What is Security?

Security without the skin : Security risk assessment measurements

At some point, everyone talks about security. The question is, do you have a “picture” in mind when you think about security?

For most people, security is only the security hardware section, which includes a camera system, an alarm system, beams, a guard, or even a dog on the property.

Written by André Mundell.

Our security risk assessment services extend to major centers: Gauteng (including Pretoria, Johannesburg, Midrand, Sandton, and Centurion), Bloemfontein, Durban, and Cape Town.

Why Us? Independence!

image_2023-08-28_130350398 by .

What is Security?

Security without the skin

At some point, everyone talks about security. The question is, do you have a “picture” in mind when you think about security?

For most people, security is only the security hardware section, which includes a camera system, an alarm system, beams, a guard, or even a dog on the property.

90 percent of all RFQ, tenders, or quotes for security are only for security hardware, which includes cameras, alarm systems, access control measures, beams, and everything else. Security hardware is only one component of security.

There are too many other factors that must be in place to call it security and to work as security.

image_2023-08-28_130157996 by .

You are not wrong if you think about these “items”, but that is exactly what they are. Items. Mere building segments of the bigger picture which is security.

When you think about a human being, you automatically think about arms, legs, a head, a torso, and so on. But if you think about it a little bit more, you will know that there is much more to a human being than a body.

Security is exactly the same.

Let’s say we take a human body and pull the skin off. If you have never seen this before, I can assure you that it is not a pretty picture, but this allows you to see everything that is kept inside by the skin.

In the illustration below, we have “pulled the security’s skin back.” It might look a bit disorganized, but we used different colours to differentiate between the different definitions and so on.

image_2023-08-28_130350398 by .

When it comes to security, we start with a security risk assessment. This is the process that you should follow before you make any security-related decisions or purchase any security hardware or software. Essentially, this process tells you what you need to do to eliminate your security risks.

You will see in the illustration that from the security risk assessment you will get recommendations. From there you will get the RFQ process and the costing calculations. Once the assessment is done and the recommendations are approved, the hardware is sourced.

You need to keep in mind that each section within this illustration has its own connections to make everything function at an optimal level.

All the lines going from one segment to the next can be compared to the arteries in the human body. These lines signify data, connections, information flow, and the like.

If there is one mistake that most people do when it comes to security, it is to skip the first and most important step of security which is a security risk assessment.

You can see that most security structures are based on guesswork when you look at the crime stats. There are no facts or research that support security decisions.

The second biggest mistake that everyone seems to make is to forget about the “network”. A security network is a collection of network cables linked together or connected to an electronic device that allows security data to flow from one point to another.

There are two security networks. One of these is depicted in the attached illustration, and the other one is visible inside the sections control, management, security profile and the like, where everything is connected and intertwined to make it work.

In the illustration, you will note that “management” is connected to all the other aspects of the security structure. There are different components to management, running through control, hardware, the security plan, communication, processes, policies, and so on.

Control and communication are directly linked to each other as there cannot be any control without communication. In line with this, you will note that management and communication are linked to each other, along with policies and procedures.

The security plan is directly linked to the risk assessment as the solutions are derived from identifying the security risks.

Now, when you look at the illustration and you remove the risk assessment part of it, which is the case with most security structures, you will note that there is no research and no information on what the solutions could be based on.

image_2023-08-28_130744189 by .

The risk assessment and recommendations are the research that is required to establish which security solutions will work and how to eliminate the risks. The risk assessment is where everything starts, it provides the guideline on how to understand and approach security, and what hardware will eliminate the opportunity for crime.

image_2023-08-28_130744189 by .

When you take control out of the security equation, you will see that everything else will fall apart and that there are just too many loose ends.

Most security companies and structures have no SOPs. For more than 30 years, people have been using the good old “copy and paste” method when it comes to SOPs. People do not even know the difference between the 3 types of SOPs that are used today.

Without an SOP you do not have a security plan, nor do you have any form of control or communication.

Removing the policies and procedures further causes the entire system to crash and burn as policies speak to the hardware which speaks to the control which is connected to communication and management.

We have done multiple assessments where several of these components were not present, and it was evident in the output value of the security structure.

When even a single “item” of the security structure is not present, your security will fail.

There is a reason why we say that there is a golden thread that runs through the entire security structure. Everything is linked and one section of security cannot work without another preceding it.

You cannot remove one section without affecting all the other. It is like an intricately woven tapestry. If you cut a single thread, in time the entire tapestry will unravel.

As mentioned, each of these illustrated sections has multiple facets that need to work together for it to function.

For example, all the different types of hardware, from the cameras, the property line, the access control measures, to the alarm system, and everything in between, also need to be able to communicate.

Further to this, when all the hardware communicates, the information must go somewhere.  This is the control.

In some organization its called a control room. The control must make sure that the information is filtered to the correct people to take action where needed. This forms part of the policies, procedures, and ultimately the security plan.

It is important to remember that in order to have control, you must have SOPs in place. This comes from control and management that forms part of communication, management, instructions, policies, and so on.

image_2023-08-28_131153413 by .

Can you see all the connections? Can you see that you cannot simply remove something and expect the system to continue functioning?

Be that as it may, in South Africa, we seem to achieve the impossible.

We remove several of these section and expect security to work. As you can see when you look at the crime statistics of our beautiful country, it does not work.

When we conduct a security risk assessment, we always hope to find all the sections present, however, this is hardly ever the case.

What does it mean to be in control of your security? I can explain it, but it will end up being a 300-page document.

In short, being in control means that you know what is happening where at any given time and that you have the ability to act when action is required.

image_2023-08-28_131729078 by .

What does communication mean? Communication is not just one email or a phone call. It goes much further than that. Every single aspect of security needs to be able to communicate, whether it is communication between hardware and software, hardware and a human being, human and human, it does not matter.

Without communication, you will not have any policies or procedures, which essentially means that you will not have a security plan.

If you want to know whether your security is on par or not, take the illustration and follow it, step by step, and identify the “items” that are present within your security structure. This will give you a good indication of where you are in terms of adequate security measures.

Further to this, aspects such as the Master Copy, control registers, maintenance, and so on, are also part of control and management, and although it has not been included in the illustration, it is vital to ensure that it is part of your structure.  There are about 12 vital control registers that must be in place, but hardly ever is.

Training is essential and forms part of management, control, and procedures.

image_2023-08-28_131924670 by .

You will see that we included a heart in our diagram. It is not there for decorative purposes, and the location of the heart is also with reason.

Just like the human body cannot function without a heart, a security structure cannot function without a control or control room.

Every single aspect of security runs through the “heart” which is why it is the single most important aspect of security.

The human body, like security, requires a brain to function. This is where artificial intelligence (Ai) comes in. Ai, like everything else, must be controlled and understood. Ai, while beneficial to security. Uncontrollable Ai can complicate security; this topic will be discussed further later, in the section of the “master copy”.

I am sure that you can see and understand that security is not a single thing, but multiple aspects that work together.

To put the vast network of a security structure into perspective, the illustration contains about the amount of information similar to the size of a needlepoint on an A0 paper. The rest of the paper must still be filled in.

image_2023-08-28_132125372 by .

In the middle of security, there are two forces that are vital in any security structure, whether we are talking about a small property, corporate company, business entity, or large corporation.

These forces are the security managers responsible for balancing the security structure.

Share this on social media:

Written by Andre Mundell

Website Index

Scroll to Top
× How can I help you?