The first way is to advise the company management within a few hours how to proceed with updating the security system or its individual parts. In this way, the management received basic information about the preparation and the course of renovation of the security system in its own direction. This is the most basic way of counseling. Another way is to make written recommendations and basic security enhancements to management - based on legislation, standards and good practice, and through review of internal documentation. comprehensive security solutions. Business security consulting is implemented in the following forms:

Recordings and analyzes of the state of security systems

Any intervention in the renewal or modernization of the security system requires a thorough recording, analysis and evaluation of the existing security system. This is basically the first phase of a complete security system upgrade, upgrade or design. In order to obtain a set of necessary data and information, it is necessary to carry out an operational safety inspection of areas, buildings, premises, equipment, processes, logistics and certain documentation. In addition, legislation, internal acts, standards, threats, security risks and good practice should be studied and information (interviews and questionnaires) obtained from competent people in the company, especially management and those responsible for specific security areas. However, appropriate qualitative and quantitative methods should be used to analyze the data collected. It is a professional approach to recording and assessing the situation that a company, as a subscriber to such services, can only perform when hiring external (independent) security professionals or a company engaged in security engineering.

Interviews and questionnaires

An integral part of the snapshot is the conduct of in-depth interviews or interviews with the company management, with the persons responsible for particular areas of security (security management) and with experts (informatics, developers, analysts, researchers). In most cases, a content-based questionnaire, which should be processed by multivariate statistical methods, is also used as an additional tool for data acquisition. If the use of these methods is not possible due to the low amount of data, analytical methods of a qualitative nature shall be used.

Threat Assessment

In addition to security policy and risk management, risk assessment is an indispensable umbrella document for a comprehensive security system. The basic indicator of threat assessment is given in the form of a risk matrix, which assesses 16 types of risk on a 10-point scale, namely: risk of natural disasters, fire, explosion and ecological risk, risk (risks) in workplaces, criminal, terrorist , spyware. information, communication, sabotage, strike, traffic, logistical, competitive and technical-technological threats and threats to the staff employed. Each type of threat is represented graphically and descriptively. An integral part of the threat assessment is the proposal of security measures, which are implemented by the security and other services and outsourcing on the basis of appropriate documents (rules, plans, instructions, contracts). The threat assessment can be a standalone document or an integral part of a security study.

Security studies

The security study is based on a comprehensive (thorough) snapshot and analysis of the situation, and must cover the following substantive parts: presentation of the client, project approach, snapshot and analysis of the situation, threat assessment, findings, management of security risks and changes, proposal for security improvements, priorities, implementation security standards, timetable, financial structure (required resources for security improvements), method of implementation of security study, required management responses, recommendations to management.

The preparation of security studies can be one of the ways of business-security consulting, or the client decides to hire a qualified external contractor to establish an integral (comprehensive) security system. This means that in the first phase a security study is prepared, and in the second phase - when the management approves the study - the implementation of the study is started. The implementation of the study means the realization of all the proposed security improvements, which (based on previous practice) mainly relate to the modernization and optimization of physical and technical security, to the upgrading of active fire protection, to the modernization of access control and burglar protection, to the implementation of improvements in data protection, information and trade secrets, the completion of internal acts (rules, plans and instructions) and the training of security personnel and employees.

Security documents

First, we tell the service contractor what security documents (policies, plans and instructions) he or she must have, and which will presumably have to be drawn up, based on any subsequent findings. Below we present the methodology (structure and content) of the preparation of individual acts and the problems in this regard. At the request of the client, we actively participate in the preparation and / or renewal of individual acts.

Our current practice shows that companies are particularly weak in the preparation of certain policies and instructions, further in the planning of physical and technical security, in the planning and implementation of evacuations, in the planning of emergency management, in the control of the alarm and response systems, and in the planning of continuous operation and operations in crisis management (crisis management).

Expert opinions

Based on the requests of the security and judicial authorities, as well as lawyers and other interested parties, we issue expert opinions produced by the best experts with academic and practical experience. As a rule, expert opinion is made in writing, supported by graphic elements. If necessary, and at the request of the contracting authority, the expert's opinion shall be explained in more detail at the presentation, which may also be enriched by realistic examples and practical presentation. We only issue expert opinions that are substantively related to the Institute's research areas.