Short Description of the Project
The aim of this project is to discuss the risk management in an organization. The focus is on Aramco, a Saudi Arabian Oil Company. The methods used by Aramco to secure its assets will be surveyed by discussing some types of threats and risks that these assets face. In addition, emergency response procedures would be briefly discussed to enhance staff awareness about the risks and their readiness for emergency events.
Emergency incidents occur due to disasters and accidents which happen in the most unexpected places and times. Thousands of lives are lost due to various sudden, haphazard events such as vehicular accidents, slips and falls, animal accidents such as bites, medical related errors, food poisoning, chemical accidents, spills, among others. Aside from work-related injuries and illnesses, natural disasters and terrorist attacks also pose grave threats to people’s lives, properties and the environment.
Risk management is the internal organ of organizational security which relies heavily on information security. A risk assessment should always be considered when it comes to gathering and designing the process. Attack tools change just as much as software and this has made the risk management adapt quickly to all security risks. An organization which invests on managing their risks readily identifies and anticipates the threats in their system and devises a comprehensive plan of action to ensure that day-to-day operations are not compromised.
Risk management also encompasses the specialized field of security management. The primary concern of the organization is ensuring safety and protection of all the resources of the organization (Borodzicz 14-15). The function entails detection of any kind of intrusion and initiating appropriate actions to ward off and prevent harm or damage to the organization, as a whole. As advances in technology have been developed, the use of personnel for access control, surveillance, and identification of authorized personnel have been replaced by electronic technology.
The project would hereby cover the following areas: (1) identification of Aramco’s security threats (2) establishing the nature of risk management; and (3) identifying emergency response procedures. By presenting the risks Aramco faces in advanced technological communications structures, one would be made aware of the factors that expose enterprises to network security breaches.
Ethical and Legal Considerations
Organizations give primary importance to compliance with laws and regulations pertaining to operating the business. Management details an ethical policy which entails the recognition of organizational culture, fair interactions of company personnel with various stakeholders, accuracy in financial documentations and reporting, a system of management that gives due importance to honesty and integrity in bookkeeping, budget proposals and economic evaluation of projects, and in disclosure decisions.
The policies to ensure the safety and security of all resources in the organization are embodied in the standards of business conduct which would specifically itemize and indicate security measures in its coordination with various agencies and institutions in the regular course of business. The security programs must be consistent with global security standards that ensure addressing local threats and risks, previously identified in the assessment of risks and threat at each organization. The policies in the security program are designed to be adjusted and adapted to changes in the environment.
Contracts with private security personnel would stipulate, among others, pertinent provisions addressing human rights issues and training and development requirements, as deemed necessary. The focus at this level is to identify specific ethical and legal considerations affecting Aramco’s operations and future prospects.
Main Aim of the Project
As identified elsewhere in this paper, this project’s focal point is to discuss the risk management at Aramco Oil Company and argue how this organization secures its assets by discussing some of the risks the company faces. In addition, emergency response procedures would be briefly discussed to enhance staff awareness about the risks and their readiness for emergency events.
Specifically, the projects seek to address the following objectives:
- types of risks in Aramco’s environment and company’s response procedures in disasters and emergency situations;
- the staff’s comprehension of the risks and measure their readiness for emergency; and
- the findings from the conducted questionnaire survey to explore the technique the organization follows on emergency response procedures and risk management.
The project would entail designing a structured leaflet that would be issued to the personnel concerned with risk assessment, detection and handling. In the leaflet, the relevant guidelines on the steps to take in the event of an actual security related incident should be provided (Hubbard 47). A sample leaflet will take the format below
Aramco Security Initiative
Foreword: Aramco takes threats to security seriously. Therefore the company asks for your cooperation by observing the following simple regulations. These regulations are meant to protect you and others.
- Ensure that all files containing company information are properly marked and well organized. Creating secure passwords to each of these files is highly advised.
- Do not access information that you are not supposed to. In some cases, you will find some files marked confidential. This means that you need permission to view these files.
- In case of a security breach, report this as soon as practicable to the chief information technology officer. It is helpful to have his telephone number and email address at your fingertips.
Remember, Aramco’s safety is your safety too.
Assessing the Effectiveness of this Leaflet
At the bottom of the leaflet, a short detachable feedback paper should be attached with only one question for the users of the leaflets. The question should be: Was this leaflet helpful? Please leave a comment. From the responses, it will be possible to know the weaknesses and strengths of the system and adjust accordingly.
The project needs approximately 15 days to design, administer, distribute and collect the required responses. Another 5 days is allotted to collate and integrate the findings. And about 10 days are needed to write and finalize the findings and the report.
Borodzicz, Edward. Risk, Crisis and Security Management. New York: Wiley, 2005.Print.
Hubbard, Douglas. The Failure of Risk Management: Why It’s Broken and How to Fix It. John Wiley & Sons, 2009.Print.