Security Professional

There is a race for Technology implementation in every field. This affects Security Management too due to which ‘Security Automation’ is considered as the most important component amongst the five Security layers ( https://securitypracticesandsolutionbysmit.blogspot.com/2021/08/the-five-layers.html ). Many times, Security Technology is implemented not due need to mitigate the risk or bring efficiency, implemented for sake of it, there is no estimation of what in Security is to be automated, why to be automated, and how to be automated. This results in a bad investment, dissatisfaction amongst Management & Owners, unhappy users (employees, workforce, visitors, etc.), and most importantly, the risk remains. Problem statement In the last 19 years have seen several examples where Security Automation is not balanced with actual need. There are mainly four logical scenarios for imbalanced situations in Security technology: 1. Over-implemented – logically such cases should not be mu...

Earlier blogs on Risk Chain and Security tools gave understanding on Risk components and risk treatment (five layers of Security). Even after implementation of Security measures, ‘Risk will exist’. The fact which Security Manager and Management must accept. There are many reasons for existence of Risk even after treatment. 1. 100% risk mitigation is not possible. This is one of the facts Security Manager and especially Management must accept. Known risk but not treated may be due to lower probability or practically not possible to treat due to cost of treatment or risk is low impact-low probable. This is known as ‘Risk Appetite’ of the organization. So, the condition here is, risk still exists but in knowledge. 2. Risk Treatment is not done properly – this is where Security manager or management have not measured the risk properly or not given proper treatment. Risk not estimated or missed in assessment is possible when adequate preparation in Risk assessment is not done – old risk...

  In sequence of “threat” to "asset" becoming a reality and creating negative "impact" is a complete “Risk chain”. There are several links which can be broken to "Protect". Consider Security Risk Chain like a Fire-Triangle which has Fuel, Heat and Oxygen. When one gone, fire gone. Similarly in Risk Chain, one link broken is “Risk” gone.  Smart Security is identifying balanced Security measures i.e. infrastructure, technology & automation, process and man-power to be effectuated to brake risk chain at right link. Understanding propitious risk mitigation tool is important for S ecurity Manager . During sensitive times, Police takes custody of regular offenders from city - Police removes "adversary" from chain. On other site, terrorist select populated areas for bomb explosion, to have maximum "impact" – as explosion in non-populated area will be only for enjoyment as fireworks. Therefore knowingly unknowingly, Security and Adv...