Security Options and High Performance Introduction

As McCrie notes, “the training of employees and the development of their skills and careers is a critical and time-consuming activity within security operations.”[footnoteRef:2] For an organization like a public elementary school, employees are more than likely already stretched to the max in terms of time and ability: their primary focus is on teaching and assessing student achievement. Other stakeholders—i.e., parents—will nonetheless be concerned about safety, as Stowell points out.[footnoteRef:3] To keep stakeholders happy, managers and employees have to find ways to satisfy concerns about security—on top of doing their full-time jobs of administering and educating. That can be daunting, but to help there are security solutions that the Digital Age has helped bring into existence—tools like SIELOX CLASS, which allow teachers to communicate with administrators, access campus cameras, alert authorities, trigger a lockdown, and keep students safe by responding quickly to a potentially dangerous situation and following procedures sent them over their mobile devices.[footnoteRef:4] This paper will show how McCrie’s recommendations about 1) going with the security options that fit an organization’s budget and 2) that provide the type of security desired by stakeholders can help to ensure that a) employees are prepared to engage in safeguarding practices (which includes having a proper measure of the effectiveness of the security system) and b) have the necessary resources to support them (i.e., the proper training to help guide them through the process of safeguarding in real time). [2: Robert McCrie, Security Operations Management, 3rd ed. (MA: Butterworth-Heinemann), 95.] [3: Holly Gilbert Stowell, “Checking in for Safety,” Security Management, 1 Aug 2018 https://sm.asisonline.org/Pages/Checking-in-for-Safety.aspx] [4: Holly Gilbert Stowell, “Checking in for Safety,” Security Management, 1 Aug 2018 https://sm.asisonline.org/Pages/Checking-in-for-Safety.asp]

Training and Development for High Performance

Two ideas that McCrie tackles when it comes to training and development of workers and managers for high performance with respect to security are a) the need to measure for effectiveness, and b) the need for non-security personnel to have security training. Each of these are important for their own reasons. Measuring effectiveness is crucial because too many assumptions can be made about a security system’s utility without that utility ever actually being challenged or tested. It is only through something like a penetration test that the actual merits of a system can be gauged. A penetration test helps to measure the overall comprehensiveness of a system in the face of a real threat.[footnoteRef:5] At the same time, not all employees are going to be security personnel—but they still need to know what to do in the case of an emergency. Training can be costly and time-consuming, and not every worker is going to have the ability to undergo extensive security training. Organizations have to find ways to meet their security needs as well as their budgeting needs.[footnoteRef:6] The example that Stowell gives with the elementary school is a perfect one for illustrating how an organization can balance security and budgeting concerns to make sure all workers are on the same page and security systems are effectively measured and engaged. [5: Red Team Security Consulting, “What is a Penetration Test and Why Do I Need It?” Red Team Secure, 11 Jan 2018 https://www.redteamsecure.com/penetration-test-need/] [6: Joel Lanz, “How to be Street Smart When Budgeting for Security,” 31 Oct 2016 https://www.journalofaccountancy.com/newsletters/2016/oct/street-smart-security-budgeting.html]

The Need for Appropriate Measures of a Security System’s Effectiveness

In order for a security...

One type of measurement of a system’s security is the penetration test: this is where an exercise is conducted to see how well a security system stands up to an actual attack. In Stowell’s example of the measurement of the effectiveness of the SIELOX CLASS security system, a penetration test was actually accidentally initiated when a teacher hit the lockdown button on her mobile phone device by mistake. Within two minutes the police arrived and the school’s security measures kicked into place. The principal was very pleased with how well the system worked and even though it was an accident, it turned out to be a good drill and a good measure of the security system’s effectiveness overall.[footnoteRef:8] [7: Robert McCrie, Security Operations Management, 3rd ed. (MA: Butterworth-Heinemann), 117.] [8: Holly Gilbert Stowell, “Checking in for Safety,” Security Management, 1 Aug 2018 https://sm.asisonline.org/Pages/Checking-in-for-Safety.aspx]
Overall, a system of security has to be tested in some form in order for it to be proved viable. Stowell’s example is good because it shows how even an accidental triggering of the alarm can be a way to find out how effective the response team is. The point both Stowell and McCrie make is this: no system can truly be said to provide security unless that security is somehow tested. Assumptions may be made—but assumptions are not enough to make an organization safe. Thus, there is a need for a security system’s effectiveness to be measured—and once measured the proper steps can be taken to address any shortcomings that appear as a result of the testing. That is the other good thing about measuring a security system’s effectiveness.

Security Training for Non-Security Personnel

Security training is essential for all workers because all workers play a part in keeping the organization secure—even those who have no background in security. Stowell’s example of the elementary school applies here again as well. The teachers and administrators had no formal training in security—yet they were the ones who would be tasked with maintaining a secure system. They were the ones to whom parents were entrusting their children. Thus, they were essentially the first and last line of defense. That said, the local law enforcement department was on hand and could be on the scene within minutes if something bad happened—but teacher and administrators still had to make the call and know what to do when the alarm was triggered.

For that reason, non-security personnel have to be trained in handling security risks, threats and attacks. If there is a breach, they have to know how to respond. They also have to know how to prevent breaches from occurring in the first place. Cameras and communication devices are helpful tools and that was proven in the case of the “field test” at the elementary school. However, every organization will differ and not all will use the same types of security measures. Indeed, not all will have the same types of budgeting restrictions. An organization has to be smart about how it applies security tools, how it measures their effectiveness, and how it trains non-security personnel to behave in the event of a breach and even just to keep breaches from happening in the first place.

The right tools also have to be available. Stowell shows how important the right security system can be in her example of the elementary school that obtained the new SIELOX CLASS system. It was perfect for the teachers and administrators because it did not require them to be formally trained in security. They could use their mobile devices to engage the system and receive updates and messages. The system would provide them with directions on what to do…