Home
 / 
News
 / 
Q&A Primer on “Security Decay” — A Significant Contributor to Security Risk

Latest News & Updates

Featured
November 21, 2024
 / 
Articles
 / 
Public Spaces
Does Private Security Do Public Good? A Look at What Science Says
November 13, 2024
 / 
Updates
 / 
Regulation
Ligue Works for Unity, Coordination at the Organizational Level to Enhance Impact
November 11, 2024
 / 
Updates
 / 
Staffing
‘Meaningful and Dynamic’ — “Why Security?” Contest Winners Announced
October 8, 2024
 / 
Briefs
 / 
Cash
What the European Central Bank Just Learned When It Surveyed Companies About Cash
October 4, 2024
 / 
Articles
 / 
ROI
When Security Integrates People with Technology, Unexpected Benefits Can Be Expected
September 12, 2024
 / 
Case Study
 / 
Contracting
Maintaining Control in Global Security Operations and Contracts
Enhanced Good Practice
Backgrounder
Case Study
Updates
Briefs
Articles
October 25, 2024
 / 
Backgrounder
 / 
Mgmt Strategy

What is “security decay”?

Security management is operated within a system and every system is prone to entropic decay, a process characterized by disintegration, running down, and becoming disordered.

What are its ramifications?

Security system decay is complicated, but the consequence is straightforward: a subtle degradation in security systems, which occurs naturally and inevitably, resulting in systems performing below the level of risk control for which they put in place. Security decay is a significant contributor to security risk, and it can occur in all aspects of security, from management, technology, to physical engineering. The effects of decay are directly proportional to the loss of risk management.

But isn’t it obvious when things are “running down”?

Until a negative incident occurs, it is tempting for a business to assume their protective shield is as strong as ever. They may even fondly regard to their security system as “mature.” But the fact is that a protective setup, when put on autopilot, doesn’t perform the same one month to the next. It’s actually in a state of decay. Decay typically originates at the component level (a singular problem with a device, for example), manifests, and then expands.

Ensure security operations are moving forward rather than falling apart by recognizing that security is not a project to complete but a process that requires ongoing investment.

How should businesses think about ‘security decay’?

Companies need to think about security systems management as akin to pushing a child on a swing, researchers suggest. To get started, you need to push hard, with significant effort. Then, once the child is in motion, you don’t need to exert nearly the same effort to keep the child swinging. However, if you stop pushing altogether, the swinging motion decays, and the child will stop. Security systems are no different. To identify, design, and implement an asset protection strategy takes significant resources (energy), but to keep the security strategy operating effectively requires only minimal resources. However, if unaddressed altogether, the system decays.

What should businesses do to prevent it?

A security posture that doesn’t degrade over time needs to build its approach to security around:

• Review and input from external security partners and experts to ensure security operations are moving forward rather than falling apart.

• Expanded use of security metrics, especially use of “upstream” performance measures and the ability to measure the effectiveness of security components both individually and as relationships.

• Communication across functional management boundaries.

• A common lexicon and understanding among stakeholders.

• Awareness of system design among senior management.

• Scalable security solutions so security levels can be adjusted to the dynamic threat environment.

• Reliability, maintainability, and the ability to be upgraded.

• Flexibility and resilience.

• Effective resource allocation.

ROI
Cyber
Regulation
Critical Infrastructure
Threat Analysis
Crime Prevention
Supply Chain
Market Insghts
Staffing
Mgmt Strategy
PPP
Public Spaces
Contracting
Cash