In the early fall of 1998 when the U.S. Embassies in Nairobi, Kenya and Dar Es Salaam, Tanzania, were still smoking piles of rubble from twin attacks by Al Qaida terrorists, State Department Security experts were scrambled worldwide to assess the security profiles of U.S. missions abroad. One inspector was dispatched to Dublin, Ireland, where he found that the Embassy was a circular, solid glass building with a small waist-high stone wall around it. His report the next day began with these words: “The U.S. Embassy in Dublin was built in a more innocent era. We do not have that luxury, today.”

If history is any indication, the twin attacks by Al Qaida on our embassies in East Africa were only a small taste of what was to come. Now we live in a much more complex and dynamic world, and the demands on physical security and cybersecurity have increased dramatically. As the world is continually changing, the challenges faced by security leaders change as well. Risk is now at the forefront of discussion and risk analysis has become the basis for strategic security planning in many organizations. Insightful leaders are also finding that a myopic view of security at a facility-by-facility level can cloud the holistic understanding of how the system of facilities, technology and processes interconnect. The systemic risk has implications on the risk interpretation at an individual site, and vice versa. Single site or business unit risks are viewed through the prism of their role in the greater enterprise so the focus can be on the tree, but without losing sight of the forest.