In Lewis Carroll’s “Alice in Wonderland” the main character is wandering through a bewildering new land with no idea what lay ahead. She happens across the strange talking “Cheshire Cat” and an interesting dialog ensues about which road to take. After discerning her lack of any destination other than to get “somewhere” the sanguine Cat finally tells her, “If you don’t know where you’re going then any road will get you there.”
In the realm of Corporate Security the same holds true. You need to know what unseen risks are in front of you. It always baffles me when organizations simply plow forward with a standard “one size fits all” security scheme without truly taking the time to understand their own domain and threats presented. This nearsighted strategy suffices until some unanticipated harm befalls the corporation, either because an incident was poorly managed or because security lacked timely and relevant information at a crucial juncture.
The most effective security organizations devote substantial time and resources to identify and prioritize their security risks. Knowing what your risks are is the first step in discerning how to predict and mitigate them. Once you know your risks, you can then put all your information sources to work to keep these threats at bay. A methodology I’ve found effective is the “intelligence cycle.” It’s often associated with the ubiquitous “Intelligence Community” but it has equal application for corporate security.
The intelligence cycle is an iterative process that begins with a thorough identification of the corporate assets that must be protected (essentially the organization’s “crown jewels” that are critical to the company’s core functions). The process then draws upon every available source of information to reveal and prioritize threats to these assets. Organizations use information with varying degrees of effectiveness. Some organizations only avail themselves of limited day-to-day information that naturally comes their way. Others fail to keep information up-to-date. Or they may neglect to take the next crucial step which is to identify gaps in knowledge and proactively fill these gaps. This is where creativity and initiative are important. There are many sources of information that can be drawn upon from external and internal sources.
In effective security organizations, the constant process of collecting and analyzing information is what drives decisions about the resources, processes and procedures needed to mitigate threats. No organization can prevent all harmful incidents, but by predicting where, when and how these incidents are most likely to occur the damage to corporate assets can be managed and minimized.
The intelligence cycle is not static. Rather, it’s a living, breathing, iterative process that constantly builds on the security organization’s knowledge, improving incident management and driving future decisions. For example, part of the intelligence cycle process involves analyzing incidents that do occur, and that information can be fed back into the process to better predict and manage future events, or even prevent them from happening in the first place.
In my experience, building an effective, institution-wide intelligence cycle capability also requires resources. Organizations need to designate an intelligence manager who is devoted full time to the threat management process. Another critical investment organizations need to make is to hire or train one or more intelligence specialists. Intelligence can’t be their ancillary duty; it must be their primary focus. A skilled analyst is a necessary asset for any security organization and critical to the process of transforming data into meaningful information.
Another crucial step in building an effective, institution-wide intelligence cycle involves consolidating information sources, analysts and monitors into one central command center. Most security organizations have multiple command and monitoring centers leading to fragmented information flows and poor decision making. Such compartmentalization of information hinders effective incident management and strategic resource allocations. To facilitate informed decisions CSOs must push to consolidate all intelligence resources with technical monitoring components in a single location, so they can merge information derived from technology (sigint) with human information (humint). This consolidation can help security organization achieve both savings and efficiency with one action.
Particularly in these adverse economic times, CSOs need to make tough decisions about where and how to deploy scarce resources for maximum benefit. They can strengthen their predictive capabilities and make better decisions when they can clearly understand and prioritize risks, and strategically deploy resources to manage and mitigate potential threats. Here is where tried and true methodology used by professional intelligence organizations can help. The intelligence cycle is a risk management process which can light the road ahead.
About the author:
Chris Swecker has 30 years of experience in law enforcement, national security, legal, and corporate security/ risk management positions. Swecker served 24 years with the Federal Bureau of Investigation (FBI) before retiring as Assistant Director of the FBI’s Criminal Investigative Division. From 01/2006 to 7/2006 he was Acting Executive Assistant Director responsible for eight FBI divisions including Cyber, Criminal, International Operations, Training, Crisis Management, Operational Technology, Criminal Justice Information and the Law Enforcement Liaison office encompassing more than half of the FBI’s total resources.
As Corporate Security Director for Bank of America from July 2006 to January 2009 Chris Swecker led investigations; physical security; international security, employment screening and executive protection. He provided strategic direction and overall management for over 600 proprietary associates and over 3800 contract security guards with an overall budget of over $250 million. He executed a comprehensive transformation of all aspects of the security organization, emphasizing the use of advanced analytical software, security technology and fusion of open source, government and internal information to drive strategies to prevent fraud, privacy and security events. Swecker created an advanced Security Operations Analysis and Command Center (SOAC) to support security operations worldwide. The SOAC monitored and managed the largest alarm, access control and digital video surveillance system in the financial sector with responsibility for 6100 bank branches, 18,000 ATMs and 450 administrative facilities. Swecker spearheaded the bank’s efforts to integrate people, processes and technology across 12 different bank components related to fraud detection and investigations, Anti Money Laundering and data security. During his tenure fraud losses were reduced by over $50 million and armed bank robberies were reduced by over 26%.
From 1999 to 2005 Swecker served as Special Agent in Charge of North Carolina Operations where he presided over two of the most significant terrorism cases in the country, one involving the capture of the Atlanta Olympic bomber and another that dismantled a Hezbollah terrorist financing cell utilizing the RICO statute for the first time in a terrorism prosecution. Swecker has testified before Congressional Committees on topics such as identity theft, crimes against children, mortgage fraud, human trafficking, financial crimes, information privacy and data compromise, crimes on the internet, drug trafficking on the southwest border and gangs. He has also appeared as a guest on such media programs as 60 Minutes, Oprah Winfrey, Good Morning America, CSPAN Washington Journal and North Carolina People. He received the prestigious Presidential Rank Award in 2003 for his service in Iraq and as Special Agent in Charge of the NC Office. Swecker is a graduate of Appalachian State University and received his Juris Doctor from Wake Forest School of Law. He is a member of both the North Carolina and Virginia State Bars.
Post to Twitter
