The school shooting in Sandy Hook created a fury of questions as it relates to preventing future incidents. Many people react with “knee-jerk” reactions, proposing security solutions ranging from posting armed guards at each school to adding expensive security systems.
Adding security systems and guards as a security strategy should only be done after a security risk assessment and vulnerability analysis has been conducted. Most loss events can be prevented or mitigated and vulnerabilities addressed by simply getting back to the basics in security.
Quite often security measures already exist that could have prevented a security incident. Take Policies and Procedures for example. I can’t count the number of times a loss event occurred where had a policy simply been followed the event may have been prevented. Many schools have policies requiring all visitors to sign in or to be escorted and yet people seem to gain entry unnoticed. An armed guard or an expensive security system is not always the answer and without policies and procedures to manage both technology and personnel, money and resources are being wasted and lives endangered.
Getting back to basics includes reviewing policies and procedures to ensure they are current, being followed and routinely and randomly audited. Returning to the basics also means that those responsible for a protection system must audit existing processes and systems for compliance and effectiveness and revise processes and systems as needed to meet changing threats.
Consider the breach at Oak Ridge Nuclear Facility in 2012 which processes and stores enriched uranium. An 82 year old nun and 57 and 63 year old men breached security by passing through four security fences and walking two hours reaching the uranium site.
This site had a very expensive protection system yet three citizens were able to breach multiple security devices and reach their target. Had they been terrorists the end result may have been horrific.
The problem with this nuclear site is that a “best practice” in security was totally ignored. That practice calls for auditing existing systems to ensure effectiveness.
Just to drive security basics home, how many times have burglars entered a location where the door or was unlocked or the alarm system was not activated? Consider the theft of more than several hundred million dollars in stolen art from a Paris Museum due to a security alarm system not working for six weeks, allowing burglars free access. There are many examples where the basics were in place to protect but were simply ignored!
Jim McGuffey owner of A.C.E. Security Consultants (Hilton Head, South Carolina) and Chair Person for ASIS International Savannah Low Country Chapter is one of 70 security professionals worldwide who hold all three ASIS International Board Certifications. Jim can be reached at firstname.lastname@example.org.
Hilton Head, South Carolina