IFSECInsider-Logo-Square-23

Author Bio ▼

IFSEC Insider, formerly IFSEC Global, is the leading online community and news platform for security and fire safety professionals.
May 27, 2009

Nothing found. Please check your show/episode id.

Download

State of Physical Access Trend Report 2024

‘Threat’ comes before ‘Risk’

In his Curriculum Vitae, Steve Garton describes himself as pro-active and diligent. These are commendable qualities in an era where everyone seemingly wants to ‘get ahead’ but, generally speaking, will not put in the time and graft to do so. Many of today’s cohorts want advancement on a plate, with no effort or strings attached. Life doesn’t work like that – at least not for most of us, anyway.

Garton’s also at pains to point out that there’s enjoyment to be had from “delivering [security] consultancy without ambiguity or fuss” – and he should know. Armed with over 25 years’ operational experience on the global security scene, Garton – a proud member of The Security Institute who serves on its Validation Board – now sits as the director of security at Advent IM with a strategic focus on all aspects of physical security.

This is a man who’s a recognised expert on how to safeguard against the biggest threat to an organisation (ie its people) in a given building, the measures companies ought to take to prevent physical theft or information breaches, the importance of understanding threats before any money is wasted on mitigating perceived problems and the necessity of integrating all aspects of security management systems.

Importance of independent commissioning

“Let’s not forget the importance of independent commissioning when addressing physical security, either,” enthused Garton as we break bread in The Mad Hatter hostelry, a stone’s throw from SMT Online’s London headquarters.

Advent IM is an independent information assurance and physical security consultancy, often brought on board by corporate clients to solve not just information assurance but also physical security-relatyed dilemmas as well. “We’ve spent the last two years developing our original information assurance company model into one that can confidently deliver the full protective security service,” explained Garton with not a little pride.

“During this time, it has become apparent that many businesses and, indeed, security ‘professionals’ don’t really know what they’re protecting against. The Risk Management Cycle is clear, and pretty well known by the majority, but how many practitioners are starting the process early enough, and with the right amount of information or intelligence on the threat they face?”

As far as Garton’s concerned, the process of review or analysis has to begin with a clear and thorough understanding of the threat(s), its vectors and agents. “Only in this way can practitioners properly understand the risks posed. The basic problem, Brian, is that the study of threat and its modus operandi are not widely understood and, clearly, are often glossed over.”

The art of threat analysis

Advent IM has spent a considerable amount of time training its consultants in what Garton described as “the art of threat analysis”, working all the while with clients throughout the UK and overseas.

“Why do security professionals not focus more of their attentions on the threat analysis?” queried Garton. It’s a fair point. “What are we protecting against? As professional security practitioners, we should pay far more attention to the threat(s) and facilitate the risk/decision-making process.”

Ultimately, that’s what begets a good manager or director and makes them stand out from the crowd, but how many can actually do this in the real world?

Garton currently manages a team of highly experienced consultants, each with a variety of skills ranging from physical security through to counter-terrorism, counter-sabotage and sensitive investigations. He studies constantly to understand the various threats, vectors and associated variations of modus operandi, working on the premise that a poacher-turned-gamekeeper in the mix is very often an advantage.

Environmental and threat assessments first

“How on earth can security practitioners start with the risk assessment? The environmental and threat assessments must come first,” stated Garton in no uncertain terms.

“Is the location to be protected situated in a high water table location, or sited on a partial flood plain? Are there protest groups operational in the local area? Sites are often selected [for buildings] before a threat assessment has been carried out, which is entirely the wrong approach.”

The basic question security managers and consultants need to ask themselves – but all-too-often do not, it seems – is: ‘Does the security design meet the client’s requirements?’

“Those requirements emanate from the fall-out generated by the threat assessment,” said Garton. “It’s nigh on impossible to produce a robust security plan unless you first understand what it is you’re protecting against.”

Garton is a firm believer in the edict that says we need more practitioners on board who can demonstrate an “academic thirst” for the discipline.

“In many instances, the quality of security on a site will be driven by the finances at the client’s disposal. If no additional funding is available for a project, the savvy consultant will look at what’s already on site in terms of CCTV and lighting and ‘overlay’ that with the master plan. As a consultant, I can see security components are now becoming more and more expensive. We need to look at that trend from the end user’s perspective, and try and help them to ameliorate it.”

Experience is everything in security

Garton has already been awarded the British Empire Medal by Her Majesty Queen Elizabeth II. His dynamism and resourcefulness are evident and, judging by the references he is able to provide in support of our conversation, Garton clearly harbours an extensive network of contacts throughout the security business sector.

On top of that, he has chaired industry-wide Working Groups up to Government/Association of Chief Police Officers level, and co-ordinated all aspects of security (including contingency planning) for large corporates and media/social events. In short, Garton knows what he’s talking about.

“Another hugely important point to make is this,” added Garton. “Who is commissioning the installer’s work on behalf of the end user? Frankly, too many clients are being ripped off by engineers who do a poor job. The good news is that the more intelligent installers are now holding their hands up and asking independent companies like ourselves to carry out commissioning processes for them.”

Garton’s operation has recently been engrossed on a large-scale Critical National Infrastructure project for a client that, due to security reasons, cannot be named. That work has paid dividends, having been applauded by many of those involved on the client side who now understand that an accurate assessment of risk – informed and underpinned by a thorough threat assessment process – is truly the way forward.

Saving resources at the design stage

“If security practitioners adopt this as their base point approach, in full recognition of the fact that the correct mitigating or counter-measures are appropriate, effective and help to save a considerable amount of money when it comes to security design, then they’ll not go far wrong.”

You’d be hard-pressed to disagree with that assessment, wouldn’t you?

Apparently, 95% of Garton’s clients have already begun the ‘security cycle’ at the risk assessment stage before either he or a member of his dedicated physical security team has been brought on board. Why?

Having read Garton’s incisive comments, hopefully prospective clients of all consultants will think twice before they determine to behave in a similar fashion.

For further information on the work of Advent IM, log on to the web site (check out the link provided on the right hand panel of this page)

Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted