The Security Continuum includes four distinct security strategies – - – Deterrence, Prevention, Mitigation, and Investigation.
Deterrence is designed to discourage criminals by increasing their risks, promoting a sense of security, and instilling doubt. A criminal who chooses not to commit a crime at your facility because of existing security measures is an example of criminal who has been deterred.
Prevention is the inability or increased difficulty to commit a crime because of security measures in place to protect an asset. A criminal who is unable to break into a safe is an example of prevention.
Mitigation is the act of intervening in a crime to consequences of the crime once underway. A security officer stopping a shoplifter at the door after the theft has been committed is an example of mitigation.
Investigation is the study of the crime, after it has been committed, to identify the perpetrator and bring him/her to justice. Providing camera surveillance to law enforcement is a common first step of an investigation.
The Security Continuum dictates that:
- Not all crimes can be deterred
- More can be prevented
- Even more can be mitigated
- All can be investigated
As most security professionals know, measuring deterrence and prevention is difficult at best. Mitigation and Investigation are far easier to measure and many organizations capture this data on a regular basis. The problem with driving a security program solely with the easy-to-measure metrics is that subsequent remedial measures focus on further enhancements to mitigation and investigation measures (the known metrics). For example, a facility that was unable to prevent a crime may spend significant resources on cameras to aid investigations, but insufficient measures which could have deterred or prevented the crime (such as good security procedures or access controls). Alternatively, the organization may focus on the precise vulnerabilities that were exploited for the crime which occurred. For example, if a safe was removed from the premises, the organization may replace the safe with a floor-bolted model, but disregard the building’s weak door controls which allowed the criminal access to the safe.
Which part of the Security Continuum is your program emphasizing?