Security is a Situational Discipline

Security is a Situational Discipline

Security is a situational discipline which is predicated on the level and type of threat, the degree of vulnerability and the cost consequence of potential security breaches. The identification and defining threats, vulnerabilities and criticality requires quantification. Without some form of quantification, it is difficult to determine and justify cost efficient corrective actions.

The etiology of threats may be both internal and/or external. Defining threat, as well as the quantification of threat, is generally an industry specific exercise. For example, the ambient threat environments for schools, shopping malls, industrial facilities and hospitals are all uniquely determined and defined.

Defining vulnerability, using the SMSI Vulnerability Matrix model, is also an industry specific endeavor, and is partially defined by a reasonable standard of care model. The reasonable standard of care model is differentiated from one industry to another, as well as determined by the ambient threat environment. For example, the reasonable standard of care criteria is very high for hospitals as compared to a trucking terminal standard. The security demands for protecting freight differ from the security demands of protecting patients and employees.

Criticality is defined by the potential financial impact of a security breach, including the impingement of the reputation of the offended enterprise. This means that consideration must be given to the direct and indirect costs of a potential security breach. Therefore, the security professionals that are charged with the responsibility of risk assessment and subsequent security design must be well qualified to address the special needs of the vertical under consideration. Each industry has its own security solution hierarchy.

Generally, the costliest remedies are the application of uniformed security officers, primarily because it is a recurring expense. One of the most cost-efficient remedies is the application of principles of CPTED (Crime Prevention Through Environmental Design). The optimal opportunity to apply CPTED principals is during the site design phase. However, CPTED principals can be applied at any time.

The best vehicle for the application of an effective security strategy is a security assessment conducted by a seasoned and credentialed security professional. There are two situations that give rise to the security assessment process. These situations are either proactive or reactive. Reactive assessments are often conducted responsive to a lawsuit claiming inadequate security. The proactive motivation is partially driven by the desire to mitigate potential liability claims. Many well-seasoned security professionals are well versed with both side of the equation.

If the consultation route is under consideration, objectivity is a must. In other words, the consultant should not be engaged in the provision of security devices and technology and/or the provision of security officers. Part of the assessment process requires the review of security practices, including the application of security officers and/or physical security methodologies in a cost beneficial manner.

If security is a situational discipline, it stands to reason that retention of a qualified security consulting team, is also situational. It is imperative that the security consulting team has specific experience and expertise for the vertical being served. In some cases, portions of the security strategy are partially determined by industry specific practices and norms. Those security consultants that have extensive experience as court certified security experts bring another level of perspective and expertise to the task at hand.

Finally, effective security programs must address the risks that are determined by the ambient threat environment. The security needs of a hospital on South Lake Tahoe are differentiated from a hospital in the South Bronx. This metaphor is applicable educational institutions, shopping malls, hotels and high-rise office buildings. All security assessments must consider crime data, and the trending thereof.

By William H. Nesbitt, CPP, Certified CPTED Practitioner, President SMSI Inc. (www.smsiinc.com) 805+499-3800

Michael True, Certified Management and Program Analyst

Program Analyst / Risk Management Analysis / Strategic Remediation Plan Development / Veteran Benefits / Transition Planning / Counseling / Trusted Partner / Veteran Advocate

6 年

Years ago when attending a countering terrorism planning course the course focused on conducting vulnerability assessments as the key to addressing risk factors. Your summary still holds true today as it did then.??

回复
ABATAN OLUMUYIWA(CSS,MNIIS)

Senior security supervisor Proton/ MTN

6 年

Good day Mr William Bill, am Muyiwa a Security expert from Nigeria , please sir how can I join this your online Security group?

回复

Hi Bill, interesting thoughts. An organisation has objectives - its goals. To achieve these goals it will have to operate a number of processes, these in turn will have sub process and components.? Assets exist as part of these processes in that they will, they did or they do allow the processes to function, only if the process sets are able to function at an optimal level and free from interruption will the organisation be the best business that it can be, provide the best service, the best customer experience the best return on investment. As such process mapping and business impact analysis are absolutely key to accurately identifying, prioritizing and protecting assets to the right level based upon the threats and the subsequent risks, not only to that asset(s) but ultimately through a process matrix to the top level process, the organisation itself and this is where true criticality sits. By clearly understanding and being able to articulate and communicate the link between in this case 'security' and the top level organisational reason for being actually put us as security professionals in a far better place than historically we may have been, we after all are just businessman at the end of the day arnt we ?

Douglas Button, CPP

Sr. Security Analyst at The JW Group, Inc.

6 年

An excellent article that promotes Intentional security. Thanks Bill!?

回复
James A. DeMeo, M.S.

Distinguished Adjunct Faculty @ Tulane University SoPA | Adjunct Faculty @ Gannon University, Dahlkemper School of Business | Sports Security Expert | USESC Peer Mentor | Retired LEO

6 年

William, Your points are clearly articulated and most informative. Thank you for sharing your keen, highly respected industry insight. James

要查看或添加评论,请登录

William (Bill) Nesbitt, CPP的更多文章

  • SECURITY: A SITUATIONAL DISCIPLINE

    SECURITY: A SITUATIONAL DISCIPLINE

    Security is a situational discipline which is predicated on the level and type of threat, the degree of vulnerability…

  • SECURITY A SITUATIONAL DISCIPLINE

    SECURITY A SITUATIONAL DISCIPLINE

    Security is a situational discipline which is predicated on the level and type of threat, the degree of vulnerability…

    3 条评论
  • Building an effective security program.

    Building an effective security program.

    You can't know where you are going if you don't know where you have been. First, and foremost, Security is a…

    2 条评论
  • Workplace Violence Mitigation

    Workplace Violence Mitigation

    Security is an anticipatory/preventive discipline. Yet the impetus for many security programs seems to be the product…

    4 条评论
  • Security: Cost Of Being Reactive vs. Cost Of Being Proactive

    Security: Cost Of Being Reactive vs. Cost Of Being Proactive

    It is indisputable that the cost of reaction is exponentially greater than the to cost of being proactive. In working…

    7 条评论
  • You can’t know where you are going, if you don’t know where you have been.

    You can’t know where you are going, if you don’t know where you have been.

    The security remedies of today differ from the remedies available five or ten years ago. The good news is that as…

    10 条评论
  • Who Will Conduct Your Next Security Assessment?

    Who Will Conduct Your Next Security Assessment?

    Will a well qualified security professional conduct your next security assessment in advance of a major security…

    3 条评论
  • The Value of Periodic Security Reviews

    The Value of Periodic Security Reviews

    All to often, we find the call for a security assessment in the wake of a serious security breach or breakdown. We…

    5 条评论
  • HOSPITAL ACCESS MANAGEMENT MUST ALSO BE APPLIED TO INNER SPACE

    HOSPITAL ACCESS MANAGEMENT MUST ALSO BE APPLIED TO INNER SPACE

    Access management may begin at the perimeter, but it should not end there. This is particularly true for hospitals.

    2 条评论
  • WORKPLACE VIOLENCE & ACCESS CONTROL

    WORKPLACE VIOLENCE & ACCESS CONTROL

    Typically, access management control begins at the perimeter, but it doesn’t need to end at the perimeter. In fact, it…

    13 条评论

社区洞察

其他会员也浏览了