If you’re not doing risk, you’re not doing security

What drives us

Nothing in life is risk free but risks can be managed. It’s our job to make everyone and everything safer. HawkSight software uses a sophisticated algorithm that assesses risks based on relevant threat data. This delivers a dynamic risk profile, identifies vulnerabilities, and provides options for mitigation.

We call it security risk insight and we’re global leaders at it.

We believe that this will enable people to live freer lives and enterprises to flourish as risk diminishes. The ability to live and operate safely in an increasingly complex world is our goal.

Book a call

As security professionals, our primary role encompasses three key responsibilities:

Develop an in-depth understanding of your business or organisation.
Identify and manage security risks.
Effectively communicate those risks to the business.

Risk management stands as the foundation of every security program. And while it's deeply embedded in numerous security standards and regulations, it's surprising how often its importance is either misunderstood or entirely overlooked.

To illustrate, let's delve into some prevalent regulations and guidelines within the security sector:

Australian Handbook 167 (HB 167): Advocates that security risk management is fundamentally rooted in a deep comprehension of risk management principles.

ASIS Enterprise Security Risk Management: Emphasises a strategic security management approach, aligning an organisation's security protocols with its overarching strategy, grounded in globally recognised risk management principles.

ISO/IEC 27001 - Information Security Management: Mandates organisations to undertake a risk assessment to discern, evaluate, and navigate information security risks.

National Institute of Standards and Technology (NIST): Offers directives on executing risk assessments for federal information systems and organisations.

In essence, most doctrines steering the implementation of physical and cyber security necessitate a thorough risk assessment.

During the recent Security Institute Annual Conference, Royal patron Her Royal Highness Princess Royal, aptly mentioned in her speech that “Prevention requires an understanding of the risks, but the risk is changing.”

Brian Allen and Rachelle Loyear, renowned authors in the field of security risk management, concisely expressed, "It’s all about risk management”, and in Julian Talbots celebrated SRMBOK, he aligns the practice of security risk management directly with ISO 31000 risk management guidelines.

Moreover, a thought-provoking paper by William Harris & Moufida Sadok posed a critical question: Despite the vast academic endorsements for a risk-centric approach to security, why is its adoption among security professionals inconsistent?

Change is happening …

Rob Kennedy from the Protective Security Centre of the UK's Home Office introduced a new Level 4 course, "The Fundamentals of Protective Security", at the SyI conference this year. This course emphasises the foundational requirement of globally accepted risk guidelines and accentuates the significance of a comprehensive security approach, closing the gaps between physical, personnel, technical, and cyber security disciplines.

A basic security risk assessment requires the security professional to answer three fundamental questions:

What are you protecting?
What are you protecting them from?
How vulnerable are they?

The foundation of effective security management is risk.

Failing to address these questions means you’re not doing risk and ...

If you’re not doing risk, you’re not doing security.