Security Learning Cultures
In the West today, most change occurs in organizations through fear or desperation. Here are real problems with this. First, it means that change is inevitably episodic. When things are bad, you can get some change. As soon as the perception of imminent doom fades, so does the engine of change. Second, the more obvious human problem is that a lot of people in companies today are in a state of continual crises. Many organizations operate this way. It’s tough. It’s pretty stressful. It’s not the way most of us would choose to live our lives.
Peter Senge, MIT
Globe and Mail, December, 1992
Peter Senge, MIT
Globe and Mail, December, 1992
Overview
Effective security for critical infrastructure is complex, and no-more-so today as stress continues to rise in the workplace and in private life. Stress depletes the ability to focus and the emotional resilience for warding off temptations. Some conditions in dysfunction working environments trigger aggression in some form of retaliation. In the most extreme causes such as active shooters, it can lead to the planning of , and execution of revenge.
For several years the hot topic in the media and government was acts of terror. This buzz has since quietened; and with it, human centered vigilance (i.e. 'eyes on the street'). Lately the media focus has shifted to cyber security. These layers of threats pile on top of age-old security problems that include: occupational fraud, theft, corruption and other environmentally induced behaviors such as workplace sabotage.
With dynamic systems, a change to one part of a security strategy is likely to affect other parts. Linearly installing video surveillance to control internal petty thefts is also sending a message to all employees that they cannot be rusted. Thus, it is important to apply complex systems thinking to security problems; exploring the relationships between all parts of critical infrastructure before making security decisions.
For several years the hot topic in the media and government was acts of terror. This buzz has since quietened; and with it, human centered vigilance (i.e. 'eyes on the street'). Lately the media focus has shifted to cyber security. These layers of threats pile on top of age-old security problems that include: occupational fraud, theft, corruption and other environmentally induced behaviors such as workplace sabotage.
With dynamic systems, a change to one part of a security strategy is likely to affect other parts. Linearly installing video surveillance to control internal petty thefts is also sending a message to all employees that they cannot be rusted. Thus, it is important to apply complex systems thinking to security problems; exploring the relationships between all parts of critical infrastructure before making security decisions.
Designing Security Future States
the ATRiM Group 2.5 day Search Conference begins with selecting up to 30 employees across all levels of your organization to learn about turbulent and uncertain global security environments. Facilitators introduce the world of nonlinearity to human centered security thinking.
The participants then evaluate the present state of their security for inherited myths from the linearity of classical physics and economics. They are introduced to new science and methodologies for designing a more effective and desirable security future state that includes planning-in-action to generate security learning cultures.
Finally they develop a Phase 1 action plan to take their insights back to their organization. From participating in the conferenece in close quarters completely away from the office, they have generated personal relationships to sustain inertia. Those who did not participate in the search conference have no emotional connection to the work and insights of the conference attendees. This passion and energy has to be transferred. A strategic post conference internal communications plan is central to organization wide, sustainable bottom-up driven, small scale engagement.
The participants then evaluate the present state of their security for inherited myths from the linearity of classical physics and economics. They are introduced to new science and methodologies for designing a more effective and desirable security future state that includes planning-in-action to generate security learning cultures.
Finally they develop a Phase 1 action plan to take their insights back to their organization. From participating in the conferenece in close quarters completely away from the office, they have generated personal relationships to sustain inertia. Those who did not participate in the search conference have no emotional connection to the work and insights of the conference attendees. This passion and energy has to be transferred. A strategic post conference internal communications plan is central to organization wide, sustainable bottom-up driven, small scale engagement.
Planning-in-Action
"The conventional approach to planning, with its rigid time frames, its breakdown of planning tasks into sectors and regions, and its centralized and technocratic perspective on plan formulation and implementation is most unlikely to be effective in an increasingly turbulent environment."
Francisco Sagisti, Chief of Economic Planning, World Bank
Francisco Sagisti, Chief of Economic Planning, World Bank
ATRiM Group Action-Planning is a strategic prevention science methodology for helping your insiders tackle security problems with knowledge and confidence. Participants are mindful of critical infrastructure as complex systems with many inter-related parts. Our facilitators provide timely "to-the-need" information from experience and science to help your insiders solve problems they have identified. As adult educators, we strive to create those "aha" moment of self-discovery that stick, while problem-solving team members are in the middle of struggle to find future-state solutions to security challenges.
Planning-in-Action has a number of specific advantages:
- It provides an opportunity for reflection.
- It brings people together generating sustainable cross-silo relationships.
- It clarifies objectives within the framework of the designed security future state
- It builds consensus.
- It creates post conference engagement, ownership and accountability.