Wednesday, July 6, 2005

Back to the basics

I started a post recently concerning some burglaries that had occurred in the Southeast, but as I looked back on my previous post- which was way out of hand – I decided it might be best to take step back. Why? Well given that many working in the security industry lack a strong grasp of the basics, I figured it might be a good idea to put a few of the fundamentals down before I try and tackle another huge topic – like arson. What a mess that was. I’ll work to keep a sort of “staccato” tempo to this since it can get boring quick… I know I sat through classes on in for years.

Security, as a profession, is an odd duck. Not many people – at least none that I have met – grow up wanting to work in security. Many had original aspirations for careers in law enforcement, others from the military, and others fell into it by happenstance (especially in the early days of computer networking). Further, the security industry, as we know it, is widely believed to have grown out of WW II. The specifics are not important right now, but security ‘in general’ goes back to the earliest days of commerce with merchant guards - and so on… What is important is the fact that many of the early practitioners came from government agencies – such as police, intelligence or military. Keep this in the back of you mind. With these individuals coming from such varied places, the methods were and are anything but standard. Although we are getting better, there are far too many that do not understand the basics.

So what is the role of security? The canned answer in any textbook is “to protect the assets of the company.” Unfortunately this leaves a lot to be desired but you get the point. It is fundamentally different from law enforcement because it is not necessarily trying to enforce the “law” but instead to defend the organization from threats that cause losses. The morality of a security program can be found rooted in the principles of self-defense.

The fundamental concepts within the security industry are Deter, Detect, Delay and Deny. These are the common concepts used in the process of planning security. Deter the miscreant. Otherwise detect them (preferably as soon as possible). Delay their success – with the intention of increasing their likelihood of apprehension, and finally to deny them the value of the asset. We’ll discuss these far more as time goes on, but they are considered to foundation for everything else.

The basic terms of security are assets, threats, weaknesses, vulnerabilities, risks, and countermeasures. Assets are the tools that allow an organization to do whatever it does, and they are what is protected from threats. Mind you these are non-market-based threats, which are those things that don’t come from fair play. Vulnerabilities are exploitable weaknesses. Risks are the probability that a threat may be realized and what level of loss it may cause – it is pretty much everything before it put in a blender. And finally, countermeasures are anything that is done, established, or constructed to thwart the successful completion of a threat.

That’s about enough of this for now. These things do get long quick, eh?

More later…
Rob
/

No comments:

Post a Comment