This thesis examines a proposition that it is possible to determine why security fails within organisations. Within the thesis, therefore, is a definition of security, both as an abstract noun, but more specifically as a matrix of security manpower, physical security assets, electronic systems and procedures. The operational effectiveness of these four, distinct security facets is often not capable of critical assessment by the very organisation that is paying for these assets and services. It has been necessary, therefore, to both determine and evidence a variety of security failures and, ultimately, contrast these sample conditions with examples of organisational security successfully achieving a range of targeted objectives, - to the complete understanding and budgetary capability of the target organisation. These contrasting situations have been illustrated within the thesis by means of sampling and testing 100 customer sites across 5 different business sectors and, more specifically, a detailed study of a multinational manufacturing organisation and the re-alignment of its security strategy following a comprehensive risk assessment and security audit. This thesis also posits that it is unlikely such security strategy can be effective unless it is based on the clear understanding of the threats, hazards and risks to which the organisation may subject. The issue of risk and security auditing is, therefore, a key feature of the thesis, as is the requirement to emphasise that the success of a security strategy, which would follow on from the assessment of risk and vulnerability, is not only dependant upon the accuracy of these processes, but a clear understanding of the specific corporate culture, organisational security awareness and fiscal imperatives. This thesis also examines the role of risk management in the planning of crisis, continuity and safety issues, again, from the perspective of contrasting the success of such planning when measured against the management of risks and the operationally assessed needs for the four elements of security, in whatever proportion each may, or may not, have a part to play.