimed at preventing losses from theft, collusion,
and other threats, I would follow these practical steps:
1. Conduct a Risk Assessment: Begin by identifying and analyzing the specific threats and
vulnerabilities the company faces. This involves interviewing employees, reviewing past
incident reports, and physically inspecting the premises. For example, I'd look for areas
with poor lighting, unmonitored exits, or lax inventory procedures that could facilitate
theft or collusion.
2. Define Project Scope and Goals: Clearly state what the project aims to achieve. The
goal might be to "reduce inventory shrinkage by 50% in the next fiscal year." This
provides a measurable target for the project's success.
3. Develop a Detailed Project Plan: Create a timeline and assign responsibilities for each
task. This plan would include a list of security measures to be implemented, such as
installing CCTV cameras in high-risk areas, implementing a new access control system,
or creating an employee code of conduct.
4. Allocate Resources: Secure the necessary budget, personnel, and equipment. For
instance, if the plan involves installing new security technology, I would ensure that the
funds are available and that the technicians are scheduled.
5. Implement Security Measures: Execute the project plan by installing the new
equipment and implementing the new policies. This phase requires careful coordination
to minimize disruption to normal business operations.
6. Provide Training and Communication: Conduct training sessions for all employees on
the new security measures and policies. Explain the "why" behind the changes to
encourage buy-in and compliance. For example, I would explain how the new access
control system protects both company assets and employees.
7. Monitor and Measure Performance: Track key performance indicators (KPIs) to
measure the project's impact. I would compare inventory shrinkage rates, incident
reports, and employee adherence to the new policies to pre-implementation data.
8. Evaluate and Report: Based on the data collected, I would prepare a final report that
evaluates the project's success. The report would highlight what worked, what didn't, and
provide recommendations for future improvements.
, Question 2: Maximum Foreseeable Loss (MFL), Normal Loss Expectancy (NLE), and
Annual Loss Expectancy (ALE)
As a security supervisor in a camping retail store, I can explain the difference between these
terms to a sales representative using practical examples.
Maximum Foreseeable Loss (MFL): This is the worst-case scenario. It represents the
total value of all assets that could be lost in a single, catastrophic event, assuming all
security measures fail.
o Example: A major fire breaks out and destroys the entire store, including all
inventory, display fixtures, and cash. The MFL would be the total value of
everything in the store, perhaps $5 million.
Normal Loss Expectancy (NLE): This refers to the average, expected level of loss that
occurs under normal operating conditions, with all security controls functioning as
intended. This type of loss is often considered part of the cost of doing business.
o Example: Due to shoplifting and clerical errors, the store typically loses about
$2,000 worth of camping gear each month. This is the NLE, an expected and
recurring loss.
Annual Loss Expectancy (ALE): This is the total expected loss over a one-year period.
It is a calculated value, often used to justify the cost of security measures.
o Example: If the NLE is $2,000 a month, the ALE for the store would be $24,000
($2,000 x 12 months). This figure helps management decide if investing $10,000
in a new CCTV system is a worthwhile expense to reduce the ALE.
Question 3: Overcoming Employee Reluctance to Organizational Change
Implementing a new access control system can be met with resistance from employees. To
overcome this reluctance, I would focus on transparency, communication, and demonstrating the
benefits.
1. Communicate the "Why": I would hold a series of meetings to explain the purpose of
the new system, emphasizing that it's for enhanced security, not a lack of trust. I would
clarify that the system's purpose is to protect employees and company assets from
external threats and to ensure accurate payroll, not to monitor personal movements.
2. Highlight the Benefits: I would show employees how the new system can benefit them
directly. For example, the system could eliminate the need for manual time sheets,
making the payroll process more accurate and reducing disputes. I would also explain
how it provides a more secure and safer work environment for them.
3. Involve a Pilot Group: I would select a small group of employees to be part of a pilot
program. Their feedback would be crucial for fine-tuning the system and addressing any
usability issues. This also gives them a sense of ownership, making them advocates for
the new system among their peers.
