3 W (Wares) in security management

1. Introduction

1.1. A well-known state security company in my country is in favor of focusing on 3 people, methods and machines in their safety management practice. In my opinion, this is another way: 3 Wares - (1) Hard Ware - access control and video surveillance systems, etc., (2) Soft Ware - security systems and processes, policies and procedures, and (3) People Ware, Management, employees, customers and security staff. Together, the three Ws form a coherent whole of security management in the organization.

2. Difficult technical support to support security

2.1 When we discuss hardware, we are often fascinated and dazzled by the availability of modern and up-to-date safety equipment and machines offering the best technology. In any case, my view often focuses on the real need for technology, not technology, to support security. Below, I tried to talk about the prospects for deploying Hardware with some examples from my previous assignments as a Security Manager.

2.1.1 Eight years ago, when I took the post of Security Manager with a public company, we studied the topics of integration and interaction of security systems and equipment.

2.1.2 Human Resource (HR) wanted the access control system to be able to support time management and payroll. A study has already been conducted on the security market integrating the access control system to the security system and the video surveillance system with the personnel management payroll / time management, inventory control and delivery functions.

2.1.3 The problem of reinstalling cables in case of need for reconfiguring access control, video surveillance and alarm systems made us think about various other parameters, such as wireless technology, existing telephone and network cable systems. We also selected vendors who ever wanted to customize their security system to use all existing, efficient systems to reduce the cost of reconnecting and installing hardware.

2.1.4. My company was the first among the manufacturers of compact discs for the use of a pass-through metal detector made by hand-held scanners. We considered the possibility of introducing RFID chips into our CD to prevent internal theft. The use of X-ray machines has also been studied.

2.1.5. To prevent unauthorized replication of punchers - master forms for replicating CDs and DVDs; we came up with a technology to measure the amount of electricity consumed in order to connect it with the number of dies produced. Security has documented daily views from the Stamper room to count the number of stamps produced or NCMR (Non Conforming Material Rejects) with the power consumption recorded on the meter installed on the replication machines.

2.1.6 We studied not only the execution of file registration by pressing keys on computers used in the Stamper room, but also off-site monitoring, in order to detect the falsification of this data on the end-user site.

2.1.7. The biometrics technology was then considered cumbersome, since it slowly controlled the access of a large number of employees moving in and out of the restricted areas. But it was useful in controlling access to small promises, such as a stamping lab, MIS and WIR storage, as well as access to sensitive computer workstations.

2.1.8. In order to control the long-term problem of combining in the central entry / exit points, we not only use CCTV coverage, but also install a turnstile with access control.

2.1.9. We used a computer system with outdated barcode technology to track production and remove / destroy stampings along with manual entries.

2.1.10 We used access control readers and perimeter surveillance cameras to replace the security system. We not only reduce the cost of acquiring and maintaining a separate clocking system, but the use of motion detection detectors and access control devices effectively controls the protection of patrols on concessions.

3. The Soft Ware - additional industrial needs:

3.1. My study of the subject “Software” more obliquely relates to the provision of security audits and consulting services. However, I am convinced that it also applies to those security professionals who manage security in business and commercial organizations. I believe that a more proactive approach and ingenuity and a deep understanding of industrial needs are important components if we succeed in this rapidly changing area of ​​interaction with IT, technology and security. In this regard, it would be better if the security management company had its sustainable security management practitioners who are not only resourceful, but also realistic and sensitive to the prevailing needs of the market in general and the requirements of customers in particular. We sell only what our customers buy.

3.2. In a real business sense, even more reputable security management companies in my country Singapore have not yet created a domain for themselves as a solution provider and Total / One Stop security services. The common impression of some companies with a notched security label is that they are organizations that are supplied by armed and unarmed uniformed guards. I am all for the idea that there should be more opportunities to improve synergies in these organizations. Most often, there are deliberate suspensions of the fact that each internal body of security management companies focuses more on their own sectional interests and competes with each other for limited internal resources, and that often the right hand does not know what the left hand means.

3.3 I use the example of one security management company that I once served. At its institution there is the Security Consulting Department (SC), which for many years worked under the stigma that it is money that is losing legal force. From another point of view, why can't SC be considered a door opener for other services? Through SC, which protects the bridgeheads, their customers had to learn about other security services available in their parent organization. It is significant that a security audit will lead to recommendations and implementation, when other services are also sold. Consultants should not be ashamed or feel they should be impartial when it comes to selling other services provided by their own company, provided that these services are also competitive with other competitors in the market. For example, SC can help sell debugging services to its investigative unit in its security advice with its clients. (Conversely, research as part of its corporate incitement may also encourage its clients to conduct security checks offered by SC).

3.4. The security consultation itself should also be maximally satisfied with the needs of clients and not give the impression that they are guilty of using industrial templates. In my experience, for example, some customers — contract manufacturers — are guided by the principles of their managers to have a robust and comprehensive security management program to protect their products and services. Microsoft, with what I had in my previous job, is one such example where it has a strict set of security requirements for contract manufacturers, who also undergo periodic preliminary informed and unexpected security audits. Visa, another example, also has a very professional set of certification programs for its suppliers, so the prestige in the industry has become prestigious in the field of VISA certification (for which an annual fee of $ 45 thousand. US dollars is charged by VISA). Along the way, some customers use the security system as a power booster when selling their services, especially in IP-related areas, to get more sales from their directors. This is an additional dimension that we must consider instead of the traditional defensive and defensive approach, which is tilted against counter-offenders / external threats.

3.5 Another point to be remembered by the Security Consultant is the need to pay some attention to the work or production processes of clients when reviewing and recommending their security programs. This is why frequently used security templates are insufficient to accomplish this goal. Consultants in their initial threat analysis should critically identify, prioritize, and prioritize security vulnerabilities of their clients. Organizations — regardless of whether they are inside or not, and recommend and develop security solutions accordingly. In most cases, the problem arises because of internal embezzlement of employees, sabotage and other work-related abuses, but most often the recommendations are mistakenly aimed at protecting against intruders. And taking into account the safety of products and services, one should pay attention to at what point in the production process the product collects street value and becomes vulnerable to theft. One example of safety recommendations for a product cycle or production process is the introduction of a traveler’s log, which monitors the flow of products from one point to another, documents and authenticates their proper handling and reception at each station. Another task is to pay attention to the handling and disposal of NCMR - inconsistency of materials Deviations or waste.

3.6 A successful security management program will never be completed without a full set of security guidelines — encapsulating all security policies and detailed security procedures. Therefore, the initial drafting of this manual is important because it is designed to ensure the continuity of the entire safety management program throughout the life of the organization, regardless of changes in security management and personnel. In addition, management should be regularly reviewed and updated to meet changes and new problems in the operating environment. All decisions that affect the fulfillment and execution of security at meetings should be clearly documented and, when possible, reflected in the form of changes or amendments to the existing security guidelines that contain policies and procedures. This is the essence of the Software Security Aspect.

4. People Ware - the backbone of security.

4.1 And, often, People Ware leads to the destruction of the entire security management system, despite the availability of better hardware and software. In my security implementation in my previous company, to solve the problems caused by the People Ware factor, I paid great attention to the following:

4.1.1. Security must be fully supported by the Office, which means that there is a direct reporting line between Security Management and Top Management. (I reported to the CEO on previous positions as a security manager).

4.1.2. There should be a sense of belonging to executive levels - head of departments - when it comes to implementing security. For example, in my previous company, I organized a weekly meeting on security issues and coordination of operations, in which the heads of departments discussed security issues and approved security procedures. (I actually maintained part of the security at the Ops weekly meeting, forcing GM to lead the plant, otherwise I would never have succeeded in gathering all the department heads to discuss security issues.)

4.1.3. Awareness-raising programs are regularly held to distribute them among employees, for example, in orientation and induction programs for conducting safety briefings for new employees, including regular publication of safety notices and posters.

4.1.4. Security forces — whether internal employees or agency tenants or their matrix, must be highly motivated and trained to ensure that procedures and security measures are followed. There is careful control of the security forces and regular dialogues with Agency representatives to ensure that the workforce is kept at the top.

4.2. In providing occupational safety and health services, customers are often guided by the desire to source for low cost initially. But with the prices of the rapids, clients had to understand that they did not receive quality services. Then they will soon realize that they will have to bear the inconvenience associated with the need to change the security agencies from time to time when they lack their services or the provision of non-standard labor resources. Thus, we need to train a client who, for a premium class, over other service providers receives valuable services - trained and trained men, minimal disturbances caused by a trump, and a round-the-clock open land line to communicate with a senior security officer. Easier said than done? In my experience, standing on both sides of the fence, as a security agency operator and security manager, the key figure is the middle-level manager and leader. After all, the quality of the security force is always predictable and limited by the supply pool in the security industry. Operations managers, a land agency manager, or manager make the difference — being willing to maintain good relationships with their customers, respond quickly to their needs, and have good resourcefulness in motivating guards and manipulating numbers to meet scarcity and sharpness.

4.3 Thus, the emphasis should be based on not desperately securing new contracts and losing them as quickly as you caught them. Rather, efforts should be based on securing existing jobs, consolidating and improving them, so that customers continue to use the services, despite the higher price. Only after that, with the growth of reputation and trust, could new contracts be obtained.

4.4 When I was in the States attending the AMD Security Manager workshop, professionalism and ability evolved from agency security forces that impressed me. I felt that they were proud of their work and were closely associated with the company - AMD - which attracted them more as contract personnel. The answer, which I learned later, lied in the philosophy of rational management, translated into practical ground-based performance, which they proudly call the "affiliate program." In accordance with this program, guard forces were treated as if they belonged to AMD, discrimination between them and regular employees was minimized, and they were made to participate in the company's sports and social programs. And, returning to Singapore, practicing from my end as a Security Manager, I tried to imitate this program with security forces provided by the Agency both in form and substance. This worked to a certain extent, since I managed to keep one agency for many years, and he had several loyal guards who decided to stay at their post for a long period. Example: when I took it upon myself, I reworked all the security officers, from guards to security officers, even refusing the security post as a security message. It was a real morale, and it worked well to be more active in checking employees and adhering to their roles and functions.

5. Conclusion

5.1 Safety is more of an animal art than a complex science, because it covers so many variables that it allows you to overcome so many disciplines from understanding technology, work processes, public relations, marketing, and people's skills. By effectively integrating the three Ws — Hardware, Software, and People Ware — you can create a robust and comprehensive security management program. Таким образом, практикующий специалист по защите компетенции, где он представляет, не должен жестко придерживаться книг, но он всегда должен быть гибким, находчивым и чувствительным к постоянно меняющимся ландшафтам безопасности и потребностям рынка. Знания в текстовых книгах в окончательном расчете обеспечивают надежные основы для того, чтобы практик безопасности мог выполнять свою эффективность, но желание учиться новым навыкам, применять их находчиво, быстро адаптироваться к быстро меняющейся среде и иметь глубокое сочувствие к людям, делает его по-настоящему профессионал. И традиционная ценность мудрости, которая эффективно означает опыт плюс знание плюс приложение, играет важную роль; поэтому неудивительно найти хорошего профессионала в области безопасности и человека с седыми волосами.