I noticed that the multimedia pop-up that launches from the Security Awareness Programs and Training Programs page refers to the SMSI Security Solution Hierarchy™. What is the significance of this model?
The idea for this Hierarchy originated about 15 years ago when we borrowed an idea from the noted psychologist and researcher – Maslow’s Hierarchy of Needs, a motivation theory model. Maslow spoke about prepotent needs as determining a person’s motivation as he or she deals with life’s issues. The SMSI Hierarchy embraces Maslow’s concept of “prepotency” and advocates that security programs should also follow a logic construct and be built from the bottom up. The model advocates building the lower levels first, before moving to higher levels. This model also ensures maximization of cost effectiveness because as one moves up the hierarchy, the solutions become more costly.
Everyone claims to be a security consultant, especially since 9/11. How can I tell a fake from the real thing?
First look for a Security Consultant that is credentialed. The widest accepted credential is the “CPP” (Board Certified Protection Professional) designation which appears after the consultant’s name. Second, the years of experience are also important criteria. There is no substitute for hands-on experience. The kind and nature of experience are also important considerations. For example, Healthcare Security requires intimate knowledge of that environment as well as the myriad of regulatory agencies that impinge on that industry.
What should I do when approached by a Security Consultant who has the “CPP” designation, has many years of experience, and yet works for a company that is in the guard business?
Most experts agree that it is best to retain a Security Consultant that has no ties to the guard industry or the alarm industry. The potential income from a lucrative guard contract substantially exceeds the potential income from a consulting contract. Security Consultants should be devoid of a conflict of interest. You may want your Security Consultant to monitor the efficacy of your contract guard service; therefore, you do not want the, “wolf watching the hen house.” A qualified Security Consultant, knows that his business is highly dependant on favorable recommendations from clients. This means that the best Security Consultants will find it in their interest to make your security program as cost efficient as possible.
When I call a perspective Security Consultant to get more information, whether as an Security Expert Witness in a litigation or as consultant for a special project, their answers to specific questions are often vague and evasive. It seems they do not want to give anything away unless I pay. Is this what I should expect?
No…Security Consultants should be open and candid. The client has a right to get some sense of the critical thinking ability of a professional they are contemplating on hiring. Guarded responses from a consultant may be evidence of insecurity and lack of competence and/or experience. Experienced and confident Security Consultants are usually very forthcoming.
Your website talks a great deal about security litigation. What kind of business is most likely to become the object of a security related lawsuit?
Typically those businesses that are open to the public are the most likely targets of security litigation. Among this class of business, the most common claim is the assertion of inadequate security which falls under the rubric of premises liability. Our role in these cases, whether on behalf of the plaintiff or defendant, is to serve our client as an Security Expert Witness. These cases make us better Security Consultants because we get to see what has gone wrong, which directly translates to our Security Consulting business where we are better able to anticipate and prevent problems.
What are the recurring deficiencies are common to most security lawsuits?
It seems that in every security related lawsuit two factors are always in play in some manner. Those factors are security training and incident reporting documentation. When defending this kind of litigation, it is always more difficult when the defendant is not using a computer-based Security Incident Tracking System. This also applies to Daily Activity Reports. Even when there has been adequate security training, there is often a failure to adequately document the training, such as producing test results to show that actual learning took place.
If I have an in-house security manager, can security consulting still help? Will the in-house security manager resent the presence of a security consultant?
Qualified security consultants have the benefit of a broad perspective from many clients. Their experience is not tied to a narrow regional environment. They also benefit from seeing first hand, what works and what does not. The only in-house security managers that resent consultants are usually those who are insecure and have some reason to be so. Conversely, the security consultant is there to help, not ridicule the security manager. There are many occasions that the retention of an outside consultant is actually initiated by the security director because he knows an outside, objective point of view is valuable.
SMSI Inc., claims to be a positive Security Consulting firm. What does that mean?
We have found that many security consulting firms, no matter what the industry, tend to justify their existence by finding fault. They want to tell you what is wrong, tear the program down, and rebuild it in their image. SMSI believes in positive security consulting. We believe our role is to understand your corporate culture and ensure the security program fits within that model. Furthermore, SMSI believes the consultant must find what is right, what is good, and what is working. We than believe our mission is to use those positive predicates as a base and build upon them to makes the program better.
Is it important that the Security Consultant I retain have a great deal of security litigation experience?
That depends on your business. Most security driven lawsuits fall into the category of premises liability lawsuits. In other words, plaintiffs assert the security was inadequate to have prevented criminal activity. Therefore, if your business caters to the public and is generally open to the public, this kind of experience can be extremely relevant. The security consultant, who has been retained as a security expert in hundreds of litigations, knows the pitfalls that encourage the lawsuits in the first place. His/her experience will be useful in developing strategies that reduce the probability of this kind lawsuit ever occurring.
Why is a security assessment (sometimes referred to as a security survey , vulnerability assessment, threat assessment, or security audit) so important?
Many security programs result from a series of reactions to perceived acute security breeches. Many of these kinds of programs resemble a patchwork quilt with no specific theme or mission. At some point, especially since 9/11, every business must establish a baseline from which to move forward into the future. There is a need to establish a foundational basis, at some point, for everything that is to follow. Those enterprises that fail to come to this conclusion usually have security programs that do not sufficiently produce adequate return on investment. A security assessment will allow the business to establish a foundation on which to build on for at least the next five years.
Please submit questions to SMSI and we will continue to post those questions that are frequently asked: firstname.lastname@example.org.