Security professionals and law enforcement officers have been struggling for years with the daunting task of designing operational procedures and protocols for their staff
The challenge of security protocol design lies in adapting operational and business considerations, with legal constraints into one effective, threat oriented procedure. Unfortunately, security and threat mitigation are not always the first issues to contend with in the design process. In fact, liability issues and business objectives, while extremely important, may overshadow the threat mitigation needs of the organization; a situation that can produce a reactive and ultimately ineffective security protocol. This predicament dictates the design of a security protocol that includes the following:
- Highly articulated procedures that describe in detail: suspicion detection, threat assessment and threat mitigation
- A comprehensive decision making matrix that can accommodate liability constraints.
- Simple and easy-to-understand procedures that can be integrated smoothly into general operations.
- Mitigation procedures that have both a deterrence effect and a customer service value. In order to design an effective threat oriented protocol we must first identify the aggressors’ capabilities, resources and methods of operation with regard to the specific environment being protected. It is important to “red team” the protected environment and characterize the necessary preparatory steps for the execution of an attack as well as the execution stage itself. Simulating the aggressors and their method of operation will help to compile suspicion indicators as they are derived from each terrorist or criminal scenario and integrate them into the protocol. The security protocol should also include a comprehensive decision making matrix. When designing this matrix it is extremely important to differentiate between threat and suspicion. Suspicion can be defined as “any unusual or abnormal behavior or situation that MIGHT indicate threat”. Threat, on the other hand, can be identified as “a suspicion indicator that could not be refuted and therefore is threatening” This distinction generates a protocol where the decision-making hierarchy is based on the following segmentation: - Responsibility for detection of suspicion.
- Responsibility for assessment of threat.
- Responsibility for deployment of mitigation procedures. The language of the protocols and procedure should be simple and articulated to reflect exactly the action required from the law enforcement officer or security guard. It is important to avoid legal vocabulary and keep the wording short and to the point. Creating a common terminology around the protocol facilitates the integration of the protocol and the training of personnel. The mitigation procedures should have a deterrence effect for the aggressor, yet a customer service value for the innocent bystander. The biggest deterrence for terrorists and criminals is a security or law enforcement officer armed with all the right questions. The protocol should include who-what-where questions that can be used by personnel to assess threat and refute suspicion. A question such as “how can I help you?” is surprisingly effective in creating both customer satisfaction and terrorist and criminal deterrence. |
