The energy industry is responsible for critical infrastructure that keeps individuals, public services, and private industry functional and safe. Industry threats are constantly evolving and require robust security controls to protect people, assets, the environment, and operations. As organizations automate processes to increase operational efficiency, assets are becoming more interconnected, and security programs are increasingly tasked with protecting more interconnected assets than ever before.

These programs need to be flexible enough to manage evolving security risks, vulnerabilities, and threats to the company, while meeting regulatory compliance requirements. By establishing a secure asset framework, a company can be prepared to anticipate future security challenges in the current threat landscape. This proactive stance enables safe and sustainable business growth in an interdependent and technologically connected world.

Security programs protect assets from threats such as terrorism, violence, sabotage, and theft by proactively assessing and managing physical, cyber, and cyber-physical risks. Security risks are particularly unique and challenging to manage because they are constantly changing and evolving in scope and consequence. As a result, organizations are becoming increasingly vulnerable to attacks. Identification of critical security risks safeguards personnel, operations, and critical assets, and enables achievement of business objectives. In turn, integrated planning ensures a fortified, comprehensive security program.

Secure Asset Frameworks provide the structure for cyber and physical security programs to meet their objectives and protect people, assets, and the environment. This paper will focus on the security risk assessment component of the framework, and how security risks can be effectively managed and aligned to corporate risk management.