Monthly Archives: February 2012

The Gap Analysis

If you have a need to increase your school district’s electronic security program a Gap Analysis is a great place to start. Actually a Gap Analysis is prudent for any of your security programs but for today we will stick with the Physical Security Gap Analysis.

As you may already be aware, there are various types of Gap Analysis practices. The one most often used and the one most universally understood is a business or finance gap analysis. The purpose of this type of analysis is essentially to determine the gap between where a company is and where they would eventually like to be.

When speaking of physical security though I like the DoD military planning definition of the term. Within the DoD scope of analysis the focus is on capabilities. The context in which I use the term “capabilities” for the sake of this discussion relates to ” a school districts capabilities to deter crime through physical security measures”.

The Capabilities based Gap Analysis; in my view, starts with a discovery phase in which the overall security policies and goals of the school district are discussed, a community risk evaluation has been determined and a physical audit has been conducted during which vulnerabilities are unveiled and determined through accepted benchmark  practices. The vulnerabilities are documented for the purpose of later reporting.

You may be thinking at this point that your physical security program is impenetrable and that you’ve covered every base. Think again. As long as there exists a human will and desire to gain access you must remain vigilant. Beyond that point (and this is true for your IT Managed Security as well) methods for penetrating vulnerabilities in areas that were not so long ago invulnerable, are always evolving and improving.

As I stated in an earlier post there are a number of low cost and no cost things that you can do to help in mitigating vulnerabilities but those measures should never be considered as an alternative to a strong physical security program or to the policies that underwrite such a program.

Remember as well that humans play a role in the implementation and management of the security system and that a hidden vulnerability may lie in a process or in the execution of a process and not just in the original schema design or installation.

I had mentioned earlier that a Capabilities based Gap Analysis begins with a discovery stage and moves into a reporting stage. The reporting stage is critical because it puts into laymans terms exactly where a vulernerability exists, what causes it, what impact it may have on the safety and security of the school district and concludes with recommendations for next steps.

Overall, a physical security gap analysis is painless, typically low cost, and not as invasive as you may think. It is also almost always an extremely enlightening snapshot of the vulnerabilities and liabilities that currently exist and how to fortify them.