Feedback on The Security Minute articles or comments.

The Sun Tzu Security Status Scale

Recently I started studying a new book, Physical and Logical Security Convergence, by five authors including my friend Dan Dunkel. I’m only a little way into the book, but so far it’s very good. In fact, the first chapter inspired today’s issue, prompted by the book’s presentation of several quotations from the world’s oldest treatise on military strategy, Sun […]

Do the Usual

Recently I noticed that in helping people resolve issues relating to the convergence of physical security and IT (roles and responsibilities as well as technology), my recommendations had one key theme in common: do the usual. Example #1: Physical Security Systems on the Network Problem: The Security Department has been putting cameras and servers on my corporate network, and suddenly now […]

Security Stakeholder Ladder of Involvement

“People’s attitudes toward security in general and your organization’s security program in particular tend to fall into one of six categories, which we’ve put on what we call our “ladder of involvement” in security. Ownership Participation Compliance Apathy Avoidance Subversion” —Carl Roper, Dr. Lynn Fischer, and Joseph A. Grau, from page 75 of their book Security […]

The Real Reason for Security

In past years typically discussions about security have dealt with asset protection—the protection of people, proprietary information, critical business processes, integrity of data, and so on. More recently, the subject of risk has entered the picture, and in the past couple of years leading discussions have centered around the adoption of aunified risk perspective for physical, IT and corporate […]

An Antidote to the Complacency and Panic Security Syndrome

com•pla•cen•cy 1. a. a feeling of quiet pleasure or security, often while unaware of some potential danger, defect, or the like; b. self-satisfaction or smug satisfaction with an existing situation, condition, etc. pan•ic 1. a sudden overwhelming fear, with or without cause, that produces hysterical or irrational behavior, and that often spreads quickly It has been said that complacency and panic are the two […]

Rate Your Security Program in 90 Seconds

                Obviously the time frame of this assessment is close to the heart of The Security Minute! (Originally I suggested this would work in 60 seconds, but several subscribers wrote to say that it took them about 90 seconds—so I revised the title. This is an extra-wide page due […]

Security Industry vs. Security Profession

For two decades I have heard security executives and managers talk about improving “the security industry” they work in, and I have also heard manufacturers refer to themselves as “security professionals”. Both uses of the term are incorrect, and are detrimental to the security industry and the security profession. Definitions for these terms have not been broadly taught or […]

To Risk or Not to Risk: That is the Question

To Risk or Not To Risk is definitely the right question, but unfortunately it is not being asked in many cases. Instead, what is being asked is To Spend or Not To Spend? This can be a dangerous practice. The reason is that generally when you say “No” to a security proposal, you say “Yes” to accepting risk. Here is a somewhat shocking discovery made when […]

A Powerful Tool for Setting Asset Protection Priorities

“Your budget is not limitless. Neither are other resources. You need to determine the best use of your limited resources to ensure the survivability of your enterprise.” —Audrey Dorofee, Software Engineering Institute, Carnegie Mellon University When all is said and done, it very often comes down to setting security proirities. Creating a catalog of critical assets is one […]

How to Evaluate Any Security Measure

The objective of security measures is to reduce specific security risks to an acceptable level at an acceptable cost. This is usually easier said than done, because introducing a new security measure can also introduce a new risk. Emil Marone, Chief Techology Officer for Henry Bros. Electronics, a leading security systems integrator headquartered in Saddle Brook, NJ, relates one situation where a client called […]