Leveraging Human Capital
Making Information Actionable
Managing security effectively requires a clear understanding of the changing threat landscape and continuous improvement through the integration of technology. The same technologies that operate a business (databases, surveillance systems, remote access, etc.) can be leveraged to improve security management. Integrating business silos can proactively protect companies from new threats while improving security and reducing costs.
To execute this strategy integrators must expand their thinking about value- added partnerships and provide more consulting services.
We are programmed to think of innovation in terms of product cycles (hardware or software) and not necessarily the “soft skills” in regard to our partners. I’m referring to human capital — the engineering and development teams that can integrate a new solution with your existing legacy products to provide a competitive advantage.
While sales and support teams are high priorities in partnerships, often we undervalue a strong engineering and development team. There is a tremendous amount of innovation that springs forward from open source operating systems and creative programming skills. The question is, are you, as a security integrator, taking advantage of partners with the human capital (engineering) skills to integrate a new solution to complement your business?
Physical security integrators are familiar with physical security information management (PSIM) command and control software and integrated access control solutions. These are valuable solutions, but are mostly post-incident in regard to situational awareness. A strong software engineering team with deep database experience can provide additional capabilities to an existing PSIM system through the integration of new information sets to improve overall security.
For example, consider that a human resources solution is essentially a relational database system that can match “at risk” employees (those on job performance plans) with work orders at high-risk locations, like a remote sub station in a critical infrastructure environment. Work orders issued for these unmanned locations can be matched against standard repair times, and monitored via access control systems and video surveillance. Abnormal behavior, such as extended repair times, issues a red flag. Photos from the employee database can be integrated with live video feeds for verification of identity. Perhaps the elimination of this type of work in certain situations is also desirable.
Another example would be instituting tighter controls for any employee in a chemical facility to assure that people do not have access to a combination of ingredients used to produce a bomb. This is proactive security management in a “what if” scenario model. Today’s programming tools provide this capability and are easier then ever to use by non-technical mangers and security professionals.
Most insider problems manifest themselves prior to actual criminal activity. Why not get proactive about potential risk? As crime rates increase and insider threats accelerate, the ability for security policies to keep pace is very important.
The ability to counter specific security scenarios (“What if this situation occurs…then provide this information…and/or this response”) is being deployed by innovative integrators across the country in critical infrastructure and general commercial environments.
A software application layer that integrates database silos allows a security policy to manage separate threats in a blended way. Security gaps that go unnoticed in non-integrated environments can be addressed to eliminate problems before they happen.
Security professionals need a flexible way to apply their knowledge and experience to changing threat levels. This is an opportunity for an integrator to provide new consulting services by leveraging the organization’s data to evolve security management (and PSIM) to the next level. If the recent news are any indicator, our security professionals need all the help we can give them to make information actionable.