I think the adage “If no order, chaos” is truly applicable
in the security world – not necessarily to the security function per se, but to
the overall concept of security, loss prevention and asset protection within
business organizations.
I am old enough to remember the days when order and
discipline was the rule of thumb in the business world: Executives set goals and broad strategies;
management made policies and rules to support and implement the strategies; and
employees were expected – nay, REQUIRED – to follow and implement the rules and
procedures and policies. Each of those
three tiers had its inherent authority, responsibility and accountability. If a particular person in a particular tier
did not properly exercise his role, he would be disciplined – formal discipline
on his record, or demotion, or termination.
Everybody clearly understood his particular defined role in the
organization, its concomitant responsibilities, and the penalties for
failure. Supervisors and managers were
responsible for assuring compliance – they actually supervised and
managed. This was the very concept and
essence of ORDER.
In those days, there was far less opportunity for internal
security problems within a business organization because there was a defined
system of checks and balances, and there were people in place to assure that
the system functioned properly and successfully. The thought and belief was “Even if Big Brother (i.e., Security)
was not watching, my boss was.” I had
to perform and behave, or I’d be gone.
Today, that scenario does not exist. Everybody does everything, so nothing really
gets done thoroughly or correctly (another true adage: “When everyone is responsible, no one is
responsible”). Executives don’t have
time to formulate sound goals and strategies because they’re too busy and
worried about what is now the end-all and be-all of business: next week’s
profits. So management muddles along,
trying to support the executives’ “goal” of next week’s profits. And the employees do whatever their job-of-the-day
happens to be. EVERYONE gets
frustrated. There is NO sound
management or supervision. So there is
lots of time and opportunity to devise devious schemes for “getting my fair
share” and doing things in the easiest, simplest way possible, which results in
errors and mistakes and an I-don’t-care attitude. This is the very concept and essence of CHAOS.
Some organizations still focus primarily on “old” security
ideas like preventing, mitigating and managing external problems. But that is because there was a time when
focusing on external problems (like theft, trespassing, vandalism, bad checks
and credit cards, etc.) was pretty much the sole extent and focus of the
security function because there just weren’t that many other issues for
Security to be concerned about, because when there was ORDER the internal
systems worked and resulted in efficiency, correctness…and low levels of loss.
But now in the land of CHAOS there are many more things to
be concerned about in terms of protecting an organization, many (most?) of
which are internal, because Security has been charged with cleaning up the mess
created by the broken systems that were broken by someone else. And in order to fix this pervasive problem,
we have to first repair the broken windows before we can make sure that they
don’t get broken again.
Oh for the simple life of the past……
Posts
