In our last blog, we looked at how businesses can measure a return on security investment (ROSI). In this blog, the team at Corps Consult, led by Mike Bluestone CSyP, turn their attention to the foundations of an internal security infrastructure, which can be driven by applying the eight principles of security. These principles will enable firms to develop an overarching defence mechanism to prevent, or at the very least, delay and deter cyber and physical attacks.
Internal and external measures
An organisations’ measurement of their own security preparedness can be taken once a comprehensive security system is in place. In addition to conducting internal tests, external specialists should also be used to further understand the effectiveness of physical and cyber-security measures.
For example, the cyber-security of zero trust security initiatives requires each step of internal IT platforms and systems to have verified defence mechanisms. This should be tested by using professional external security auditors, who can provide appropriate recommendations upon completion of a system audit.
External specialists can also develop measurable targets for security guarding services, and the security management of any organisation. This is important no matter your organisation’s size and is especially relevant to smaller teams who may lack the resources to conduct effective internal audits.
The eight principles of security programmes
To set the tone for any organisational security programme, apply the eight principles of security. Together, they provide a well-managed defence system that deters attackers, and slows down any progress they could make:
1 – make sure there is a strategy and security policy already in place. This gives a baseline for an effective security programme and set of measures, as well as allocation of a security budget.
2 – ensure that the organisation concerned is in possession of correct intelligence on their threat landscape.
3 – allocate the right people to the right roles. For example, in terms of management and guarding.
4 – install appropriate technical means, including, access control, CCTV, and intruder alarms.
5 – focus on correct and easy to follow security procedures.
6 – Assign control and supervision to the best qualified staff.
7 – Regularly test and perform system drills.
8 – conduct regular internal and external audits and employ experts if the organisation cannot conduct audits internally.
Once these eight steps are in place, your organisation will develop a strong security and corporate culture. Input staff feedback loops like questionnaires on the knowledge of these layers and how each interacts with each other – like the strategy and whether it relates correctly to the current threat landscape. For example, businesses and corporations should be aware of the current threat landscape with increased protests and political unrest and have a strategy in place to protect staff and other assets.
The importance of security principles
By adopting and applying the eight principles in your organisation, a safe and secure business environment can be established. Going forward, regular security audits can detect and assess the level of security measures in place as well as the resilience of the staff security culture. If staff are unaware of the security procedures, the business can become more vulnerable, and at risk from attack from criminals, protestors, or in certain circumstances even terrorists.
Businesses and organisations that implement appropriate electronic and physical security measures, such as fencing, lighting, hostile vehicle mitigation, CCTV monitoring, robust access control and well-trained security officers will deter attackers. Equally, the installation of monitored intruder alarms and panic alarms can trigger fast responses by police and/or other security personnel.
These steps can help secure your business against attackers, but never forget the importance of your people and their contribution to the overall security culture. A layered security approach can help prevent and deter threats, but they’re only as effective as the team that follow your procedures. By making the security of your people a top priority you will in turn ensure the resilience of your entire business.
If you’d like to know more about Mike’s work and the advice Corps Consult can offer, read more about the service and make an enquiry.
Read the previous blog on ROSI to learn more on the metrics for success, and where to invest resources.