Quill knows Risk

Quantifying RISK and OPPORTUNITY is challenging for security departments and business leaders alike. It’s a constantly moving target dependent on business model, risk appetite and tolerance, local crime statistics, economic and political outlook, operational logistics, long-term goals, work-life culture, employee engagement. . . the list goes on and on.

Despite these changing conditions you must act to mitigate RISK and capitalize on OPPORTUNITY. Forgoing risk assessment is not an option.  Many organizations spend $100,000’s and months of effort to get a snapshot of risk only to have it sit on a shelf, unread and drifting further from reality every day.  This is simply not enough to drive informed action, let alone predict and protect against the manifold risks to your people and mission.

Risk = Threat + Impact + Vulnerability

Quill leverages the standard risk assessment methodology endorsed by ASIS to build a baseline risk picture.  This baseline takes mere hours to complete and is often enough to completely replace the templates and spreadsheets of the past.

Beyond baseline, each data source can be calibrated and automated to create a continuous insight into security risk that adapts to changing conditions and reflects your current reality whatever uncertainty may come.

Your facilities exist in a threat environment that is changing constantly.  But threat likelihood is only one piece of the picture.  To build your baseline risk picture we will use a threat profile like the one pictured below.  We start with overall prevalence of incidents and required knowledge and materials to commit an attack to score threat categories on a relative scale.

Beyond Baseline:  Your threat profile can then be updated, at any frequency, independent of there rest of your foundational inputs.  This instantly puts any “red flag” in context and shows you whether you are vulnerable to that isolated example or rising trend.

Your threat profile can be automated as well in response to manually entered incident reports, integration with your existing incident reporting system, or open source threat intelligence sources.

Learn more about automating your risk assessment in response to incidents in the Quill Wiki.

To elevate your Threat Assessment or Vulnerability Assessment to look at RISK you must consider your assets. Assets are those people, infrastructure, material, equipment, and information that allow your organization to achieve it’s mission.  

To build your baseline risk picture we gather initial information about the most common and most critical assets at each facility.  Assets are rated for 3 types of criticality: Operational, Symbolic and Financial.


Assets can be added, removed and edited independent of the rest of your risk picture, making it easy to gain new insight when changes to your staff or supply chain happen.

Beyond Baseline:  Some assets are tracked closely in ERP, Inventory or Access Management systems.  Quill can integrate with available systems to make sure your understanding of business impact is based on the most accurate information.

Auditing the security program already in place can be a daunting task.  Quill has made it simple by building out a predefined library of policies, technologies and processes that mitigate risk.  Each measure in Quill has clear definitions around capability so you can clearly evaluate if your site does or does not have the capability, or whether you need to go beyond baseline.

Beyond Baseline:  Because many security controls are reliant on people, they can change with the time of day, day of the week, level of maintenance, times since last training.  Quill can incorporate validation schedules to make sure you are maximizing your existing resources.

Quill uses your data to make powerful recommendations for maturing your security level and reducing your Quill Score.

  

Quill associates the cost of your security program line items with the risk reduced to give you powerful insight into cost-efficacy.

 

Risk to Budget reports and KPIs can then rollup to the department or organizational level to provide broad guidance, or targeted insight.

Quill Security Public Wiki

Getting Started with Quill is Easy

Quill is the first automated risk assessment platform built specifically for physical security.  Getting started is simple, and Quill can grow with you as you add detail to your risk map.  

Quill supports:

  • Custom Floor Plans
  • 1000’s of Facilities under a single Organization
  • Custom Assets
  • Incident Impact Tracking
  • Security Maintenance Schedules
  • Intelligent Recommendations
You can see just how deep the Quill platform goes in the Quill Security Public Wiki.

Guided Use Case

Follow these click-through demos to see how Quill can help you assess, plan and take action.

Are you a security consultant or integrator interested in partnering with Quill Security?   Learn more about becoming a Quill Partner here.