Security Technology Executive

SEP-OCT 2017

Issue link: https://securitytechnologyexecutive.epubxp.com/i/870734

Contents of this Issue

Navigation

Page 21 of 69

20 SECURIT Y TECHNOLOGY E XECUTIVE • September/October 2017 • www. SecurityInfoWatch.com COVER STORY plan and executive buy in. Once achieved, establishing a communication process, approach, and moreover, a mission state- ment or slogan will be important. A cor- nerstone in the communication is a mes- saging that that will need to be "sticky", adopting principles that are resident in the book Made to Stick: "Why Some Ideas Survive and Others Die". Other ideas will include leveraging intranet web pages, internal blogs, inter-department messag- ing, and alignment across the organiza- tion with other stakeholders. This will take time, but persistence and dedication will yield results. Metrics, Metrics, Metrics When evaluating resiliency from a busi- ness perspective, many resilience func- tions do not adequately track calls for service and incidents or other forms of metrics. In comparison to a business model, investments will be made on busi- ness plans that utilize metrics to inform and validate budget requests. This process is no different for a resiliency function. All aspects of metrics should be cap- tured from incident response, resolution, investigations/recovery, number of inci- dents, casualty claims tracking/trending to justify technology and innovation or staffing needs. In one instance, the writer observed the head of an asset protection function partner with risk management to assess and implement environmental/ architectural and technological controls to minimize workplace assaults and casualty claims within a hospital. However, he learned that besides their ability to realize reductions in casualty claims, there was another positive out- come – a reduction in staff attrition. In this way, the asset protection leader had managed to solve two problems for two different departments, and showcased real metrics of performance with posi- tive outcomes. In another example, the writer utilized technology to accurately predict resilience staffing for the lobby of a large office. Prominently, there were three officers within the lobby to man- age peak number of visitors. However, these officers were underutilized. Hav- ing reviewed the visitor management sys- tem, we could accurately predict expected demands on resilience staff during peak visitation times. During non-peak times, resilience officers could be re-deployed to patrol core/shell areas and the exterior of the building, thus better showcasing the presence of resiliency to tenants. There is so much "Big-Data" out there that a competent resilience function can identify, capture, monitor, and manage that data for a much more consistent and beneficial application of controls. Changes in the Environment Our physical work environments are changing in response to organizations' drive for transparency, collaboration, mobility and future millennial staff. As organizational architects, designers and work strategists have mixed opinions about new workspace concepts, there is still a need for protection to be adaptable and as innovative as these environments themselves. Organizations are seeking transparent, collaborative and quasi- public environments. A fact which is represented in the architectural design philosophies for companies such as Apple, Google, and Salesforce within cities, such as Milwaukee, Boston, Minneapolis and San Francisco where a massive transit center project will blur the lines of public and secure spaces. This architectural and philosophi- cal movement can be daunting for any organization, however for organizations that have third party or government regulations, such as financial/insurance groups there can be significant challenges. Regrettably, design concepts for resiliency are typically misunderstood or down- played, only to be later bolted-on with undesirable aesthetic architectural effect. Understanding the change in operations is the first step in understanding the direct risks, and the functional risks that could affect the organization or more granu- larly the resiliency function. Resilience programs that involve public functions require different approaches, which are best implemented early through archi- tecture. However, something that needs to be addressed is staffing and training. A once secure, now public facility that had staff that used authoritative approaches will need to be more customer friendly, and de-escalation and conflict avoidance training will be more important. Why? Unchecked, previous cultural resilience protocols could land a negative video or live- stream squarely on the desk of an executive or worse on the nightly news. Invariably these quasi-public environ- ments reduce the space for stand-off that once was present and may necessitate additional staffing to accurately respond to calls for service. It is most important that any environ- ment be adaptable, flexible to different levels of threats. Innovative solutions through staff, technology and architec- ture should be sought to manage public, visitors to maintain the mission of the organization, inclusive of openness and transparency that may be desired. For newer properties, integrating early on with architects/facilities will yield signifi- cant benefits than retroactively having to implement obtrusiveness because of a lack of proactive guidance. Disruptive Technologies The mobile phone is the ultimate technol- ogy that is the most disruptive. Mobile phones create issues around productiv- ity, efficiency, create awareness concerns and further can create significant brand/ image issues through phone applications and moreover the ability to broadcast live or record video. Resilience leaders should assume, and communicate rules around mobile phone usage and social media, and further should communicate that staff are constantly under surveillance For those in a physical security function, the writer submits that the term "convergence" is not dead.

Articles in this issue

Links on this page

Archives of this issue

view archives of Security Technology Executive - SEP-OCT 2017