Introduction: As we move into the last decade before the 21st century there has been so many changes, technology is advancing by leaps and bounds. Businesses face many dilemmas whilst operating in today's environment. By its very nature business enterprises have to be open to the public and want to retain a favorable receptive image to the consumer, any increases in security measures that restrict freedom of access will undoubtedly damage the corporate image.

Visitors be they current or prospective clients would be put off by encumbering security procedures. All areas of business today has suffered in one way or another because of the lack of a comprehensive security program. International Air Carriers, Banks, Energy Industries, Insurance Companies, Retail Companies, Manufacturing Industries, Transportation Companies, Utility Companies, Service Companies, have all said, "Why weren't we prepared for this situation", the reason why is because security in most corporations is given such a low priority, When corporations look to save money the cuts usually begin in the security department.

Corporations who have made attempts to prepare themselves for security situations tend to focus on prevention. In most cases this will entail the hiring of a few extra warm body security officers and the purchase of various expensive electronic devices. Before attempting to enhance existing security it is important that a security survey be carried out to determine how best to integrate all the security systems into one overall program. It should be recognized that prevention is only half of the solution.

• Very few companies have thought what to do if?:

• A senior executive is kidnapped.

• A threat is made against the company, be it arson, disinformation, product contamination or bomb.

• What if the computers are destroyed containing all records?

• What to do if they suspect industrial espionage, insider dealings.

• What happens to the corporate jet when it is not being used? Is it technically swept for bugs before it is used again by the corporation?

There has been a case where a recording device was placed in a corporations executive jet whilst it was leased to a competitor.

When it was returned to its owner the president of the corporation flew to an important meeting and during the flight discussed his merger plans with his executives. Needless to say this information proved invaluable to the competitor. Capability can significantly enhance a corporations chances to achieve a favorable solution to a crisis.

The threat of premise liability for inadequate security is also an area of concern. All areas of business are now being held responsible if negligent security practices can be proved. If a woman is attacked at night taking a short cut through a cemetery, is the church liable because they did not lock the gates to the cemetery?

Hospitals are another grey area, what happens if a patient is attacked in bed by someone who happened to be passing, is the hospital liable?

By providing reasonable security measures hopefully the chances of litigation will be kept to a minimum. The search for simple cost effective solutions continues.

SECURITY: What is It?

Dictionary definition: 1. The Quality of state of being Secure.

2. Freedom from danger, 3. Freedom from fear or anxiety, 4. Freedom from want or deprivation.

PROTECTION: What is It?

Dictionary definition: 1. Measures taken to guard against espionage or Sabotage, crime, attack, 2. An organization of department whose task is security.

Corporations today tend to think horizontally not vertically when is comes to security decisions and in doing so compound their security problem. How many security consultants ask themselves, "What if?", when carrying out a security survey or consulting job. If more, "What if? scenarios were looked into, the problems of integrating security needs would be made easier and more cost effective.

Security issues effect corporations differently, depending on the location and type of business and as such different approaches have to be used, but one factor transcends all the potential variables and that is the bringing together of all security resources into one big integrated security systems program. The ineffectiveness of traditional solutions to the security problem is becoming very apparent, this has also been compounded by the inability of corporations to recognize a risk of threat before it becomes a major concern, "The deny and repress syndrome".

The last decade has also seen an increasing incidence of terrorist and criminal attacks on corporations. Managers have been targeted for kidnapping, physical assault, even murder, while corporate facilities have been targeted for bombing and other forms of sabotage.

Terrorist groups in particular have expanded their targeting from diplomatic missions to multi national corporate interests principally because they have found attacks on the private sector to be more rewarding in terms of their long term goals. It has not been easy for multi national corporations conditioned to considering risks only in terms of the market place to adapt to these new hazards, to decisions not of profit or loss but of life and death.

Many corporations refuse to recognize the potential danger and they adopt the, "Deny, Repress Syndrome", if this attitude is adopted corporations will certainly increase the possibility of an incident, it must be remembered that reactive measures are too late and too costly to implement proactive measures should be introduced and installed in advance, that way corporations and executives can be prepared for almost any eventuality.

Defining security in a way acceptable to everyone with an interest in the subject has always proved to be an elusive task. Everyone concerned in this area will always agree security problems or situations exist and that it is a major contemporary problem even so it is extremely difficult to define.

Corporations will all agree that they have a moral and legal responsibility to protect facilities and personnel against, criminal activity, unfortunately, corporations find it easier to protect facilities than personnel. Property is easier to protect because the best equipment available uses state of the art technology.

The value of most sophisticated equipment ultimately depends upon the competence of the person charged with operating it and this is usually were things start to go wrong.

Most corporations are concerned about security and crime and how it impacts on their business and luckily enough do something about it. A recent report from Fortune 1000, companies were asked about the types of security their particular corporation used:

• Building security checks.

• Burglar alarms.

• C.C.T.V.

• Card access systems.

• Security officers.

Trends are changing as security becomes more and technology oriented.

Another recent U.S. study said that by the mid 1990's U.S. businessmen alone will be spending more that $21 billion dollars on private security.

Security as a business function is a largely undiscovered resource something to worry about after the event. To some businesses however it is an important operational necessity. How many CEO's are aware of their own corporations security mission, in fact how many even really care about security until something happens.

Security planning is creating the ability for an organization to fulfill its mission no matter what, and in developing these programs we are ensuring corporate viability.

Fundamental to these programs is the fact that every corporation has to satisfy the expectations of three groups. Employees who expect the stability of income and reward for their services.

Customers who expect timely and efficient service in return for their payments and finally, Shareholders who expect a growth in their investment.

Every corporation has an obligation to ensure all of these three groups are well services.

The best defence is a fully integrated security program that effectively blends architectural, technological and operational elements into a flexible, responsive system.

All security specialists tackle this subject from different directions, some place the emphasis on the security personnel whilst others believe that the emphasis should be on the equipment. What is needed is an open mind that takes equal considerations of the complete range of security options that will eventually comprise a total integrated security system.

What is a totally integrated security system?

It is a combination of barriers which includes, personnel, technologies and security procedures which are designed to protect personnel property and operations of a corporation. Definitions are easy to make paying for them is a different matter.

Background

Most corporations still employ traditional solutions to their security needs.

Security Officers: The old adage, "you get what your pay for", has never been more true. Most experienced security people cite the minimum wage with resulting high turnover as the preeminent reason for lack of standards and lack of professionalism which prevail within the industry, therefore how can corporations expect to have a well motivated, reliable and self confident security staff. Motivations, combined with reasonable salary expectations are the most important ingredients, which will ensure the right man for the job. Without this important ingredient all you have is, "a warm body in a uniform".

Few people will dispute the value of training. This training must be geared to the security officers professional needs and each security position will have different needs. Accredited security instructors should always be used and it is vital that they keep updating themselves not only with current new trend developments but also in methods of instruction techniques.

Experience is another vital element with turnover rates within the security industry being relatively high. A lot of people use the industry as a medium to pass through on their way to another employment position. Efforts should be made to ensure that once an individual has chosen the security industry as his or her profession they are actively encouraged to remain so that their experience can be used time after time, this will not be achieved without decent pay and working conditions, combined with professional training and reasonable career expectations. If we just "make do" serious gaps will appear in security programs, we are only as strong as our weakest link. Traditionally corporations tend to hire the lowest bidder without regard for standards of competence. This can only have an adverse effect on the security program as a whole.

Some corporations prefer to have in house security officers whilst appearing to be cost effective there are numerous drawbacks. Who will train the in house security officers? How often will this training take place? Manpower turnover is another consideration. The costs of training, benefits, uniform, salary all has to be considered. Contract security officers however do have some advantages, there is no ongoing cost to the corporation with regards to training, uniform benefits, salary and when a security officer leaves, another one quickly replaces him or her. (Richard this needs expanding by yourself.)

C.C.T.V.: Technology in the area of C.C.T.V. is constantly undergoing rapid transformations and corporations are now beginning to treat C.C.T.V. with a new respect. It is not however the answer to total security. C.C.T.V. does however have its place within the total security systems integration program.

C.C.T.V. systems are now smaller more complex performing a variety of functions but as with most sophisticated equipment it will ultimately depend upon the competence of the user.

Many companies specialize in selling sophisticated C.C.T.V. equipment both overt and covert. All these companies will tell their respective clients that their equipment is the best in the world. Appearing in the yellow pages or having glossy brochures does not mean that the equipment is reliable or will carry out the function it is installed for. C.C.T.V. can be used to complement a security program in many different ways.

Strategically placed overt C.C.T.V. cameras can be a very important deterrent to crime. Likewise in controlling access. It gives a feeling of constant, continual vigilance but is this perception correct. Are the cameras continually monitored by security officers or a computer, either way there are pros and cons on one side the human factor and the other side electronics factor both have their problems and if they are not complemented by other security arrangements the money spent on C.C.T.V. installation will be wasted.

Additionally the use of covert C.C.T.V. cameras could be considered. The use of hidden cameras that can record in complete darkness thanks to infrared illumination, are being widely used not only as a deterrent but to detect white collar crime using concealed pin hole lens cameras.

It was decided that because of vandalism at certain schools C.C.T.V. cameras would be installed as a deterrent. C.C.T.V. cameras were installed at considerable expense. These cameras were then linked up to a monitoring station who would dispatch a security patrol to a given area if criminal activity was seen.

The monitoring station was staffed with seniors who were paid a minimum wage. The security response patrol consisted of one vehicle staffed by an equally low paid untrained security officers, Communication between the monitoring station and the patrol vehicle was very sporadic due to the fact that inexpensive radio equipment had been purchased.

Why would the school board install sophisticated and expensive C.C.T.V. equipment and then back it all up with inexperienced cheap labor? Within a period of a month most of the cameras were either vandalized or stolen and the complete security operation was closed down at a considerable expense.

Alarms: A good electronic alarm system is vital to the security of any corporation. What is just as important is how or where is this alarm system monitored. Traditionally the alarm is monitored by an Alarm company who upon receipt of an alarm situation will notify the police department. The police in turn should respond within a given time or may phone the premises instead of responding in person, false alarms are very common and the police do not have enough men or personnel to respond to each call. At this time more and more police regions have initiated a false alarm policy whereby after a certain number of false alarms the police withdraw response.

Other security companies not only monitor the alarm system but provide response as well as notifying the police, this is obviously the ideal as response is guaranteed.

An adequate alarm system specifically designed for a given task will give protection but as with other traditional security solutions they should be integrated into an overall security program.

Alarms do deter burglars and their use as a deterrent is obvious. The false alarm problem requires an integrated approach, system owners must be educated on how to use their respective alarm systems.

A top executive has a $5,000.00 alarm system installed in his residence. Unfortunately his wife had two family cats. Every morning before she went about her daily business she zoned out the ground floor IR detectors to allow her cats to roam free in the residence. When the system was installed the client decided not to have detectors fitted to his windows, therefore once the IR detectors had been zoned out, the security integrity of the residence had been breached. The client was advised of this fact yet he choose to ignore the fact that his residence was extremely vulnerable.

You would be surprised just how many system owners do not know how to use their system, so what do they do? They do not use them, resulting with obvious repercussions.

The reliability of electronic equipment used to detect intrusion whilst minimizing false alarms should improve as technology advances. Alarm systems should be be installed by reputable installers because if they are not, false alarm incidents will occur more frequently, equipment must be tested on a regular basis to ensure it is completely functional.

Another important factor to consider is would it be more efficient to protect the outside perimeter of a building to ensure earlier detection before intruders enter the property. Exterior protection technology has considerably improved during the past few years. Before deciding on an interior or exterior system certain factors have to be considered beforehand. Ideally a security survey should be conducted to identify areas of risk, once this survey has been completed an appropriate decision on which system to adopt can be made.

Electronic protection can also be supplemented with good fencing and exterior and interior lighting. A good chain link fence of sufficient height coupled with good illumination will certainly deter most intruders.

Locks: To date a burglar proof lock has not yet been designed, adequate locks are available and will deter even the most determined. Duplication of keys is easy (even though some keys are marked not to be duplicated). Key blanks are readily available making it a simple process to gain unauthorized access.

Master keys are distributed much more widely than they are supposed to be and sometimes key control is made so complicated that it is easier to hand out master keys. Some corporations leave vital company records and materials insecure and rely on the door to the office being locked. Access control systems now superseding locks by using programmable access security cards, not only can you successfully control access, you can also identify who gained access and the time access was made.

Filing cabinet keys are usually left in the office in some obvious locations, likewise computer access numbers and sometimes even safe access numbers are left within easy reach of a secretary's desk.

Keys are not inventoried on a regular basis and employees are not made accountable for his or her own keys.

Computers: The biggest danger in computer theft is ignorance. Corporations do not realize the extent to which their systems are being broken into.

The computer is the accounting ledger and safe of the business community. The amount of money which is electronically moved around the world on a daily basis is immense.

Geographic boundaries have disappeared. A telephone and a computer terminal is all that is needed to commit a crime against an on line computer thousands of mile away. Statistics suggest that less than 15% of all computer crime is ever reported mainly because of the fear of confidence being lost in the company concerned.

Computer crime is difficult to detect and even more difficult to prove.

The majority of computer crimes could have been prevented if appropriate security measures had been implemented.

The screening or personnel involved in computer functions is often overlooked. Decisions regarding the locations and construction of computer centres should be taken into account, this is rarely done.

Electronic screening devices to protect against any electronic penetration of the computer system should be installed sooner not later.

Disclosure of trade secrets by employees is now commonplace and as people within the computer industry are particularly mobile employee agreements should be initiated to prevent employees leaving one company and taking valuable confidential information with them to their new company. These agreements have to be enforceable.

Computer viruses are also a major problem which are not taken very seriously. Security measures should be introduced to prevent computer programs from becoming infected.

Access into computer areas must be strictly controlled ideally with access control cards.

Physical security of computers is often overlooked. Recently a major company were moving locations and in the space of 48 hours $45,000 worth of computer equipment had been stolen.

Disaster plans should be developed in case of a fire, vandalism, or power failure. Back up power to run the computers will be needed and backup data banks which should be secured at another location.

WHAT IS HAPPENING TO CORPORATIONS AND ORGANIZATIONS TODAY

No corporation or executive is immune from a security related incident. All we have to do is pick up any newspaper and read all about it.

Mergers and acquisitions occur almost daily, business espionage is on the increase. Ethical vs. Unethical business practices are highlighted daily, Bosky and his inside trading deals brought him huge fines and brought the attention of the media to just how businesses conducted their business affairs.

Research companies are continuously being targeted by their competitors for valuable research information, manufacturing companies face the same risk.

Stolen data can offer an outsider precious insight into the strengths and weaknesses of a company.

This information is gained usually because the corporate security program was not formulated correctly or was not being adhered to.

John D. Rochfeller wrote, "Next to knowing all about your own business, the best thing is to know all about the other fellow business.", a good well prepared security program will certainly deter and in some cases prevent this from happening.

A lot of multi national corporations have business interests and personnel working in high threat areas. Most corporations should be increasingly alert to the hazards of overseas travel and should be preparing ahead of time for the possible dangers that could effect their executives.

Terrorist attacks, kidnappings, air disasters, bombings, hotel fires and ordinary street crime are becoming more prevalent each year and still we learn of executives being kidnapped and held for ransom.

Corporations operating in third world countries should submerge their identity as much as possible in favor of their local subsidiary.

Elected members of parliament are being investigated by the R.C.M.P. for misuse of monies, theft, insider information, misconduct, the list is endless, these people who once upon a time were beyond reproach are now causing the public to cast a critical eye not only on the individuals themselves but the organizations and corporations they are aligned with.

The growing litany of corporate misconduct has shaken confidence in not only business ethics but also corporate loyalty. Thousands of people died in Bopal and these deaths must have weighed heavily on the corporate conscience of Union Carbide.

Ethical concerns have traditionally been viewed as irrelevant to corporate success.

If it costs more to install expensive antipollution devices than to violate legislation the corporate decision could be to maximize shareholder returns and pay the impending fine.

Business ethics like all other ethics cannot be taught they are part of an individuals psychological makeup, taught by example and formed by family culture and environment. The majority of corporations try to prevent outsiders from becoming aware of problems within the corporation and rightly so, confidence is easily lost and if a given situation is allowed to get out of hand it could seriously damage corporate image. Attempting to hide, suffocate or dispel very real serious issues can also have adverse effects within the corporation as well. (Richard we need an example of this.)

The extent that corporations lose valuable information will never really be known. The two main reasons for this is many corporations are unaware that they are in fact loosing information and those that are aware do not advertise the fact publicly. This information is usually obtained by the use of electronic means (electronic bugging devices).

Unfortunately most corporations do not call in the services of a Technical Surveillance Countermeasures (T.S.C.M.) expert until it is too late. Not all information is lost through the use of complex electronics. Telephones with hands free features can be quickly adapted to remain live even when the phone is left on the hook. Recently a multi national corporation discovered a "funny" phone plugged into the wall in their boardroom. Nobody knew who put it here or in fact how long it had been there. This phone was live and everything that was said in the boardroom could be picked up by a similar phone located outside the boardroom. Two days before the discovery of the phone an important board meeting had taken place in that boardroom. Cellular phones are also very easy to penetrate. Ask Stuart Smith, B.C.'s attorney general about that, he was forced to resign over comments he made over his cellular phone. You would be amazed at the number of executives who discuss sensitive company business over their cellular phones, and why do they do it? Nobody has warned them of the dangers.

Improper disposal of sensitive garbage is another sure fire way of loosing valuable corporate information.

Most companies keep confidential files under lock and key until it is time to dispose of them. They simply throw sensitive material into the garbage and security goes out of the window. This information does not have to be top secret to be vulnerable. Imagine what would happen if your competitor got his hands on your product development plans, customer lists, sales forecasts, etc. Legally garbage once disposed of is considered public property. How many corporations even realize the extent of this type of security risk. Obviously the answer is shredding all confidential material, if this is not possible garbage containers should be monitored by C.C.T.V. cameras or kept secure until it is disposed of, but where is it disposed to and who can get access to it at a landfill. There was a recent case where a garbage truck driver was paid to drive his garbage truck to an isolated location and allow two men to sift through the garbage he had collected. Drive through any city late at night and you will more than likely observe men in back alleys sifting through garbage bags.

The use of electronic listening devices is growing at an alarming rate. These devices can range from very dimple devices to ultra sophisticated devices, motive and money will decide on what degree of sophistication is used. The introduction of these devices into boardrooms and offices is extremely simple. Anybody with a little technical knowledge can purchase the parts from any local radio supply store, put them all together and plant them as and when required. something as simple as a baby-sitting device can be adopted as a transmitter and receiver.

A T.S.C.M. program is another important part of the integrated security system program. Technical sweeps should be carried out periodically in areas deemed to be at risk. This is especially important prior to sensitive boardroom meetings. One important thing to remember is once a boardroom is swept and declared clean unless the boardroom is monitored before the meeting and during the meeting there is no guarantee that listening devices have not been introduced just prior or during the meeting. All corporations should include T.S.C.M. services in their overall security plan, from big corporations to lawyers, anybody with any sort of proprietary information is at risk. Many bids for contracts and tenders have been lost because somebody discovered what a competitors tender bid was. Information is constantly be passed between corporations.

In their desire for a competitive advantage they sometimes forget business ethics to obtain advance information about the competition and in doing so ignore the ramifications of being caught. Do not associate the word espionage with James Bond, it is a fact of doing business, forget that and you will pay the price sooner or later. The number of listening devices that have been discovered during the past year has more than doubled, indicating that the problem is getting worse not better.

Another growing concern of certain corporations is that of product contamination. What does a company do if faced with this sort of situation. If handled incorrectly millions of dollars in lost production and on market shares could occur.

A confectionery company received a telephone bomb threat, the company was ill prepared and resorted to evacuation. This evacuation caused lost production to the tune of $200,000. After subsequent training a similar situation occurred within weeks and when handled correctly cost nothing. The insurance company involved would not pay up because correct procedures had not been in place before the first incident.

In England, product contamination is becoming so prevalent that Scotland Yard has formed a special police squad to deal with this type of crime.

Product contamination extortion is difficult for corporations to anticipate, but with planning corporations can have the ability to effect the outcome by the manner with which the negotiations are handled.

Crisis Management is planning for a crisis. Every corporation should have not only have a Crisis Management Team but procedures, policies, and plans necessary to prevent, manage and recover from any given crisis situation.

In its basic form crisis management is being prepared and its nothing new to most corporations so why do many corporations pay lip service to it. A large multi national corporation was approached with a view to offering crisis management consulting services, the consultants where informed in no uncertain terms that every thing was in order and a crisis management team and crisis plans were in effect. Upon probing it was discovered that three members of this team were no longer in the company, one had been promoted out of the position, (with no replacement nominated), the team had also not sat together for three years and the team had never conducted any scenario training to ensure that crisis plans were valid. Many corporations do not realize that to plan for a crisis before that particular crisis develops is vital to the survival of the company. It is a case of not being able to see the forest for the trees. Attempting to make corporate decisions in the middle of a crisis is almost impossible. The speed and intensity of a crisis can sweep you away. Look at the difference in the way two well publicized crisis were handled. The Tylenol incident was well handled at all levels resulting in maintaining its market share whilst Perrier mishandled it's crisis and lost a great deal of money in its share of that market, and is still trying to recover.

Contingency planning should be part of a corporations integrated security program and as such should be reviewed as often as is necessary.

Drug abuse in business is rapidly becoming a large social problem. Drugs cut across all social barriers, ethnic groups and the like. Drug usage in the workplace is costing a considerable amount of money in time lost to accidents, absenteeism, low production, health and medical costs, and security risks, the list of damage is endless.

Recognizing drug abuse is often difficult and in most cases it is easier to just ignore and hope it goes away, well it is not, it is getting worse. Management at all levels must take an active role in addressing the situation. Education of employees maybe the answer, training in awareness, recognition and symptoms of drug use all have to be covered.

Company polices towards drugs have to be formulated and directives issued to employees. The problem of drug abuse is here to stay, it is not going away.

Animal rights activists have suddenly taken a violent turn. In England alone over 422 illegal acts were committed by Animal rights activists ranging from 14 attempted explosions to theft of laboratory animals, vandalism of equipment and consumer goods.

The Animal Liberation Front (ALF) is just as active here in Canada as many retail companies have discovered to their horror. Recently an employee of the Ontario Humane Society was stopped by the police and was found in possession of spray paint, black hood, and breaking and entering tools. This person had been involved in the Litton Bombing incident and it was alleged he carried out the initial surveillance. It would appear that certain elements are now using these fringe organizations as a cover for urban disruption.

ANSWERS SOLUTIONS:

The security of critical assets against internal and external threat requires the integration of state of the art structural designs, equipment, personnel and procedures to provide complete physical security in depth.

Many people believe that by simply installing an intrusion detection system to protect their assets is all that is needed. Unfortunately this misconception can sometimes prove to be a gross area of judgment. Intrusion systems do not provide protection they provide detection. These systems however are a major component of a fully integrated system to protect assets using a minimum amount of security personnel.

A fully integrated system must have the means to not only assess the validity of the alarm but also to delay perpetrators until an effective response can be made.

This integration of detection, assessment and response requires a logical, systematic approach.

There are two phases to this type of approach, defence and detection. It is essential that assets in need of protection are identified and what type of threat or risk is involved.

In addressing the defensive situation the response time is a critical factor because without a reasonable response time an effective protection system will not work. The actual time it takes the police or security to intercept a perpetrator in response to an alarm situation is vital to the overall plan.

The next step will be to set up the intrusion detection system and the assessment system to verify the alarm. When possible detection should occur outside or on the perimeter this allows for adequate response time. The placing of the intrusion detection sensors should be carefully considered as should the type of sensor to use. It is important that the perpetrator is detected before he actually breaches the integrity of the facility. Unfortunately sometimes sensors are placed inside the facility being protected resulting in their not being detected until it is too late.

A layer system should be used thereby using wills, windows, doors, floors and ceilings to build defensive layers around the facility, these layers are designed to delay a perpetrator remembering that walls, doors, windows, will all have different delay times. Fences cannot be included as one of the defensive layers as usually they only act as a deterrent or boundary demarcation. C.C.T.V. cameras can be used on the perimeter providing they are monitored correctly and have a response capability.

The first step in finding a solution is to carry out a risk/threat assessment. Remembering that risks/threats tend not to be static. They build and recede. Ask yourself, "Who are you protecting, from what?. This process of risk/threat assessment helps corporations plan the appropriate countermeasures to protect their critical assets. The risk/threat assessment development process is equally applicable to threats from organized criminal elements, individual criminals, mentally incompetent persons, disgruntled employees, extremists and finally terrorists.

The actual assets that require protection have to quickly be identified and their priority level to the corporation and its function determined.

The development of threat profiles covering past threats, evaluation of potential risks, measuring the amount of risk, how to control the risk and finally determine the appropriate response to the risk are all areas that must be looked at and not forgetting, similar threats to other corporations.

The next step is an analysis of the present state of security. Defining problems, assessment of training, reaction of outside resources responding to alarm situations, present state of preparedness.

The security problem can be analyzed as follows:

Assess the impact of losses vs probability. List alternatives, evaluate alternatives, implement tighter security, remember the degree of predictability.

The solution should be a blending of all resources. Using this risk assessment profile it will be possible to combine a full range of security measures, such as intrusion systems (external and internal) access control procedures. T.S.C.M. sweep programs, as well as procedural and personnel intensive measures into one complete integration of security systems. Without this integration of systems' physical protection of a facility is extremely difficult. Other considerations would include, installation costs, operational restrictions, annual maintenance costs, reliability and maintainability of equipment, environmental considerations, aesthetic prohibitions, impact on insurance premiums nuisance alarm susceptibility. All these and other factors will be used to evaluate cost, performance and operational impacts.

The risk assessment development process will provide the corporation with rational means to successfully select the appropriate security measures, thereby ensuring that all security resources are used a sufficiently as possible. Frequently one can learn from success but for certain one needs to learn from failures, by analysis of other corporations actions it maybe possible not to make the same mistakes "twice".

CONCLUSION

One of the biggest problems for corporations has been in developing an experience base sufficient to enable the to successfully address security issues.

Obviously no one corporation can develop such a base on its own, so the solution has been to utilize specialized security consultants. Consultants are usually brought in to assess the security situation and make specific recommendations. It is however the corporation itself who have to take the ultimate decisions regarding corporate security issues. One of the hardest things to sell V.P.'s and CEO's is to implement proactive security measures.

The days of using just common sense and measured vigilance have gone only by implementing proactive procedures will prevent serious security situations.

The days have long since gone when the large corporate infra structure was safe except for the occasional petty crime wave. Today's criminals and terrorists now realize that more can be achieved by exploiting corporations through, product contamination threats, industrial espionage, kidnapping, extortion, acts of violence, and threats in general. These outside sources in their own way are forcing corporations to change the way they do business and in doing so effect the corporations bottom line.

Certain corporations realized the potential threats years ago and put into place integrated security programs around their corporations, these corporations have now realized their wisdom and foresight and were able to deal effectively with problems as they occurred. Once in position these programs enhance all existing security.

It must be realized that integrated security programs have to be in place before a problem occurs not after.

If it is decided to complement one of these programs it is important it is prepared and implemented by security professionals. You cannot cut corners on this type of program we all know proactive security is a difficult concept to sell and if it is fobbed off as being an unnecessary expense when the time arrives (and it is not that far away if we believe in trends) to react to a given situation it will be too late.

We in Canada have been fortunate enough to have the time to prepare and lay the cornerstones of integrated security programs we had better not waste this time, because in the coming years it will become part and parcel of doing business and will most definitely effect the bottom line go tell that to the CEO's.

©1994, Alan Bell