A professional body growing in diversity and scope.
The Security Institute continues to grow with approximately 4000 current members and recruitment this year already up on last year.
We will take the opportunity this summer, with input from our newly elected Directors, to revise and refresh our strategy to ensure its continued relevance for a fast-evolving world and security profession. Current areas of focus remain the development of a physical security PENTEST register with government partners and the increasing development of the Insider Risk programme. Physical penetration testing, sometimes known as black teaming or red teaming, is a hybrid between a security test and a security assessment focusing on the vulnerabilities which can be exploited via an attacker gaining physical access to a building. Once the vulnerabilities are identified they are tested through the methods which would be used by both opportunistic and sophisticated attackers.
One area we are particularly proud of is our ‘Secure Futures’ programme, which was launched by the Institute in late 2020 in collaboration with the EY Foundation and expands upon our #NextGen initiative. The Secure Futures programme is supporting twenty-seven, 16-18 year olds from low income backgrounds to access invaluable experience within the security industry, empowering them to consider pursuing careers working within the sector.
The Security Institute has also been a key contributor to formation of the UK Cyber Security Council (UK-CSC), working with our 15 other Cyber Alliance partners over the last two years. The UK Cyber Security Council is now ‘live’ from 1st April with a launch event later this year.
At our AGM we also announced our plans to launch our own charity ‘The Security Institute Trust’ with a focus on education and supporting those in need with aspirations in the security sector. We believe that should be live in the summer subject to the Charity Commissions approval.
We continue to seek and collaborate with both domestic and international organisations who look to improve security practices for the individual professional and to contribute wider public security recognising the ‘Protect Duty’ as an opportunity for change.
As we continue to think of security in the round and consider we have plans for lockdowns and prioritising keeping our people safe, we must think of other elements such as IT systems lockdown procedures.
Of course, some institutions with critical information systems may have this in place but when we look at the US Capitol Building being overrun by protesters, did anyone think to shut down the IT systems to protect sensitive information?
We can all be wise after the fact, but we do need to consider all security threats in our thinking and planning and ultimately in our Security Risk Assessments (SRA). Reflecting on the Security Institute’s recent masterclass on the ‘Risk journey’ with excellent content from the likes of CPNI and others undertaking an appropriate risk assessment along with a considered ‘operational requirement’ in a whole risks approach.
Whilst what I’ve said may be considered information security it may well be protective security teams that initiate such a move as a frontline team and can inform the information security or IT team as part of the security plan for protest groups.
This is not the only area of convergence for security teams to consider there are natural links to business continuity or operational resilience as we protect the business from some principle business risks. Whilst collaboration amongst relevant teams is a must, some organisations have multi-skilled teams and a converged approach to such risks.
Such teams may well look at the UK national risk register to understand the current and future risks that their organisation might face and apply that risk context to the organisation’s objectives. Typically, a business impact analysis (BIA) would look at these from a business continuity or operational resilience perspective and the cross functional teams could add this thinking to their strategy against a common operating picture (COP).
Recently, I’ve been improving my knowledge of Bio Terrorism which of course forms part of the Chemical Biological Radiological and Nuclear (CBRN) threat listed in the UK national risk register and together with recent government integrated review highlight the continuing terrorism threat the UK faces. A leading voice in all things terrorism is of course this country’s terrorism re-insurer Pool Re who hosted the first such Bio Terrorism conference and as many are aware is also the financial support behind the much anticipated ‘Information Sharing Platform’ (ISP). The ISP is expected to launch later this year from National Counter Terrorism Policing and contributes to knowledge sharing with obvious links to the current Protect Duty consultation currently underway.
All of this activity converges in order to make the UK a safer place for its citizens, which is the first duty of any government.
Whilst we await the findings of the Manchester inquiry to add to the weight of evidence for change following the terrorist attacks in 2017, I would hope like the Security Institute other organisations are carefully considering their own response to the Protect Duty consultation.
Once concluded on the 2nd July of this year a ‘Regulatory Impact Assessment’ will be published and whilst not expected to be onerous to business it should take a proportionate approach to the risk and illustrate and develop much of the good practice already in place in the UK. With appropriate oversight and governance in this important area of protective security, ensuring competent advice is provided for ‘publicly accessible locations and spaces’.
The Security Institute looks forward with its members to contributing with work already underway.
The security industry in the UK already takes a converged approach in many areas and exports considerable products and services overseas where others see the value of the UK’s approach and experience in dealing with such risks. The Security Institute is a member of the UK RISC and collaborates with the Department of International Trade (DIT) DSO to collaborate and notes the recent publication of the ‘Major Event Security Brochure’ launched by the DIT Minister for Export Graham Stuart MP on 11th March showcasing some of the UK’s capability and one of the UK security sectors strengths.
In closing, should you be interested in becoming a member, please reach out to the Security Institute’s website for further details and join us on social media platforms to keep pace with changes in the security sector.
Peter Lavery FSyI CMgr FCMI
Peter is an Enterprise Security risk and Operational Resilience professional with a career built up over 30 years in both UK Government and Corporate industries worldwide. In addition to an excellent knowledge of multiple disciplines within Security (physical /personnel / Information (CISM qualification)) and Operational Resilience, he has extensive experience in change management, transformation and technology.
The later part of his career has been spent within the business and operational risk sector, including Business Continuity / Crisis Management / Geopolitical / Regulatory / Health Safety & Environment / Anti Financial Crime / Investigations / Anti Bribery & Corruption / Business Insurance, including “C suite level” policy guidance.
In 2018 Peter was elected Deputy Chair of the UK Security Institute and was subsequently elected to the Chairmanship in January 2021.