Occasionally, there is benefit in returning to the absolute basics of our knowledge set. There are a number of reasons why this is of value: sometimes we have become so entrapped by the detail that we forget the basics, sometimes we become expert in a field and lose sight of the underlying principles, and sometimes we have come into security from another discipline and never really comprehended the foundatiseon on which protective security is built. Remember back to See Spot run? The building blocks of the language of Shakespeare and Dickens is in those books. So, if we are all sitting comfortably, let us try to recapture the fundamentals.
- Do we own anything?
- Do we do anything?
- Is there anyone who would want to take or damage what we have or do? (Really, is there?)
- How could they do it?
- What can we do to protect our assets and functions?
- How do we know the (security) measures are (really) working?
- What is really important to our business?
- Can we make it hard for villains to get to the assets?
- Can we make it hard for them to move or damage the assets?
- Can we know if they are doing it?
- Can we record them doing it?
- Can we do this without damaging the image of our business?
- What measures do we have in place?
- Is it costing, or going to cost, more to protect the asset than it is worth?
- Do we know how to respond appropriately?
- Should something happen, can we repair or replace the asset?
- If our functions are harmed, how do we look after our clients?
- How do we recover our reputation?
The above are really simple questions, but they reflect everything we do: asset and function identification, threat assessment, vulnerability assessment, risk assessment, security surveys, access control, alarm monitoring and response, cost benefit analysis, media management, image protection, equipment selection, policies, procedures, training, monitoring, assurance reviews, risk transfer, emergency and crisis management, business continuity and so on.
Understanding the basics not only reminds us of what we do, how and why, but also allows us to present our case to other managers and the executive in simple terms. It was Einstein who said, “If you can’t explain it to a six year old, you don’t understand it yourself.” While not suggesting that the executives are six year olds, the principle applies. Occasionally, there is a perception that the use of small words and simple concepts is somehow demeaning or uninspiring. On the other hand, the ability to present a logical argument that is not bound up in jargon can be both refreshing and informative. Certainly, there is a place for detailed, specialist knowledge and technical terminology, but it should not be used to befuddle the audience or to hide a lack of fundamental awareness.
Knowing the fundamentals also provides a solid foundation upon which to build our security plans, processes and capabilities. Without such a solid basis for what we do and why, there is the real likelihood, indeed probability, that the organisation’s protective security will be flawed.
Ours is a complex and multi-faceted management discipline that overlaps and integrates with so many other aspects of providing a safe and secure environment in which we can work, live and play. Given the complexity and importance of the role of the security professional, perhaps sometimes we should revisit the basics. That way we know why Spot is running.