How and how much are two key questions that need to be included when presenting organizations with solutions for security programs.
Five basic interrogators—Who, What, When, Where, and Why—are the basis for information gathering and problem solving. They constitute a formula often used by journalists and police officers to get the complete story from a subject or the overall picture of what transpired. These people are trying to learn information like:
- Who was involved?
- What happened?
- When did it take place?
- Where did it take place?
- Why did it happen?
During a journalism class back in the day, everyone would recite the 5 Ws and then say “and sometimes “how.” Why only sometimes “how” is because “how” can “sometimes” be covered by “what,” “when” and “where.”
The 5 Ws are also useful as a model in understanding an organization’s security needs. For security applications, however, the “how” is not “and sometimes how,” it is a definite “How.” You also have to add, “How Much.”
Ensuring the highest level of security, each question should have factual answers. All of these facts are necessary to include in a comprehensive report:
Who is your client? Who are you protecting: i.e., client and employees, customers, vendors, contractors, visitors? To find the Who (and the rest of the Ws and Hs), it means having to survey the environment to determine the level of protection present and what types of intrusion, video, access, fire, or communications systems are required for the comprehensive security of all parties involved. Identifying specific areas within a facility can also help answer “who” questions, including who is allowed to enter the building; who can have access to the lab or other restricted areas within facilities; or who needs to be monitored or under surveillance?
What entails What kinds of problems exist? What is the strategy encompassing the measures being recommended as solutions? What applications are necessary? What assets are you protecting? What type of identity and access should be assigned to different individuals? What unusual or difficult circumstances are present?
When determines the times and periods of security coverage needed. Is there in-house guard staff? When can a building be accessed? Is 24/7 surveillance monitoring required? When will systems arm and disarm? How long is a visitor, outside contractor, or vendor credential valid?
Where indicates the placement of security devices, systems, and staff. It answers questions like Where is data being stored? Where are alerts sent? or Where will security operators monitor video? Physically, it indicates where people are allowed to enter a building, where an attempted security breach could happen, and it pinpoints where an incident is occurring.
Why substantiates your recommendations by supporting why certain recommendations are being made. Why can also answer why specific individuals require certain credentials and privileges.
How explains how you developed the plan and recommendations. How also presents a comprehensive timeline detailing how the project will be implemented efficiently to be the least disruptive. In addition, how can explain how solutions will benefit different departments like marketing, operations, sales, management, administration, and other staff.
7. How Much
If you ever want to see your recommendations implemented, you need to outline how much they will cost.