The Better Mouse Trap: Continuous Learning Through Incident Analysis
To effectively secure organizations and facilities, policies, plans and procedures have to be fluid to address the ever-changing trends of crime, terrorism and active shooter incidents. When organizations engage professionals in the security sector to help them address threats of physical, intellectual or cyber theft, violence and, in worst case scenarios, active shooter incidents; it is imperative that security professionals are learning from the nuances of emerging trends and are giving tailored, scalable advice to their clientele.
In a webinar, Benjamin Mannes, Principal Consultant of Mannes & Associates, examined several recent security incidents in the education, public facilities/venues and healthcare sectors and discussed what can be learned from rapidly changing tactics.
“To be an effective security professional, you have to be diverse in your skillset,” Mannes said. “Organizations historically pigeon-hole security managers by niche, which fails to allow them to be fluid when addressing ever-changing trends of crime, terrorism and active shooter incidents. Instead, security leaders should continually train to address physical, intellectual or cyber threats from intellectual property theft to the worst case scenario of an active shooter incidents. Even more, today’s security professional should be equal parts physical security, investigations and emergency management and constantly learning from the nuances of emerging trends and incidents.”
Mannes asked attendees to consider their respective security programs. Does their planning for potential incidents include active shooter, IP Theft, emergencies and natural disasters, and compliance issues? If not, how can that be corrected?
“Your challenge will be in budget,” he said. “Security works in a negative profit margin, meaning the ROI for security investment is that nothing happens. And CFOs and CEOs tend to invest in technologies and capital improvements more than human capital.”
He noted that enterprise security should remember the 90/10 rule: 90% of effective security measures are policy and procedure-related, 10% is in the latest solution. “You should communicate the costs of inaction, loss and compliance-related expenses and communicate them in budget negotiations,” he said.
Mannes then offered a number of case studies to stress the invaluable importance of having plans and policies to make technologies and tools more effective in mitigating security incidents.