What the Heck is CHIRP?
360 Security Services ("360") wants to help its clients, asset owners, and stakeholders see their organizations, schools, churches, families, etc., embrace security and safety through a holistic or enterprise (organization) wide lens. What areas or environments of your most important assets are most likely to come under some form of risk or vulnerability exposing them to potential threat, attack, or loss and how do we identify that risk? Could a vulnerability in one area cause risk to another area? How do we manage all this risk and work to identify mitigating solutions among all stakeholders in a community or organization and seek opportunities to continually improve our security and safety culture? This is also referred to as "Enterprise Security Risk Management (ESRM)".
CHIRP is 360's simple way of identifying five (5) key asset categories of:
C = Cyber
H = Human
I = Information
R = Reputation
P = Physical
These CHIRP categories of assets should also be viewed as overlapping, much like the Olympic rings. Simply put, a risk in one category is likely to impact one or more of the other key categories. For example;
Having poor physical security (unlocked doors, no guards/reception, unmonitored cameras) may allow a potential external or internal threat access to your information or cyber environment putting assets at risk for damage or theft.
Placing too much information about C-Suite executives on your organization's website may create opportunities for a "bad actor" to target them through social engineering and phishing attacks to gain access to systems or financial information.
Posting unfavorable or unintended content on personal or organizational platforms could pose a risk to the reputation of an individual or organization leading to being targeted for protest or unfavorable risk such as loss of; reputation, revenue, or job opportunities.
Failure to identify, analyze, monitor, and manage certain risk or threats within the above categories could lead to devastating financial, information, reputation, or human loss to an organization or individual.
360 does not believe every organization or individual needs a "full-time" security representative(s). 360 believes organizations who adopt a more holistic security awareness culture among the stakeholders within their community can achieve significant results. 360 believes organizations and individuals can benefit from receiving high-quality expertise in the area of protection, intelligence and investigations to educate their stakeholders into taking responsibility for understanding how internalizing security can positively impact operations/processes, and protect your assets in a continually improving way. In our current times and with the myriad of threats around us, security should be everyone's responsibility and incorporated into our operational processes and general awareness.