What, how and why of security

Issue 6 2020 Editor's Choice

We are aiming to educate those in leadership positions about the importance of commissioning regular independent security risk assessments. As a security advisor, it’s a continuous challenge to change the existing perceptions of CEOs/MDs and nowadays the procurement departments.

The two diagrams in this article both contain the exact same words, however, the only difference is the direction of the arrow which indicates the thinking pattern.

The first graph shows the thinking direction from the ‘what’ inwards to the ‘why’, whilst the second graph shows the thinking direction from the ‘why’ outwards to the ‘what’.

Most people approach security from the outside in, as displayed in the first graph. The ‘what’ in this case mostly refers to a product and this needs to be answered with ‘how’ and ‘why’.

What security products are we going to sell?

How will we accomplish this? This could either be how the salesperson will get the client to purchase the product, or how the product will be installed.

The ‘why’ refers to why do you need this specific product, why do you need to have it installed? Why will this product be effective?

The last part of this thinking direction, the ‘why’, will most probably not be answered because the action has already been taken. The product has been purchased and installed; the ‘why’ doesn’t really matter now anymore, does it?

It’s like spending money on a new pair of expensive running shoes because you get a free water bottle or a gym bag with your purchase. You purchased the shoes thinking about the freebies without really knowing why you need it. Even if you think about the ‘why’ later, it wouldn’t matter because you already purchased the shoes.

It might be the wrong running shoes for the type of running you do, or it might not be the right shoes for your feet. You will end up wasting a lot of money because you did not think about the ‘why’.



Turn it around

Now, in contrast with the first graph, the second one shows an outward thinking direction. This means that you are looking at and thinking about security from the inside towards the outside.

The first question you will ask is why do I need security? Simple: to cover your risk.

The next question will be how will we achieve the ‘why’? The ‘how’ question is answered with an independent security risk assessment. An independent security risk assessment will tell you what your risks are, and it will tell you how to fix it.

The last question, ‘what’, is also answered in the security risk assessment. What do you need? The solutions in the risk assessment will tell you exactly what you need.

Remember the running shoes? Well, when you think about it from the inside outwards, you will understand why you need running shoes. Your answer will depend on what type of running you do; for example, you might be into trail running, marathons or road races.

The different types of running will tell you what running shoes you need. How do you get those shoes? You go to a specialised running shoe store that specialises in the type of running shoes you are looking for.

Knowing why you need it and how to get it will ensure that you know exactly what to get, even if other shoes are on special or if you get heaps of freebies with walking shoes, you will know that you need trail running shoes as this is what serves your purpose best.

The same applies to security

When you understand why you need security (to eliminate your risk), how it is achieved (by implementing risk-specific solutions), you will understand exactly what you need to accomplish this (informed decision making when it comes to security hardware).

Practically, when you think from the outside inwards, you are thinking about the product first, which is the approach most security salespersons and security companies take. Thinking about the product without knowing what it needs to do in order to eliminate the risk could result in a waste of money, or worse, a false sense of security.

Believing that you are safe due to your security measures without knowing if it really covers your risks is far worse than having no security at all. When you don’t have any security and you know the dangers, people tend to be more vigilant and aware of their surroundings. On the other hand, when you think you have security and that you are safe, you become lax, complacent and oblivious to your surroundings, which is a very dangerous situation to be in.

This is the difference between a security company and a security risk assessor’s approach to security:

• A risk assessor starts from the inside, finding the risks and then moving on to find the solutions that fit the risks, not the other way around. The risks cannot be forced to fit the solutions.

• You are welcome to disagree, all I ask is that you show me the security risk assessment of your current security.

If you are thinking from the inside to the outside, you are thinking about what the client needs to eliminate the risk. However, when you think from the outside inwards, you first have a product in mind without considering the risk, which does not put the most important factor, the client, first.

Whilst the questions might be the same in both scenarios pertaining to the ‘why’, ‘how’ and ‘what’, the direction makes all the difference. In both graphs, the ‘how’ is in the middle, however, when you start from the inside, the ‘how’ will apply to the client whereas when you start from the outside, the ‘how’ will apply to the product.


Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Making drone security more accessible
Editor's Choice Integrated Solutions Residential Estate (Industry) AI & Data Analytics IoT & Automation
Michael Lever discusses advances in drone technology, focusing on cost reductions and the implementation of automated services, including beyond line of sight capabilities, for residential estates with SMART Security Solutions.

Read more...
Private fire services becoming the norm?
Technews Publishing SMART Security Solutions Editor's Choice
As the infrastructure and service delivery in many of South Africa’s major cities decline, with a few, limited exceptions, more of the work that should be done by the state has fallen to private companies.

Read more...
View from the trenches
Technews Publishing SMART Security Solutions Editor's Choice Integrated Solutions Security Services & Risk Management Residential Estate (Industry)
There are many great options available to estates for effectively managing their security and operations, but those in the trenches are often limited by body corporate/HOA budget restrictions and misunderstandings.

Read more...
SMART Estate Security Conference KZN 2025
Arteco Global Africa OneSpace Technologies SMART Security Solutions Technews Publishing Editor's Choice Integrated Solutions Security Services & Risk Management Residential Estate (Industry)
May 2025 saw the SMART Security Solutions team heading off to Durban for our annual Estate Security Conference, once again hosted at the Mount Edgecombe Country Club.

Read more...
Get the AI fundamentals right
Leaderware Editor's Choice Surveillance AI & Data Analytics
Much of the marketing for CCTV AI detection implies the client can just drop the AI into their existing systems and operations, and they will be detecting all criminals and be far more efficient when doing it.

Read more...
SMART Surveillance Conference in Johannesburg
Arteco Global Africa Technews Publishing SMART Security Solutions Axis Communications SA neaMetrics Editor's Choice Surveillance Security Services & Risk Management Logistics (Industry) AI & Data Analytics
SMART Security Solutions hosted its annual SMART Surveillance Conference in Johannesburg in July, welcoming several guests, sponsors, and speakers for an informative and enjoyable day examining the evolution of the surveillance market.

Read more...
South African fire standards in a nutshell
Fire & Safety Editor's Choice Training & Education
The importance of compliant fire detection systems and proper fire protection cannot be overstated, especially for businesses. Statistics reveal that 44% of businesses fail to reopen after a fire.

Read more...
LidarVision for substation security
Fire & Safety Government and Parastatal (Industry) Editor's Choice
EG.D supplies electricity to 2,7 million people in the southern regions of the Czech Republic, on the borders of Austria and Germany. The company operates and maintains infrastructure, including power lines and high-voltage transformer substations.

Read more...
Standards for fire detection
Fire & Safety Associations Editor's Choice
In previous articles in the series on fire standards, Nick Collins discussed SANS 10400-T and SANS 10139. In this editorial, he continues with SANS 322 – Fire Detection and Alarm Systems for Hospitals.

Read more...
Wildfires: a growing global threat
Editor's Choice Fire & Safety
Regulatory challenges and litigation related to wildfire liabilities are on the rise, necessitating robust risk management strategies and well-documented wildfire management plans. Technological innovations are enhancing detection and suppression capabilities.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.