printer friendly version

The increasing role of information management in security

Information has been bread and butter to security for a number of years. The whole point of investigations, for example, has been to generate information on incidents and people.

With the advent of new security systems such as access control and CCTV, a result was the creation of huge amounts of data that sat on a computer or on tape.

Yet most facilities did little to manage and make use, or even sense of this data. It is only more recently that the police are starting to use analysis and statistics in a more serious way to get to understand crime and provide a basis for planning crime management strategies. For most operations, things that were not immediately looked at were just left.

It has been somewhat ironic that the new technology that was so good at generating data has taken some time to be useful in translating that data to useful and interpretable information. I have seen huge piles of printouts on access control movements on desks that would have taken a couple of days to read through and would have been almost impossible to make sense of.

Making sense of data

It is only more recently that the security software systems have been able to take advantage of storage and analysis capabilities to make sense of all this data and turn it into truly useful information that can assist with such things as movement analysis, picking up unusual activities, and true decision support functions. Overly frequent visits to a particular location, visits out of normal working time, and access by certain people within certain times of each other may indicate something is afoot. While access control systems lend themselves most easily to data storage and subsequent analysis, CCTV and other security activities also provide a basis for generating information that can be used to anticipate, prevent or detect crime.

CCTV data storage has traditionally been through video tapes. Tape libraries have been a key aspect of managing and, if necessary, retrieving this information. In the UK, the Data Protection Act has created a far greater focus on effectively managing tapes in the libraries, not just those kept as evidence. Indeed, the UK legislation has led to the creation of an entirely new designation - the data controller who is responsible in law for how recorded information is handled.

Digital recording introduces far more scope for managing information and increasing its accessibility. In a recent Frasier show episode, Frasier wanted to retrieve a recording of one of his radio broadcast sessions of a couple of years ago. How easy would it be for you to retrieve a video clip of a particular time and date from two weeks ago, or even a month ago? Given that criminals often repeat their behaviour, on catching one you may well want to see if the person has committed the same kinds of offences on previous days or weeks. Digital recording should make this retrieval a great deal easier, but few companies have actively thought through how to approach this process. However, casinos, even with their traditional VCR systems have taken this tape management process to a fine art. Using tape libraries, they are able to reconstruct a suspect's movements across a time period by assembling a series of video clips from different tapes together. It is something that all companies should be thinking about whether they work with traditional tape or digital storage.

While access control systems tend to accumulate information automatically through electronic means, CCTV operator comments and analyses are largely manually logged in occurrence books or incident type logs. When was the last time a manager in your department had a good look at what trends and unusual patterns were coming through in your occurrence book?

Typically the comments in these written records are noted, never to be seen again unless an emergency happens and you have to refer back to it. Transferring or capturing operator comments on events, incidents or people onto a computer-based system allows one to retrieve these more easily. At Ekati diamond mine in Canada, operators use voice recognition systems to transcribe operator comments and reports directly onto computer as they happen. However, even manually written comments can be moved to some kind of computer database relatively easily. Establishing trends like a particular person being around frequently when there is diamond or gold spillage, or machines only breaking down when certain people are on shift provide insights into potential security issues, but only if that information is captured into systems and then looked for as part of an information risk management approach.

Risk management component

Information management and pattern analysis is increasingly becoming a vital aspect of the management and usefulness of security technology systems. The need to start making sense of existing data and to look at what other signs are available to tell us what is happening in our work environments is increasingly opening up new job positions.

There is a strong risk management component to this and companies need to give consideration to formulating a plan to gather investigation and information gathering strategies. Like the data controller, a person in the operation needs to be responsible for looking at data, making sense of it and translating it into information that will support decisions or identify problems. Among the things that such a position can be doing are:

* Developing a security risk model and the components and sources of information that will give an indication of concerns.

* Determining what kind of information gathering strategies you can use.

* Developing ways to capture or process the information at different sources so it can be used in subsequent analysis.

* Coordinating system information gathering - at what points could details from your access control system overlap with concerns indicated from your CCTV monitoring.

* Interrogating system data in order to establish trends and identify questionable combinations of events as indicators of suspicious activities.

We can expect data to become increasingly available as more technologies and increasing use of systems that allow data collection become common in our operations. How we treat this data and whether we use it constructively or let it slide into obscurity is going to make a difference. While I use another tracking company and am not particularly fond of their advertising, vehicle tracking company Matrix's use of 'no go zones' is a great use of translating the regular supply of transmitted data into information that is meaningful and can be used in an intelligent way. Data mining has been used extensively for marketing purposes and even things such as mining exploration for some time.

For security, it presents some exciting challenges and offers the opportunity for new skill sets and career paths. Most importantly it offers powerful tools in the fight against crime both within organisations and communities.

Dr Craig Donald, consulting editor

Dr Craig Donald can be contacted on telephone: 011 787 7811, fax: 011 886 6815, or e-mail: craig.donald@leaderware.com

Share this article:

Further reading: