Page 18 - the SyI Quarterly 14 Booklet Format
P. 18
Our Membership
getting accurate assessed information always detailing the impact by containing a ‘call to
action’ or ‘so what’ to your specific business. For instance, any Environmental Scan worth
‘Protective Security’ or ‘Total its salt should be covering the impact and threats posed by the cost of living crisis (CoLC)
but – ‘so what does it mean for us’ I hear you ask! Well, if your organisation relies heavily
on labour how will the increasing mental health issues falling out of the CoLC affect your
work force? How could you assist your work force in dealing with the pressures imposed
on them by the CoLC, will debt issues effecting staff heighten your insider risk? Has, you
‘Security’, call it what you like! organisation looked and understood the impact on its workforce? Importantly, have you
built in contingencies to allow for a labour shortage or heightened insider risk and placed
in indicators and warnings, following this threat information? Another example is climate
change/extreme weather - you may have heard of ‘black swan’ incidents, an example
of this is type of incident happened to some of my security colleagues in Cape Town. In
2018, the area suffered a major water shortage due to drought. On top of the impact to
‘Protective Security’ or ‘Total Security’, call it what you like – one thing is business continuity this led to a significant rise in violence where people were turning on
for sure, a Director or Head of Security’s role has changed. No longer each other as well as breaking into properties leading to violent confrontations, purely
just responsible for physical security or having a siloed approach to to steal water. Threat monitoring covers these topics it feeds back into the business to
security discipline, we now find ourselves being asked to assist in ensure business plans, training, crisis management etc are kept updated and continually
informing decisions across a wide range of business resilience issues. In reviewed as relevant to ever changing threats.
fact, how many of you used to be called Head of Security and have now
found yourselves with the new titles of – Director of Security with any of Threat monitoring is also used significantly at a tactical level, for instance, event
the following tagged on - business resilience/ risk / safety? with generally monitoring and due diligence. Researching and analysing historic data and then
not much, if any, remuneration attached! continuing to monitor leading up to an event to understand the threats and impact (the
‘so what’s’) the event is likely to have. Enhanced due diligence on individuals is also a
The reasons – because more executive boards are recognising that form of threat intelligence. All this assessed threat intelligence informs decision making
the word ‘security’ is not just about keeping windows locks and doors regarding resourcing, strategy and tactics.
secure, its about keeping the whole business enterprise resilient and
‘healthy’. The learning from crisis management gave birth to ‘enterprise Be it at a strategic or tactical level, threat monitoring is integral to all of the business
risk management’.
ensuring resilience. The examples above would be used by HR, Finance, Ops and Security
in assisting with their planning, training, policy etc. This is likely to mean potential budget
So how, as Director of Security et al, do you feed into this ‘enterprise extensions to the Security department, where you are adding value to their parts of the
risk management’, gain support and engagement from the executive business assisting them in informed decision making or their business planning.
board and cease working in silos? Well, by giving them the information
to be able to keep their areas of the business resilient. Knowing what Understanding the threats and ensuring they are fed into your organisation has been
each area of your business is responsible for and aligning your security integrated into Martyn’s Law and other industry standards. Although Martyn’s Law
strategy to fit in and wrap around the risk register. Once armed with is still not fully in place, those who are still not ‘getting on board’ and implementing
this you are able to effectively deliver threat monitoring aimed directly at recommendations are going to be leaving themselves vulnerable to significant
mitigating or preventing your bespoke business risks. reputational risk. At a recent meeting with several senior security colleagues responsible
for iconic buildings within London, it was pointed out by them that any failings now
So do you have a business intelligence model that informs strategy, endangering the public through CT, or any other tragedy, are going to be hard to defend
reflects the business culture and is embedded within business plans? against, as the recommendations following the Manchester Arena inquiry have been
This is where threat monitoring comes in to play, but what does it look fully published. At b4Secure we use our own security and business resilience intelligence
like and what should you be getting from it ? There are different types framework to ensure we support our client’s compliance with industry standards (ISO
of products and services, some more longer term forecasting at a 22361 Security and Resilience — Crisis Management and ISO 22301 Business Continuity
strategic level covering a multitude of risks throughout the business. Management), using our threat intelligence services also ensures organisations are
These products could take the form of an Environment or Horizon complying with a number of recommendations set out by the Manchester Inquiry.
Scan and use various structured analytical techniques to complete
them, a popular one amongst analysts is PESTEL – Political, Economic, Threat intelligence informs strategy, ensures training, contingency plans and policy are
Social, Technological, Environmental, and Legal. As you can imagine this kept up to date, saves money, protects reputation and should be embedded throughout
ensures a good wide spread of research, it will include threats posed the business culture. The discussed approach to security enables any return on
from - geopolitical activity, cyber and changes in social thinking and investment to be demonstrated fully within business enterprise.
narrative. The most important part of the threat monitoring is to ensure
it is completed by experienced qualified analysts, this will ensure you are
By Julie Nel MSyI
18 19