Security Learning Cultures
In the West, most consequential change occurs in organizations out of fear or desperation. There are real problems with this. First, it means that change is inevitably episodic. When things are bad, you can get some change. As soon as the perception of imminent doom fades, so does the engine of change. Second, the more obvious human problem is that a lot of people in companies today are in a state of continual crises. Many organizations operate this way. It’s tough. It’s pretty stressful. It’s not the way most of us would choose to live our lives.
Peter Senge, MIT
Globe and Mail, December, 1992
Peter Senge, MIT
Globe and Mail, December, 1992
Overview
Generating effective security for critical infrastructure is the story of chaos and complexity science; and no-more-so today as stress continues to rise in the workplace and in private life. Stress depletes the ability to focus and the emotional resilience required for warding off temptations. Some conditions in socially dysfunctional working environments trigger aggression manifesting in revenge with some form of retaliation through sabotage or, in the extreme, active shooters.
For several years the hot security topic in the media and government circles has been acts of terror. This buzz has since quietened; and vigilance with it (i.e. 'eyes on the street'). Lately the media focus has shifted to cyber security. These layers of threats pile on top of age-old security problems that include: occupational fraud, theft, corruption and other environmentally induced behaviors such as workplace sabotage.
From the perspective of dynamic systems found throughout the natural world - of which innate human behavior is part - a change to one part of a security strategy is likely to affect other parts. As an example the linear installing of internal video surveillance to control petty theft, is also sending another message to all employees that they cannot be trusted. Thus, it is important to apply complex systems thinking to security problems in order to explore the relationships between all parts of critical infrastructure before making security decisions.
For several years the hot security topic in the media and government circles has been acts of terror. This buzz has since quietened; and vigilance with it (i.e. 'eyes on the street'). Lately the media focus has shifted to cyber security. These layers of threats pile on top of age-old security problems that include: occupational fraud, theft, corruption and other environmentally induced behaviors such as workplace sabotage.
From the perspective of dynamic systems found throughout the natural world - of which innate human behavior is part - a change to one part of a security strategy is likely to affect other parts. As an example the linear installing of internal video surveillance to control petty theft, is also sending another message to all employees that they cannot be trusted. Thus, it is important to apply complex systems thinking to security problems in order to explore the relationships between all parts of critical infrastructure before making security decisions.
Designing Security Future States
the ATRiM Group 2.5 day Search Conference begins by selecting up to 30 employees across all levels of your organization to learn about turbulent and uncertain global security environments. Facilitators introduce the world of nonlinearity to human centered security thinking.
The participants then evaluate the present state of their security for inherited myths from the linearity of classical physics and economics. They are introduced to new science and methodologies for designing a more effective and desirable security future state that includes planning-in-action to generate security learning cultures.
Finally they develop a Phase 1 action plan to take their insights back to their organization. From participating in the conferenece in close quarters completely away from the office, they have generated personal relationships to sustain inertia. Those who did not participate in the search conference have no emotional connection to the work and insights of the conference attendees. This passion and energy has to be transferred. A strategic post conference internal communications plan is central to organization wide, sustainable bottom-up driven, small scale engagement.
The participants then evaluate the present state of their security for inherited myths from the linearity of classical physics and economics. They are introduced to new science and methodologies for designing a more effective and desirable security future state that includes planning-in-action to generate security learning cultures.
Finally they develop a Phase 1 action plan to take their insights back to their organization. From participating in the conferenece in close quarters completely away from the office, they have generated personal relationships to sustain inertia. Those who did not participate in the search conference have no emotional connection to the work and insights of the conference attendees. This passion and energy has to be transferred. A strategic post conference internal communications plan is central to organization wide, sustainable bottom-up driven, small scale engagement.
Planning-in-Action
"The conventional approach to planning, with its rigid time frames, its breakdown of planning tasks into sectors and regions, and its centralized and technocratic perspective on plan formulation and implementation is most unlikely to be effective in an increasingly turbulent environment."
Francisco Sagisti, Chief of Economic Planning, World Bank
Francisco Sagisti, Chief of Economic Planning, World Bank
ATRiM Group Action-Planning is a strategic prevention science methodology for helping your insiders tackle security problems with knowledge and confidence. Participants are mindful of critical infrastructure as complex systems with many inter-related parts. Our facilitators provide timely "to-the-need" information from experience and science to help your insiders solve problems they have identified. As adult educators, we strive to create those "aha" moment of self-discovery that stick, while problem-solving team members are in the middle of struggle to find future-state solutions to security challenges.
Planning-in-Action has a number of specific advantages:
- It provides an opportunity for reflection.
- It brings people together generating sustainable cross-silo relationships.
- It clarifies objectives within the framework of the designed security future state
- It builds consensus.
- It creates post conference engagement, ownership and accountability.