Today’s security strategies must specify how they deliver a Return on Security Investment (RoSI) – identifying their benefits and ensuring the continuous improvement of security.

British businesses are facing myriad challenges stemming from a combination of geopolitical tensions and socio-economic issues. From the ripple effects of conflicts in Ukraine and the Middle East to ongoing protests by different groups in London and other major cities across the UK, it looks likely that disruption will continue, making it important to develop and adopt robust security policies.

The most robust strategies, from both a human and technology resource perspective, will be developed by reference to applying cost-benefit analyses. Measuring return on security investment (ROSI) allows businesses to identify gains, enhance user experience for clients and consumers, and ensure the continuous improvement of their security models.

The fundamentals of ROSI approach

So, how can you measure a return on security investment?

The first step of ROSI is to define the metrics and KPIs to gauge the effectiveness of a security posture. Moreover, businesses of all shapes and sizes must be focused on the monitoring of incident detection and whether there is a reduction in incidents. This necessitates continuous measurement, both before and after changes in security measures are implemented. A reduction in incidents indicates not only an improvement in the detection of breaches, but also demonstrates that proactive and effective preventative measures and procedures are delivering results and thereby adding value to the business.

Let’s take a company in the construction sector that has suffered from equipment theft as an example. It is vital to monitor intrusion and theft patterns before new security measures are put in place, and to use this data in a comparative analysis with the period after the new system has bedded in. At that point, it is possible to determine whether the policy and improvement programme have been effective.

The concept sounds simple, but there are a few pitfalls which organisations need to be aware of when adopting an ROSI approach. Chiefly, these stem from an absence of a proper security policy and strategy. If improvements and enhancements to security regimes are not pre-planned in line with professional security recommendations, you are far more likely to encounter gaps and weak points in the system that such measures could fall through. What’s more, it will become very difficult to properly identify the value of any action being put in place.

This makes it all the more crucial to define key security objectives, and to apply a regular methodology of conducting professional security reviews – this helps to identify gaps in the system, and where remedial measures will be most effective and deliver ROSI.

A culture of good practice

Periodic reviews of risks, threats and vulnerabilities are essential. This means implementing a programme of regular penetration tests, consistent incident reporting and ongoing staff awareness training, all with the aim of ensuring that security teams and employees are kept up to date with the risks, threats and vulnerabilities that can impact the business.

Regularly evaluating the quality of your security procedures will ensure that they become adopted and adhered to as a matter of routine. One effective method of evaluation is to use ‘mystery shoppers’ who can pose as visitors to ask staff routine questions and thereby test whether security officers and staff are following appropriate risk prevention procedures. The outcomes of these exercises will help define the level of additional training and/or changes to procedures that may be required.

For SMEs that may lack the resources to conduct regular internal audits, external professional security auditors serve as an excellent resource. These specialists can develop bespoke measurable targets for security teams and, paired with a responsible in-house person who is up to speed on current legislation and the new technologies available, can form the basis for an effective security partnership. This internal responsible person, depending on the stretch of resources within your security team, could be a dedicated security manager or an appropriately qualified facilities manager.

Security as a strategic investment

Whatever strategy is employed, businesses must treat security as a strategic investment and demonstrate to both internal and external parties that security policies and measures are delivering value – as an enabler, not an inhibitor of successful business practice. This outcome can be achieved through regular meetings among risk management teams, as well as obtaining feedback from staff, contractors and other stakeholders through surveys and regular two-way communications.

Beyond ROSI, a robust security culture offers businesses significant benefits when managed diligently and in line with a company’s security policy and strategy. It is a crucial part of reputation and standing with customers and prospective customers, as any failure to uphold key security objectives will put businesses at risk of losing out on commercial opportunities and growth. Increasingly companies will only exchange electronic data or other information with business partners that can demonstrate and evidence equal and audited standards of converged and effective cyber and physical security measures.

A strong security posture feeds into broader organisational resilience. Any business or organisation, whether it sits within the public or private sector, and has robust security programmes and a strong security culture in place, is more likely to emerge stronger from periods of difficulty and go on to survive and prosper.

Mike Bluestone CSyP

Executive Director, Corps Consult

www.corpssecurity.co.uk

The post Ensuring your organisation’s Return on Security Investment(ROSI) appeared first on City Security Magazine.

Here we profile Chartered Security Professional Jon Roadnight, Director and co-founder of the well-respected security consultancy, CornerStone.

Why did you want to join the Register of Chartered Security Professionals?

Throughout the security industry, there are now many pathways to choose from that can help you demonstrate your ability and competency.  Whether you have an academic accreditation in the form of a security-related degree or, as in my case, lots of experience and understanding of the world of security, there are numerous ways to validate the level of knowledge and know-how that you may possess. I’ve personally been a member of the Security Institute for many years and in the past nine years or so we have actively encouraged our team within CornerStone to join the Institute and make use of the educational and personal development opportunities that are on offer. In exploring these options myself, I decided that the Register of Chartered Security Professionals would be an excellent way to verify my own competency whilst showing the CornerStone team that anything was achievable. In most professions, the ‘Chartered’ status is seen as the pinnacle of achievement and it’s surely part of the professionalisation of our industry that security now has its own Chartered option.

What does it mean to you?

When I look at the people who are included on the Register, it is immediately evident that it includes many leading and influential figures whom I respect and admire from throughout our industry. Some I know and some I don’t, but their achievements speak for themselves. To be recognised in such eminent company is extremely humbling, and I hope that my inclusion helps to encourage members of our CornerStone team as well as the wider industry to take a similar path and apply to join the Register themselves. I’m proud to have been accepted and to be able to call myself a Chartered Security Professional.

Mike Bluestone MA CSyP FSyI

www.charteredsecurityprofessional.org

For more profiles of Chartered Security Professionals, see our Security Careers category

The post Focus on Chartered Security Professional: Jon Roadnight CSyP appeared first on City Security Magazine.

Introduced by Mike Bluestone.

Amanda Seevaratnam was admitted to the Chartered Security Professionals in March this year. She has worked in Defence security for over 20 years, in both the public and private sector. Since 2015, she has been a Civil Servant in Defence Equipment & Support (DE&S), a delivery agent to the Ministry of Defence.

Amanda admits that none of this was planned as she looks back over her career:

I took a temping job in 1998 as a facilities officer in Matra BAE Dynamics (now MBDA) where the facilities and security teams were co-located. My only real exposure to security until then was door staff in pubs and clubs. One day there was an incident when all the security team were on an away day. I was asked to help, and from then on whenever they were short staffed, I would be asked to lean in, and started to rather enjoy it. As my temping job came to an end, I was lucky enough to get an office manager’s post for the newly formed BAE Systems on the same site.

I continued to concentrate on facilities and office management, but the security and business continuity (BC) work was on the increase and, to be honest, more interesting. In 2005 I had the opportunity to focus purely on security and took a post working on the BAE Systems Queen Elizabeth Class Aircraft Carrier bid team. When the MoD asked the bidding companies to form an alliance to deliver the aircraft carrier programme, I was nominated to stand as the Head of Security for the alliance. This involved the unenviable task of encouraging all of the alliance partners to share security information and ways of working to ensure the collaboration could take place in secure environments, both physically and virtually. The challenge was that day to day the alliance partners were competitors. It was at this point I thought that to have any credibility, I really ought to have a formal security qualification. Back in 2005 there was not a huge choice, but luckily, I already had a business degree, so was able to look at post- graduate courses. I approached my corporate security team for their advice. I was pointed in two directions: the academic route, looking at MSc courses, which were still few and far between, and the ‘professional route’, looking at the ASIS Certified Protection Professional (CPP), which was relatively new in the UK at the time, but growing in recognition. I gave both options to HR for funding consideration, and they subsequently enrolled me for the ASIS CPP course and a master’s degree in security management at Loughborough University, that ran in parallel. Achieving both (and having a baby) over the next two years gave me the ability to hold my hand up as a security professional at a time when this was rare in the defence industry.

Fast forward thirteen years and I was now working as the Deputy Chief Information and Security Officer in the newly formed Submarine Delivery Agency. Over the years I have attended management and leadership courses, as well as courses on cyber security and information management. I noticed increasing numbers of staff joining the organisation with security and resilience MScs, which had been my unique selling point, leading me to wonder what I could do to further my professional status. I was maintaining my CPP status via the ASIS Continuous Professional Development programme, but that didn’t feel enough to make me ‘stand out’. As a member of ASIS and the Security Institute I had heard of the Chartered Security Professional, thought about it a few times, even started filling out the form once, but was ‘too busy’ to complete it.

A change of job gave me the time to consider how I position myself for the future and my career development. It also gave me time to attend a CSyP workshop held by the Security Institute. Following this, I can proudly report that I did complete the application and received my certificate from Baroness Henig in March at the most wonderful evening among my friends, colleagues and peers.

What does it mean to me? I am exceptionally proud to have been admitted to the Register. It allows me to hold my head up as a security professional, within defence, government and across the wider industry, and the fact that it is Internationally recognised helps me to position myself in the global market.  It also provides credibility that allows me to campaign for clear career paths in defence and government security, which is a personal passion, and to mentor those who are interested in working in these fields. For me that makes it more than worth the investment of my time and effort finally completing the form and the interview.

For more information on applying to become a Chartered Security Professional, see the Security Institute website and the Chartered Security Professional website.

The post Focus on Chartered Security Professional – Amanda Seevaratnam appeared first on City Security Magazine.

One of the most recent admissions to the Register of Chartered Security Professionals is Scott Ruddick CSyP, a Canadian national who is the Director of Global Security with MEDA, one of Canada’s leading international aid and development organisations.

We spoke with Scott about his reasons for becoming chartered and what it means to him:

Why did you choose to become a Chartered Security Professional?

While there are a number of security certifications, it was the focus on the assessment and verification of strategic and higher operational-level competencies in security that was the driver for me in deciding to pursue becoming a CSyP.  I also liked the fact that it is an ongoing process that includes a requirement to demonstrate continuing professional development as well as adherence to a code of ethics.

What difference do you think becoming chartered will make to you?

It enables me to establish that my knowledge, skills and ability to implement sound security approaches have been assessed and validated in a thorough process, by industry experts and further validated by an external Registrar. It also connects me with a community of security professionals, to facilitate knowledge sharing.

How are you hoping to contribute to the growth of professionalism in your location?

I work in the aid and development sector, an industry with some unique and substantial security challenges. I hope to showcase the CSyP as one methodology for aid and development organisations to ensure a high standard for their security staff selection, as well as their systems and procedures.

How can we help you engage more with other CSyPs?

Well, as someone who is in Canada, a robust virtual network will be important, as I won’t be able to travel to many events in the UK, but I will be able to connect with fellow CSyPs through the virtual networks. I look forward to meeting fellow CSyPs both virtually, and hopefully in person!

See our full range of profiles of  security professionals in our Profiles category.

The post Scott Ruddick: Chartered Security Professional appeared first on City Security Magazine.

Becoming a Chartered Security Professional is a means of being recognised and continuing to represent the highest standards and ongoing proficiency. It is the gold standard of competence in security.

Launched in 2011, the Register of Chartered Security Professionals was established under a Royal Charter issued to the Worshipful Company of Security Professionals in the UK. Registrants use CSyP as a post nominal and are called Chartered Security Professionals. There are currently 141 Chartered Security Professionals.

Applications to become Chartered are managed by the Security Institute on behalf of the Worshipful Company of Security Professionals. Licensed organisations are the Security Institute and ASIS UK Chapter 208 who can both mentor and support Chartered Security Professional applicants.

Successful applicants have proven they meet the required standards in five key security disciplines.

In addition, and most vitally, each CSyP is also making a strategic impact in their chosen field, and it is the combination of all of the above, together with their drive and commitment, that sets them apart.

We asked recently admitted Chartered Security Professional, Simon Causer CSyP, Head of Security, Corporate Property Facilities Management, City Surveyor’s Department, City of London Corporation, for this views:  “I have been accepted onto the Register of Chartered of Security Professionals based on the expertise that I gained during a thirty-year policing career. During the final decade of my career I became increasingly involved in the mitigation of risk that arose from the terrorist threat. As a Counter Terrorism Security Coordinator

I worked with fellow professionals across the Government Security Zone and beyond to deliver effective protective security focussed on keeping London safe and secure.

“The experience I gained during this period in conjunction with a 1st Class degree in Security Consultancy helped me move into the second phase of my career. Now, as Head of Security for the City of London Corporation, my goal is to use my experience and work across the City to help keep it a safe and secure environment for those that live, work and visit.

“So much of what I do is a continuation of the work that I did with the Metropolitan Police and being accepted onto the register is an essential part of being able to call myself a security professional. It is recognition and indeed validation of the experience I have and the work I have done.

“Being a CSyP demonstrates the importance I place on the professionalism of the security industry and the need to validate the expertise of those who work within it.”

Mike Bluestone, CSyp

Ambassador for the Register of Chartered Security Professionals

www.security-insitute.org/csyp

The post Spotlight on the Register of Chartered Security Professionals appeared first on City Security Magazine.

Sean Purnell is one of several recent Registrants admitted to the Register of Chartered Security Professionals.

He is a highly qualified professional with a military background, possessing expertise in many areas. Sean has considerable experience in advising on operational risk and audits, delivering solutions in risk management and risk control frameworks, specialising in ISO 27001, GDPR and cyber security projects. Sean was awarded an MBE for services to the RAF in 2000. I recently caught up with Sean with some questions about his career and the impact of being admitted into the Register.

How did you transition into the corporate security sector from the RAF?

Looking back on my career thus far, there has been a focused development from my time in the Royal Air Force, where I had a successful career until departing as a commissioned Provost Officer.  I specialised in policing, security and counter intelligence, which created the foundation for my future career in the corporate security sector. I completed an MSc in Security & Risk Management which firmly established the foundation of my security risk management skills, and facilitated my move into the financial sector.

How has professional development supported your career?

Security is ever evolving with the dynamic threat environments that we face, and there is the ever increasing and obvious convergence between physical security, information security and cyber security.  Professional development is key to our success as security professionals to ensure that we are at the table for all ‘security risk’ discussions.

Completing an MSc in Security & Risk Management, along with a wide variety of other training including financial crime prevention, incident management, operational risk management and cyber security, has given me the tools to perform varying roles with UBS AG. For example, Security Risk Controller, IT Risk Controller, Director Regional Security and, more recently, as an Internal Security Auditor.

What has been the impact of Chartered Security Professional (CSyP) status?

The process of applying for CSyP is the way to have your security skills, expertise and strategic thinking independently verified by “top tier” security professionals. Lord Alex Carlile QC CBE, (the former Chair of the Chartered Security Professionals Registration Authority), has described CSyP status as the security sector’s ‘Gold Standard’. I felt so deeply privileged, and proud, when I learned that I had met the required standards in all five of the required disciplines, and had been awarded CSyP status.

Well done Sean! You have every reason to be proud. Congratulations again on being awarded CSyP!

Mike Bluestone CSyP

Ambassador for the Register of Chartered Security Professionals

https://security-institute.org/csyp/

See also:

The Register of Chartered Security Professionals – seven years and growing

Why Julia McClelland became a Chartered Security Professional

Spotlight on Chartered Security Professional: Michael O’Neill

The post Chartered Security Professional Sean Purnell MBE CSyP appeared first on City Security Magazine.

As part of our regular series profiling individual Chartered Security Professionals, Mike Bluestone CSyP (Ambassador for the Register of Chartered Security Professionals) introduces Michael (Mike) O’Neill:

Before becoming a Chartered Security Professional (CSyP)

I joined the British Army and was commissioned into The Parachute Regiment in 1981. I left in 1990 as a Major, having seen active service in the Falklands and Northern Ireland. Having had responsibility as a Unit Security Officer during my service, I was interested in the sector, and after doing some freelance work for other companies I set up my own company offering consulting and investigation services.

My current role

I handle a wide portfolio of services, including attempted espionage, frauds, hostile takeovers, counterfeiting and issues around new market entry. I work in Africa, across Europe and parts of the Middle East. For the last few years I have been working with clients particularly to help make them more resilient to the known and unknown unknowns.

In my current role, as the Managing Director of Optimal Risk Group, I am still involved in consulting, but more of my time is involved with planning the future direction of the Group. In particular, understanding what proactive services we can offer clients rather than being mostly reactive.

One of first ten applicants to Register of Chartered Security Professionals

I was a Director of the Security Institute at the time the Register of Chartered Security Professionals was launched, and I am on record in acknowledging the detailed preparation that went into getting the CSyP application process right. I fully supported the drive to improve recognition of the security sector, and I was one of the first ten applicants to the Register, and the first to apply as a non-graduate. In my opinion, the process does make you think carefully about your ability to demonstrate that you meet the required standards, including covering the five specific sets of competencies.

I have now gone on to become an assessor, and mentor for applicants to the register, and earlier this year I joined the CSyP Regulation Authority.

I am extremely keen to encourage more security professionals to apply for admission to the Register, and I have given a number of presentations to explain the process and attract younger applicants.

I have found that clients and other professionals clearly respect the chartered status of CSyPs, and I believe that we are all under an obligation to continue working hard to raise the Register’s profile, and articulate the benefits of becoming chartered.

The post Chartered Security Professionals (CSyP): Spotlight on Michael O’Neill appeared first on City Security Magazine.

Mike Bluestone highlights how the Register of Chartered Security Professionals is gaining real traction, in both the public and private sectors, since its official launch in 2011.

In the world of security, ‘good news’ stories aren’t always in the public eye, so readers will be interested to hear about the significant progress of the Register of Chartered Security Professionals in 2018. The Register provides chartered certification of security professionals, who must undergo a formal and rigorous application, screening, and interview process, before being admitted as a Registrant of the Register of Chartered Security Professionals.

Competencies required to be a Chartered Security Professional in 2018

Qualifications and experience jointly reflect the competencies that an applicant to the Register must be able to demonstrate, together with their strategic impact. The competencies required are as follows:

A: Knowledge. Use a combination of specialist and generalist security knowledge and understanding to optimise the employment of existing and emerging methods and technologies.

B: Practical Skills. Apply appropriate techniques, methodologies and processes to resolve security and risk related issues.

C: Leadership. Provide technical and commercial leadership.

D: Communications. Demonstrate effective interpersonal skills.

E: Professional Commitment. Demonstrate a personal commitment to professional standards, recognising obligations to society, the profession and the environment.

Recognising the formal practice of security

The vast majority of readers will of course be aware that there have always been security professionals out there in the market place, providing expert security management, advice and support to companies and organisations in both the public and private sectors. The problem, however, was one of perception and recognition, in that unlike other long-established and recognised professions, such as law, accountancy, surveying, medicine, engineering and the like, the professional practice of security had never enjoyed similar formal recognition and public acknowledgement.

Growing appeal of Register of Chartered Security Professionals in 2018

A look at the list of current CSyPs (available on the CSyP page: www.csyp-register.org) is solid proof not only of the eclectic nature of CSyP Registrants as individuals, but also of the diverse locations of the organisations, businesses and sectors in which they operate.

A steadily increasing number of CSyPs are based overseas, including some foreign nationals, which provides welcome evidence of the growing global appeal of the Register.

Seven years of steady promotion of the Register has led to engagement, and ‘buy-in’ from a number of public and private organisations which include departments of Her Majesty’s Government, such as the Centre for the Protection of the National Infrastructure and the Foreign & Commonwealth Office; Manned Guarding companies; the Banking and Financial Services sector; the Transport sector; the Pharmaceutical industry; and the Energy and Utilities sectors.

Promoting the Register of Chartered Security Professionals

In the meantime, work continues to promote the Register, which has become known as the security sector’s ‘Gold Standard’,  through a number of different routes, including media feature articles, talks at industry events, through the licensees’ websites, and professional events. A major programme to raise awareness of the Register is currently underway and being driven by a number of Chartered Security Professionals including the writer of this feature.

The outreach programme is not limited to physical security professionals, but also encompasses cyber threat specialists, several of whom have already become CSyPs, and others who are in the process of applying. The objective is to spread the word about the benefits to businesses and organisations of employing the services of Chartered Security Professionals. This means getting the message out there right across the wider business community, to both the public and private sectors.

Of course, it is not enough that promotion of the Register is an item for discussion within the security sector alone. The message must be escalated throughout the UK business community, and indeed overseas.

The significance of security professionals possessing chartered status should also resonate with the insurers, particularly in relation to Professional Indemnity (PI) insurance, and the current campaign is also being focused in that direction. Equally, the campaign is targeting the major recruiters and largest employers of security professionals. Our objective must be to influence those who put together the job descriptions for senior (especially strategic) security positions to include possession of the CSyP certification as a fundamental requirement for such roles.  This means reaching out to HR personnel, and their own professional bodies.

This journey of promoting the Register, and ‘spreading the word’, has inevitably encountered a few hurdles along the way, but then has there ever been a time when efforts to professionalise the security sector haven’t hit a few obstacles?

Our determination, however, to achieve broader recognition of the Register remains solid and emboldened by the quality of applicants. It is reassuring that a number of CSyPs (who are busy enough in their own day jobs) have stepped forward to assist in the current campaign. They are rightly proud of their achievement in having become chartered, and are keen to share their enthusiasm with as many people as possible. The following testimonials provide a snapshot of what Chartered Security Professionals say about being chartered:

Bob Boote CSyP, Independent Consultant: “I found the application process to be very positive and very beneficial to my personal development. The process is very thorough and the award of CSyP is a prestigious accolade.”

Bill Stables CSyp, Foreign & Commonwealth Office: “The independent accreditation implied by attaining Chartered status in any profession is fundamental; when you add potential risk to life activity it becomes vital. I was keen to have this level of qualification as it provides an externally audited record of my experience. In addition it encourages CPD and prevents me becoming static.”

Mike Bluestone MA CSyP FSyI

Vice President, Security Institute, and Ambassador for the Register of Chartered Security Professionals.

For more information, please contact the RCSP Admin Manager at the Security Institute www.security-institute.org

The post The Register of Chartered Security Professionals – Seven years and growing appeared first on City Security Magazine.

It is, perhaps, hard to believe that four years have elapsed since the commencement of cooperation between the Worshipful Company of Security Professionals, and the Security Institute in relation to the establishment of the Register of Chartered Security Professionals. This ground breaking partnership saw the launch in June 2011 of the Chartered Security Professional certification, now increasingly recognised by the post nominals CSyP’. As at April 2014 there are 70 Chartered Security Professionals, with numbers expected to pass the significant 100 mark by December of this year.

In 2013 ASIS UK became a second Licensee of the Register, with their representative joining those of the Worshipful Company and the Security Institute on the Register’s governance body, namely the Chartered Security Professionals Registration Authority (CSPRA), which is chaired by Lord Carlile CBE QC.

Professionalisation of security

Many readers will be aware of the historical challenges involved not just in the establishment of the Register, but also in convincing the dissenters (and yes, there were and still are a few) that the professionalisation of the security sector was, in fact, a tangible aspiration, and, most importantly, one which was actually achievable. A look at the list of current CSyPs (available on the CSyP page: www.csyp-register.org) is solid proof not only of the eclectic nature of CSyP Registrants as individuals, but also of the diverse locations of the organisations, businesses, and sectors in which they operate. A number of CSyPs are based overseas, some of whom are foreign nationals, which provides welcome evidence of the growing global appeal of the Register.

Qualifications and Experience jointly reflect the competencies that an applicant to the Register must be able to demonstrate, together with their Strategic Impact.

Two paths

Of course, as to be expected for admittance to any Register of professionals, the bar is rightly set at a high level. Two application routes are available: firstly, the Standard Path, and secondly, the Individual Path.

For the Standard Path, applicants must hold either a Bachelors or Masters degree in a security discipline, or a Bachelors or a Masters degree in any subject plus a security-related vocational qualification, e.g. the Institute’s Diploma in Security Management or ASIS Certified Protection Professional (CPP), plus five years operational security experience, with the last two years’ at the Chartered competence level.

The Individual Path, on the other hand, requires applicants to complete a 4-12,000 word portfolio demonstrating that they have met the defined competence requirements, plus ten years’ operational security experience, with the last five years at the Chartered competence level.

To remain as a CSyP, Registrants must comply with a Code of Conduct, hold professional indemnity insurance (either individually or via their employer), and complete Continuous Professional Development each year.

The Security Institute

The Security Institute manages all aspects of the Register including finances, PR and marketing, and appointment of other organisations who may admit CSyPs. They are also responsible for establishing robust quality control processes for the scheme, and appointment of licensees.

The Security Institute and ASIS-UK are both eligible to receive applications to be admitted.

Raising the profile of Chartered Security Professionals in the wider business community is of paramount importance, as well as being a key element in the growth strategy for the Register.

The aim must be for the term Chartered Security Professional to resonate within the business community, and indeed with the general public, in the same way as that of Chartered Accountants, Engineers, and Surveyors do. Achieving that goal will be a defining moment for CSyPs.

Promoting CSyP

In the meantime, work continues to promote the Register through a number of different routes, including media feature articles, talks at industry, through the licensee’s websites, and professional events. A recent black tie dinner event (the second of its kind) held at the House of Commons, and hosted by Lord Carlile, attracted 141 attendees, many of whom were senior figures from other business sectors, including Insurance and Banking. This type of event helps to raise the profile of the Register with the wider business community.

As to be expected, CSyPs themselves are among the most enthusiastic supporters and promoters of the Register. In one article, for example, written by Stuart Williams CSyP in early 2013, Stuart wrote of his positive impressions of the Register assessment process, describing it as being efficient, robust, impartial, and flexible.

In 1997 Dr John Southwick, speaking at a conference of the ‘Australian Council of Professions’, defined a Profession as follows: “A disciplined group of individuals who adhere to high ethical standards and uphold themselves to, and are accepted by, the public as possessing special knowledge and skills in a widely recognised, organised body of learning derived from education and training at a high level, and who are prepared to exercise this knowledge and these skills in the interest of others. Inherent in this definition is the concept that the responsibility for the welfare, health and safety of the community shall take precedence over other considerations.”

It is the writer’s fervent belief that, through the establishment of the Register of Chartered Security Professionals, the above definition of a profession has been embedded in the private security sector.

Mike Bluestone, MA CSyP FSyI, Vice President, Security Institute (at time of writing)

www.security-institute.org

The Worshipful Company of Security Professionals www.wcosp.com

The post CSyP gathers momentum: 100 by end of 2014 appeared first on City Security Magazine.

Devising and implementing a security strategy that includes input from all areas of an organisation is the only way to comprehensively minimise risk. Mike Bluestone of Corps Security and the Security Institute explains how adhering to the eight principles of security will help achieve this objective.

Identifying risk

Ensuring that an organisation, whether private or public sector, is as well protected as possible relies on the identification of potential risks to its personnel as well as to its physical and intellectual property. While this sounds straightforward enough, it has not always been easy to achieve due to the inability, or unwillingness, of risk management departments to work together.

A silo mentality often leads to a fragmented situation where security measures are either missing or even duplicated. It should always be remembered that security is just one facet within the broader concept of risk management – the others being financial, insurance, reputational, health and safety, corporate governance, and ultimate accountability.

Benefits of convergence

The good news is that the benefits of convergence are being recognised. In general, convergence signifies the coming together of two or more entities or phenomena, but when it comes to security it frequently refers to two distinct security functions – physical security and information security – working alongside each other as part of a coherent risk management programme.

With so many variables, predicting where and when an attack could take place is extremely difficult, so all organisations should carry out a comprehensive risk assessment – with contributions from teams at every level – to allow the most appropriate security solution to be identified. This includes an examination of the vulnerability of utilities and key supplies, along with a detailed examination of existing security measures. For organisations that are defined as being higher risk, or are in particularly sensitive areas, specific advisory support should be sought.

Eight principles for a security strategy

In order to carry out this process and work towards the best possible outcome there are some key areas to address. These form the eight principles of security.

The first of these is to define a policy and strategy. This should contain all assessed risks and threats and be endorsed at board level. Not only will this ensure that it is fully supported, it will also mean that an appropriate financial budget is allocated to carry out any necessary measures.

This should be followed by an information and intelligence gathering process to clarify the requirements. For example, an organisation that is moving premises should examine local crime trends and statistics in its new location, look at other building occupiers in the vicinity and assess whether they pose any direct or indirect dangers.

The third principle to consider is human resources, as people are the most important facet of any security programme. Human intervention is essential and trained personnel, whether specialist security officers or employees who have undergone security awareness training, are the eyes and ears of corporate security.

The next issue to address is an organisation’s technical means. The astonishing advances in technology have brought significant benefits to the way security solutions are configured. To be effective most strategies will utilise a combination of manned guarding and technology, including the use of remote monitoring where appropriate.

Next up is the need to define the control and supervision methods needed to manage the policy and strategy. Any confusion surrounding this issue can be positively dangerous, especially during the management of a crisis or contingency. It is then necessary to address the sixth principle and define procedures, as the best security people and technology in the world won’t produce optimum and safe results without sensible, clearly defined, easy to understand and workable practices.

The penultimate issue concerns the scheduling and completion of regular tests and drills. A security system that’s never been tested and drilled is an unknown quantity and may fail to operate as it should in the case of a real situation. Penetration tests are another useful tool in terms of highlighting security strengths and weaknesses.

This brings us to the final principle – the need for internal and external audits. The value of audits cannot be overstated and they will help determine whether the current policy and strategy is still adequate enough to contain all the established risks and threats. It should be remembered that premises, threat levels and circumstances all change over time, so a system must be constantly kept under review. It is also advisable to use, whenever necessary, the professional expertise of external security consultants.

Organisations that carry out a comprehensive risk assessment using a converged approach will be in the best position to benefit from these eight principles, which will in turn help to create a strategy that helps keep people and property safe.

Mike Bluestone

Corps Security

www.corpssecurity.co.uk

The post Security strategy: a converged approach for success appeared first on City Security Magazine.