Using Strategic Security to Analyze and Manage Risk

imageCopyright (c) 2010 Henley-Putnam UniversityStrategic SecurityStrategic Security represents a widely recognized body of academic knowledge and literature that is studied and practiced by numerous education departments, institutions, and think-tanks. Academia, business, government, and the non-profit sector have established programs that offer coursework and a few elite schools around the country even offer degrees in or related to Strategic Security. The purpose almost without exception of pursuing an education in Strategic Security is to work within the Strategic Security Industry.What is Strategic Security? Although a complex topic, Strategic Security can be described as the “reasoned determination of specific, minimum essential objectives, rationalized with suitable ways to achieve them and the necessary means for success.”1 The American Heritage Dictionary and the Random House Unabridged Dictionary both interpret “strategy” to be defined in connection with the science and art of long-range planning and development to use forces to execute operations or policies that ensure security (combined paraphrase of both definitions). As you can see, this definition enhances a wide spectrum of diverse pursuits from military campaigns to private sector business management.Strategic Security and Risk ManagementOne of the key tenets of Strategic Security is risk analysis and risk management. The analysis of risk is fundamental to the formulation, development, and implementation of effective plans and programs. From a security perspective, risk assessment is focused on identifying relevant threats and estimating their relative likelihoods and expected impacts.The United States Department of Homeland Security (DHS) has adopted the following analytic construct for assessing risks, not only from terrorist attacks but also from natural disasters such as hurricanes, earthquakes, and epidemics:2 Risk = Threat x Consequence x Vulnerability.For terrorism risks, analysts evaluate threats by estimating the capability and intent of terrorists to carry out specific types of attacks against identified targets, such as driving a truck carrying a bomb into a facility in the Port of Miami or firing a shoulder-launched missile (MANPAD) at an aircraft from the perimeter of Los Angeles International Airport. Vulnerability is estimated in terms of physical accessibility and security defenses already in place to deter or prevent attacks. Finally, Consequence hinges on estimated impacts, such as loss of life and economic effects should an attack succeed.3Impact on Strategic Security IndustryOnce risks have been properly assessed, the question naturally arises of reducing exposure to these risks. In other words, how do we manage risks once they are analyzed uniformly to allow ranking and other types of comparisons? The Strategic Security Industry professional must make high-level management decisions with regard to allocations of and investments in new personnel, training, systems, technologies, and other resources that aim to improve capabilities to prevent attacks and respond effectively should interdiction fail.How and when will these strategies reduce vulnerabilities and consequences? How robust are these strategies to changes in adversaries’ tactics and weapons? Finally, how can risk mitigation activities and investments be managed as a diversified portfolio to maximize reduction of risk exposure not only across geographically distributed threats and targets, but also across plausible future conditions?The Strategic Security Industry professional must recognize that managing risks from terrorist threats generally involves two types of situational interventions. First, exposure to risk can be addressed by reducing vulnerabilities. For example, buildings or building complexes such as ports or airports can be hardened by adding barriers around their perimeters, making them harder to attack with vehicles carrying bombs. Similarly, adding security patrols or sensor systems reduces vulnerability by increasing the likelihood of deterring or interdicting terrorists before they can carry out their threatened attacks.Second, assuming that attacks are successful, risk can be managed by improving response and recovery capabilities thereby minimizing or containing consequences. For example, improving communication systems and coordination capabilities of local law enforcement, other first responders, and relevant commercial or government property owners enhances response capabilities and mitigation consequences. These interventions can also reduce vulnerability by improving detect/decide/ engage/defeat functions of system security.ConclusionStrategic Security systems designed to analyze risk can often be extended to manage risk, at least at a basic level. First, one applies the given model to analyze risk at the present time based on inputs that describe the current security conditions (e.g., threats, vulnerabilities, and consequences). Next, one computes risk based on inputs that are altered to reflect one or more proposed security measures. Finally, comparing current risk to the risk projected for projected new security programs yields a differential analysis of risk management strategies. In the end, Strategic Security is all about forming an understanding of the “big picture” from a rational perspective; and those who are educated, equipped, and trained to analyze the world around them from this lens will be positioned to anticipate emerging threats before they become a reality.
Be Sociable, Share!

Tags: ,

This entry was posted on Saturday, March 20th, 2010 at 3:47 am and is filed under University security. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.


About - Contact - Privacy Policy - Terms of Service