INTRODUCTION

Risk management has a long history, which started about 2 400 years ago in ancient Greece, where the Athenians always assessed risks before making decisions. The international standard ISO 31000:2009 serves as the theoretical foundation for risk management. This standard is currently being improved internationally by technical committees and working groups. Risk management developed in South Africa in the 1970s. Risk managers were also made responsible for finding innovative ways and procedures to reduce losses, which resulted in the integration of risk control and risk financing activities. The aftermath of the 11 September 2001 attacks on the World Trade Centre in New York and the Pentagon in Washington, D.C. identified many failures in security management. Some of the common failures include failure to formally collect security information on threats, vulnerabilities and incidents and have it analysed by qualified security analysts and to act on the information. Incidents, threats and vulnerabilities have the potential to affect an organisation's assets negatively. It is therefore necessary for this security information to be managed effectively and efficiently, so that correct decisions can be made on the implementation of security risk control measures. This chapter looks at the security information management process to reduce crime, increase detection rates and prevent losses.

ESTABLISHING THE CONTEXT

Context usually includes the internal and external organisational environments, organisational objectives and stakeholder identification. This context will determine the process to be followed. Despite the efforts by the police, community programmes and private security, crime continues to be a major concern for most citizens in South Africa (Van Rooyen, 2008). There is a close relationship between the rise of private security and changes to mainstream policing.