In an Age of Terror - Threat-Appropriate Security

In a world of instability due to military conflicts, global terrorism and constantly rising crime-rates, the need for professional security based on real field experience, is increasingly important.

The days when your local security-system installer automatically became your security consultant (just by being your electronic equipment vendor) are over. So are the days when no one paid attention to the installer's actual experience. And few cared about the conflict of interest involved, in which the installer's primary concern may have been to sell costly equipment, regardless of cost-efficiency, threat feasibility, or the man-machine interface (the user-friendliness and interaction between user and the system).

In the past, entire security systems were designed based on the approach and collaboration of law-abiding citizens; it's no wonder the systems completely failed when they encountered criminals and terrorists, or just unpredictable actions.

The ever growing phenomenon of information-technology-based crime (embezzlement, industrial espionage, identity theft, "phishing," system intrusion and sabotage) that has recently yielded criminals billions of dollars (US) annually presents the security industry with another huge challenge. Dealing with this type of security problem requires combining state-of-the-art technologies with advanced physical security techniques and tactics, and targeted awareness programs for IT professionals as well as for regular system users.

The old IT security approach assumed that firewalls, antivirus software, intrusion detection systems and intrusion prevention systems keep IT systems and networks out of harm's way. This tactic, which assumed that all threats originated from the outside (by hackers, criminals, etc.) has also become obsolete. In fact, studies show that over 70% (Garter) of all data security hazards originate from within organizations and close circles (though very few internal breaches are a result of mal-intent). Most often, innocent errors and lack of security awareness cause the breaches, yet the potential damage is just as severe.

Effective security (physical as well as IT) has to be planned and executed based on a comprehensive threat analysis that should include the following steps:

• mapping the assets and objects to be secured
• prioritizing assets according to their importance to the organization or operation
• analyzing the potential threats to the operation and the feasibility of each respective threat
• assessing the real danger of the threats by evaluating severity combined with feasibility
• Studying the existing system and personnel and their ability to address the threats that surfaced in the analysis
• presenting the findings and recommended strategies to the person responsible in the organization (such as the chief security officer), setting expectations and obtaining their approval on the strategy
• implementation planning and budgeting

What this means

It is clear that 100% secure systems do not exist. What's most important is to implement the highest priority and most effective solutions given the resources available.

We, at Max Security Solutions believe that professionalism, a field-experience-based approach, creativity, special attention to detail, a comprehensive threat analysis, and expert implementation result in an effective security system and program.