In accordance with the Government Security Regulations, Government has instituted the Minimum Information Security Standards (MISS) in 04 December 1996 and Minimum Physical Security Standards (MPSS). This policy documents provides baseline information and physical security requirements to counter threats to Government employees, assets and service delivery and to provide consistent safeguarding for the Government of South Africa.
The standard contains both requirements and recommended safeguards and it also lays down the function, roles and responsibility on the application of security measures. To assume this responsibility, the Minimum Information Security Standards (MISS), Chapter 3, Paragraph 1.1, states that the Head of every institution bears overall responsibility for the provision and maintenance of security in his/her institution, under all circumstances. The standard further states that the Head of an institution must appoint a Security Manager and delegates him/her the responsibility and authority to manage the function.
In light of the above, a Security Component has been established in the Department to assume the said responsibility and authority. Effective security management requires that the component understand the relative value of what need to be protected, the cost of protecting it and the probability that what need to be protected will be violated in spite of the security measures that is put in place. If security is a way of thinking one aspect of this way is to operate to a certain degree in a state of suspicion, so that you can identify the risk of the business and distinguish between the real and the imagined, hence it is very important that risk impact analysis has to be conducted before any implementation of security measures and procedures. Along the way the component will identify the challenges, problems and pitfalls associated with less than optimal approaches so that it know how to avoid them.
In line with the above, the strategic goal the Directorate is to render integrated and efficient security services to the Department. This strategic goal is then being translated into strategic objectives, Operational plan and Unit work plan.
Within such context, security risk management becomes an important mechanism for implementation in support of the mission and vision of the Department. The risk management is an active process of identifying potential security risks and threats within the Department by assessing their likeliness, impact and propose an appropriate response. To achieve this strategy, the primary objective of the security management is to provide the following to the Department:
• General security administration (Departmental directives and procedures, training and awareness, security risk management, security audits).
• Setting of access limitations for information and physical assets.
• Administration of security screening.
• Implementation of physical security.
• Ensure the protection of employees, information and assets.
• Implementation of ICT security.
• Conducting Threat and Risk Assessments.
• Ensure public health, safety and security at sports and recreational events.
• Ensure security in emergency and increased threat situations.
• Facilitate Business Continuity Planning.
• Record, identify and manage all security breaches/incidents.