• Proactive vs. Reactive Security

    Performing a risk assessment ensures a proactive approach to crime and loss prevention
    Feb. 17, 2010
    4 min read
    1652195221438 B 0310 Sb Safety

    How well does your business manage its security risks? Many businesses will, at some point, consider security processes to protect assets, people, property (tangible and intangible), and information. Will you be proactive and prepared before something happens, or will you simply react to the situation after something occurs?

    Prevention vs. Reaction
    There’s a difference between crime prevention and crime reaction, though many take the reactive approach and don’t consider purchasing an alarm system, for example, until after they’ve been burglarized or property has been stolen.

    We need to change the way we think. To be effective, crime prevention and security (both policy and procedure) must be a part of the business operation and accepted by everyone in the company. Security policies are objectives, and they list the responsibilities and expectations for personnel. Security procedures are detailed instructions outlining how personnel will carry out the objectives. To meet the changing needs of an organization, security procedures change more often than security policies. For instance, the security policy may state that a particular area is restricted; only authorized personnel are allowed. A security officer is placed at the entrance, visually identifies those who can enter, and allows them access. At some point, this system may become automated; each employee wanting access must place his/her hand or finger on a biometric reader, and physiological characteristics determine admittance. Video surveillance may also monitor the area for an attempted unauthorized entry. In this situation, the policy remains the same, but the procedure changed.

    Changing procedure to meet new needs is an excellent way to be proactive, but the security process shouldn’t be so cumbersome that it impedes business operations – instead, it should operate in conjunction with workflow.

    Three-Part Security
    There are three parts to achieving the desired level of security (the goal of this three-step approach is to reduce the likelihood that a loss will occur and, if a loss does occur, to minimize it):

      1. A vulnerability assessment, which is completed by a security professional to identify the deficiencies and excesses in the security process. In essence, the security professional will consider the probability that an incident will occur and make recommendations to address vulnerabilities and "harden the target."

      2. A cost/benefit analysis, which will determine if the recommendations are affordable, feasible, and practical. At this point, countermeasures are put into place to reduce or eliminate the deficiencies identified in the vulnerability assessment. These countermeasures may consist of hardware (fencing and locks), software (electronic access control), and people (security officers or employees) who will take on the role of guardian of the company’s assets.

      3. A test of the system, which ensures that everything is working properly, to determine if changes need to be made to achieve the desired level of security.

    The key to an effective security process is having the appropriate mix of physical security, electronic security, and personnel to meet security goals. It’s important that there are "layers" in your security process so the weaknesses are outweighed by the strengths of another component. You may have security policies and procedures in place, a fence around your property, security officers on patrol, exterior lighting, steel doors, high-quality mechanical locks, an intrusion detection system, and video surveillance – but at what point in the process will an intruder be detected?

    A professional security risk assessment determines the best way to "harden your targets" and integrate all components of the security process so you have the appropriate level of security.

    Marianna Perry is director for the National Crime Prevention Institute (NCPI) at the University of Louisville in Louisville, KY. She can be reached at [email protected].

    .

    Voice your opinion!

    To join the conversation, and become an exclusive member of Buildings, create an account today!

    Sponsored Recommendations

    Sign up for our Newsletter
    Get the latest news and updates.

    Latest from Smart Buildings

    ID 114090134 © F11photo | Dreamstime.com
    Proptech is changing the way we buy, sell, manage, and experience commercial buildings.
    The market for proptech has expanded rapidly since its debut in the 2000s. Here’s how property professionals can update their building management practices with the help of sophisticate...
    May 16, 2025
    Courtesy of Dzmitry Auramchik | Dreamstime
    AI-generated image of office tower with digital sketch overlay.
    From avoiding costly HVAC failures to reducing energy waste, digital twins are driving efficiency across commercial buildings. Discover how real-time analytics and AI-powered ...
    May 13, 2025

    Sponsored