We might consider this a flaw of our businesses and management, but perhaps it’s a flaw of our own making. Consider this: How well do we truly know the risk tolerance of our business? If we know it at all, have we been measuring all our security proposals, purchases and processes against it?
Is Security Oversold?
Has security been oversold? Are we confusing technology with security? Has the fundamental purpose of security been obscured by the desire for perfect security?
The U.S. economic climate may serve as a catalyst for change in our industry. To best accomplish our mission and, more important, to earn general respect within centers of influence, we must stop striving for perfect security and aspire to provide J.A.R. Security: Just About Right.
J.A.R. security does not rely upon fancy titles, obscure initiatives or increased complexity. J.A.R. security is based upon the recognition of the following:
- Security does not have to be perfect, just suitable to the risk tolerance of the business.
- Security does not have to achieve the unachievable.
- Security does not have to rely upon the grandness of the effort.
- Basic application of trusted and time-tested techniques will mitigate most risk scenarios.
- Users and stakeholders are comfortable with security solutions, not amazed.
In short, J.A.R. security allows for effective and profitable use of the business’ property, systems, facilities and processes; and in a tough economy, “just about right” is much more appealing to corporate management than flashy and complex.
Making the Case for Better Security
J.A.R. security encourages us to consider the big picture rather than individual, static, expensive solutions that may not easily adapt to dynamic risks. When a doctor treats a patient holistically, the health of the patient overall is improved without the intervention and cost of individually complicated treatments. The security industry needs to similarly view a protected organization in a holistic fashion. By treating security risks “just about right” overall, we address the needs of the whole business instead of a collection of individualized segments. Arguing for complex security technology solutions to mitigate risks coupled with unreasonable proclamations of doom may make for interesting theater, but it has limited value in business operations.
When security is perceived as merely an expense, security solutions need to be “just about right” in terms of financial investment, perceived effectiveness, and future viability. To remain credible and professionally relevant, security professionals need demonstrative results that are “just about right.”