When I went to school, it was a mark of failure. But in the security world, nothing can be better than achieving a good D right across the board.
What technology are you using right now to make the criminal decide to go somewhere else? You don't have to have the same security as the Canadian Mint, but you do have to better protected than the business across the street. As I say to my kids when we go camping: "I don't have to outrun the bear… I just have to outrun you." If your business gains a reputation for being difficult to infiltrate, thats a good first step. Put in place the physical and technological barriers that deter.
If someone does decide to target your office, will you only discover it when its too late? Proper detection is crucial to the security envelope you put around your assets. The CFO keeps saying "If you can't measure it, you can't manage it", and as the Security administrator you should be saying "If you can't see it, you can't respond appropriately." Make sure you have a clear view of whats happening around you.
Time can be the enemy of the bad as well as the good. A matter of minutes can make all the difference the fight against crime. If you have a good relationship with your security guard provider or your local law enforcement, ask them about response times to an emergency call. This may vary depending on your location. Craft your security plan around those timelines, and implement adequate delay mechanisms into your design. Make sure first responders get to the protected assets before the attackers.
This may be the hardest of all objectives. They key thing is to keep the core valuable assets at the centre of your layered security perimeter. Your perimeter may be physical or virtual, depending on whether the asset is an object or information. You may have to prioritize your assets into various protection groups, and place the key ones at the core. Your Intellectual Property is more important than the decorative flower vase at reception. Think about what you can afford to lose, and what is invaluable.
A lot of times we think that by calling 9-1-1 we can get the response we need to solve our security dilemma. But security is everyone's responsibility. Its a mindset. Train for it. Practice it. Implement it.
- Kyle Fairfield, January 24, 2014