-
COVERING ALL FORMS OF WORKPLACE PROTECTIONIN TODAY'S
ENVIRONMENT
lomasINSTITUTE of FINANCE &. MANAGEMENT
SECURITY DIRECTORS REPORTISSUE 12-03 WWW.IOFM.COM/SECURITY MARCH
2012
Will You Be Ready Next Time?9 Crisis Lessons LearnedNo business
is pleased about the increasing number and scale of global
crisisevents, but these major disasters do yield one benefit. More
disasters, plusbetter information sharing, equals unprecedented
insight into lessons learned.
One of the best forums for information collection and sharing is
the GlobalRisk Network (GRN) coordinated by New York University's
International Cen-ter for Enterprise Preparedness. The GRN recently
hosted summits to engagepublic and private sector thought leaders
in a series of facilitated roundtablediscussions (New York City,
June 2011; London, Oct. 2011). Discussions fo-cused on the
earthquake and tsunami that struck northeast Japan in March of201
1, instability in the Arab world, the growing threat from
"hacktivists" andcybercriminals, the English Riots of 2011, and
other recent events that have
. CONTINUED O N PAGE 11
Grade Yourself onthe UltimatePerformance MeasureIn looking back
at our coverage ofsecurity management advice overthe past year, one
recommendationwe seem to have heard as much (ormore) than any other
is to interactwith other department leaders. Tolead security, you
need to also be a"team player."
Recent stories, in fact, have shownthat inter-departmental
coordina-tion is a key to success in goals asdiverse as creating a
security manualto cutting workplace violence. It has
CONTINUED ON PAGE 12
SqueezingConfessions inInterrogationsWe recently profiled the
interview prepthat investigators for WaltDisney Parks and Resortsgo
through to make surethey're as ready as pos-sible to get the
confes-sions they seek. We alsopromised to share theirinterviewing
tricksandif there is one strategy forsecuring confessions theyrely
on most it's this: stopdenials in their tracks.
CONTINUED O N PAGE 14
ALSO IN THIS ISSUESo You Want to Moveto Contract
Officers?Transition Tips 2Is this the year you makethe leap? You'll
need thesemigration tips.Calling the Cops?ConsiderationsBefore
Picking Upthe Phone 4Pros, cons, andconsiderations for bringingin
law enforcement toInvestigate.Research Round-Up:Domestic
Violence,Terrorism & MindGames 6Practical implicotions
fromrecent academic research.
News Briefs 8I Retail scam requires morephysical inspectionsI
Console operators reach anew salary plateauI New regulation limits
pre-hire credit checks
Calendar 14
Hourly Starting Salary for In-HouseConsole Operator
see News Briefs
SH.OO
$16.32
SO S5 SIO SI 5 S20
(Source: lOFM)
-
SECURITY DIRECTOR S REPORT
9 Crisis LessonsCONTINUED FROM PAGE 1
caused widespread business disruption.
Lessons learnedSo what did experts and participants
come up with? What advice do they havefor security and other
organizational crisismanagers about better preparing
theirorganization for the next major disaster?
1 . Deploy flexible plans. A majority offirms saw their Business
Continuity Plansfunction properly in the wake of the mag-nitude 9.0
earthquake and accompanyingtsunami that hit Japan. "Failures came
whenthe plans were inflexible, or too specific,"according to GRN
roundtable proceedings.Too-rigid business continuity plans leftsome
firms unable to adapt to the shiftingchallenges produced by the
tsunami, itconcluded. "Flexible plans (especially thoseattuned to
unique firm vulnerabilities) weremost likely to succeed."
2. Account for lower-tier suppliers.The earthquake caused the
hobbling ofsome companies' operations because theydid not cover
supply chain partners in theirplanning. While major suppliers held
upreasonably well, many small and mediumsize enterprises were
knocked out of com-mission, leading to a cascade of supply
chainfailures that caused harm to firms that hadexcellent crisis
plans for themselves. Saidone roundtable participant: "You have
tomake sure second, third, and fourth tiersuppliers have crisis
plans in placethesame plans you do."
3. Develop a network of trusted con-tacts on the ground in each
region ofoperation. One consensus of American-based firms impacted
by the Japan tragedywas both the lack of access to informationfrom
the Japanese government and a lackof trust in the information that
was being
shared. Even access to U.S. Embassy officialswas difficult,
according to affected firms.The media wasn't any better, according
toroundtable participants. "In the absenceof clear information from
official sources,organizations turned to the news media fora
clearer picture, but found the informationthere even more
confusing," concluded thereport. Generally, the media painted a
farworse picture of the situation than busi-nesses were actually
experiencing on theground in Tokyo. Firms that managed thesituation
best were ones that had estab-lished a network of trusted contacts
on theground that they were able to consult to getan accurate
picture of the local situation.
4. Participate in peer networks. Al-though you can't do this on
your own, an-other suggestion to emerge from the groupwas for
crisis professionals to participatein peer networks, which could
then meeton conference calls to share informationand coordinate
during a disaster. This isespecially important because decisions
bysome companies can disrupt the crisis plansof others, including
those in other industrysectors. For example, when Delta decidedto
cancel flights, many firms' evacuationplans were wrecked.
5. Make provisions for transportationdisruptions. The inability
to get workers totheir posts because of transportation
infra-structure damage was an underappreciatedrisk, according to
the roundtable participants.Several firms activated their pandemic
con-tinuity plans because their employees couldnot get to work due
to power outages andtransportation disruptions.
6. Pre-arrange security operations.In the roundtable on
political uprisings inthe Middle East and North Africa, a
clearwarning emerged: You can't try to enlista security company to
assist you once thesituation is unraveling. One company said
AAARCH 2012 www.iofm.com/security 11
-
SECURITY DIRECTOR S REPORT
it tried to hire a firm to evacuate its person-nel from Tripoli
but that the security firmcouldn't get in to get workers out.
Othercompanies were simply turned down bysecurity firms, 'because
last minute callsrequire to much heavy lifting,' accordingto one
security firm.
7. Participate in inter-organizationalgroups. Groups like the
Overseas SecurityAdvisory Council (v\Avw.osac.gov) and
theInternational Security Management As-sociation (www.isma.com)
provide forumsfor public and private sector partners toaddress
security issues of mutual concernin different regions across the
globe. Thesegroups provide a chance to share crisis in-formation,
benchmark against other firms'actions before and during a crisis,
develophelpful personal relationships, and facilitatethe creation
of mutual assistance arrange-ments. For example, during
evacuationsfrom Libya, the group noted that "charteredplanes with
empty seats were coming inand out. Organizations tried to get
theirempty seats to people who needed to getout, but the message
never really got out."The report concludes: "Key to
sustainingoperations in a security crisis is participationin
inter-organizational groups, which helpfoster personal connections
that can be thesource of vital mutual assistance plans."
8. Raise awareness of targeted cy-berthreats. When discussing
hactivitstsand cyberthieves, roundtable participantsexpressed
concern that defending againstthe targeted attacks used by them is
madedifficult by employees' failure to appreciatethe level of
deception in social engineeringattacks. "The targeting is much
better now.People even call by phone to get sensitiveinformation
from you: they knowyour man-ager, they know who you work with,
andthey know who your friends are," said oneroundtable participant.
To create a moreattentive security culture at their firm, one
company said it sends targeted phishingemails to staff; workers
who don't click onthem receive positive rewards and thosethat do
get a warning letter from humanresources.
9. Conduct scenario planning tocombat social unrest. Civil
unrest is agrowing global concern and has a diversityof underlying
causes, as exemplified bythe rioting in London and other parts
ofEngland in the summer of 2011. To betteridentify and track
indicators that mightpredict the occurrence or intensity of
socialunrest, roundtable participants singled outscenario planning
techniques employed byShell Global as a worthy model. (More
infor-mation at
www.shell.com/home/content/aboutshell/our_strategy/shell_global_sce-narios/what_are_scenarios/.)
U
Performance MeasureCONTINUED FROM PAGE 1even infiltrated the
purchase of securitytechnology, where it is becoming increas-ingly
important to work collaboratively withother departments to identify
technologythat services mutual requirements.
Ensuring the safety of employees whotravel for work is just one
example of whyprotection requires coordination betweenmany
departments. A department man-ager, security staff, human
resources, riskmanagement, and a travel departmentmay all have a
role to play in the singularmission. Security executives need to
reachout to many parts of the organization in aneffort to formalize
intelligence sharing andcollaborative decision making between
allfunctions that hold security responsibilitiesand impact security
operations.
So How Are You Doing?Security management experts unani-
mously believe that the silos of security
12 www.iofm.com/security MARCH 2012
-
Copyright of Security Director's Report is the property of
Institute of Management & Administration and itscontent may not
be copied or emailed to multiple sites or posted to a listserv
without the copyright holder'sexpress written permission. However,
users may print, download, or email articles for individual
use.