Coping with security challenges: Step by step security management

Security management never ends and is always partial and selective. This is because:

1. There are limits to the amount of information you can deal with - not all factors affecting security can be grouped and treated simultaneously;

2. It is a complex process - time and effort are necessary to create awareness, develop consensus, train people, deal with staff turnover, implement activities, etc.

Security management is pragmatic:

Security management can rarely attempt a comprehensive, long-term overview. Its contribution lies in the ability to prevent attacks and highlight the need for organisational strategies to cope with these. This may not seem very ambitious, but we must not forget that too few resources are usually allocated for security!

When reviewing a defender’s or an organisation’s security practices you may discover some sort of guidelines, plans, measures or patterns of behaviour already in place. There will be conflicting forces involved, ranging from stereotypical ideas about security practices to a reluctance to increase existing workloads by incorporating new security activities.

Security practice is typically a fragmented and intuitive work in progress. Security management should aim to make step by step changes to improve performance. Security rules and procedures tend to emerge from parts of an organisation covering specific areas of work, such as logistics or a field team especially concerned with its security, a manager under pressure by donor concerns about security, etc.

Step by step security management opens the door to informal processes and allows space for new practices to take root. Sudden events, such as security incidents, will prompt urgent, short-term decisions that, if properly managed, will shape longer term security practices for the whole organisation.