Fundamentals of security management that stood the test of time

IANS Photo

New Delhi September 10 (IANS) The concept of security whether it concerns the nation, an establishment of strategic importance or even a business corporation, revolves around some basic principles that brooked no compromise.

We live in an insecure world where the issues of security are knocking at everyone’s doors - the State has to protect its own integrity amidst threats, external or domestic, but it is also supremely responsible for the security of its citizens as well.

In a democratic dispensation, this can not happen unless people themselves show an awareness about security which makes them a conscious contributor to national security at large. This more than anything else, validates the first principle of security in our times about the ‘mainstreaming’ of this function.

Security of an enterprise is no more a matter of outsourcing it to a set of guards and their supervisors - it has to be built into the policy framework of the organisation, be based on planning and budgeting and above all, has to be in a position to act on the authority of the top man of the enterprise.

The head of the organisation is deemed to be the ultimate repository of the security function though he or she would normally assign this responsibility to one of the Deputies. This stands to reason for in the event of a senior member being suspected of violating mandatory security regulations, there would be a reluctance to bell the cat if the security set-up did not have confidence that it had the attention of the person at the very top.

In strategically sensitive establishments handling secret projects of the State, arrangements exist for taking prompt notice of any member exhibiting ‘vulnerability’ by way of falling for an ‘addiction’, living beyond means or befriending an ‘outsider’ in an unnatural fashion and confidentially checking out if there were grounds for any further suspicion.

The point is that security is a comprehensive call that can not be fulfilled without the notional involvement of the organisational leadership. Security clearly is a ‘mainstream’ task that embraces the length and breadth of the organisation.

The second fundamental principle of security is that it is an INTEGRAL concept. The establishment is either secure or insecure - there is nothing like a house being half-secure or half of it being secure.

Security basically is protection against ‘covert’ attacks of the enemy - an open or visible offensive against the nation will have to be countered by the defence forces of the country and if the target is an organisation, by the state law and order machinery responding to that attack.

The unseen adversary tries to damage the three ‘assets’ of the nation or the targeted organisation as the case may be - physical resources, manpower and protected information - and this is what was professionally called Sabotage, Subversion and Espionage respectively. These are security concerns.

In sensitive organisations, subversion basically meant changing the loyalty of a member away from the organisation to serve the cause of the ‘new master’, which can obviously be used for sabotage and espionage too.

Arrangements are accordingly made by the security establishment to ensure physical security, ‘personnel’ security and Information security - all put together through well-defined steps.

Anticipated risks are assessed for planning total security measures and apart from a certain standardised framework of security built on the risk assessment, special arrangements are made to deal with any specific threat that Intelligence might have indicated for the targeted entity. Intelligence is information about the secret plans of the adversary and this is always difficult to come by.

Large competing business corporates would like to know what the rivals were up to and they make substantial investments in creating a team that was engaged the whole time in studying the market and the competitors to produce the so-called ‘Business Intelligence’.

In these days of ‘knowledge-based’ decision-making, this function has acquired a newfound importance. The impact of climate change is another area of study now for security - across the spectrum of local to global concerns.

Incidentally, it is rightly said that ‘you have to buy security’ and that ‘security does not come cheap’. This is, however, compensated by another principle of security that emphasises that ‘cost-effective security was the best security’. The logic of this is easy to understand. If two men can do what a team of three was assigned to do or where an operation could be completed in three steps instead of four, reduction would not only ‘lower’ the cost but also make the effort more efficient.

A simple definition of ‘efficiency’ is the ‘productivity per unit of resource’ - the resource here is not only the money and manpower but ‘time’ as well. This concept is fully practised by our national Intelligence agencies even though they had a reasonable assurance that resources would not be allowed to come in the way of their mission.

A security set-up is relatively free of bureaucratic impediments- decision-making is delegated subject to the healthy practice of seniors being kept informed. Also, the importance of work produced is often dis-linked from ‘rank’ and this was reflected in credit sharing as well.

Further, the ‘boss’ was free to do ‘tasking’ but he or she was also obliged to provide ‘guidance’ where it was asked for. A senior given to ‘escapism’ in regard to this responsibility would have no future in an Intelligence organisation or in fact anywhere else.

A fundamental thing about security is that it is not a ‘one-time event’. The scale and pattern of security are determined by the threat scenario and the latter was prone to changes - this is true of geopolitical developments, the environment in the neighbourhood and changes on the domestic front.

In the era of globalisation and knowledge economy, a rival can spring up from anywhere in the world and a smaller player could take an established business by surprise through ‘smarter’ ways of working.

Technology makes a human process ‘smart’ and now we have Artificial Intelligence (AI) that smartens up Information Technology itself. In the digital world, a lot is happening to upgrade life but for security, newer challenges are also emerging - ranging from Cyber Warfare to misuse of social media as ‘an instrument of combat’.

Proxy wars have expanded to include ‘information warfare’ and influencing the narrative to pull down a target country or enterprise. AI is opening up new frontiers of data analytics, robotics and identity emulation and pushing product development and business applications to new heights but it has multiplied security concerns as well.

It is feared that the security risks accruing from automation - of military offensives in particular - could outweigh the likely positives produced by AI for human advancement. Change is the only constant now and the entire challenge of security has assumed unforeseen proportions.

As it is, a Cyberattack is detected only after it materialised making the mitigation effort so much more difficult. AI, however, would theoretically make it possible to consider ‘preventive’ measures for security on the basis of study of the modus operandi of the adversary carried out through its power of analysis.

Security definitely was running into new challenges in a situation rightly described by VUCA( volatile, uncertain, complex and ambiguous) which made knowledge-based decision-making so much more difficult. A new threat scenario marked by the rise of covert warfare in newer forms because of the use of cyber or digital space is opening up a new vista of challenge for security. Man-made disasters are another developing area of security concern in this context.

Finally, it is the security domain that is putting leadership to new tests. In matters of security, the top man of the organisation will have to be decisive and capable of making decisions not out of notions of personal ‘charisma’ or of being ‘born’ a leader but on the strength of knowledge of what was happening externally and within the organisation.

The leader has to seek facts that make a difference between a decision and a guess and consequently has to make arrangements that ensure the flow of relevant information to him or her.

In the realm of security, the leader has to have the ability to communicate the organisational advice down the line with clarity, precision and unambiguity. The ethical code of the organisation should also be framed in a manner that covers the requirements of security.

For employees handling confidential information of a sensitive nature, there had to be an arrangement of internal vigilance that occasionally checked out the conduct of a member outside of the workplace. There is so much exposure of society to unscrupulous acts of the hidden enemy on social media, websites and other digital distractions that the classical mandate for ensuring ‘personnel security’ in all its nuances has to be understood well by the leadership.

Security set-up of a large corporate body would now have to have enough knowledge of the environment around and this would enable it to contribute to even advising the leadership on how to take the business forward.

A smart leader of the organisation would find ways of garnering that knowledge for corporate progress. Security in fact is an important instrument of grooming for the potential leader of the enterprise - this is the biggest proof that security was in all situations a ‘mainstream’ function today.