Spring World 2017

Conference & Exhibit

Attend The #1 BC/DR Event!

Spring Journal

Volume 30, Issue 1

Full Contents Now Available!

Tuesday, 05 August 2014 16:13

Security is not Criminology

Security is, I believe, a major contributor to organisational resilience.  It is about protecting assets from loss and damage, risk analysis and management, and alignment with organisational needs.  It’s not about criminals and criminality.  If you want to be adept and capable as a security professional, knowing about what motivates criminals is not actually of much practical utility.  Why should you be interested in ‘rational choice’ when what you need to know about are the methods required to protect your assets? Why study the nuances of criminal investigation when you are looking into the security breach that has already occurred?  Obviously, if you want to inform methods of limiting future damage then that is useful, but for me not the driving focus of security.

The functions of security have moved on rapidy from alignment to policing activities to a much wider embedded and linked function.  The security professional should be as comfortable in blending his or her functions with those of crisis and continuity management as they are in conducting risk analyses.  The security professional should be less concerned with crime rates and more with the ability to identify and manage their own vulnerabilities to all types of threat, some malicious and criminal, but many not.  The growth in security these days is of course around IT, information and cyber; and there are adversaries out there who are deeply criminal.  They no doubt hit all the spots for criminological theories; but it doesn’t matter – the cyber security professional’s role is to limit the penetration and damage whether the adversary is a kid in his bedroom or a nation-state. Or even the insider who does not understand the damage that their IT use can cause