Resilience

 

 

https://sm.asisonline.org/Pages/The-Road-to-Resilience.aspxThe Road to ResilienceGP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a43444652017-02-01T05:00:00Zhttps://adminsm.asisonline.org/pages/mark-tarallo.aspx, Mark Tarallo<p>Of course, 100RC had neither the resources nor staff to partner with 10,000 cities. But organization leaders argued that its 100 member cities could be models for institutionalizing resilience—that is, embedding resilience thinking into all the decisions city leaders make on a day-to-day basis, so that resilience is mainstreamed into the city government's policies and practices. Other cities could then adapt the model to fit their own parameters, and institutionalized resilience would spread throughout the world. </p><p>Toward this aim, 100RC recently released a report that discusses three case studies of institutionalizing resilience in New Orleans, Louisiana; Melbourne, Australia; and Semarang, Indonesia. </p><p>For all cities that 100RC works with, the organization provides funding to hire a new executive, the chief resilience officer (CRO). The group also advocates that member cities take the "10% Resilience Pledge," under which 10 percent of the city's annual budget goes toward resilience-building goals and projects. So far, nearly 30 member cities have taken the pledge, which has focused more than $5 billion toward resilience projects.</p><p>Of the three case study cities, New Orleans may be most known as a jurisdiction that has had to recover from repeated recent disasters, including Hurricanes Katrina and Isaac and the Deepwater Horizon oil spill. Given these experiences, New Orleans was one of the first cities to release a holistic resilience strategy, which connected resilience practices to almost all sectors of the city, including equity, energy, education, and emergency planning.</p><p>The strategy, Resilient New Orleans, has three underlying goals: strengthen the city's infrastructure, embrace the changing environment instead of resisting it, and create equal opportunities for all residents. </p><p>To better implement the strategy, New Orleans CRO Jeff Hebert was promoted to the level of first deputy mayor, and departments were joined to unite resilience planning with key sectors like water management, energy, transportation, coastal protection, and climate change.</p><p>Once this reconfiguration was complete, the city took several actions. It created the Gentilly Resilience District, which is aimed at reducing flood risk, slowing land subsidence, and encouraging neighborhood revitalization. The resilience district combines various approaches to water and land management to move forward on projects that will make the area more resilient. The city will also train some underemployed residents to work on the projects. </p><p>In addition, New Orleans leaders are developing and implementing new resilience design standards for public works and infrastructure, so that efforts to improve management of storm water and multi-modal transit systems will be included as standard design components.</p><p>Melbourne has its own challenges. Situated on the boundary of a hot inland area and a cool Southern Ocean, it can be subject to severe weather, such as gales, thunderstorms and hail, and large temperature drops. Governmentally, it is a "city of cities" made up of 32 local councils from around the region, so critical issues such as transportation, energy, and water systems are managed by various bodies, complicating decision making.</p><p>City leaders created the Resilient Melbourne Delivery Office, which will be hosted by the City of Melbourne for five years, jointly funded by both local and state governments. The office—an interdisciplinary team of at least 12 people, led by the CRO Toby Kent—is responsible for overseeing the delivery of the resilience strategy.</p><p>The strategy has four main goals: empower communities to take active responsibility for their own well-being; create sustainable infrastructure that will also promote social cohesion; provide diverse local employment opportunities to support an adaptable workforce; and ensure support for strong natural assets.</p><p>For Semarang, a coastal city in an archipelago, water is the main focus of sustainability. Factors like a rise in sea levels and coastal erosion have increased the negative impact of floods.</p><p>These impacts can challenge the city in many ways. Thus, for its resilience strategy, Semarang leaders focused on building capacities, including more economic opportunity, disaster risk management, integrated mobility, and sustainable water strategies.</p><p>In Indonesia, like many other Asian countries, the national government sets the goals and parameters for much of the development that takes place at the local level. Thus, Semarang leaders worked with members of the Indonesian Parliament to educate them on the city's existing resilience strategy, and to integrate the city's findings and insights into Indonesia's National Development Plan.</p><p>These coordination efforts bore fruit in the establishment of projects like a bus rapid transit system, which had strong support from the national government. The system has already been implemented in several main corridors and will be expanded. It is expected to offer insight and experience in cross-boundary resilience-related travel.</p><p>As 100RC cities look to institutionalize resiliency, the organization is also helping members improve their emergency management programs. The group is partnering with the Intermedix Corporation, which will help some member cities assess their current emergency management programs, and develop a blueprint for addressing gaps in the program and meeting resiliency goals.</p><p>"As new and complex problems and challenges arise, it's becoming more and more important for cities to look outside of their own organizations for the expertise and solutions required to meet and overcome these challenges," says Michael Berkowitz, president of 100RC. ​​</p>

Resilience

 

 

https://sm.asisonline.org/Pages/The-Road-to-Resilience.aspx2017-02-01T05:00:00ZThe Road to Resilience
https://sm.asisonline.org/Pages/World-Water-Woes.aspx2017-01-01T05:00:00ZWorld Water Woes
https://sm.asisonline.org/Pages/Reducción-de-la-Violencia-en-América-Latina.aspx2016-10-11T04:00:00ZReducción de la Violencia en América Latina
https://sm.asisonline.org/Pages/A-Hospital’s-Life-Safety-Lessons.aspx2016-10-01T04:00:00ZA Hospital’s Life Safety Lessons
https://sm.asisonline.org/Pages/Five-Post-Incident-Concerns.aspx2016-09-01T04:00:00ZFive Post-Incident Concerns
https://sm.asisonline.org/Pages/Resilience-Trends.aspx2016-09-01T04:00:00ZResilience Trends
https://sm.asisonline.org/Pages/A-Strategic-Response.aspx2016-08-01T04:00:00ZA Strategic Response
https://sm.asisonline.org/Pages/Book-Review---Crowd-Science.aspx2016-07-01T04:00:00ZBook Review: Crowd Science
https://sm.asisonline.org/Pages/The-Calculus-of-Catastrophe.aspx2016-06-01T04:00:00ZThe Calculus of Catastrophe
https://sm.asisonline.org/Pages/Planning-After-Paris.aspx2016-03-01T05:00:00ZPlanning After Paris
https://sm.asisonline.org/Pages/Smart-and-Secure.aspx2016-01-19T05:00:00ZSmart and Secure
https://sm.asisonline.org/Pages/Resilience-After-Katrina.aspx2016-01-11T05:00:00ZResilience After Katrina
https://sm.asisonline.org/Pages/Extreme-Resilience.aspx2016-01-07T05:00:00ZExtreme Resilience
https://sm.asisonline.org/Pages/The-FEMA-Five.aspx2016-01-06T05:00:00ZThe FEMA Five
https://sm.asisonline.org/Pages/Constructing-Resilience.aspx2015-11-01T04:00:00ZConstructing Resilience
https://sm.asisonline.org/Pages/Travel-Safety-Goes-Global.aspx2015-10-13T04:00:00ZTravel Safety Goes Global
https://sm.asisonline.org/Pages/Book-Review---Long-Term-Community-Recovery-from-Natural-Disasters.aspx2015-10-01T04:00:00ZBook Review: Long-Term Community Recovery from Natural Disasters
https://sm.asisonline.org/Pages/Preparing-for-Protests.aspx2015-09-11T04:00:00ZPreparing for Protests
https://sm.asisonline.org/Pages/Revisiting-Response.aspx2015-07-21T04:00:00ZRevisiting Response
https://sm.asisonline.org/Pages/Five-Incidents-That-Shaped-Crisis-Management.aspx2015-06-29T04:00:00ZFive Incidents That Shaped Crisis Management

 You May Also Like...

 

 

https://sm.asisonline.org/Pages/The-Road-to-Resilience.aspxThe Road to Resilience<p>Of course, 100RC had neither the resources nor staff to partner with 10,000 cities. But organization leaders argued that its 100 member cities could be models for institutionalizing resilience—that is, embedding resilience thinking into all the decisions city leaders make on a day-to-day basis, so that resilience is mainstreamed into the city government's policies and practices. Other cities could then adapt the model to fit their own parameters, and institutionalized resilience would spread throughout the world. </p><p>Toward this aim, 100RC recently released a report that discusses three case studies of institutionalizing resilience in New Orleans, Louisiana; Melbourne, Australia; and Semarang, Indonesia. </p><p>For all cities that 100RC works with, the organization provides funding to hire a new executive, the chief resilience officer (CRO). The group also advocates that member cities take the "10% Resilience Pledge," under which 10 percent of the city's annual budget goes toward resilience-building goals and projects. So far, nearly 30 member cities have taken the pledge, which has focused more than $5 billion toward resilience projects.</p><p>Of the three case study cities, New Orleans may be most known as a jurisdiction that has had to recover from repeated recent disasters, including Hurricanes Katrina and Isaac and the Deepwater Horizon oil spill. Given these experiences, New Orleans was one of the first cities to release a holistic resilience strategy, which connected resilience practices to almost all sectors of the city, including equity, energy, education, and emergency planning.</p><p>The strategy, Resilient New Orleans, has three underlying goals: strengthen the city's infrastructure, embrace the changing environment instead of resisting it, and create equal opportunities for all residents. </p><p>To better implement the strategy, New Orleans CRO Jeff Hebert was promoted to the level of first deputy mayor, and departments were joined to unite resilience planning with key sectors like water management, energy, transportation, coastal protection, and climate change.</p><p>Once this reconfiguration was complete, the city took several actions. It created the Gentilly Resilience District, which is aimed at reducing flood risk, slowing land subsidence, and encouraging neighborhood revitalization. The resilience district combines various approaches to water and land management to move forward on projects that will make the area more resilient. The city will also train some underemployed residents to work on the projects. </p><p>In addition, New Orleans leaders are developing and implementing new resilience design standards for public works and infrastructure, so that efforts to improve management of storm water and multi-modal transit systems will be included as standard design components.</p><p>Melbourne has its own challenges. Situated on the boundary of a hot inland area and a cool Southern Ocean, it can be subject to severe weather, such as gales, thunderstorms and hail, and large temperature drops. Governmentally, it is a "city of cities" made up of 32 local councils from around the region, so critical issues such as transportation, energy, and water systems are managed by various bodies, complicating decision making.</p><p>City leaders created the Resilient Melbourne Delivery Office, which will be hosted by the City of Melbourne for five years, jointly funded by both local and state governments. The office—an interdisciplinary team of at least 12 people, led by the CRO Toby Kent—is responsible for overseeing the delivery of the resilience strategy.</p><p>The strategy has four main goals: empower communities to take active responsibility for their own well-being; create sustainable infrastructure that will also promote social cohesion; provide diverse local employment opportunities to support an adaptable workforce; and ensure support for strong natural assets.</p><p>For Semarang, a coastal city in an archipelago, water is the main focus of sustainability. Factors like a rise in sea levels and coastal erosion have increased the negative impact of floods.</p><p>These impacts can challenge the city in many ways. Thus, for its resilience strategy, Semarang leaders focused on building capacities, including more economic opportunity, disaster risk management, integrated mobility, and sustainable water strategies.</p><p>In Indonesia, like many other Asian countries, the national government sets the goals and parameters for much of the development that takes place at the local level. Thus, Semarang leaders worked with members of the Indonesian Parliament to educate them on the city's existing resilience strategy, and to integrate the city's findings and insights into Indonesia's National Development Plan.</p><p>These coordination efforts bore fruit in the establishment of projects like a bus rapid transit system, which had strong support from the national government. The system has already been implemented in several main corridors and will be expanded. It is expected to offer insight and experience in cross-boundary resilience-related travel.</p><p>As 100RC cities look to institutionalize resiliency, the organization is also helping members improve their emergency management programs. The group is partnering with the Intermedix Corporation, which will help some member cities assess their current emergency management programs, and develop a blueprint for addressing gaps in the program and meeting resiliency goals.</p><p>"As new and complex problems and challenges arise, it's becoming more and more important for cities to look outside of their own organizations for the expertise and solutions required to meet and overcome these challenges," says Michael Berkowitz, president of 100RC. ​​</p>GP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465
https://sm.asisonline.org/Pages/Seeing-the-Risk-Through-the-Trees.aspxSeeing the Risk Through the Trees<p>​</p><p>THE FIRST STEP TOWARD SOLVING—or preventing—any crime is to think like the criminals, beginning with what motivates them. When it comes to common thieves, that’s easy; they are motivated by the desire for money. But for violent nonfinancial crimes, understanding the motivation can be far more challenging.</p><p>I experienced this firsthand in the early 1990s, while running the Special Investigations Unit for the Ohio Bureau of Criminal Investigation. My team and I were tracking a serial rapist with a fetish for elderly women. He haunted small towns in rural areas, and during more than eight months he claimed 13 victims. We needed to understand our attacker if we wanted to anticipate his next move. To that end, an 18-page questionnaire was developed looking for anything the victims had in common: where they shopped and banked; who provided their lawn service; what clubs they frequented; who their family doctors were.</p><p>We used the answers to build an investigative “attack tree” that revealed the commonalities shared by the victims, and provided clues to the attacker’s goal and his modus operandi. Through this process, we were able to solve the case.</p><p>Any company can use the same attack tree methodology to mitigate risks, such as a terrorist attack, by thinking like the would-be attacker and anticipating what he or she might do. That information can be used to develop the appropriate countermeasures.</p><p>Attack trees are simply a visual display of the answer to the question: How would the criminal commit a crime—whether it’s a theft, a rape, a hack into a computer system, or the planting of a bomb. The branches of the tree illustrate the different scenarios and the steps physically taken to accomplish the task.</p><p>Filling Out the Branches<br>In laying out an attack tree, the overall goal of the attacker is considered the trunk and the steps that he or she would take become the branches. Once a security director has thought of the overall threat and laid out the possible ways it could be carried out, the next step is to assess the probability that it might occur—the level of risk. Ultimately, the risk may be handled in four different ways: accepted, transferred, eliminated, or reduced.</p><p>A security professional may determine that the risk is low, and the company may decide to accept it. But a corollary consideration is the consequence of an act; if the act is low probability but high consequence, as is the case with terrorism, that will affect the calculation of whether accepting the risk is a reasonable course of action. Calculating the risk of a terrorist attack is further complicated by the difficulty of obtaining reliable intelligence.</p><p>Using attack tree methodologies, our security team at a major utility looked at our potential adversaries with the limited intelligence provided by the U.S. Coast Guard and our own staff. The trunk of the tree—the attackers’ goal—was assumed to be to disrupt power. We then explored methods of attack that could be used against our critical areas to achieve that goal, such as ramming a gate with a vehicle; cutting a fence; approaching by a boat on the river; or posing as a delivery driver to place a vehicle borne improvised explosive device (VBIED) near a critical asset.</p><p>We then “pruned” our trees by factoring in the already existing risk-reducing measures, such as intrusion detection systems, lighting, perimeter fencing, and signs. In consultation with government agencies, we assessed the extent to which our measures had sufficiently reduced the risk and whether additional measures were needed.</p><p>The pruning process took into account that the trunk, or goal, is to disrupt power. If we look at the branch exploiting a vulnerability of approaching by boat from the water and gaining access to our facility, the next leaf would involve damaging a critical piece of equipment to obtain the result. In order to prune this branch, we installed fencing along the waterway with intrusion detection to alarm to our guard posts in an effort to detect an intrusion along several miles of the channel.</p><p>Planting Your Tree<br>While there are several models and even some software that you can use to help you in the attack tree process, in the beginning, you might want to follow this general rule: the simpler, the better. Start by assembling several members of your team in a room with a whiteboard or flip chart. At the bottom center, draw a box and insert what the goal of a terrorist attack against your company’s facilities might be. For a mall or other public venue, it might simply be to terrorize the population. For a strategic facility, it may be to disrupt services, to contaminate food or water supplies, or to cause economic damage.</p><p>Once you have placed the ultimate objective in the bottom box, ask your team the oldest security question known to man: “How would I do that?” For example, if terrorists are the adversary, the overall goal is to kill as many people as possible. As the security director for a mass transit subway, you have to place yourself in the terrorists’ shoes, and build your tree accordingly. If you were the terror cell, how would you accomplish your goal?</p><p>In answering the question, you would look at the recent history of events. For example, history has shown that terrorists may choose backpack bombs with cellphone detonators or timing devices; or they might pick suicide bombers, or chemical agents, or perhaps other methods that you and your team could visualize.</p><p>Each method becomes a branch. Place those in individual boxes connected to the bottom box and you have begun the formation of your tree. Repeat the steps of asking “how would I do that” over again for each “branch” of your tree, and continue to expand the possibilities. Once you have exhausted your avenues of attack, your tree is completed. You can then create another tree simply by changing the ultimate goal in the bottom box.</p><p>Leaves. As one becomes more proficient with the trees, there are several complex formulas, or “leaves,” that can add value. One leaf is the risk tolerance of the attacker. Another is his or her financial capability. These additions play a valuable role as a security team contemplates risk-reduction measures. For example, signs warning of surveillance might give pause to a terrorist who wants to case a utility plant without being detected; they would not deter a suicide bomber.</p><p>Pruning the Tree<br>A completed tree needs “pruning,” or an examination of the potential threats that have been identified and how they might be mitigated by existing or new protective measures. Each branch that starts in row two above the bottom box can be pruned. The thought here is to find logical places on that branch where you could apply—or where you have already put in place—security measures to reduce that risk.</p><p>When considering items to prune your tree, look into the box and determine which system makes the most sense from the perspective of cost and applicability.</p><p>Cost-effectiveness. Your team should scrutinize whether the deployment of one system could prune several branches of the tree, thus improving the cost-effectiveness of the countermeasures. In the example of the utility facility, our team identified seven ways to gain entry to a site and then complete the overall goal of service disruption. In examining our tree, four of the seven ways to gain entry involved breaching our perimeter fence, by cutting the fence, ramming the gate, cutting the lock at the gate, or climbing over the fence and barbed wire.</p><p>By placing an intrusion alarm system on the fence, we were able to effectively mitigate all four possible branches. Similarly, if you are working on multiple attack trees simultaneously, you may gain a significant benefit to several trees from deploying a single appropriate system. In deterring terrorist attacks by hardening an asset, you also make it much more difficult for a burglar to gain entry, for example. In the utility sector, the installation of an intrusion detection system at some substations to prevent terrorist attacks also helps prevent copper thieves and vandals from entering the property undetected.</p><p>Group think. As you experiment with the use of the attack tree methodology, try breaking your team into several subgroups and assigning each subgroup a different goal for the trunk of each tree. After building out the branches, bring the whole group back together, have each subgroup present its tree, then work on strategies to collectively prune the attack paths by deploying a similar strategy or system.</p><p>The value added in these exercises is derived from an enterprise-wide security approach that can be helpful in solidifying objectives—especially in a convergence model where pockets of isolationism and standalone mentalities can exist.</p><p>Mature Trees<br>Once you have completed several attack trees with your team and feel comfortable with the process of deploying effective strategies to prune the branches, you may wish to expand your knowledge base and experiment with advanced methodologies.</p><p>In traditional risk modeling, consequence and probability are core elements. One can use the same principles to enhance attack tree modeling. Start by examining the overall goal at the trunk and use a standard model to evaluate probability of the event occurring. Use a numeric scale from 1 (very low) to 10 (very high) to estimate the possibility that the mode of attack against an asset will occur in the foreseeable future.</p><p>The consequence axis requires a definition as to which score you will apply. It is typical to view consequence in terms of dollars to replace stolen property, lost revenue, capital replacement costs, loss of life, or loss of reputation. If your consequence model is based solely on loss of life and your event is a large theft, your consequence rating may be zero. Conversely, if your model is based on capital replacement costs and your scenario is workplace violence, your score will be very low.</p><p>A blended model that factors in both loss of life and a cost estimate for revenue is more useful. Once you have chosen your consequence variable, you can assign it a numeric rating similar to the probability scale. Next, you should go to each box on your tree and label it with the scores for probability (P) and consequence (C). This process will highlight the most probable and severe attacks and will aid you in applying risk reduction strategies in a priority order.</p><p>To work with the mature tree further, look at adversaries and attempt to understand their relation to the model. A utility has to protect against sabotage from disgruntled workers and theft of assets for monetary gain, for example, in addition to terrorist attacks. This becomes important as we look at which security systems to deploy and their potential effectiveness.</p><p>On several occasions, we were faced with the theft of high-dollar computer equipment stolen from unstaffed remote facilities. By examining the crime scene, a lot can be learned about the thief. How was entry gained? Was a key used at the gate, was the lock cut, or was a chain used to pull the gate off the hinges? How was entry into the building achieved? Was the lock picked or was the door beaten in with a sledgehammer?</p><p>After examining these traits, effective strategies can be developed that match the skills of the adversary. A loud alarm might be enough to deter someone who uses a chain and a sledgehammer, while a more sophisticated system may be needed to deter someone with the skills to pick locks.</p><p>Based on these details, one can flesh out the attack tree by marking different paths that different adversaries may take, and then deploying tailored strategies to stop them. A simple scenario illustrating this methodology is a company-owned warehouse in an area that has suffered several break-ins. The particular warehouse, which houses electronic components that could be used to make bomb detonators, has not been hit yet, but the company is aware of the threat, and security personnel are debating how to protect against it.</p><p>Local police and other security directors representing victimized area businesses have been consulted about any previous crimes in the locale. Important information has been gleaned: There have been three burglaries inside of a month within five miles of the still-virgin warehouse. Each theft involved high-value small electronic devices similar to those in the company’s warehouse. In two instances, the thieves used a torch to cut the hinges on a roof hatch to gain entry, and in one case, they picked the lock on the front door. Each time they exited from the loading dock in the rear.</p><p>An attack tree grows rapidly out of such details. The trunk (showing the thief’s goal) is the acquisition of pricey electronic units. Due to the number of incidents in the area, there is a high probability of the warehouse being targeted. The consequence score is up because of the potential dollar loss. Risk is, therefore, red hot.</p><p>The tree can be filled out by adding different attack strategies. The thieves are not garden-variety; they used tools to cut their way in from the roof and picked locks, suggesting a certain amount of professional skill.</p><p>Other scenarios can be added, such as rocks being thrown through the glass doors in front, or a chain being tied to the bumper of a truck and the door being ripped from its hinges.</p><p>Then prune the tree with the necessary risk-reducing measures, such as alarm systems, surveillance cameras, or maybe security guards. The warehouse is now set to be safeguarded, and potential thieves tracked should an incident occur.</p><p>A Weakness in the Tree<br>Looking at attack trees from a homeland security perspective reveals a weakness in the methodology. Sweeping terrorist goals, such as the destruction of the U.S. economy, produce very large trees. More specific and credible scenarios need to be imagined. That can be difficult but it doesn’t mean that the attack tree methodology cannot be adapted to this task. The Nuclear Regulatory Commission, for example, has used scenario-based attack trees for years.</p><p>The use of attack trees is by no means the single solution for today’s security environment. However, in the never-ending attempt to manage risk, the use of attack trees can help companies to weed out vulnerabilities and ensure that countermeasures are rooted in solid ground.</p><p>Ted Almay is assistant vice president of corporate security at the United Services Automobile Association (USAA). His previous posts included stints as the managing director of security for American Electric Power (AEP), America’s largest electric producer, and superintendent of the Ohio Bureau of Criminal Investigation. He is a member of ASIS.<br></p>GP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465
https://sm.asisonline.org/Pages/Five-Post-Incident-Concerns.aspxFive Post-Incident Concerns<p>​<span style="line-height:1.5em;">On June 12, 2016, a gunman shot 102 people in an Orlando, Florida, nightclub, killing 49. Agencies, both government and private, must be prepared to recover from such major incidents. Following are five issues that should be considered when crafting post-incident plans.</span></p><p><strong>1. COUNSELING.</strong> Identify a list of counselors for the living victims, family members of the deceased, and other persons who were directly or indirectly involved with the incident. This includes first responders. (In this case, where the gay community was targeted, special emphasis was placed on their needs.) Counselors can include certified therapy animals and their trained handlers. Providing privacy and personal time for the families and friends of the victims in their time of grief is crucial. It is also important to shield those who ask for privacy from the media.  </p><p><strong>2. BUSINESSES. </strong>Access must be granted to the area surrounding the incident so that local businesses can resume operation as soon as possible. The crime scene should be processed in a timely manner to allow the community to return to a feeling of normalcy and business as usual.</p><p><strong>3. COMMUNITY AWARENESS.</strong> The use of the friendly and concerned media can help keep the community informed and involved. Holding frequent press conferences and meetings with the community and its leaders conveys that agencies plan to be open about the incident and the follow-up.</p><p><strong> 4. DEBRIEFING.</strong> Ensure that all victims, witnesses, and responders are fully interviewed in a humane and caring way. This will assist the lead agency in trying to reconstruct the incident and come to a fuller understanding of its causes and outcomes.</p><p><strong>5. PLANNING.</strong> Continue to work within the community to plan for possible future incidents, identify possible soft targets, educate the public on the appropriate response to such an attack, work with the public on developing strategic response plans, and communicate openly with all involved.</p><p>--<br></p><p><em><strong>H.R. "Hank" Nolin, CPP,</strong> is a retired U.S. Army Master Sergeant who has owned various security agencies in Central Florida. He is an active member of the ASIS Military Liaison Council.</em></p>GP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465