Risk Management The author of this report has been asked to offer a brief paper about the subject of risk communication and the implications of that subject to the security manager. Of course, a huge part of identifying and mitigating risks involves one or more levels of communication depending on the nature and depth of the risks that exist. Whether it be brainstorming about what could happen, analyzing what has happened, issuing alerts to the people that work or otherwise inhabit a building and so forth, communication is a huge part of stopping or preventing risk. Bulletins about suspects on the lam or Amber Alerts are two publicly known and commonly used examples of this but such communication happens in much more localized fashions as well. While some may deem security communication and management to be a lot of busywork for nothing, nobody with a brain would say that when a prepared for security problem actually happens and the planning actually helps or prevents the calamity that was attempted.

Analysis

As noted by the Gill text, communication is absolutely critical when it comes to security management. Gill asserts that the security department has to be intimately involved in "selling" rather than "telling." This is because so many of the people involved are from other functional areas of the business, rather than being in the security sphere directly. Communication is also necessary so as to build trust and rapport with other departments. When things go well and incidents are prevented, those need to be announced as "wins" to the people that are being protected and planned for so that the people at the location know that the security people are actually accomplishing something tangible and real. Indeed, such wins and communication allows the security department to integrate and become a legitimate part of the business culture of a firm rather than being on the periphery and otherwise a non-factor. Rather than being window-dressing or otherwise just being there for show, security needs to show that it's presence is for a good reason and that it is paying dividends (Gill 2014).

One catalyst for communication within the security industry has been the development and fleshing out of the internet technology sector. One major reason the internet has paid such dividends is that communication can be greatly improved within an area being secured without spending a lot of money or dedicating a lot of resources. Just to paint a picture that any security manager can understand, all of the following happens every single minute as of the printing of the Gill text in 2014:

695,000 Google searches are completed

168 million emails are sent

695,000 status updates are made on social media

600 videos are uploaded on YouTube

370,000 minutes of voice calls are made on Skype (Gill 2014).

However, security managers should be mindful of the fact that while security can be improved with internet technology and tactics, it can also be greatly compromised. In the past, hackers were largely concerned with just showing off their prowess through communicating their supposed abilities in online forums like chat sites and websites. However, these hackers have shifted to actually engaging in attacks against people in the form of identity theft, ransom ware and so forth. In 2013 alone, nearly three hundred thousand complaints were received by the United States federal or other government agencies. There was a net loss of more than half a billion dollars. Even with the risks, communication is truly a net gain for security professionals and their managers. It can and should be used in a way that fosters communication and collaboration between the practitioners in the security agencies and groups that exist. Whether it be between different agencies, disciplines, countries or other paradigms, the clearly defined standard terms and concepts that exist, if used properly, can greatly increase the level of security performance and adeptness overall. The key is to have security managers that know how to use these communication tools effectively, efficiently and without compromising systems and information that need to be protected and shielded from people with nefarious motives (Gill 2014).

The work of other scholars on the topic besides Gill say very similar things, even if the overall focus of these other works differs a little. One example is the work of Thompson and Bloom (2000) from the year 2000. Indeed, risk and security managers...

Indeed, they must also receive and parse information from other sources and figure out the proper plan and approach based on the information that is presented and summarized to them. The blueprint for such communication pathways are government agencies like the Environmental Protection Agency and most law enforcement agencies. However, a security agency charged with protecting a corporation or other organization besides a public agency must both receive, use and disseminate risk-related communications in the proper manner so that everything is timely, efficient and not wasteful (Thompson & Bloom 2000)
Another piece to the proverbial puzzle when it comes to security managers disseminating and sharing important information is how precisely the communication is executed. The methods used or not used matter greatly because there are different kinds of learners. Some learn by visual tools, some learn by listening, some learn by doing and some use a combination of those three methods. Without being wasteful, security managers need to use message and demonstrations that combine all three of those tactics. For example, if one were to teach a team on how to use the metal detectors, there should be a blend of seeing the new procedures or equipment, a description of what is to be done and why and a visual demonstration of what is to be done and precisely how to do it. Metal detector station employees would need to see, hear and do the tasks that they are expected to do in a normal job setting without there being any real-world implications. For example, a person with keys in their pocket could be used as part of a training session. Of course, the keys would set off the metal detector and the wand would then be used to determine where they keys are so that the guard knows how to figure out where the offending object happens to be. Of course, it should be done in a certain way because it could also be a gun, a knife, a set of brass knuckles or something else dangerous. Posture, telling people how to proceed through the station and so forth should all be demonstrated and then rehearsed in a safe environment. On-the-job training can be useful but as much as can be done in advance of that should be done. Using a combination of talking, having people listen and then doing should be part and parcel of any training session. Some novel ways to keep people engaged is to use props. Even things like ping pong balls and other props can be useful in keeping people's attention affixed to where it needs to be (Prince 1997).

Another consideration that managers need to keep in mind when managing risks is what happens during special events. Indeed, there are many tasks and situations that repeat every day or every week. Employees coming and going, controlling entrance points to a building and/or to secure areas and so forth are a normal everyday part of the job. However, there will be situations that are out of the ordinary but must be effectively dealt with nonetheless. Examples would include clients visiting the building, people from other company offices visiting the building, situations where a threat has been made against the company and/or people within it and so forth. For example, if an employee is fired and their reaction is to make threats against the company or an employee, extra security should be provided for the people and facilities involved. The police can be involved as well to perhaps provide extra patrols, trespass the employee in question and investigate the employee criminally for the threats made. The use of armed guards and other measures should not be beyond the pale because workplace and organizational-related shootings happen all of the time. Other special events would include things like parties and so forth. There has to be risk management in the form of knowing who should be present, who should not be present, where people are allowed to be, where they are not allowed to be and what the people are allowed to do. There is no need for security and risk management to be handled in a brash and rude way. Instead it should be present but not in an overt or jarring way. It should be clear why the security is there but they should not distract from the business or fun that is supposed to be had by the people there (Roberts, 1999).

At the end of the day, the main and primary task of a security manager is to prepare for the worst. As noted throughout this report, this is all about identifying potential or known and current…