M.ISRM, CAPPS

Successful security management requires fine judgement and thoughtful balance between security and freedom. The Security Triangle is a framework that aims to help organisations, regardless of industry and size, strike the right balance between Security, Freedom and Threat. 

 

Fig. 1 Security Triangle

One can think of Security and Freedom as two ends of the see-saw – when there is too much or too little of one, the other is compromised. Achieving parity between Security and Freedom ensures that threat is adequately managed and controlled. 

 

 

Scenario 1: More Security, Less Freedom

 

While the catchphrase, “the more the merrier” is suitable for most occasions, this is not necessarily the case for security. The implementation of high levels of security (e.g. having many security policies) will undeniably reduce the level of freedom. 

Fig 2. Too much Security, Too little Freedom

Too much unnecessary security policies can cause the public or stakeholders to feel uneasy or even oppressed. As such, companies should not have a ‘blanket’ security policy in place because the level of security required does differ according to premises and circumstances. What may be suitable for other projects could be too harsh for some. For example, if a company frequently admits visitors to a limited area within the company –such as the lounge–for a short period of time, there may not be a need to put visitors through lengthy security checks. Perhaps what is needed to deter negative behaviour would simply be the presence of Security Officers going around on patrols in the premise. 

For companies in the hospitality sector, it may be worthwhile to spend time fine-tuning the right balance between security and freedom. Too much security policies can be intimidating for visitors such as shoppers, which may, in turn, affect shopper rates, purchasing patterns and hurt bottom lines. 

 

Scenario 2: More Freedom, Less Security

 

While too much security is undesirable, too much freedom can put the organisation at serious risk. 

Fig 3. Too much Freedom, Too little Security

Freedom comes in many forms and it can include relaxed Standard Operating Procedures (SOP) for Security Officers or lack of corporate cybersecurity policies. Freedom which is unchecked can lead to a lackadaisical attitude towards security, safety, or even a lack of attention to sensitive security matters. For instance, employees that work in a company without a ‘playbook’ detailing the go-to approach for business security matters would not know what they can or cannot do – and this is too much free rein, too much risk and too many chances for security breaches. Moreover, organisations with too much freedom are often seen as easy targets for security attacks, both physical and online. 

Finally, once there is too much freedom, it can be difficult to implement stricter security policies because people (i.e. employees) are already used to the independence and liberty at hand.

 

 

What can be done?

 

It is noteworthy to point out that one must not misunderstand the ‘balance’ between Security and Freedom to be an equal amount of each part. According to the different types of threats faced by each company, the position of the fulcrum differs. Hence, the required proportion of Security and Freedom would change accordingly.

Before implementing any security policies or strategies, companies need to be aware of the existing, imminent and potential threats faced. Knowing the amount and types of threats would play a significant part in deciding where the fulcrum should lie. Other factors affecting the fulcrum include the budget available, existing risk management strategies, company image, values, and industry.