Since 9/11 the security industry has witnessed a increase sought after. With this demand has come the requirement for security professionals to effectively manage the capital spent through the system life cycle and through retrofit projects. Through the acquisitions process organizations ask for and procure different services which have lasting effects on the safety posture. These services include guidance on security management practices, technical security evaluations and guidance on forensic security (expert witnesses) issues.
Statistical data within the security industry outline that the various market segments have undergone extreme development. Within the national level the United States has spent $451 billion (as of August 2014) on nationwide defense and has spent over $767 billion on Homeland Security since 9/11. Consumer reports have also outlined that Americans along spend $20 Billion each year on home security. Technical trends have layed out that organizations spend $46 Billion (combined) annually on Cyber Security. The asset protection market outlines that the contract guard force industry has witnessed considerable growth to the tune of $18 Billion a year. In an work to prevent shrinkage retailers also invest $720. 3 Million annually on reduction prevention methods.
You will also feel that with the amount of funds being spent within the security industry that more industry benchmarks (to include lessons learned) would are present to help guide stakeholders toward sound security opportunities. This is often not the case. Most personal security devices project conclusion products are the results of different security management mentalities. These security mentality pitfalls are consequently of the: Cookie Cutter Mindset – if a security measure works well someplace it will reduce your danger at multiple facilities; Pieced Mentality – as funds is available some risk(s) are mitigated; Maximum Security Mentality – there is never too much security; and the Sheep Herd Mentality – everyone is doing it and we better follow suit. Each one of these issues has the same effect on the organizations bottom line. They each potentially divert money from addressing true risk(s) and incredibly often require organizations to take a position more capital into the security program in an effort to right newly created security vulnerabilities.
Two main issues lead to these pitfalls: Typically the stakeholder does not know very well what security measures are expected and depends on a vendor for guidance; or the prospective vendor does not have the stakeholders’ best interest in mind and recommends that the stakeholder implements measures that are out of scope from the patient’s needs. Now don’t get this author wrong, there are some vendors in today’s security markets who meet or surpass stakeholder requirements. From a security management stand point the question should be asked “Does the vendor understand the stakeholder’s security needs and/or will the vendor really proper care? ”
Stakeholders very often never have discovered their specific security requirements (industry or local). Many stakeholders identify different symptoms that they think are root problems within their security pose; never realizing that signs often hide the main problems. One of the biggest contributions to this misunderstanding is lack of security industry training. Positive there are security staff personnel that are found in the organization that bring many years of experience to the table. Problem that must be asked “is the organization providing training for you to its staff in an effort to identify industry best practices and expose them to new ideas? ” In most cases this author has seen that organizations rely on the experience that has been listed on a resume to negate the need for an investment made on security training. When in house personnel do not progress with a changing security industry the organization normally pays for this by outsourcing research work and can be taken good thing about by bad vendors during the purchases process.