The Effective Management of Security Incidents: is security maximising its potential?
There has been a growth of different mechanisms around the world for the initial notification and management of security incidents, but there has been relatively little discussion about the pros and cons of the best ways of doing so effectively. Arguably this is the crucial stage of security response, ineffectiveness here can be severely detrimental as to how well security (technology and personnel) can respond. This webinar will discuss:
- The different approaches to initial incident management (such as Alarm Receiving Centres/Monitoring Centres/Intelligence hubs)
- The benefits and drawbacks of different approaches
- The potential futures of incident management
Chair: Professor Martin Gill
Paul Miller notes that formal approaches to incident management in the form of a central operations hub date back to 1877. Alarm Receiving Centres as they are called in the UK have an important role to play, citing research Paul reports that the quicker the response the more likely a detection; competent incident management matters. He explains a new system he is spearheading in the UK, ECHO, which provides automated links and cuts back on the time incurred in responding when humans are involved. Future development will see alarm management being extended to lone working devices and such like. Technology is progressing requiring skilled technical operators and support staff, indeed, humans are central, and they need a range of skills, and be prepared to work unsociable hours. Their training is key and this is a largely neglected area.
Suzette Po-Williams has worked in this area in Australia for over three decades, and notes that the primary role is alarm detection, and it is pretty basic, (SMS or email notification can and is being utilised, for alarm notification but believes automatic notification should be used with caution). In saying that the future holds exciting technology with the introduction of VMS and AI all promise to lead monitoring centres from where we are into the future of Alarm Monitoring. Alarm notification from monitoring centres into Police, there are various CAD systems utilised by the policing rooms, and currently it’s not possible Suzette does believe digitalisation is leading to complacency and points out some of the problems, in any event, human interaction should always be a part of the incident management chain. In a different way you will hear Suzette discuss the infrastructure needed to support the technology that is in place; there has been a transformation from having an IT manager, to having an IT department including those who support hardware, software, telecommunications, workstations and the licences needed for them, all resulting in a massive increase in costs.
Sam Kumar starts by highlighting some of the skills required for effective incident management noting, for example: leadership, teamwork, tools, training, communications, leadership, and ‘luck’. He reminds us that incidents are complex and diverse, they happen close and afar, they involve individuals, groups, and States, they are humanmade and environmental, and so effective management is complicated and yet at the same time becoming a priority. It is aided by improvements in science which is facilitating better predictions and forecasting of events and better intelligence to inform decision-making, but it requires talented people, able to work in stressful situations aware that excitement comes in short spells. This is why leadership is important: to harness abilities, to motivate individuals, to provide for a positive culture, to justify and manage costs. The latter is important because there are many commercial platforms available; buyers need to ne discerning.
This panel make clear that incident management is not straightforward, requiring many skillsets and the engagement of different stakeholders who don’t always prioritise collaboration. In some countries there is dedicated training but not everywhere. Digitalisation and technical developments are creating opportunities but they are not an unqualified good. New talent is needed, it is not always exciting work but it is always important. Sam reminds us we need to glamorise security work and this is true for incident management too.
Professor Martin Gill
10th November 2022
 Suzette sent some notes which included the following balancing of the benefits of automation versus human interaction:
Human to human interaction – gives greater Peace of Mind, people are more secure in the knowledge that not just a person but a train security professional, is available to speak to, in time that can be very stressful and uncertain.
Human to human interaction is Labour intensive, security alarm monitoring operators are trained professionals, and the most common challenges for monitoring centres is talent, skills shortages, and budget constraints. It’s expensive to resource multiple teams needed 24/7.