One of the things that is pretty interesting as you spend some time talking to people about how they look at information to make decisions and what are the things that are really important is you hear about the power of context. So to give a great example we’re working with an organization to create comprehensive security assessments. We want a way for them to understand, across all of their facilities, what are the critical factors in ensuring they were as secure as thy could be. This means what are all things that were directly related to the security of the facilities themselves like:
- Are the fences in good condition?
- What kind of fences do you have?
- Do you have closed circuit televisions and where do you have it?
- What type of policies do you have for people entering the building, background checks, and security planning
All of these different factors and an immense number of other things go into securing a facility. While those things are all important and this particular organization had specific standards, policies, and all these different things it had to adhere that went into how the organization was supposed to secure these facilities, it wasn’t taking into account some critical factors in how secure those facilities really were. So it was the contextual data that as they looked to plan what they were going to do in terms of shoring up their security, it couldn’t just be did they meet all of the standards alone.
While the standards are good and they help you get an understanding of how prepared you might be in a bad situation or if your existence is in a perennial troublesome state, it didn’t really give you a complete picture. To get a complete picture you had to understand the contextual data. You had to understand crime statistics. So if a facility that is in an area where, compared to the national average, there are an extraordinarily high number of homicides, violent crimes, assaults, thefts, and things like that, well all the sudden those physical security assessment characteristics take on a whole new meaning. It becomes a much more critical thing to have fences when those fences are the only thing separating you from an outside world that is very scary. So as the organization looked to prioritize where it was going to spend its physical security resources, the most critical factor wasn’t just the status of the assessment itself but it was the context at which that status existed.
Similarly it’s not just about the facilities themselves but also about what the value of the things in those facilities is. It’s hard to say that a facility with four people requires less security infrastructure than one with a hundred because everybody is important. On the other hand I think that for most people if you look at a facility that’s got 300 people, a daycare facility, a bunch of other high value assets, or just a mass of people, those are places where you might want look to secure them earlier. Other factors might be things like the age of the facilities themselves, the age and time of the last security assessment, or the last building upgrade. These area all factors that go into helping you understand just what the real status is as opposed to simply looking at do they meet the criteria or not. It just doesn’t give you enough information to make decisions.