Inspecting what you expect

Security is extremely difficult these days, there are so many decision points that end users have to go through in order to obtain and deploy security measures. Once you have gone through that process of obtaining and deploying countermeasures, what are your expectations? Are you hoping to prevent violence and crimes? Are you hoping you can protect your employees, clients, students or other critical assets? Are looking to deter nefarious actors from carrying out plans to harm or disrupt your operation?

There are so many questions and approaches to consider, but regardless of the intent, one of the biggest questions out there is this. How do you inspect what expect? If prevention is your expectation, how to you inspect your efforts to bring about the prevention you desire. Can you measure performance? what can you quantify? Do you have benchmarks to meet?

Simply saying “make sure we are safe and secure” is really not enough anymore, you have to have a way to measure and review your overall program, goals and the threats you face. The bottom line is this, if you are not measuring the effectiveness of your security program, then your security program may not be effective for long. You need to know where your system is working and where your system is not working.

Here are 5 easy to follow steps to help you measure your security program and its effectiveness:

1. Establish a clear goal(s)

   1. Everyone in your organization should know what is expected, whether the goal is prevention, deterrence, protection or a little bit of everything. Make your intent clear and easy to follow.

2. List out the biggest threats your organization faces, both internally and externally.

   1. This is important as these threats will have associated “Key Threat Indicators” or behaviors that perpetrators exhibit before a threat is carried out. Your ability to analyze these behaviors will indicate how well your security program is working.

3. Use a countermeasure effectiveness score to determine how the countermeasure will perform and what the return on that countermeasure will be.

   1. Sounds tricky, but Securable Alternatives has this metric and can work with you on this.

4. Develop a “Red Team” to find any weaknesses in your overall security and safety program.

   1. This is a highly effective approach to making improvements. Remember this: “Complacency leads to Stagnation which leads to Predictability which leads to Vulnerability.” A Red Team exercise can help identify these areas.

5. Review your history of security breaches, events, loss, claims, injuries, thefts, violence, and any other incidents of concern.

   1. Having this information will allow you to build patterns and trends on what is occurring and where it is occurring. From there you may be able to understand why it is occurring and what countermeasures will be most effective to mitigate the occurrence. History not only tells you where you have been, but where you may be going!