HOME . PARTNERS . CAREERS . CONTACT . Sep 9, 2010
Secure Client Log In 
203-925-6180 
< E-zine home   |   Recommend SSC Security Matters to an associate   |   Archives   |  All content © 2010
SSC Security Matters

Understanding the Human Factor
By Amit Gavish, Managing Director,
SSC Corporate Intelligence & Investigation

The “human factor” often gets short shrift by security professionals who regard advanced security technology as a panacea to all their problems. But it is the “human factor” – the people behind sophisticated security technology and comprehensive policies and procedures– that can lead us to great success– or to grave failures. From Rick Rescorla, World Trade Center security chief for the financial services firm Morgan Stanley, who died while leading the evacuation efforts on September 11, 2001, to others, whose personal weaknesses left their facilities with severe vulnerabilities, both these heroes and failures demonstrate the importance of the "human factor." 

While security professionals may not be paying the adequate attention to the human factor, terrorists and criminals certainly are. These malefactors in planning an attack rely on human factor vulnerabilities. Surveillance, information gathering, gaining access and avoiding suspicion are all attributed in some way to human factor weaknesses. 

Every security program, to be effective, needs to include the human factor along with physical elements, technology, policies and procedures. The ideal security program is one that combines these factors into a balanced plan where all the components work in harmony. 

A carefully crafted security plan can evaporate if not executed by capable personnel. This human factor challenges us with two questions. First, how can we help our employees to improve their job performance and ability to deter, detect and delay threats to our facility? Second, how do we determine the level of effectiveness of our security staff? 

Security Factors — To truly understand the human factor, we first need to understand factors affecting security staff. These include: 

Environment
The nature of the work environment, from the size of the workload, quality of the technology, stress levels, weather, and public opinion, all affect the ability of security employees to conduct their jobs. 
Personal Characteristics 
The type of person, whether he or she is detail-oriented, a fast learner, alert, reliable, a quick decision maker, a visual thinker, or hyper alert to the surroundings, is all critical for the understanding of the security team’s weaknesses and strengths.
Organizational Obstacles
The type of organization will also affect how people react. Areas to consider include: internal communications, reporting systems, organizational hierarchy, policies and procedures, and management style.
Cognitive Biases
How security people perceive others will influence their actions. People give preferential treatment to those they perceive as similar to themselves and search or react to information in a way that confirms their beliefs and perceptions. For example, when a security or law enforcement officer sees a person video tape a facility, he often will regard him as a tourist. Factors that may play into that belief may be that that the person doing the video taping is well-dressed and of a certain demographic. However, if the person doing the videotaping speaks a foreign language or his appearance fits some preconceived notion of what a terrorist looks like, then that may raise a red flag.

So what can be done to improve the human factor element in an integrated security program? First, we need to recognize realistic rather then theoretical performance capabilities of individuals. By following a five step process we can dramatically improve a security program’s human component:

1. Recruiting
When recruiting security staff, we need to have a set of requirements that considers our unique environment. Different jobs require different capabilities, and we need to stop thinking that all security personnel come from the same pool. Developing guidelines and standards for recruiting purposes can be extremely helpful. Are we looking for multi-task or mission-focused individuals? Do we need a person who is detail-oriented or skillful at situational awareness? How do we rate reliability, visibility, vigilance and other factors?
2. Training 
Training is the glue that keeps the security elements integrated. By training, we can make the security personnel aware of the bigger picture and the part that they are playing. Training may be the one most important factor that can make potential failures into great successes. 
3. Evaluation & Testing
Security programs, no matter how cleverly designed will not be effective unless tested and evaluated. Albert Einstein once said, “The only source of knowledge is experience.” Unless you deal with real life threats and hazards on a daily basis, your security force is unprepared for future events. Evaluation and testing of the security program should occur on a weekly basis to maintain appropriate levels of awareness and reaction.
4. Red Teaming
Red teaming is a method designed to simulate the thinking of an adversary. It prevents security countermeasures from being designed solely based on our own thought process. Many security professionals have evolved from personal and professional environments and cultures where adherence to law and rules are paramount. Consequently, it is antithetical to their way of thinking not to follow rules, putting them at a distinct disadvantage when it comes to anticipating the mind set of the criminal or terrorist. We need to stop thinking as the good guys and get into the mind set of the bad guys.
5. Re-Evaluation
Taking the above steps into account, we also need to regularly re-evaluate our security programs and determine if we need to make any changes, adaptations or other revisions. Threat environments change and adaptations are always necessary. 

Dilemma Identification — It is also helpful to security personnel to examine common dilemmas they may face. By examining possible scenarios, security personnel can pinpoint weaknesses that adversaries may try to exploit. Here are a few examples:

Common Dilemma #1
The focus dilemma- Security personnel are often asked to do many tasks outside their job description. If they are tasked to chase away skateboarders, stock vending machines, clean the floor, wash away graffiti, fix the window and account for lost strollers (all real life examples) then we really can’t be too surprised when someone unauthorized enters a facility. If security personnel are constantly focused on other activities, it is easy for them to lose track of their main task: keeping a facility safe. Unfortunately, it’s not likely that a terrorist is going to have a sign on his or her forehead that says “terrorist.” 
Common Dilemma #2 
The pregnant woman dilemma- We all hold biases. These ingroup/outgroup cognitive biases make us trust someone – or not -- based on false information. For example, many would not identify a pregnant woman as “dangerous.” Yet in June 2007, a pregnant woman and mother of four undertook a suicide mission to Israel organized by the Islamic Jihad. Only pinpoint intelligence prevented a catastrophe. We need to teach our security staff to focus on what people do and not what they look like.
Common Dilemma #3
The high turnover dilemma- Security personnel need to be professionally trained and experienced as in any other profession. High turnover rates make this task hard to fulfill. Even when outsourcing security staff, it is important to maintain consistency at all times. As part of the tendency to overlook the human factor, security officers historically have been perceived as a necessary evil and security personnel as unprofessional. This attitude has to change dramatically if security professionals are to take more pride in their jobs and organizations are to value their security employees.

Towards that end, it is essential that security officers be thought an integral part of the staff, not an afterthought, and are treated as such. Security personnel should be integrated with other departments, forging bonds that allow cross-functional security exercises to occur. The latter will help all employees understand security concerns and insure the mission of the security staff is shared throughout the organization.

With proper training and constant reevaluation, the security department can become a true company asset. By giving the “human factor” true credit, security professionals can make their employees stronger and more aware of weaknesses adversaries may try to exploit. Only in this way can we insure that we are truly protecting our companies, institutions and resources.

© 2010 SSC, Inc.

Run your business on accurate information, not guesswork.  Contact SSC for a confidential Security Consultation. Our E-zine: SSC Security Matters