Among security managers, the first association with the term
” Enemy “ would be ” terrorist “.
A figure of nameless and
faceless attacker. An outside enemy.
Among security managers, the first association with
the term ” Enemy “ would be ” terrorist “.
A figure of nameless and faceless attacker. An outside enemy.
Among security managers, the first association with
the term ” Enemy “ would be ” terrorist “.
A figure of nameless and faceless attacker. An outside enemy.
Most secure bodies, probably the ones among them, signal the enemy from the outside and formulate a security plan that provides protection against the plethora
of threats derived from it.
A basic rule is to ‘face out’ in an attempt
to locate the suspect or exception,
and the lines of defense function accordingly – a scouting watch guard, a viewer focal point, physical shielding, controlled entry procedure, etc.
The enemy is out and should be left there.
Most secure bodies, probably the ones among them, signal the
enemy from the outside and formulate a security plan that
provides protection against the plethora of threats derived
from it. A basic rule is to ‘face out’ in an attempt to locate the
suspect or exception, and the lines of defense function
accordingly – a scouting watch guard, a viewer focal point,
physical shielding, controlled entry procedure, etc. The enemy
is out and should be left there.
On the other hand, there is also a potential enemy that receives less attention, in the range between minimal and zero – the enemy from within. Dealing with a potential enemy from the inside is harder, mentally and even emotionally. He has a name, a face, and even a personal connection. It is difficult to attribute a risk potential to a person they meet every day, go out with him for a casual cigarette, invite to
a daughter’s wedding.
On the other hand, there is also a potential enemy that
receives less attention, in the range between minimal and
zero – the enemy from within. Dealing with a potential
enemy from the inside is harder, mentally and even
emotionally. He has a name, a face, and even a personal
connection. It is difficult to attribute a risk potential to a person
they meet every day, go out with him for a casual
cigarette, invite to a daughter’s wedding.
On the other hand, there is also a potential enemy that
receives less attention, in the range between minimal and
zero – the enemy from within. Dealing with a potential
enemy from the inside is harder, mentally and even
emotionally. He has a name, a face, and even a personal
connection. It is difficult to attribute a risk potential to a person
they meet every day, go out with him for a casual
cigarette, invite to a daughter’s wedding.
True, there are secure entities where the first attribution threat in the list draws the spotlight on the potential enemy from within and resources are allocated accordingly, but also with different risk management and priorities (financial, technological, etc.). From a holistic view of the security field, it is clear that this angle is neglected in relation to the potential damage.
True, there are secure entities where the first
attribution threat in the list draws the spotlight
on the potential enemy from within and resources
are allocated accordingly, but also with different
risk management and priorities
(financial, technological, etc.). From a holistic
view of the security field, it is clear that this angle is
neglected in relation to the potential damage.
True, there are secure entities where the first attribution
threat in the list draws the spotlight on the potential
enemy from within and resources are allocated
accordingly, but also with different risk management and
priorities (financial, technological, etc.). From a holistic
view of the security field, it is clear that this angle is
neglected in relation to the potential damage.
The Global Association for Fraud Investigators (ACFE) has released data stating that organizations that they suffer from internal fraud are around five percent of total profits each year.
This data should be refined to reflect only stated and recognized damages. The true figure is probably even higher. In some organizations or circumstances, such damage is an existential threat. In many cases, the fraud is discovered only too late, leaving the organization to bleed during its dying days.
The Global Association for Fraud Investigators (ACFE) has
released data stating that organizations that they suffer from
internal fraud are around five percent of total profits each year.
This data should be refined to reflect only stated and recognized
damages. The true figure is probably even higher. In some
organizations or circumstances, such damage is an existential
threat. In many cases, the fraud is discovered only too late,
leaving the organization to bleed during its dying days.
Besides the direct economic damage, in many cases, image damage is also accompanied. Try to imagine a case where a night watchman in an office building enters one of them during the tour and rummages in drawers, even without taking anything from them.
Try to imagine a case where a logistics center stacker takes home one item daily, for years. Try to imagine a case where a developer in a development company sells one customer code to a competitor.
Besides the direct economic damage,
in many cases, image damage is also accompanied.
Try to imagine a case where a night watchman in
an office building enters one of them during the
tour and rummages in drawers, even without taking anything
from them. Try to imagine a case where a logistics center stacker
takes home one item daily, for years. Try to imagine a case where
a developer in a development company sells one customer code
to a competitor.
Besides the direct economic damage, in many cases, image
damage is also accompanied. Try to imagine a case where a night
watchman in an office building enters one of them during the
tour and rummages in drawers, even without taking anything
from them. Try to imagine a case where a logistics center stacker
takes home one item daily, for years. Try to imagine a case where
a developer in a development company sells one customer code
to a competitor.
The basic trust between the parties (also the third party) was violated and broken, and it is unlikely to be repairable. An organization that is capable of absorbing economic damage will also find it difficult to repair image damage.
The basic trust between the parties (also the third party) was
violated and broken, and it is unlikely to be repairable.
An organization that is capable of absorbing economic
damage will also find it difficult to repair image damage.
Given the potential for damage, the security plan should also treat the enemy from within. It is the responsibility of the Security Director to recognize this threat as well and to provide protection against it.
Given the potential for damage, the security plan should also
treat the enemy from within. It is the responsibility of the
Security Director to recognize this threat as well and to
provide protection against it.
The options are many as the people associated with the organization and hold sufficient levels of access and trust employees and even providers. The risk potential is relevant and variable for each and every given day.
The options are many as the people associated with the
organization and hold sufficient levels of access and trust –
employees and even providers. The risk potential is relevant
and variable for each and every given day.
Subsequently, the process of integrity testing and controls is required to begin the initial relationship between the organization and the person. From the interview phase, through continuous escort throughout the period, especially entering new positions or receiving new privileges, into its final day.
Subsequently, the process of integrity testing and
controls is required to begin the initial relationship
between the organization and the person. From the
interview phase, through continuous escort
throughout the period, especially entering new
positions or receiving new privileges, into its final day.
The Security Director, or the organization’s internal fraud investigator, is required to examine the “triangle” (by Donald Crissy) – three characteristics that increase the risk of internal threat:
The Security Director, or the organization’s internal
fraud investigator, is required to examine
the “triangle” (by Donald Crissy) –
three characteristics that increase
the risk of internal threat:
The Security Director, or the organization’s internal fraud investigator,
is required to examine the “triangle” (by Donald Crissy) –
three characteristics that increase the risk of internal threat:
The Security Director, or the organization’s internal fraud investigator, is required
to examine the “triangle” (by Donald Crissy) – three characteristics that increase
the risk of internal threat:
Internal justification of the fraud act, such as “I deserve a higher salary” or “I steal from the company that steals from its customers” and so on.
Internal justification of the fraud
act, such as “I deserve a higher
salary” or “I steal from the
company that steals from its
customers” and so on.
Access and trust that provide roles, privileges and even seniority or personal relationships. Internal organizational changes that precede the initiation of procedures and controls and thus create loopholes.
Access and trust that provide roles, privileges and even seniority or personal relationships. Internal
organizational changes that precede the initiation of procedures and controls and thus create loopholes.
Access and trust that provide roles,
privileges and even seniority or
personal relationships. Internal
organizational changes that precede
the initiation of procedures and
controls and thus create loopholes.
Various causes such as financial distress, fear of losing a job or loss of reputation, victims of extortion, etc.
Various causes such as financial
distress, fear of losing a job or
loss of reputation, victims of
extortion, etc.
Internal justification of the fraud act, such as “I deserve a higher salary” or “I steal from the company that steals from its customers” and so on.
Internal justification of the fraud
act, such as “I deserve a higher
salary” or “I steal from the
company that steals from its
customers” and so on.
Access and trust that provide roles, privileges and even seniority or personal relationships. Internal organizational changes that precede the initiation of procedures and controls and thus create loopholes.
Access and trust that provide roles,
privileges and even seniority or personal relationships. Internal
organizational changes that precede the initiation of procedures and controls and thus create loopholes.
Access and trust that provide roles, privileges and even seniority or personal relationships. Internal
organizational changes that precede the initiation of procedures and controls and thus create loopholes.
Access and trust that provide roles,
privileges and even seniority or
personal relationships. Internal
organizational changes that precede
the initiation of procedures and
controls and thus create loopholes.
Various causes such as financial distress,
fear of losing a job or loss of reputation,
victims of extortion, etc.
Various causes such as financial
distress, fear of losing a job or
loss of reputation, victims of
extortion, etc.
Proper construction of the recruitment and promotion process (interviews, web tests, recommendation calls, questionnaires, reliability checks, polygraph tests, etc.), alongside implementation of procedures and controls, will be protection in this aspect. Opportunity will be minimized. On the other hand, the other characteristics require high alertness and attentiveness. Signs of one or more of the features of the fraud triangle require immediate response in an attempt to verify or stir the suspicion.
Proper construction of the recruitment and promotion process (interviews, web tests, recommendation calls, questionnaires, reliability checks, polygraph tests, etc.), alongside implementation of procedures and controls, will be protection in this aspect. Opportunity will be minimized. On the other hand, the other characteristics require high alertness and attentiveness. Signs of one or more of the features of the fraud triangle require immediate response in an attempt to verify or stir the suspicion.
Proper construction of the recruitment and promotion process
(interviews, web tests, recommendation calls, questionnaires, reliability
checks, polygraph tests, etc.), alongside implementation of procedures
and controls, will be protection in this aspect. Opportunity will be
minimized. On the other hand, the other characteristics require high
alertness and attentiveness. Signs of one or more of the features of
the fraud triangle require immediate response in an attempt to verify
or stir the suspicion.
At this point, Assage and Emphasis – the vast majority of people are normative and innocent, but like searching for suspicious signs among a particular audience, the goal is to find the one with the risk of the rest. Integrity tests and controls should be part of organizational culture, as opposed to a one-point process that suspects and stains one person. Like checking files at the mall entrance – policies and standards must be formalized, and then people will accept them with understanding and agreement, without concern that they have been personally suspected. The process of integrity testing and controls must prove transparent, fair and respectful.
At this point, Assage and Emphasis – the vast majority of people are
normative and innocent, but like searching for suspicious signs among
a particular audience, the goal is to find the one with the risk of the
rest. Integrity tests and controls should be part of organizational
culture, as opposed to a one-point process that suspects and stains
one person. Like checking files at the mall entrance – policies and
standards must be formalized, and then people will accept them with
understanding and agreement, without concern that they have been
personally suspected. The process of integrity testing and controls
must prove transparent, fair and respectful.
In summary, the responsibility of the security manager is stretched, nowadays where technology opens new holes frequently, even for protection from inside enemies, from home. This is a deviation from the classic boundaries of traditional physical security, but the role of security manager in organizations is gaining more and more volume, and that should be welcomed.
In summary, the responsibility of the security manager is
stretched, nowadays where technology opens new holes
frequently, even for protection from inside enemies, from
home. This is a deviation from the classic boundaries of
traditional physical security, but the role of security manager
in organizations is gaining more and more volume, and that
should be welcomed.
We use cookies to improve performance and secure the site. By continuing to browse, you agree to our cookie policy. Use of this website is subject to our Terms of Use and Privacy Policy.
