Holistic Physical Security Using Risk Analysis Methods

Tuesday, February 17
15:45-16:35
Breakout 1

This paper shows a method for holistic physical security risk analysis. Threat and vulnerability analysis are Integrated, using risk analysis methods such as fault trees and event trees.

For a physical security of properties, a comprehensive and integrated approach to security is important. The analysis must take into account both internal and external threats and how these can exploit a vulnerability, intentionally or accidentally. This presentation illustrates how risk analysis techniques, including fault trees, can be used for physical security risk analysis, by integrating threat and vulnerability analysis with a comprehensive and integrated approach. This risk analysis method also includes a way for prioritizing risk treatments and consequently an effective use of controls measures for physical security. This method is demonstrated in a case study, for the storage of invaluable medieval manuscripts, for which a holistic approach to security risk analysis is necessary.

Presented by: Bödvar Tomasson, Division Manager, EFLA Consulting Engineers, Iceland

Bodvar Tomasson has a Masters degree in Risk and Fire Protection Engineering from Lund University, Sweden. He is a Division Manager for Fire & Risk at EFLA Consulting Engineers in Iceland, with over 15 years’ experience in risk analysis, security design and fire protection. Bodvar has experience in multi-dimensional security risk analysis. Bodvar is a certified IPMA project manager and has been responsible for risk management systems according to ISO 31000 in large construction projects. He is also involved in further developing the ISO 31000 series as a member of ISO/TC262 Project Committee: Risk Management, on behalf of Iceland. As a member of the ISO/TC 223 Technical committee: Societal Security, Bodvar is involved in developing standards for the protection of society from, and in response to, incidents, emergencies and disasters, notably the ISO 22301 standard for the Business Continuity Management System.