Capital Investments and Security Management Pitfalls

Investments in the modern business world influence the future success of organizations. The financing used in the bidding process should be distributed tactfully and provide some form of return on investment. Capital organizations that invest in security functions are no different. These functions should have a specific purpose (risk reduction) and can be justified by cost-benefit analysis. Thus, the security sector has moved from a labour-intensive market to a capital-intensive one; This means that physical security systems are created and managed through funding. It would seem that the capital invested in security is managed effectively. After all, isn’t the invested capital used to protect against losses, prevent losses and prevent theft?

Since September 11, the security sector has experienced a peak of demand. This issue has led to a requirement for security professionals to effectively manage capital spent during the life cycle of the system and during modernization projects. In the process of acquiring, organizations request and buy various services that have long-term implications for their security situation. These services include advice on security management techniques, technical security reviews and forensic security advice (expert witnesses).

Statistics from the security industry show that different markets have experienced rapid growth. Nationally, the United States has spent $451 billion (as of August 2014) on national defense and more than $767 billion on national security since September 11. Consumer reports also show that Americans spend $20 billion annually on home security. Technical trends have shown that organizations spend (a total of $ 46 billion a year) on cybersecurity. The asset protection market shows that the contractors industry has grown by $18 billion a year. In an effort to avoid loss of value, retailers are also investing $720.3 million a year in loss prevention methods.

One might also think that with the amount of capital spent in the security sector, there will be more industry benchmarks (including lessons learned) that will help stakeholders make reliable investments in security. Often this is not the case. Most of the final products of security projects are the result of various security management installations. These safety mindset traps are the result: thinking of a cookie cutter – if a safety measure works well somewhere, the risk is reduced at many sites; Fragmented thinking – if there is capital, some risks are reduced; The principle of maximum security – security is never too much; and the gregarious mentality is that everyone does it, so we better do the same. Each of these traps has the same effect on the results. They divert any potential capital from real risk management and often force organizations to invest more in a security program to fix newly created vulnerabilities.

These pitfalls are compounded by two main problems: the party concerned does not know what security measures are needed and relies on a supplier to help them; or the potential provider does not take into account the interests of stakeholders and recommends that the stakeholder take actions that go beyond the customer’s needs. Make no mistake about this author, some vendors in today’s security markets meet or exceed the requirements of stakeholders. From a security management perspective, the question should be asked: “Does the supplier understand the security needs of the person concerned and/or does the vendor really care?”

Interested parties often do not define their specific safety requirements (industrial or local). Many stakeholders identify various symptoms that they believe are fundamental security concerns; never realize that these symptoms often hide the underlying problems. One of the main factors behind this misunderstanding is the lack of security training. Of course, the organization has security personnel with years of experience.

Another trap of fuzzy definition of security requirements is the development of a fuzzy technical task during a bidding or requesting an offer. When the project planning aspect is ignored, minor changes in volume can cost the organization additional resources. In many cases, the seller does not understand the technical task prepared by the interested party. When this misunderstanding arises, there is no real definition of what the final product should be, and the seller can rely on his instincts to establish a security system that meets certain requirements. Lack of understanding can lead to an expansion of the scope, intentionally or through supervision, forcing the organization to invest even more in a system that does not meet all the needs of the organization.

This author has also witnessed many problems with the installation of security components. You wonder why the functional aspect of the system is ignored, and acceptance tests are often conducted in a hurry. This problem may be related to the need for well-trained security personnel. If security personnel are not trained to assess security practices and identify manufacturers’ requirements, how can they effectively accept the functionality of the system and inform high-level management in good faith that there is effective physical protection for the system?

Another trap is the pricing of services. In the process of inviting and requesting an offer, stakeholders often rely on cost comparisons when selecting a vendor. A limited amount of capital may result in the interested party choosing the lowest bid for the project to meet the budget requirements. To the attention of the buyer! Any security system that does not meet the technical requirements and has too low a price should be carefully evaluated. At least 50% of the costs associated with security projects are difficult. The seller may recommend security measures that are unnecessary and that can secure future work.

Leave a Reply

Your email address will not be published.