Good security risk management begins with a master plan — a vision of the security department, its roles and responsibilities, and the overall concept of the organization.
Today, a strategic master plan is a necessity. Unfortunately, the level of financial commitment from executive leadership is relatively low, and physical security is still primarily viewed as an operational cost. Singapore is relatively safe, and usually, most companies keep procrastinating on spending on security. The result is a mixture of new and old systems performing at varying stages of their useable life cycle. In most influential organisations, IT security spend is higher than physical security. Gaining support from leadership to bring corporate security into a good life cycle management program is often extremely difficult. Yet, it is just as equally important as an IT or cybersecurity plan.
Step 1: Define a gap?
The first step in creating a Security Master plan is similar to building a bridge. A bridge can be useful when many people are trying to get across a wide gap but can cost a lot of money, not just to build but to maintain. The size of the gap does not justify the cost of the bridge. Instead, it is the usefulness of the bridge that justify the cost of building the bridge. A lack of the current security program in meeting service level expectations within its existing operating environment defines a clear gap.
Step 2: How wide is the gap?
We ask this question because we need to understand how long the bridge will be to get across and the type of bridge most suited for the gap. An assessment of the current state of security in an organisation is required. You’ll be surprised to find in some large homegrown organisations many issues are discovered such as:
- Multiple access control/intrusion detection technologies in use and a lack of integration.
- Equipment far beyond its useable life cycle
- Incompatible CCTVs and DVRs installed.
- Security policy documents and SOP binders stored away and unused
- 3rd party security officers with proper training but no direction in the organisation they are securing.
Step 3: What type of bridge to build?
So you know how wide the gap is. You know how long the bridge should be. Now you have to decide what type of bridge to build and across which parts of the gap? This part is called the planning phase—the crucial step to effectively bridge the gaps identified. A civil engineer requires a detailed plan before he can build a bridge. The planning phase will address every necessary element to ensure maximum functionality of the Security Master Plan.
This phase requires many sub-steps as the plan comes along. Technology selection, implementation and long-term operational success all determine this phase.
Step 4: How much will the bridge cost?
So you know what type of bridge to build. And you know the cost of operating the bridge. Budgeting considerations for the Security Master Plan include adequate capital as well as an operational expense. How long with there be a return on investments? At times we may question how long before the savings from the new plan outweigh the initial capital expense. Will the long term operational costs outweigh the benefits of particular technology adoption? In some cases, it’s difficult to put an exact no since the costs or benefits are intangible. Do note that once you’ve crossed this bridge, it’s still not over yet.
Step 5: Will anyone pay for it?
As we mentioned above, many companies see physical security as an operational cost. However, if you can effectively justify how implementing specific security measures can save costs, then the battle is half won.
One suggestion we recommend to our clients is the “Do-Nothing” option. We ask our clients what would happen if they did nothing and operated as the status quo.
An example is during the circuit breaker period. We had come running to us to implement specific technology measures to “beef up” their remote security. They knew, if they “did nothing” then they’d have a tough time adapting to the “new normal”.
Master Planning Is a Journey
Embarking upon a Master Plan initiative can be a rewarding and exciting journey of discovery. Each plan will become its journey, and no two enterprises will follow the same path to success. The way that leads most clearly to success is not easily defined. All stakeholders need guides to ensure their successful implementation of a security master plan.
Let us guided on your Security Master Plan journey. Contact us to get more info.