OK, that might sound like an unusual title for a security blog, but bear with me. It will all make sense. Every day, we’re bombarded by interruptions. Some would say security is all about handling the interruptions. Handle the interruption, minimize the impact, and recover to normal operation as quickly as possible. It’s that simple.
Except it’s not. All too often we hear of delayed responses, missed alerts, a lack of planning – resulting in financial or even human loss. The information is usually available – somewhere – and hindsight’s 20:20 vision makes it obvious. But in the pressure of the real-time situation, ‘seeing the forest for the trees’ is hard. Every sensor system has its own silo of information. We rely on operators to share information verbally. The busier the operation, the less time spent sharing information. As the adage goes, the more trees you have, the harder it is to see the forest.
You can invest in software to assist you. The latest generation of integration solutions can actually bring all of your sensors into one point – from video to access control, from fire alarms to weather. A few will take you from awareness (where you know what’s going on) to management (where you’re in control of what’s going on). Add in prepared response plans, triggered into action by the appropriate alerts, and you now have a path through the forest.
The “prepared” in “prepared response plans” is the operative word. Investing in solutions for situation management will help considerably when it comes to preparedness. But you also need to invest in yourself and in your people. Step back from the noisy, day-to-day treadmill of events. Are you able to see the route through the forest, or are you just running from tree to tree? Are your procedures stored in people’s heads, a row of fat binders, or automatically activated when required and brought to the attention of your operators? How often do you plan and review those procedures? In fact, how do you plan and review those procedures? How do you even know whether procedures were followed? Do you control your security operation, or does it control you?