Isaach Choong, Managing Director
Causing a critical uncertainty, every aspect of business including its infrastructure to employees carries some degree of risk. To date, the security architecture of many companies resembles a medieval city wall, a circular format with firewalls, security personals, and access control devices. However, this merely works as long as the attackers or risk factors are still traditional. In the wake of the changing security landscape, more intelligent and comprehensive concepts for enterprise security are needed to achieve effective security and digitization.
Enter AIP Risk Consulting. The company is a pioneer in offering global security and risk consulting services to assist clients in developing resilience to security and business risk. With AIP Risk Consulting’s support, the clients can experience adequate resilience and reliability and decrease any down times to ensure minimal service disruption in the event of a natural or man-made hazard.
The foundation of AIP’s offerings is Threat, Vulnerability and Risk Assessment (TVRA) a systematic approach which uses specific tools to gather information for analyzing the vulnerabilities and its aftereffects in an organization. Organizations might be aware of their strengths, but most of them fail to measure or analyze whether how strong or weak is the existing security measure. A risk management approach using TVRA will be able to decipher all these question marks including situations ranging from unauthorized access, insider threats, sabotaging or even terrorist attacks. “The TVRA is executed by master planning, resembling a Greenfield approach where the team will sketch security policies onto a drawing board and then collaborate with the client’s architecture and other teams for developing the ultimate risk mitigation plan,” explains Isaach Choong, Managing Director, AIP Risk Consulting Pte Ltd.
“TVRA aids in justifying the level of protection and the extensiveness of security layers, meanwhile also accounting for the cost-benefit analysis that can allow the clients to allocate sufficient budgets for the security aspect.” Furthermore, the company’s risk assessment methodology works based on the principles of Crime Prevention Through Environmental Design (CPTED)—an approach to enhance the security of the entity by balancing its surroundings, people, processes and security regime against any identified threats.
The TVRA process begins by analyzing the factors such as an organization’s surrounding environmental elements including chances of flooding, earthquake, or other political aspects. The team also measures the level of vulnerability that the organization is prepared for and how much more needs to be enhanced to meet the upcoming ones. Toward the end of TVRA, the clients are provided with a list of risk profile and the risk ranking in accordance to the predetermined risk type, the priority of risk occurrence scenario, and the part of an organization facing the highest risk. “With a focus on delivering reliable services, we also provide suggestions about the client’s architectural layout concerning placements of doors, the location of rooms, security segregation, control areas, and advice to design restricted areas away from public space to limit access,” notes Choong.
In an instance, AIP Risk Consulting assisted an organization in Singapore in their risk mitigation strategies. The client faced issues that can disrupt the primary as well as the secondary power source at one go, which could lead to devastating aftereffects. In association with the architects and engineers, AIP’s team decided the placements of the substations to be at a distance segregated from the UPS and generators. The team designed it keeping in mind that in any scenario the blast pressure from the source of detonation should not affect the generators and UPS of the building. Moreover, the team designed 11 layers of access control using barriers, facial recognition systems, and two-factor authentication.
Moving ahead, as a part of the expansion plans, AIP Risk Consulting has partnered with PECB—an ISO certification body to provide training on ISO in the field of information security.