The Diary Game (24th February 2021)
Dear steemians,
I worked the whole day on a consultancy program to design the term of Reference for a Civil Society client:
Before this I treked to my office to take home my computer.
This is for hiring of an external security expert for to design, implement and continue improving proactive on risk security management.
This is a client international organization with branch based in Douala. Considering its mission on women Peace and security relating to projects like masculinity, and UNSCR 1325, considering its security issues surrounding the organization and staff in the job environment in building peace, and demilitarisation etc, there is need to build a protective system to realized these objectives because the security risk against the organization seems to be increasing. This is as a result of events and activities carried out on a national scale. This is as regards to the present socio-political environment in Cameroon from the North, East, and North West and South West Regions of Cameroon. In a mission to expand to the national scale, the organisation has faced some security threats, that has been considered by management and therefore there is need for some security risk checks.
A security risk is something that could result in the compromise, loss, unavailability or damage to information or assets, or cause harm to people. Security risk is the effect of uncertainty on objectives and is often measured in terms of its likelihood and consequences. This may be generally targeted towards people, systems, and processes, procedures by attack, crime or by natural accident.
To successfully manage security risks, protect people, information and assets considering the political environment, community sensitivities and expectations on security incidents like terrorism acts, hacking, hate speech, kidnap, cyber attack etc
Task and responsibility:
-Establishing of the security Plan and put in place by April 2021
-To identify and manage foreseen and unforeseen risks that might affect
-Design strategies and protocol to protect the personnel at office and at the field
-Protect the database and online security for the staff and the organization
-Improving resilience to threat and performance improvement
-Determine capacity to manage risks foreseen and train the staff on the mode of operation
The components of the Security Plan of WILPF Cameroon
To specify the approach a security management process with all areas of governance of information, personal and physical to balance operational and security needs , identify the resources , responsibilities to manage against security issues.
How management intersects with the entity and the external environment to support it programs to run.
Identifies priority threat risks that are foreseen to affect , the information management and assets.
Develop a positive review strategy every two years for positive risk management culture.
If need be with the expansion of at national scale, develop multi-level overarching security strategy to address core challenges.
By Bongwong Justin Berinyuy
Requirements
Establish and Review the security plan
Determine the adequacy of the existing measures mitigating controls to respond and manage risks in operating environment
Identify through the organizational structures the operational mechanism from President and staff, location and movement applying appropriate strategies in the working environment.
Establish the responsibility assigned to the department in charge with their role
Conduct a security assessment and identify when and how such risks can occur and set an alert mechanism
Identify the scalable means and the threat levels and degree of tolerance
Identify the contingency or alternative mitigation approach possible
Section two: Management, access to information
Design possibly:
Security risk assessment report
Security and alert levels
Threat assessment and classification on consequence of threat on Low, low to medium impact, High impact, extreme impact and catastrophic impact exceptionally grave to damage national interests, organizations or individuals.
Vulnerability assessment
security risk register and security procedure
Establish asset register, security risk register and the response procedure
Privacy impact assessment
ITC security system approach
Information asset register
Other risk and security operational compliance plan
Security awareness training
ICT access, cyber security to mitigate target intrusion
Personal security tips
Security clearance and physical security
Access and system control
Monitoring and alarm systems with tools and skills
National terrorism threat level advisory directives
List sources of possible security risks as to activity, event, threat with policy advice
Structural approach
Infrastructural establishment
Departmental accountability , vigilance, resilience and adaptability to security of personnel during emergencies
Determine who needs to know about changes in risk security levels and determining who is responsible
Monitoring mechanisms and alert approach with each risk defined for decision makers to fully understand
Categorization of risks as to persons, information, property, reputation, financial, business operations :
events ,occurrence or change of particular circumstances
source as to the hazard or threat a source to the risk
cause , why the threat is a risk
consequences , the level the risk will have on the entity
risk criteria, to determine the tolerability against consequence
priority, comparing the level of the risk or magnitude of the risk
control, existing control options in place
current risk rating
risk decision, any treatment to the risk
treatments, what, when, how by who and what resources
residual risk rating, when treatment is implemented, what will be the residual risk rating
stakeholder, who has impact or consequence as to power and influence
previous risk information, threat vulnerability assessments
critical assessment
critical ratings
Review plan for posterity
This is all I was working on since morning and right now