Our  Membership











                           getting accurate assessed information always detailing the impact by containing a ‘call to
                           action’ or ‘so what’ to your specific business. For instance, any Environmental Scan worth
 ‘Protective Security’ or ‘Total   its salt should be covering the impact and threats posed by the cost of living crisis (CoLC)
                           but – ‘so what does it mean for us’ I hear you ask! Well, if your organisation relies heavily
                           on labour how will the increasing mental health issues falling out of the CoLC affect your
                           work force? How could you assist your work force in dealing with the pressures imposed
                           on them by the CoLC, will debt issues effecting staff heighten your insider risk? Has, you
 ‘Security’, call it what you like!  organisation looked and understood the impact on its workforce? Importantly, have you
                           built in contingencies to allow for a labour shortage or heightened insider risk and placed
                           in indicators and warnings, following this threat information? Another example is climate
                           change/extreme weather - you may have heard of ‘black swan’ incidents, an example
                           of this is type of incident happened to some of my security colleagues in Cape Town. In
                           2018, the area suffered a major water shortage due to drought. On top of the impact to
 ‘Protective Security’ or ‘Total Security’, call it what you like – one thing is   business continuity this led to a significant rise in violence where people were turning on
 for sure, a Director or Head of Security’s role has changed. No longer   each other as well as breaking into properties leading to violent confrontations, purely
 just responsible for physical security or having a siloed approach to   to steal water. Threat monitoring covers these topics it feeds back into the business to
 security discipline, we now find ourselves being asked to assist in   ensure business plans, training, crisis management etc are kept updated and continually
 informing decisions across a wide range of business resilience issues. In   reviewed as relevant to ever changing threats.
 fact, how many of you used to be called Head of Security and have now
 found yourselves with the new titles of – Director of Security with any of   Threat monitoring is also used significantly at a tactical level, for instance, event
 the following tagged on - business resilience/ risk / safety? with generally   monitoring and due diligence. Researching and analysing historic data and then
 not much, if any, remuneration attached!  continuing to monitor leading up to an event to understand the threats and impact (the
                           ‘so what’s’) the event is likely to have. Enhanced due diligence on individuals is also a
 The reasons – because more executive boards are recognising that   form of threat intelligence. All this assessed threat intelligence informs decision making
 the word ‘security’ is not just about keeping windows locks and doors   regarding resourcing, strategy and tactics.
 secure, its about keeping the whole business enterprise resilient and
 ‘healthy’. The learning from crisis management gave birth to ‘enterprise   Be it at a strategic or tactical level, threat monitoring is integral to all of the business
 risk management’.
                           ensuring resilience. The examples above would be used by HR, Finance, Ops and Security
                           in assisting with their planning, training, policy etc. This is likely to mean potential budget
 So how, as Director of Security et al, do you feed into this ‘enterprise   extensions to the Security department, where you are adding value to their parts of the
 risk management’, gain support and engagement from the executive   business assisting them in informed decision making or their business planning.
 board and cease working in silos?  Well, by giving them the information
 to be able to keep their areas of the business resilient. Knowing what   Understanding the threats and ensuring they are fed into your organisation has been
 each area of your business is responsible for and aligning your security   integrated into Martyn’s Law and other industry standards.  Although Martyn’s Law
 strategy to fit in and wrap around the risk register.  Once armed with   is still not fully in place, those who are still not ‘getting on board’ and implementing
 this you are able to effectively deliver threat monitoring aimed directly at   recommendations are going to be leaving themselves vulnerable to significant
 mitigating or preventing your bespoke business risks.   reputational risk. At a recent meeting with several senior security colleagues responsible
                           for iconic buildings within London, it was pointed out by them that any failings now
 So do you have a business intelligence model that informs strategy,   endangering the public through CT, or any other tragedy, are going to be hard to defend
 reflects the business culture and is embedded within business plans?   against, as the recommendations following the Manchester Arena inquiry have been
 This is where threat monitoring comes in to play, but what does it look   fully published. At b4Secure we use our own security and business resilience intelligence
 like and what should you be getting from it ? There are different types   framework to ensure we support our client’s compliance with industry standards (ISO
 of products and services, some more longer term forecasting at a   22361 Security and Resilience — Crisis Management and ISO 22301 Business Continuity
 strategic level covering a multitude of risks throughout the business.   Management), using our threat intelligence services also ensures organisations are
 These products could take the form of an Environment or Horizon   complying with a number of recommendations set out by the Manchester Inquiry.
 Scan and use various structured analytical techniques to complete
 them, a popular one amongst analysts is PESTEL – Political, Economic,   Threat intelligence informs strategy, ensures training, contingency plans and policy are
 Social, Technological, Environmental, and Legal. As you can imagine this   kept up to date, saves money, protects reputation and should be embedded throughout
 ensures a good wide spread of research, it will include threats posed   the business culture. The discussed approach to security enables any return on
 from - geopolitical activity, cyber and changes in social thinking and   investment to be demonstrated fully within business enterprise.
 narrative. The most important part of the threat monitoring is to ensure
 it is completed by experienced qualified analysts, this will ensure you are
                           By Julie Nel MSyI
 18                                                         19