Aristotle had it right. Whether it is philosophy or security, every system of performance is made up of smaller parts. In this sensor driven world, devices provide data. People or other systems perform a task leveraging that data and produce an output or outcome.
In a complex process, all of those tasks need to be coordinated; they need to ultimately work together towards a common goal or what is often called in our industry: a common operating picture where the whole becomes greater than the sum of its parts.
When it comes to purchasing technology, how often do we leverage a framework for assessing the risks and threats to develop innovative new approaches to manage our people performing roles in a process using technology?
Does interoperability of systems drive the interoperability of silos of performance we have in our organization today; in both business and security?
Can we find a way to create a scorecard and measure the whole vs. the individual parts? Can we then take that and drive interoperability as a strategy and as a value multiplier?
The quantification could include the time-to-value for given tasks (the mean time for actionable response), lowered costs for managing and translating slioed activities, and a adaptible systems approach to continually respond to dynamically changing threats and technology. This is not new. It is just new to security.
Here is one example from our conversations the other day. If the mean average response time of a on premise guard to the scene of an incident is 12 minutes. And the average incident is 2-5 minutes long, we have a potential performance problem. Our ideal response is real time. Working from that premise, if we have the ability to use video, anomolous behavior or analytics engines, and audio to identify an incident before or as it unfolds, then we have the opportunity to interrupt the psychology and behavior of the perpetrator.
The real direct costs of the incident could include one or more of the following:
Damage to the campus or building
Injury to campus or building occupants
Cost of the response
Cost of disrupting operations
Brand dilution of the organization
In this scenario, the organization might have had forensic video, but it could not impact the average mean time of the response, and therefore did not add value to the equation. If they had video in addition to a Security Operations Center, it is still questionable they could proactively stop or mitigate the incident. If they had guards reacting to the SOC, it still does not impact the final result. With analytics you have understanding without the real time response. With audio, video, and analytics or anomolous recognition engines, you could see and speak into the incident. And by using the OODA principle, possibly buy time for first responders or guards to engage and/or disrupt the incident.
Quantify and monetize the mean average cost of an incident that does not have a common operating picture and the ability to respond in real time.
And then leverage the power of the sum of the parts.