SecureState Blog

Read SecureState's award winning blog.

The importance of creating a strong security governance program especially in open environments.

In open environments, such as those within Higher Education, the balance of security and a culture of accessibility becomes very difficult to master. As demonstrated in the recent incident at Case Western Reserve University, students who were studying in a common area that was open to the public during the day, were robbed at gunpoint. This raised concern for many and posed the question: How can organizations create an open culture, while maintaining a strong security governance program?

“These types of risk will only increase,” according to Tim Dimoff, President of SACS Consulting and Investigative Services. “Aggressive behavior, from verbal to physical and terrorism have changed over the past 20-30 years and we are going to be dealing with this type of behavior more now,” said Dimoff.

With the increase in threats due to more aggressive behavior, it becomes vitally important for organizations to be more proactive rather than reactive when trying to create a secure culture.  With a strong physical security governance program, organizations can ensure that deterrents and response capabilities are in place to reduce risks and prevent similar future acts..


When it comes to implementing deterrents, the first step is to conduct an assessment.  This evaluation should not only flag vulnerabilities within access control systems and gaps in personnel training, but also provide a true understanding of risk by identifying threats that could impact the target facility or organization. According to Dimoff, most organizations have neglected this process.

Within an environment of accessibility, whether higher education or organizations that believe in transparency, strong, visible deterrents can create a secure environment. This can be the difference when it comes to stopping kinetic violence in the workplace.  Some of the most effective deterrent actions organizations can undertake include:

- Install cameras that are visible and show the live footage being recorded

- Post signage noting that the area is under 24-hour surveillance

- Maintain a visible guard presence on site

- Implement professional, roving security forces

- Install or upgrade bright lighting

- Decrease visibility into buildings from the outside

- Install visible panic buttons that call emergency response

If your organization has never had an assessment performed on its security governance program or it has been a significant amount of time since your last third party review, it is strongly recommended that such an assessment be performed.


It is important to understand that it is impossible to reduce risk to zero. Sometimes disasters happen, regardless of the deterrents in place.  When catastrophe strikes, it is important to have strong, well-planned response in place in order to quickly and effectively halt an incident in progress or, at the very least, minimize the damages. Examples of response capabilities that can be employed include:

- Dispatch center tied to local law enforcement

- Trained guard force with the ability and authority to intervene and detain perpetrators

- Assign and train on responsibilities

- Perform response drills to ensure all personnel understand and can swiftly execute

- Implement real-time, event based monitoring

- Identify other sources of monitoring outside of security teams (ie: public traffic cameras, business monitoring services, etc.)

- Educate the student body (or those within the organization) to know how to react to the situation and who to notify promptly.


Physical Security Governance: Bringing it All Together

Governance refers to the people, processes and technology that make up all components of physical security.  The three pillars must work in concert to reduce risk across the organization.

holistic view of physical security program

People: Refers to the individuals which make up your security force.  This includes making sure you have the right personnel in the right places with the right skill sets alongside proper management providing appropriate oversight. Everyone needs to have a thorough understanding of their individual roles and responsibilities. In today’s world, this extends beyond guard forces and law enforcement to witnesses and civilians.

Processes: Refers to the practices and policies within an organization that can have a direct impact on security.  This includes Human Resources, Emergency Management and Response Processes, Risk and Vulnerability Management, and other Written Procedures.  These processes need to be reviewed, tested and updated accordingly to put people in the position to be proactive while leveraging technology in an appropriate manner.

Technology: Refers to the electronic means by which organization monitors and protects against potential threats. These areas include access control systems, system administration, video surveillance, emergency call boxes, and Physical Security Information Management. Leveraging technology will allow for faster identification of suspicious behavior and allow for quick response while also serving as a deterrent in the case of visible security controls.

Once in motion, a properly implemented security governance program will ensure that deterrents are implemented and monitored appropriately and response occurs quickly and effectively. The visibility of the governance program and procedures could very easily become deterrent themselves, ensuring a secure environment while maintaining a culture of accessibility.