Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (2.72 MB, 623 trang )
4
1. CONCEPTS AND THEORIES OF ASSET PROTECTION
ASSET VALUATION
The asset must have some type of value. The
value of the asset could be a real value, such as
a gold bar being worth a set amount of money
based on the weight of the bar and the current price of gold. The value of the asset could
be based on what it would cost the company to
replace it. This is sometimes difficult to calculate
when discussing specialty items such as the formula or recipe for a soft drink, or the patented
design for a product, the loss of which could
mean the end of a company. The most intangible valuation of an asset would be in what is
referred to as “reputational damage”—the loss of
the image of a company or consumer confidence
in a company. Reputational damage can occur
through major theft of customer information, a
senior executive being injured or killed, or the
brand name of a company being tainted through
inferior “knock-off” products. The loss of reputation is difficult to calculate because things such
as unrealized sales are nearly impossible to
determine. While it is not necessary to have the
actual value of an asset on hand at any one time,
the value of the asset must be known prior to the
implementation of any protection program and
reevaluated periodically thereafter.
RISKS
Criticality
Once the asset and its value are defined, it is
necessary to determine what risks there are to
the asset. According to the ASIS International
General Security Risk Assessment Guideline,
“risks or threats are those incidents likely to occur
at a site, either due to a history of such events or
circumstances in the local environment” (2003,
p. 6). It is therefore important to have data on
crime and incidents occurring in and around the
site. A vulnerability assessment will include a
thorough examination of the facility, personnel,
contents, materials, suppliers, and contractors,
especially anything that by use or omission
would damage, harm, or cause loss to the company or its personnel.
Frequency
The frequency of losses must then be determined through an examination of the types of
crimes and incidents in and around the facility,
with special emphasis on the dates on which
they occurred. A ranking of the events should be
made using a consistent scale (annually, monthly,
daily, or hourly) for all such loss events.
Probability
Through an analysis of this information, trends
may emerge which point to an escalation in activities that may precede a more serious crime against
the company. This will help to establish the probability of such an event occurring in the future,
assuming all other processes and operations at the
facility remain the same. Once there is a change in
the assets, the probability of loss will also change.
Impact
Finally, a ranking of the impact of any loss
on the company must be made. Impact is an
accounting of the tangible (real) and intangible
(unrealized) costs associated with such events. All
such tangible losses should be considered, from
the mundane, such as the loss of power or water
service, up to and including the loss of the facility
including its contents and a substantial portion of
the employees. Intangible losses such as the loss
of current or future sales or customers should also
be accounted for, to the extent that this is possible.
MITIGATION
Only after all of the factors of risk or loss have
been compiled and examined can the protection
officer assist with developing strategies to help
I. FOUNDATIONS
ASSET PROTECTION
mitigate the risk. All of the mitigation efforts
must be designed so as not to “substantially
interfere with the operation of profitability of the
enterprise” (ASIS, 2003, p. 6). Mitigation efforts
that do substantially impact operations are much
less likely to see executive support regardless of
the level of risk, as they also substantially impact
the profitability of the company.
Cost/Benefit
A cost/benefit analysis must also be conducted to help assist in evaluating the mitigation
measures against the costs incurred. According
to the ASIS International General Security Risk
Assessment Guideline, the cost benefit process
“involves three steps:
●
●
●
Identification of all direct and indirect
consequences of the expenditure.
Assignment of a monetary value to all costs
and benefits resulting from the expenditure.
Discounting expected future costs and
revenues accruing from the expenditure to
express those costs and revenues in current
monetary values” (ASIS, p. 4).
If the cost/benefit evaluation determines that
the cost of mitigating the risk is greater than the
cost of the asset, then other measures must be
employed.
ASSET PROTECTION
Layered Protection
Asset protection through risk mitigation
typically involves a concept of layered protection, also known as defense in depth. In this
concept, the asset is considered to be in the
center, surrounded by concentric layers of protection. Each layer contributes individually,
and as part of the whole, to the overall protection of the asset. The principles behind layered
protection consist of deterrence, detection, delay,
5
and defense/response. Each piece of the layered
protection concept can work on its own. However,
the most complete protection is afforded through
combining all of the layers.
Deterrence is the practice of discouraging
an individual or group from even attempting
to attack the asset. This can be accomplished
through a number of means such as signage,
fencing, lighting, cameras, or people. Signage
at the perimeter of the enterprise property
would warn trespassers of the property line
and the penalty for proceeding further. Further
enhancements to the signage could include the
addition of fencing, lights, and cameras. In a
personal protection role, the deterrence would
appear to be provided by the ring of protection
officers, or specialists around a high-profile
individual. In some rare circumstances, the illusion of additional layers of protection can be a
better and more cost-effective deterrent.
Detection is the identification of a threat,
preferably at the earliest possible opportunity.
Alarm sensors, cameras, and even protection
officers, are all means of detecting and identifying threats to the enterprise. A threat identified earlier in the asset protection process gives
the remaining layers of protection more time to
contribute to the overall protection of the asset.
Delaying the attacker also gives the other
layers of defense a chance to work together.
Sufficient layers of delay must be incorporated
so that the detection and defense/response
pieces of the asset protection continuum can
perform their roles. Delay can be accomplished
through an expansive perimeter that takes
a while for the attacker to cross, fences that
take time to climb, strong doors that must be
breached, and interior levels of protection such
as additional doors into rooms or a safe that
takes even more time to enter.
A sufficiently delayed attacker allows for a
defense to be mounted from within the site to
repel the attacker, or for a sufficient response to
be put together and proceed to the site. However,
the layers of protection must delay the attacker
I. FOUNDATIONS
6
1. CONCEPTS AND THEORIES OF ASSET PROTECTION
long enough so as to be able to stop him on the
way to the asset, or on his way out with the asset,
but before he leaves the property with the asset.
PHYSICAL SECURITY
Physical security planning was originally
based upon response to a military threat. A traditional reference for physical security is FM
19-30 Physical Security, published by the U.S.
Army, while a modern reference is the Facilities
Physical Security Measures Guideline published
by ASIS International.
The process used to plan physical security
measures is as follows:
1. Identify assets. These generally include
personnel, property, information, and image.
2. Loss events are exposed. Risks are identified.
This involves research rather than “seat of the
pants” reasoning!
3. Probability of the loss events occurring is
calculated.
4. Impact of occurrence is assessed for each loss
event. This means, the effect the loss event
will have in terms of direct, indirect, and extraexpense costs.
5. Countermeasures are selected. There can
be a vast array of interventions; generally
physical security utilizes target hardening
techniques, such as patrols, access control,
lighting, intrusion detection, surveillance,
weapons detection, and so on.
6. Countermeasures are implemented.
7. Countermeasures are evaluated as to their
effectiveness. Traditionally, this step has been
avoided by practitioners in physical security
and crime prevention.
Note: See www.securitysolutions.com and
www.securitymagazine.com for products and
applications.
Patrols are a key part of a physical security
system. They serve as catalysts for the system,
bringing all parts together. Patrols have been
traditionally used by military forces to scout out
the location and disposition of an opponent. They
are used today by police and security forces.
While still endeavoring to locate hostile individuals (felons), modern police patrols are used
to assess community environments. In a contemporary asset protection scheme, patrols are
not only concerned with criminal acts but also
with unauthorized activities, safety and fire protection issues, and the performance of auxiliary
services. These can include delivering the company mail, checking gauges, conducting lighting surveys, assessing behavior, enforcing lease
agreements, and assisting customers. Note that
community policing or problem-oriented policing
strategies that public police have adopted are
very similar to what security practitioners have
been doing for decades.
CRIME PREVENTION THROUGH
ENVIRONMENTAL DESIGN
Crime Prevention Through Environmental
Design (CPTED) is a system whereby territoriality reinforcement is established via barriers, access control, and surveillance. Its genesis
may have been in the construction of castles
and forts. The contemporary beginnings of it
were through the writings of Oscar Newman
(Defensible Space) and C. Ray Jeffrey (Crime
Prevention through Environmental Design). CPTED
theory consists of these various components:
Territoriality: Boundaries and property
lines are marked. This can be the placement
of barriers, shrubbery, and the use of
different colors of walkways to mark areas.
Psychological deterrents to trespass are
erected to establish territoriality.
Surveillance: Observing areas makes detection
and deterrence of criminal behavior more
likely. There are several types of deterrence:
Natural—keeping areas open to
observation, such as by clearing bushes
near access points, having windows facing
I. FOUNDATIONS
RISK MANAGEMENT AND INSURANCE
out into a common courtyard, or placing
a picnic area near a basketball court. All of
these make for easier observation of the area
to be protected. They facilitate detection of
criminal or unauthorized activity.
Electronic—technological aids are used,
such as closed circuit television (CCTV)
and volumetric intrusion detection systems,
such as passive infrared (PIR) sensors.
Organized—patrols by security personnel,
police, or citizen crime watches.
Access control: Maintaining boundaries
by restricting access to an area. Access is
controlled via the use of locks, biometric
systems, access cards, and other methods.
Access control is a physical deterrent to trespass.
Positive activity support: In a significant
departure from physical security, CPTED
uses activities that divert people in the
environment from involvement in crime.
This may take the form of recreation,
entertainment, or volunteer efforts that help
society (volunteer fire companies for youth).
Maintenance: The repair of “broken
windows.” An environment that is not
kept up properly may degenerate further.
People see broken windows and believe it is
acceptable to break other windows.
A “snowballing” or “rolling ball” effect
occurs. Prompt repair and cleaning of damage
or graffiti are essential parts of CPTED.
SAFETY
Safety ushers in the more contemporary
emphasis on asset protection and incorporates
the WAECUP Theory of Loss Control developed
by Bottom and Kostanoski in Security and Loss
Control (first published by Macmillan in 1983).
W — Waste of time, resources, man-hours,
space;
A — Accident that causes injury, downtime,
increased workers’ compensation costs, and
so on;
7
E — Error in planning or execution, which
results in lost funds;
C — Crime that causes loss and/or injury;
UP — Unethical/unprofessional practices,
such as misrepresentation, discrimination,
conflict of interest, and so on.
Accidents cost extensive amounts of direct loss
(cost of replacement and repair) as well as indirect loss (downtime, investigative costs, lowered
morale, legal fees, etc.) and extra-expense loss
(advertising, rental of new rooms or equipment).
Note that there are also extensive administrative
law requirements under OSHA (Occupational
Safety and Health Administration) and state
agencies
(CALOSHA
and
Pennsylvania
Department of Labor and Industry) with which
organizations must comply. Safety is a major
concern to organizations for all of these reasons.
Many persons in charge of security are also in
charge of safety. A Director of Safety and Security
has become a common title in health care, on college campuses, and in hotel environments.
RISK MANAGEMENT AND
INSURANCE
“Risk management” is a term closely associated with the insurance industry. It is similar conceptually to the physical security planning process
in its implementation, but it deals with risks other
than “security” threats caused by humans. It is
not limited to “target hardening” (risk reduction)
approaches, such as the use of locks, barriers,
intrusion alarms, and so on. Strategies for managing risk include the following:
Risk avoidance—such as completely avoiding
the risk of an earthquake by avoiding
geographic areas where there are active fault
lines, staying out of countries that are known
to kidnap people for ransom, or not making
dangerous products, such as explosives.
Risk transfer—means transferring
the financial impact of loss to another
I. FOUNDATIONS
8
1. CONCEPTS AND THEORIES OF ASSET PROTECTION
organization or entity. Insurance coverage is
the usual means of risk transfer. The insurance
company takes on the cost of repairing or
replacing the asset at risk instead of the
enterprise. Of course, this comes at some
cost and some delay in repairing or replacing
an asset as the insurance company must
investigate and process the claim. Outsourcing
hazardous operations to other organizations is
another example of risk transfer.
Risk assumption, risk retention, or risk
acceptance—refers to accepting the risk, as it
has a very low probability of occurring; the
risk is extremely difficult to protect against;
or the cost of changing the risk to the assets is
so great or so low that any effort to change it
would either be too expensive or the losses so
low as to be inconsequential. For instance, it is
extremely unlikely that an asteroid will strike;
it is also impractical to defend against it. It
would likewise be impractical to purchase
insurance for a machine that has exceeded its
useful shelf life and has no intrinsic value.
Risk spreading—implies using redundant
systems of communication, power, or
information storage. The separation of
assets across some distance so that no one
vulnerability can affect the entire enterprise
is another example.
Risk reduction or risk mitigation—means
reducing the probability of a loss-causing
event through the adoption of preventive
measures. That is, taking methodical,
appropriate steps to lessen the risk to the
organization or the frequency, probability,
and impact of such risks and losses. Physical
security and crime deterrence would be
considered risk reduction. So, too, would the
use of safety equipment.
As you can see, risks can be reduced in a number of ways, but they are never truly eliminated.
Insurance can be thought of as the “last line
of defense” in a physical security system. It
provides the policyholder with financial compensation from the insurance company after a
loss has occurred. According to Purpura (1991),
loss prevention originated within the insurance
industry. Note that while the term “loss prevention” is utilized primarily within the retail sector, it is gradually being replaced with the more
representative term “asset protection.”
PRACTICAL EXERCISE
Pick some assets, such as vital information,
that an organization needs to operate: people, works, art, and so on. Place these assets in
the boxes to the left. Next, place the primary
threats that may face those assets such as fire,
Asset
terrorism, theft, and so on. In the column on the
right, list a risk management approach, such
as transfer, avoidance, or acceptance, which
would be most appropriate for dealing with the
threat.
Threat
Risk strategy
I. FOUNDATIONS
RISK MANAGEMENT AND INSURANCE
Insurance policies provided by an insurance
company are driven by the probability of loss
events occurring based on actuarial tables. The
premiums and deductibles are adjusted according to the loss event probability; so, too, is the
availability of insurance if insurance carriers
deem a risk to be too high and refuse to write
a policy. In these cases, organizations must selfinsure or join an insurance pool of other organizations that pool their funds in a liquid account
that is set aside in the event of a loss. There are
also government insurance programs for crime
and floods on the federal level, and workers’
compensation on the state level.
Various types of insurance coverage have
evolved, such as the following:
Business Interruption—for losses incurred
after a disaster, accident, or fire while a
business is not operating. Business interruption
insurance helps to control indirect losses
stemming from lost productivity.
Kidnap and Ransom (K & R)—for firms that
have had executives abducted by criminals
or terrorists. This coverage became popular
in the early 1980s in response to left-wing
terrorist kidnappings in Latin America. The
film Proof of Life with Russell Crowe portrays
K & R coverage.
Worker ’s Compensation—required by state
laws to compensate workers injured on the
job from the results of work-related accidents
and occupational diseases (Purpura, 1991,
p. 265). Rates paid for premiums by employers
are based on job hazard, and in part on an
employer’s record of accidents.
Liability insurance—to cover legal costs
and compensatory damage awards (punitive
damages are not generally covered).
Attorney’s fees and associated costs can
become quite high during civil litigation
regardless of whether the case is settled or
goes before a court.
Fire insurance—one of the first types of
insurance developed; some policies mandate
that the insured conduct periodic patrols
of various areas on the property—the use
of watch tour systems had developed as a
result of this.
Burglary insurance—for losses associated
with unlawful intrusion. Burglary insurance
policies generally require evidence of forced
entry.
Robbery insurance—coverage for forcible
thefts committed in the presence of another.
Theft insurance—policies cover losses from
theft; may include burglary and robbery losses.
Bonds—fidelity bonds require investigation
of the covered employee by the bonding
company (the insurer); these bonds indemnify
the holder against dishonest acts committed
by the employee. The holder of the bonds is
exempt from financial responsibility for the
dishonest acts of the employee.
Employment Practices Liability (EPL)—
insures against legal costs due to unlawful
employment practices such as sexual
harassment, discrimination, and so on.
Contemporary liability exposure for ongoing
illegal employment practices is substantial,
with awards and settlements running into
the multimillions.
EMERGING TRENDS
An emerging new paradigm of asset protection is the consideration that must be made for
an attacker who will enter a protected area with
the goal of destroying an asset in place. The
9
homicide/suicide bomber is an especially troubling trend and is difficult to provide sufficient
levels of protection against. The amount of time to
detect, delay, and defend is essentially reduced by
I. FOUNDATIONS
10
1. CONCEPTS AND THEORIES OF ASSET PROTECTION
half as the attacker does not have to add in time
to flee. Depending on the asset to be protected
and the preexisting environment in which the
protection officer must operate, strengthening the
ability to detect and delay the adversary must be
given especially careful consideration. This may
include the addition of intelligence assets that can
overtly or covertly uncover the adversary’s plans.
Cooperative information sharing with other entities such as law enforcement or in some areas, the
military, may be the best option for strengthening
the detection aspect of asset protection.
Like the homicide/suicide bomber, improvised
explosive devices (IEDs) are also an especially troubling trend. Not limited to areas of conflict, domestic extremist organizations have used these devices
to intimidate, maim, and destroy. Special attention
and alternative plans must be carefully developed
for organizations that conduct work that may
attract the attention of such groups, including specialized protection plans for executives. In areas of
conflict where the threat of IEDs is real, options for
reducing the risk include, but are not limited to,
traveling covertly, using decoy vehicles, or using
telephones, videos, and Internet conferencing.
SUMMARY
Being involved in the practice of asset protection is the first step toward advancement in
your field and acceptance in your enterprise.
The protection officer must be ready to volunteer and assist in learning this craft.
References
General Security Risk Assessment Guideline. (2003).
Alexandria, VA: ASIS International.
Biery, K. D., Jr., & Schaub, J. L. (1994). The ultimate security
survey. Boston, MA: Butterworth-Heinemann.
Broder, J. F. (1984). Risk analysis and the security survey.
Boston, MA: Butterworth-Heinemann.
Specialization in the industry is the continuation of a long-standing trend that is gaining
greater acceptance outside of the business. Both
large and small security businesses are finding
specialties in which to focus and thrive. Some
security officer companies are established as, or
are establishing, separate divisions devoted to
retail security in malls and protection of chemical
plants or nuclear power stations. Electronic security companies may find specialization in surveillance systems for casinos or integrating various
security, fire alarm, and building control systems into a cohesive platform using the client’s
computer network.
Professionalism is also the continuation of a
long-standing trend that is finding favor by the
companies and clients that security professionals work for and with. College degrees at the
Bachelor’s and Master’s levels are an almost universal requirement for security managers at all
levels, and for some security officers in specialized sectors. Certification by industry organizations such as the International Foundation for
Protection Officers and ASIS International is also
becoming a requisite for some companies.
Calder, J. D. (1985). Industrial guards in the nineteenth and
twentieth centuries: The mean years. Journal of Security
Administration, 8(2).
Coleman, J. W. (1969). The Molly Maguire riots: Industrial conflict in the Pennsylvania coal region. New York, NY: Arno &
The New York Times.
Constable, G. (Ed.). (1990). The old west. New York, NY:
Time-Life Books.
Cote, A., & Bugbee, P. (1988). Principles of fire protection. Quincy, MA: National Fire Protection
Association.
Fennelly, L. J. (1989). Handbook of loss prevention and crime
prevention (2nd ed.). Boston, MA: Butterworths.
Fennelly, L. J. (1996). Handbook of loss prevention and crime
prevention (3rd ed.). Boston, MA: Butterworth-Heinemann.
Fiems, R., & Hertig, C. (2001). Protection officer guidebook.
Naples, FL: International Foundation for Protection
Officers.
I. FOUNDATIONS
11
SECURITY QUIZ
Fossum, J. (1982). Labor relations: Development, structure, process. Dallas, TX: Business Publications, Inc.
Garcia, M. L. (2001). The design and evaluation of physical protection systems. Boston, MA: Butterworth-Heinemann.
Girard, C. M. (1989). Planning, management and evaluation, Chapter 31. In L. J. Fennelly (Ed.), Handbook of loss
prevention and crime prevention (2nd ed.). Boston, MA:
Butterworths.
Gilbride, B. P. (1999). Sexual harassment. In S. J. Davies &
R. R. Minion (Eds.), Security supervision: Theory and
practice of asset protection. Woburn, MA: ButterworthHeinemann.
Green, G., revised by Fischer, R. J. (1987). Introduction to
security (4th ed.). Boston, MA: Butterworths.
Hertig, C. A. (2002). Investigative concepts. Unpublished
paper. York College of Pennsylvania.
Hertig, C. A., Fennelly, L. J., & Tyska, L. A. (1998). Civil
liability for security personnel. Naples, FL: International
Foundation for Protection Officers.
S EC U RI T Y QU IZ
1. The ASIS International General Security Risk
Assessment Guideline defines an asset as
“Any real or personal property, tangible or
intangible, that a company or individual owns,
that can be given or assigned a monetary value.
a. True
b. False
2. CPTED stands for Crime Prevention through
Environmental Dedication.
a. True
b. False
3. Physical security planning was originally
based upon response to a military threat.
a. True
b. False
4. Risk Management is a term closely associated
with the insurance industry.
a. True
b. False
5. A vulnerability assessment will include a
thorough examination of the following:
a. Facility and personnel
b. Contents and material
c. Suppliers and contractors
d. All the above
Johnson, T. (2002). Retail loss prevention management models
Unpublished paper. York College of Pennsylvania.
Kuykendall, J. (1986). The municipal police detective: An
historical analysis. Criminology, 24(1).
Mackay, J. (1996). Allan Pinkerton: The first private eye.
New York, NY: John Wiley & Sons.
Matthews, L. J. (1990). Pioneers and trailblazers: Adventures of
the old west. New York, NY: Derrydale.
Nalla, M., & Newman, G. (1990). A primer in private security.
Albany, NY: Harrow & Heston.
National Advisory Committee on Criminal Justice
Standards and Goals. (1976). Report of the task force on
private security. Washington, DC.
Peak, K. J. (1997). Policing in America: Methods, issues, challenges. Upper Saddle River, NJ: Prentice-Hall.
Purpura, P. P. (1991). Security and loss prevention: An introduction. Stoneham, MA: Butterworth-Heinemann.
Sennewald, C. A. (1985). Effective security management (2nd
ed.). Boston, MA: Butterworths.
6. Deterrence is the practice of discouraging an
individual or group from even attempting to
attack the asset.
a. True
b. False
7. All risks can be reduced completely.
a. True
b. False
8. There is a theory of loss control developed by
Bottom and Kostanoski in security and loss
control. It is known as:
a. WASTE
b. WASTMGMT
c. WAECUP
d. WHATSUP
9. The most intangible valuation of an asset
would be in what is referred to as:
a. Liquid asset
b. Respectful damage
c. Punitive damage
d. Reputational damage
10. Intangible property include things such
as goodwill, proprietary information, and
related property.
a. True
b. False
I. FOUNDATIONS
This page intentionally left blank
C H A P T E R
2
The Evolution of Asset Protection
and Security
Christopher A. Hertig and John Christman
INTRODUCTION
CHAPTER OBJECTIVES
●
●
●
●
●
●
●
●
●
Discuss the importance of looking at the
cycle of history
List and define key terms
Explore the growth of the security
industry through wartime and policing
units
Compare and contrast private security
and public police
Explain how the fire protection industry
developed
Look at how commerce and economic
and marketing trends are related to asset
protection
Explore how demographics, historical
class struggles, and labor relations
have all contributed to the protection
profession
Provide avenues toward the PATH to
Professionalism
History is illustrative for many reasons; there
are trends and themes that run throughout the
march of time and that repeat themselves—to a
degree. P. T. Barnum said, “All history is bunk,”
and he was right—to a degree. History is a perspective. In many cases, that perspective gets
distorted, or lost, over time.
Studying history is important as it gives us
perspective on where things were, where they
are now, and where they may be in the future.
Historical analysis can provide insight into how
certain issues were dealt with. This may give
guidance in contemporary or future problem
solving.
Finally, history provides a laboratory for the
testing of theory. Solutions that were developed
in response to certain problems had positive
or negative effects in addressing those problems. An example is the Prohibition Era in the
United States, beginning in 1919. Alcoholic beverage manufacture or distribution was against
the law. As a result, huge criminal enterprises
sprang up in response to consumer demand. A
black market economy was formed with gangsters seeking to profit. Some people feel that the
Offer suggestions for pursuing
contemporary careers in asset protection
13
14
2. THE EVOLUTION OF ASSET PROTECTION AND SECURITY
current legal prohibition against drugs is analogous to Prohibition. This is an arguable point:
drugs are not as socially accepted as the drinking of alcohol was in 1920s American society.
Nonetheless, the emergence of black markets
due to extensive consumer demand for illegal
goods or services is something that all students
of asset protection should appreciate.
4.
THE CYCLE OF HISTORY
The security industry has a rich and varied
background. “Security” implies protection: safety
from attack, espionage, or sabotage. It means
being able to live, work, or play free from harm,
in a stable environment. Organizations must take
measures to minimize disruption. These measures are dependent on a variety of factors, such
as threat probability, criticality, culture of the
organization, financial resources available, and so
on. The measures taken have changed over time.
The historical development of “asset protection” (the broader, more contemporary term
encompassing safety and fire protection) and
“security” (the older term; more oriented to
crime/espionage/terrorism issues) reveals several trends. These trends appear to be cyclical
in nature.
1. Private initiatives generally precede public.
In many cases, private protective measures
are started to fill a void in services offered
by governments. Private corporations are
more nimble and flexible than governments.
This enables them to start new programs,
protection or control forces, etc.
2. Control forces may be involved in class
struggles. Control forces—military, police,
security—work to keep certain groups of
citizens in line.
3. There is a strong relationship between
commerce and protective needs. The amount
and type of commerce (ships, trains, Internet,
and so on) determines the threats or risks
posed to the commerce system. Each risk
5.
6.
7.
demands different protective strategies and
tactics. These change with technological
developments. Politics and economics are
also factors. In 2008 and 2009, piracy on
the high seas became a major issue due to
large numbers of unemployed mariners.
Demographics—population size, density,
age distribution—plays a key role in crime
control and safety. Large numbers of
recent immigrants who do not understand
the language or customs of their newly
adopted country create safety and security
challenges. College students living in
dormitories create another set of challenges.
High-rise office buildings with business
tenants have different protection needs from
two-story apartment complexes for lowincome families. Security measures must be
relevant to the environment in which they
are implemented and every environment is
different.
Military forces and concepts are intimately
involved in protection. Foreign invaders,
riots that have to be contained by soldiers,
and international terrorists are all addressed
by military forces. Contemporary protective forces often operate on a military
organizational structure. Police, security,
and firefighting organizations have a
paramilitary chain-of-command with
sergeants, lieutenants, and captains. The
military has clearly exerted an influence over
police, security, and fire departments.
Security efforts generally are a step behind the
latest methods of criminal attack. The saying
“As one hole in the net is mended, the fish swim
toward another” seems particularly relevant.
Protective efforts are usually initiated
after serious problems have occurred. The
September 11, 2001, attacks on the Pentagon
and World Trade Center initiated substantial
reforms in the federal government, such as
the Transportation Security Administration.
Wars and major natural disasters also create
new protective organizations, laws, and so on.
I. FOUNDATIONS