S E C U R I T Y B U S I N E S S L E A D E R S ’ V I E W S
Again, ISO 27001 does offer some really good mitigation advice. If you want to consider other standards, try ISO 22301 (Business Continuity Management Systems), ISO 31000 (Risk Management), PD 200:2011 (Crisis Management) and PD 25222 (Continuity Supply Chain Management). All offer useful guidance which will help organisations and risk management teams to develop effective strategies.
In the second part of our Looking Ahead feature, we asked security business leaders, in your view, and in light of the increased threat level...
What should be the main priorities for those developing and delivering security?
What barriers are there to overcome to deliver effective security?
What do you see as the emerging trends and opportunities for all those working in security in 2015?
Dr Peter Speight, CSyP DBA MPhil MSc MIRM Director of Risk and Consultancy Securitas Security Services (UK)
Across the past few years,
the development of ISO 27001, specifically referencing Information Security Management, has certainly provided guidance and structure for addressing the mind-blowing complications around dealing with the physical, technical and procedural minefield that may be present in some organisations. However, it could be argued that, in time, all companies will be subject to these types of incursion and criminality.
On that basis we need to look at – and plan for - recovery and damage limitation.
8 © CI TY S ECURI TY MAGAZ INE – WINT E R 2015
Such strategies only work though, when driven downwards from the Boardroom, whereby company executives take responsibility and assume accountability for the risk appetite within their organisation. This means creating an effective culture that supports and implements measures designed to mitigate and manage corporate governance.
In some cases, it seem to me that executives and Chief Operating Officers blame everybody else but themselves when things go wrong.
Having said that, I’m a realist and companies have to ensure that they balance the benefits of Enterprise Risk Management with the costs and implementation of all mitigation strategies.
We all have to balance ROI, but it’s the cost of doing nothing that really worries me.
Neill Catton Managing Director CIS Security
While travelling by train recently, a fellow passenger asked if anyone owned a suitcase that had been left
by the carriage doors; no one answered and the man asked again, but this time with a slightly raised voice. I could sense the unease in his tone. The silence, which probably lasted just a few seconds, seemed like minutes. My reaction was to pack up my bag and move on to the next carriage, or should I pull the emergency brake, or wait until the next station and raise the alarm? My dynamic risk assessment was gaining momentum until someone finally claimed the case. I had to see who it was to satisfy myself that this was a bone fide owner. This was a personal realisation that the threat level had been raised. Over the past months tensions have been building and the almost daily news about radicalised Britons travelling to fight in Syria had certainly hit home on the 09:28 to Charing Cross.
The priorities for 2015 are to ensure security leaders are talking about threat and that continuity plans are in place and reviewed. ‘What if?’ scenarios, Desk Top Exercises, Refresher Training are all important to test Crisis Management and focus the Security
www. c i t y s e cur i t yma ga z ine . com
Professional’s mind. Above all, communication, awareness and observation united with collaborative relationships with law enforcement and authorities will allow the thousands of security professionals both on and off duty to prevent and protect.
I believe that most barriers can be overcome as long as time is taken to demonstrate the benefits of effective security. This may take a little extra effort, but the satisfaction and reward of providing a totally managed security service are apparent.
We will see greater integration with the public sector, although this may become more evident after the general election in 2015. Technology will continue to add another dimension in access control and CCTV through innovations such as facial recognition and smartphone technology.
David Ward Managing Director Ward Security
The key challenge is positioning the security sector as one that can provide you with an
interesting and well paid career. We need to be attracting graduates and bright young things who can bring new ideas and innovation to the industry, as well as the experienced personnel.
Security is a profession and, as such, people who work in that field should expect that to be recognised and fairly remunerated. As an employer of more than 500 people I know how important financial reward is to my team and also that we are one of the better payers in the industry.
Low pay is certainly a barrier to entry as is a lack of understanding about how the security industry can provide a rewarding and long standing career. It is up to the leaders in the industry to act responsibly, lead from the front and safeguard the future of the industry.
Adrian Moore Operations Director South VSG
In light of the recent threat level increase, it has become apparent that many businesses already have a
risk management strategy, but not all have fully scalable responses that are rehearsed and regularly drilled throughout the security teams. As a starting point to reviewing this business critical area, a full security threat and vulnerability assessment should be carried out to fully assess the current situation. Irrespective of the threat level, these assessments should be conducted on an
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36