SECURITY A SITUATIONAL DISCIPLINE

Security is a situational discipline which is predicated on the level and type of threat, the degree of vulnerability and the cost consequence of potential security breaches. The identification and defining threats, vulnerabilities and criticality requires quantification. Without some form of quantification, it is difficult to determine and justify cost efficient corrective actions.

The etiology of threats may be both internal and/or external. Defining threat, as well as the quantification of threat, is generally an industry specific exercise. For example, the ambient threat environments for schools, shopping malls, industrial facilities and hospitals are all uniquely determined and defined.

Defining vulnerability, using the SMSI Vulnerability Matrix model, is also an industry specific endeavor, and is partially defined by a reasonable standard of care model. The reasonable standard of care model is differentiated from one industry to another, as well as determined by the ambient threat environment. For example, the reasonable standard of care criteria is very high for hospitals as compared to a trucking terminal standard. The security demands for protecting freight differ from the security demands of protecting patients and employees.

Criticality is defined by the potential financial impact of a security breach, including the impingement of the reputation of the offended enterprise. This means that consideration must be given to the direct and indirect costs of a potential security breach. Therefore, the security professionals that are charged with the responsibility of risk assessment and subsequent security design must be well qualified to address the special needs of the vertical under consideration. Each industry has its own security solution hierarchy.

Generally, the costliest remedies are the application of uniformed security officers, primarily because it is a recurring expense. One of the most cost-efficient remedies is the application of principles of CPTED (Crime Prevention Through Environmental Design). The optimal opportunity to apply CPTED principals is during the site design phase. However, CPTED principals can be applied at any time.

The best vehicle for the application of an effective security strategy is a security assessment conducted by a seasoned and credentialed security professional. There are two situations that give rise to the security assessment process. These situations are either proactive or reactive. Reactive assessments are often conducted responsive to a lawsuit claiming inadequate security. The proactive motivation is partially driven by the desire to mitigate potential liability claims. Many well-seasoned security professionals are well versed with both side of the equation.

If the consultation route is under consideration, objectivity is a must. In other words, the consultant should not be engaged in the provision of security devices and technology and/or the provision of security officers. Part of the assessment process requires the review of security practices, including the application of security officers and/or physical security methodologies in a cost beneficial manner.

If security is a situational discipline, it stands to reason that retention of a qualified security consulting team, is also situational. It is imperative that the security consulting team has specific experience and expertise for the vertical being served. In some cases, portions of the security strategy are partially determined by industry specific practices and norms. Those security consultants that have extensive experience as court certified security experts bring another level of perspective and expertise to the task at hand.

Finally, effective security programs must address the risks that are determined by the ambient threat environment. The security needs of a hospital on South Lake Tahoe are differentiated from a hospital in the South Bronx. This metaphor is applicable educational institutions, shopping malls, hotels and high-rise office buildings. All security assessments must consider crime data, and the trending thereof.

William H. Nesbitt, CPP, Certified CPTED Practitioner President, SMSI Inc. www.smsiinc.com    [email protected]  Phone: 805-499-3800