Archive for category Uncategorized

Date: August 24th, 2010
Cate: Consulting, Uncategorized

Physical vs. Operational Security Assessments

Does your security consultant or internal security staff assess both physical and operational aspects of the security program?  We often review prior assessments that focus solely on one or the other, usually the physical side only, but less frequently do consultants or security staff review both.

A physical security assessment typically includes a review of physical security measures (e.g. perimeter barriers, access control, fencing, etc), electronic security systems (e.g. access control, cameras, alarms, etc) and exterior lighting.  An operational security assessment, on the other hand, focuses on policies, processes, training, written and unwritten protocols and on personnel.

Most security failures occur on the operational side.  As such, operational security aspects should be included in a comprehensive security assessment.

Date: July 7th, 2010
Cate: Uncategorized
1 msg

IAPSC Texas Security Conference 9/15/10

The International Association of Professional Security Consultants is hosting its first regional security conference in Texas.  Building on successful regional conferences in New York and Southern California, IAPSC seeks to continue its expansion into the Southwest.

Learn more about the Conference

Date: April 30th, 2010
Cate: Uncategorized

Do security officers know what they are protecting?

In most cases, there is a fairly obvious answer to this question. Typically, security personnel are deployed in the protection of people and property. In some environments, however, the assets in need of protection are not so obvious. Take a high tech environment, for example, where the assets may be design features of equipment. Or the design characteristics of a car manufacturer’s new models. Are security officers aware that unauthorized people, such as competitors, can learn enough about the equipment or the cars even from seeing them from a distance?

In one of those environments where the assets are less obvious. you might be surprised to hear a security officer’s answer to the question, “what are you protecting?”

Date: April 12th, 2010
Cate: Uncategorized

Return on Security Investment

Organizations can obtain a measurable return on investment through cost savings on security personnel deployment, effective implementation of physical security measures, and reduced liability exposure.  Using data driven security, an organization can add to the bottom line in three ways:

- Effective Selection and Deployment of Security Measures – Security measures are costly. Proper data driven security can define the exact nature of the problem at each or the organization’s properties which allows security professionals to select the appropriate security measures (personnel, lighting, alarms, cameras, etc.) to prevent future crimes. Data driven security also defines where the problems exist, inside or outside the facility and when the crimes are occurring. The latter is critical to the effective deployment of security personnel. When threats are high, security personnel may be deployed to deter crimes. Effective selection and deployment of security measures leads to a quantifiable return on investment.

- Reduced Liability Exposure through Demonstration of Due Diligence – Data driven security helps security professionals demonstrate due diligence, and thus reduce liability exposure in the event of civil litigation for inadequate security. Return on investment can be calculated based on two factors as it relates to liability exposure. The first factor is to reduce the cost of settlements, while the second factor is based on using data driven security to demonstrate a lack of foreseeability and thus persuade the judge to grant a motion for summary judgment. Both factors can be used to obtain a sizeable return on investment.

- Constant Monitoring of Threat Levels to Ensure Security Program Efficiency – Re-deploying (withdrawing) security resources based on reduced threat levels ensures that the security program is operating in an efficient manner. Data driven security provides the necessary information to constantly monitor threat levels so security spending can be reduced as the threat level drops. Constant threat monitoring can also provide a sizable return on investment.

    Date: March 11th, 2010
    Cate: Uncategorized

    What is Data Driven Security?

    Data driven security is a concept utilized by organizations operating in a constantly changing environment to effectively manage the dynamic risks which challenge their organization. Security professionals operating in today’s increasingly competitive environments face the unique challenge of providing security that reduces crime and loss, is cost effective, and does not expose their organizations to undue liability. Success can only be achieved through a carefully orchestrated balancing act of three factors:

    - Selecting and deploying effective security measures

    - Working within budget limits

    - Reducing liability exposure

    Data driven security is an effective way of balancing those factors. In order to be successful at this balancing act, security professionals must not only be knowledgeable about security, but they must also be good business decision makers and risk managers. They must use security measures that are effective at reducing loss and preventing crimes to their property, their employees, and most importantly, their customers. These security measures must not exceed the security department’s budget and preferably, provide a measurable return on investment. The security program should also effectively manage risks to the organization and its assets, including liability exposure for negligent or inadequate security.

    Data driven security can ensure that security professionals are successful in all three of the factors outlined. How can security professionals justify a sizable and increasing security budget to senior management? By now, most security professionals are keenly aware that a security program’s success depends on the commitment and support, or buy-in from senior executives. Using anecdotal evidence to justify spending on physical security measures and costly protection personnel no longer suffices. A data-driven security program helps management understand that security is more than a cost center, it justifies expenses to senior management by showing the proof of success that can garner that necessary buy-in and demonstrate a convincing return on investment.

    Data driven security refers to using measurable factors to drive a security program. While not all elements of a security program lend themselves to measurement, many components can be measured effectively. A commonly accepted business paradigm states, what cannot be measured cannot be managed. Some would argue that the security is more of an art than a science. While they are correct, the business of security is not an art. The security department is a business unit, not unlike other business units within an organization that must justify its existence.

    Date: February 21st, 2010
    Cate: Uncategorized

    Independent Security Consultant

    An independent security consultant maintains his/her integrity at all times.

    An independent security consultant is not affiliated with any manufacturer or vendor of security equipment, nor does s/he profit in any way from a client’s selection of vendors or contractors. An independent security consultant’s primary objective is to help clients provide maximum protection for their assets while obtaining the most value and benefit from their security resources. An independent security consultant’s advice and recommendations are based solely on the client’s needs.

    An independent security consultant strictly adheres to a code of ethics. One example is the Certified Security Consultant (CSC) Code of Ethics.

    For assistance or more information on Threat Analysis Group, LLC, please contact us.