Resilience Review: In Pursuit of ForesightGP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a43444652017-06-12T04:00:00ZMike Lauder; reviewed by Mark Beaudry, CPP<p>​</p><p><strong><strong>In Pursuit of Foresight: Disaster Incubation Theory Re-imagined.</strong> <strong>By Mike Lauder. Routledge;; 248 pages; $126.</strong>​</strong></p><p>Disasters produce both winners and losers, but most of those affected lack the analytical skill to understand why. <em>In Pursuit of Foresight </em>explores the multiple fields of study that nibble at the edges of disaster and the individuals trapped in social structures that too often fail. It merits widespread attention.</p><p>Drawing on an earlier work by B.A. Turner, this book extends Turner's thinking and develops a tool that security professionals, disaster management professionals, and risk managers can use to anticipate possible future disasters. Building on disaster incubation theory, author Mike Lauder develops a three-dimensional framework useful in developing foresight. He offers varied examples of practical usage and illustrates how updated thinking can help to avoid mistakes of dysfunctional organizational momentum. Lauder also discusses the plowman effect, which is the unintended adverse consequences of plans in place, as well as practical drift, which is the efficacy of standards and precautions reduced over time as the environment changes. Its advanced concepts use many critical thinking and emerging innovation techniques that are found today in big data analysis and analytics.</p><p>Overall, the book provides real-life information, informative theories, and concepts. It offers advice on what to expect and how to prepare for in an emergent situation. However, it is not a quick read. This book is an excellent text for disaster management professionals and anyone who is looking for a comprehensive all-hazards type text that discusses disaster mitigation. In addition, it provides a clear look at the policy process and how it works or, as is often the case, doesn't work. </p><p>This comprehensive book on disaster management includes case studies and useful updates on matters that readers will find useful in transmitting the core elements of disaster management. The critical thinking elements are relevant and helpful to those looking for an overview of disaster theory, and those who are seeking clarification of the concepts employed in the discipline. The book provides foundational information while actively engaging readers to gain a deeper understanding of the material, encouraging them to contemplate and learn more, rather than simply absorb what is given to them. The readings for each chapter create a climate for active learning, emphasizing the importance of what's being learned and how it can be applied. </p><p>In whole or in part, this book will help the public, public safety personnel, and policy makers understand why disaster policy too often is short-sighted and poorly implemented. This impressive work of scholarship makes an important contribution to disaster studies and would be an excellent text for graduate courses. Further, because the book is detailed, interdisciplinary, and reflects a broad perspective, it adds to the body of knowledge in disaster studies and theoretical research.</p><p><em>Reviewer: Dr. Mark H. Beaudry, CPP, is a frequent reviewer for Security Management and a member of ASIS.</em></p>

Resilience Review: In Pursuit of Foresight Play: Resilience & Infrastructure Review: Resilience in Asia Most Resilient Countries in the World an Active Shooter to San Bernardinoón-de-Crisis.aspx2017-04-12T04:00:00ZCinco Acontecimientos que Moldearon la Gestión de Crisis Up Resilience Road to Resilience Water Woesón-de-la-Violencia-en-América-Latina.aspx2016-10-11T04:00:00ZReducción de la Violencia en América Latina’s-Life-Safety-Lessons.aspx2016-10-01T04:00:00ZA Hospital’s Life Safety Lessons Post-Incident Concerns Trends Strategic Response Review: Crowd Science Calculus of Catastrophe After Paris and Secure After Katrina

 You May Also Like... Search of Security Metrics<p>At a major insurance company headquartered in the Midwestern United States, the assistant vice president for corporate security has used an environmental risk metric for the past 12 years to help the company decide where to place office facilities around the country. The company owns or leases hundreds of facilities across the United States. Corporate security regularly collects a suite of data, assigns weights to various factors, and develops a numeric score that places each facility into a low, medium, or high category of risk. For each risk category, written policy specifies a cluster of security measures that should be in place at the site. Exceptions can be granted, but the systematic approach results in uniformity and in efficiency in decision-making and security systems contracting. Most importantly, the metrics-based approach helps senior management understand the level of risk in site selection and make informed decisions on risk management. In addition, over time, the metrics have steered the corporation toward having a smaller percentage of its locations in high-risk sites.</p><p>This example illustrates how security professionals can use metrics to determine what works, measure the value of security operations, and demonstrate security's alignment with its organization's objectives. To help security managers use metrics more effectively, the ASIS Foundation funded research to create tools for discovering, developing, assessing, improving, and presenting security metrics. By using the tools, security professionals may be better positioned to manage their operations, measure their effectiveness, and communicate with senior management. </p><p>Metrics are measurements or other objective indicators collected over time to guide decision-making. The term is sometimes used interchangeably with measurements, analytics, and performance measures. With metrics, security managers can speak to senior leaders in familiar business language, offering measurable results that correlate with investment. Without compelling metrics, security managers and their budgets rely largely on the intuition of company leadership. </p><p>Two years ago, the ASIS Foundation implemented a new structure for assessing and overseeing security research. The first test of that structure was a proposal for research on security metrics, says Linda F. Florence, Ph.D, CPP, president, ASIS Foundation Board of Trustees. "The ASIS International Defense and Intelligence Council had a special interest in the topic, having made several presentations on metrics at the ASIS Annual Seminar and Exhibits. The council formed a vision of what the security field needed, found researchers who could perform the work, and helped the researchers develop a proposal for ASIS Foundation funding."</p><p>The Foundation Research Council approved the proposal, and the Foundation sought and received funding from the ASIS Board of Directors. The result was the ASIS Foundation Metrics Research Project. The Foundation awarded a grant to Global Skills X-Change (GSX) and Ohlhausen Research to undertake the project. GSX specializes in applying validation, measurement, and standards development techniques to produce business tools. Ohlhausen Research, Inc., conducts research in security, criminal justice, and technology.</p><h4>Depth Perception<br><br></h4><p>The project's research team consisted of the author as principal investigator; subject matter expert and former Director of Information Protection for the U.S. Air Force Daniel McGarvey; Senior Analyst Megan Poore; and Technical Advisor Lance Anderson, Ph.D.</p><p>Throughout the research, which be­gan in 2013, the ASIS Defense and Intelligence Council ensured that the security practitioner's point of view was represented by serving on the project's advisory board and expert panel.</p><p>The researchers gained insights into security metrics through a systematic review of the literature, an online sur­vey of ASIS members, and lengthy fol­low- up interviews by phone. In addition, the research team was guided by an advisory board and an expert panel composed of security professionals with experience in the use of metrics. The project was completed in the spring of 2014.</p><p>The research found many books, articles, and reports discussing reasons to use metrics, characteristics of existing metrics, and methods for communicating metrics. Among the most valuable resources on security metrics were George Campbell's <em>Measures and Metrics in Corporate Security: Communicating Business Value</em> and Mary Lynn Garcia's <em>The Design and Evaluation of Physical Protection Systems</em>, as well as numerous articles in both <em>Harvard Business Review</em> and <em>MIT Sloan Management Review</em>—the latter on business metrics generally.</p><p>This noted, most sources that examine security metrics operate at a conceptual level only. The literature has few specific strategies for developing or evaluating security metrics. Likewise, descriptions of empirically sound security metrics with statistical justification and evidence are scarce. </p><p>To uncover specific uses of security metrics and to gain an understanding of the different ways in which security professionals may be using metrics, the research team invited more than 3,000 ASIS members to participate in an online survey. The survey's 20 questions asked about metrics collection, comparison to external benchmarks, return on investment, sharing and presentation of metrics, and alignment with organizational risks and objectives. The survey also examined the particulars of metrics usage among respondents.</p><p>The 297 respondents demonstrated a high degree of interest in metrics. Of the respondents who said they are not using security metrics, 78 percent said they would use metrics if they knew more about how to create and use them effectively. More than half of all respondents asked for more information from ASIS regarding metrics.</p><p>Respondents provided the research team with a detailed view of the many ways that security professionals are using metrics today, including focusing on topics, reporting data, sharing with the C-suite, aligning with organizational risk, and using a dashboard tool.</p><p><strong>Metrics topics.</strong> Respondents were asked which aspects of the security program they measure. The top five categories were security incidents, criminal incidents and investigations, cost against budget, security training and education, and guarding performance, which includes turnover and inspections. </p><p><strong>Reporting.</strong> Eighty percent of respondents who use metrics provide their metric findings to persons outside the security department. Recipi­ents of the information include senior management (79 percent of those who share metrics outside the security department), managers of other departments (59 percent), supervisors (51 percent), and people who report to the security department (47 percent). Those who share metrics provide the information quarterly (43 percent), monthly (40 percent), or annually (17 percent).</p><p><strong>Sharing.</strong> Respondents who share metrics with C-suite personnel were asked which elements they share. The top choices were security incidents (80 percent), cost against budget (62 percent), criminal incidents and investigations (57 percent), regulatory compliance (44 percent), and risk analysis process (40 percent).</p><p><strong>Alignment.</strong> Eighty percent of respondents who use metrics said that their metrics are tied to, aligned with, or part of the larger organizational risk process or organiza­tional objectives. For example, some metrics protect the company's most important product line; other metrics may support business continuity, compliance, risk management, or client satisfaction. One respondent explained that top management sets broad goals and writes plans while se­cu­rity metrics demonstrate how effective those plans are.</p><p><strong>Dashboard tool.</strong> Forty-four percent of respondents who use metrics perform their data collection, review, or sharing via a security management dashboard tool.</p><p>This research makes it possible to clearly define security's role and contribution to the organization at the tactical, organizational, and strategic levels. The report provides a working metrics tool that can help practitioners use metrics in the most effective manner. </p><h4>In the Tool Belt<br><br></h4><p>GSX and Ohlhausen Research studied the current uses of security metrics and created several resources for practition­ers. The Security Metrics Evaluation Tool (Security MET) helps security pro­fessionals develop, evaluate, and improve security metrics. A library of metric descriptions, each evaluated according to the Security MET criteria, provides valuable resources. Guidelines for using metrics can help security professionals inform and persuade senior management.</p><p>The tools, especially the Security MET, are designed to help security managers assess and refine metrics that they are using or considering, based on an intimate knowledge of conditions at their organization, in a manner guided by scientific assessment methods. </p><p><strong>Security MET.</strong> The Security MET is meant to aid and empower the security manager, not to dictate any particular security decision. By providing a standard for scientific measurement, it offers guidance for improving the inputs that go into the security professional's own decision-making process.</p><p>The Security MET is a written instrument that security managers can use to assess the quality of specific security metrics. Users can determine whether an existing or proposed metric possesses scientific validity, organizational rele­vance (such as clear alignment with corporate risks or goals), return on investment, and practicality.</p><p>The tool was developed through a comprehensive, iterative process that involved synthesizing scientific literature, reviewing security industry standards, and obtaining input from metrics experts on the project's advisory board and expert panel. Many of the criteria come from the field of psychometrics, which is concerned with the measurement of mental traits, abilities, and processes. The psychometric literature addresses the measurement of complex human behaviors, including sources of error inherent in social and organizational situations. In addition, through its connection with legal guidelines and case law, psychometric theory provides ways to address complicated legal issues related to fairness and human error.</p><p>The tool presents nine criteria for evaluating a security metric. The criteria fall into three groups: technical, operational, and strategic.</p><p><em>Technical.</em> The technical criteria include reliability, validity, and generaliz­ability. Reliability means the degree to which the metric yields consistent scores that are unaffected by sources of measurement error. Validity refers to the degree to which evidence based on theory or quantitative research supports drawing conclusions from the metric. Generalizability means the degree to which conclusions drawn from the metric are consistent and applicable across different settings, organizations, timeframes, or circumstances.</p><p><em>Operational.</em> Operational criteria include the monetary and nonmonetary costs associated with metric development and administration, as well as timeliness and the extent to which metric data can be manipulated, coached, guessed, or faked by staff.</p><p><em>Strategic.</em> Strategic criteria include return on investment, organizational relevance, and communication. Return on investment is the extent to which a metric can be used to demonstrate cost savings or loss prevention in relation to relevant security spending. Organizational relevance is the extent to which the metric is linked to organizational risk management or a strategic mission, objective, goal, asset, threat, or vulnerability relevant to the organization—in other words, linked to the factors that matter the most to senior management. Communication refers to the extent to which the metric, metric results, and metric value can be communicated easily, succinctly, and quickly to key stakeholders, especially senior management.</p><p>A score sheet is presented at the end of the Security MET. The instrument is easy to score and imposes little to no time burden on staff. Lower scores on particular criteria show where a metric has room for improvement. </p><p>Here's an example of how the Security MET can be used to evaluate a real-life metric. At a major financial services firm, employees were being robbed of their mobile phones on the sidewalks all around the office as they came to work, when they went outside for lunch, or when they left to go home. The firm identified hot spots and times for phone theft and applied extra security measures. After reaching a maximum of 40 thefts in a two-month period, the number soon declined to zero.</p><p>Evaluating the metric with the Security MET provides some valuable insights. The metric—the number of mobile phone thefts—is highly reliable, as it is based on incident reports from employee victims, police reports, and video surveillance. Its validity appears to be confirmed by the outcome—that problem was eliminated. Collecting the data has little marginal cost, as the company already tracks and trends security incidents. Its organizational relevance is high, as it aligns with the firm's goal of attracting workers to the central business district. As for communication, it is a straightforward metric that is easy to explain. In terms of return on investment, it is hard to quantify the value of keeping employees safe and continuing to attract new employees.</p><p>Thus, while the metric appears to present a reasonable return on investment, the Security MET helps the user see that developing clear proof of ROI would be one way to strengthen this particular metric. The addition of a short survey asking employees if they feel more se­cure and would recommend the company to others would provide validation for both the solution and the metric.</p><p><strong>Metrics library.</strong> The researchers de­veloped 16 summaries of metrics currently in use in the security field. The summaries were developed primarily through telephone interviews with on­line survey respondents. The summaries may serve as examples for security pro­fessionals who are considering ways to use metrics. (See box on page 58 for a complete list of topics.)</p><p>The library presents a three- to four-page summary of each metric. In addition, each metric is evaluated by several metrics experts, using the Security MET. The metrics library is presented in the full project report.</p><p>These real-world metrics come from a variety of industries including defense/aerospace, energy/oil, finance, government, insurance, manufacturing, pharmaceuticals, real estate management, retail, security services, shipping/logistics, and telecommunications.</p><p>Some of the metrics are more sophisticated and detailed than others, providing a range of examples for potential users to consider. The metrics are not presented as models of perfection. Rather, they are authentic examples that security professionals can follow, refine, or otherwise adapt when developing their own metrics.</p><p><strong>Guidelines.</strong> A key task in this research was to develop guidelines for effectively using security metrics to persuade senior management. What would make those presentations more compelling? Several recommendations emerged.</p><p>Present metrics that are aligned with the organization's objectives or risks or that measure the specific issues in which management is most interested. One of the most important measures is return on investment (ROI).</p><p>Present metrics that meet measurement standards. A metric may be more persuasive to senior management if it has been properly designed from a scientific point of view and has been evaluated against a testing tool, such as the Security MET, or established measurement and statistical criteria.</p><p>Tell a story. If the metric is prevention-focused, a security professional can make the metric compelling by naming the business resources threatened, stat­ing the value of those resources, and describing the consequences if the event occurs. Another part of a compelling story is the unfolding of events over time. Metrics can show progress toward a specific strategic goal. </p><p>Use graphics and keep presentations short. Senior managers may be interested in only a few key measures. While security professionals may choose to monitor many metrics via a dashboard interface, they should create a simpler dashboard for senior management. Some security professionals said they limit their presentations to five minutes.</p><p>Present metric data regularly. As data ages it becomes more historical, less actionable, and thus potentially less valuable. The research does not suggest an optimal interval for sharing security metrics with senior management, but the survey shows that 83 percent of security professionals who share metrics outside the department do so at least quarterly. </p><p>Future steps for helping security professionals improve their use of metrics include a webinar sponsored by the ASIS Defense and Intelligence Council and the further development of the metrics library. Other ideas under consideration include metrics training for security practitioners, the development of a tool for creating a metric from scratch and implementing it in an organization, and the creation of a library of audited— not merely self-reported—metrics. </p><p>The best security practice is evi­dence-based; without research, practitioners must rely on anecdotal information to make decisions. The ASIS Foundation continues to seek ideas for research projects that would increase security knowledge and help security professionals perform their work more effectively. </p><p>The complete project report, <em>Persuading Senior Management with Effective, Evaluated Security Metrics</em>, is available as a free download. The 196-page report contains the full text of the Security MET, the library of metric summaries (with evaluations), guidelines for presenting metrics to senior management, the project's literature review, and detailed results of the online survey.</p><p>Florence says, "We are proud to brand this quality research with the ASIS Foundation logo and share the findings with our members and the security profession as a whole. This research will help propel security from an industry to a profession, where we belong."  <br></p><p>Peter E. Ohlhausen is president of Ohlhausen Research, Inc., and served as principal investigator for the ASIS Foundation Metrics Research Project. He is a member of ASIS.</p>GP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465 and Insurance Implications of Body Cameras<p>​<span style="line-height:1.5em;">In the wake of recent law enforcement controversies, body cameras are becoming widely adopted among police forces. Their use is beginning to trickle down to security officers, albeit slowly. But with this tool’s increasing popularity, security managers should be aware of the potential liabilities and insurance implications of such devices.</span></p><p>Whenever there is a camera in use in a public setting, the first question the public raises is that of privacy. Indeed, concerns about privacy can turn into an insurance issue if a person recorded by a body camera attempts to file an invasion of privacy suit against the guard’s security firm or the business contracting the guard. This adds a new exposure for security firms.</p><p>Body cameras cannot account for poorly trained or otherwise unskilled guards. In these cases, body cameras will increase liability, making it easier for negligent or erroneous acts to be discovered.</p><h4>Limiting Liability</h4><p>Before using body cameras, it is imperative that security managers consult legal counsel and local law enforcement. Use their guidance to determine the legality of body cameras worn by security guards and appropriate protocols and procedures for filming, video storage, and usage. Certain states have laws prohibiting such footage outright. </p><p>Security managers should then set up policies and procedures modeled after law enforcement protocols. Determine when and where guards will be recording. Are they going to keep the camera running their entire shift, or are they going to hit record when there is a security stop or transaction? Also, security managers should determine how long and where the company will store recordings and how the firm will use them. The longer the footage is kept the better, but storage space and the cost of that storage may factor into this decision.</p><p>To address privacy concerns, guards using the cameras must let members of the public know they are being recorded. All stakeholders must be informed of this decision so that they may take appropriate action. For example, a homeowner’s association should send letters out to their members informing them that security guards will be wearing cameras. The association should also change its bylaws to note that residents cannot sue the homeowner’s association or the security force for invasion of privacy.</p><p>When a client requires a contract guard service to use cameras, the contract company should request a hold harmless clause—to insulate the guard company from claims brought due to the use of these cameras. An attorney or legal counsel should assist in drafting this language and they should also consider Third Party Indemnification and Limitation of Liability clauses to further limit liability.</p><h4>Leveraging Cameras </h4><p>From an insurance perspective, body cameras will likely be a net positive for security professionals. Here are a few key reasons why: </p><p>• Guards are less likely to behave badly when their interactions are being recorded.</p><p>• Assuming a guard is well trained and acts appropriately, video footage will help insurers assess claims quickly and accurately, possibly reducing the number of frivolous excessive force claims.</p><p>• On-the-job footage can assist firms in training new guards. Ongoing training is a crucial component of reducing the severity and frequency of insurance claims. With footage captured from body cameras, security firms can demonstrate to guards both good and bad habits and transactions. This also helps identify patterns that can lead to claims before an unfortunate incident occurs.</p><p>As with most advances in security technology, body cameras should be evaluated judiciously before they are implemented. But this technology ultimately has the potential to actually ease some insurance concerns for security firms. </p><p><em><strong>Tory Brownyard</strong> is president of Brownyard Group (, a program administrator that pioneered liability insurance for security guard firms more than 60 years ago. He can be reached at or 800-645-5820.</em></p>GP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465 Role of School Resource Officers<p>​Mo Canady, executive director of the National Association of School Resource Officers (NASRO), discusses the security implications of an SRO’s role in today’s educational environment.</p><p class="p1"><i>Q. What are school resource officers (SROs) and what are some of their job functions?  </i></p><p class="p1"><b>A. </b>SROs are sworn law enforcement officers assigned by their employing law enforcement agency to work with schools. They go into the classroom with a diverse curriculum in legal education. They aid in teaching students about the legal system and helping to promote an awareness of rules, authority, and justice. Outside of the classroom, SROs are mentoring students and engaging with them in a variety of positive ways.</p><p class="p1"><i>Q. What are some of the standards and best practices your organization teaches? </i></p><p class="p1"><b>A. T</b>here are three important things that need to happen for an SRO program to be successful. Number one, the officers must be properly selected. Number two, they have to be properly trained. And thirdly, it has to be a collaborative effort between the law enforcement agency and the school district. This can’t just be a haphazard approach of, “We have a drug problem; let’s put some police officers in there and try to combat it.” It needs to be a community-based policing approach.</p><p class="p1"><i>Q. Some SROs have come under fire for being too aggressive in the classroom. What’s your take?</i></p><p class="p1"><b>A. </b>There have been a handful of incidents that have played out in the media. But, it is up to the investigating agency to determine right and wrong. I’ve been very happy with the fact that the majority of those officers involved in these incidents have not been trained by us.</p><p class="p1"><i>Q. How does NASRO train officers to deal with potential threats? </i></p><p class="p1"><b>A. </b>In our training, we certainly talk about lockdown procedures and possible responses to active shooter situations, but we don’t get too detailed. It’s really up to each agency to make those kinds of decisions. In the case of an active shooter, I don’t believe most SROs are going to wait for additional backup to get there. Most of them are so bought into their schools and their relationships with their students, that if they hear gunfire, they’re going to go try to stop whatever is happening. </p><p class="p1"><i>Q. Do SROs consider themselves security officers? </i></p><p class="p1"><b>A. </b>We’re engaged in security and it’s a big part of what we do—but it’s just one piece of what we do. Sometimes when people think about physical security, the idea of relationship building doesn’t necessarily come in there, and yet it’s the lead thing for us. We know that through those relationships, if we’re building them the right way, we may get extremely valuable information from students, parents, faculty, and staff. It’s what leads to SROs in many cases being able to head off bad situations before they happen.</p>GP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465