This unit is divided into three subdivisions:
The first part considers the way terrorist threat assessments are perceived by governments and organizations around the world. Threat assessment is a matter of risk management and the unit considers various methodologies for analyzing terrorism as a risk management issue. It deals with the interaction of capabilities and intentions as well as the creation of risk matrices. It also looks at the way national risk registers and risk audits have been conducted.
Finally, national resources have to be allocated to some definition of security risks and students will be introduced to the political and administrative problems of allocating appropriate resources on the basis of the assessment of risks.
Part two deals with organizations of all types and them being subject to ‘risk’ – the uncertainty caused by internal and external factors on whether key objectives (e.g. value creation) will be achieved.
This subdividion will examine risk management, defined here as the coordinated process and activities through which an organization attempts to direct and control uncertainty. It will introduce students to the established methods of: a.) designing a risk management framework and plan; b.) risk identification, analysis and evaluation; and c.) effective risk treatment and control.
Drawing upon case studies from across a range of different sectors, the unit will encourage students to consider risk management as a cornerstone of any corporate security program.
The third part examines the key themes of Business Continuity Management (BCM), a holistic process which builds upon risk management principles and enables organizations to identify, assess and manage the threats to its key stakeholders, reputation, brand and value-creating activities.
The unit will outline the key threats faced by modern businesses, including theft, terrorism and extreme weather events. It will then set out the core components of an effective BCM program, including crisis management, health and safety, physical security and supply chain risk management.
The unit will consider how organizations of all sizes can develop and maintain a bespoke Business Continuity Plan (BCP) – a process defined as the BCM Lifecycle. In particular, five stages will be explored: (1) Understanding the organization; (2) Assessing the risks; (3) Developing a BCM strategy; (4) Implementing the BCP; (5) Testing the BCP and updating the BCM program.
Drawing upon case studies from the finance and retail sectors, the unit will then consider real-world examples of how organizations have implemented BCM programs in the event of natural and man-made threats. The unit will also review the importance of international regulations, and in particular ISO 22301, in driving-up BCM standards and practices.