Three Factors to Consider when Choosing a Risk Intelligence Program for your School’s Security
Three Factors to Consider when Choosing a Risk Intelligence Program for your School’s Security
There is a lot of press and attention being paid to school safety and security. Although the data suggests there is an extremely low probability of a school shooting on campus, recent tragedies have alerted administrations of the need for effective risk management programs and quality intelligence. It has also opened up and provided a greater opportunity for risk managers.
Several vendors have answered the call to provide safety and security services due to the perceived business opportunity. However, it is unfair and borderline manipulative to offer ineffective solutions to organizations that have little knowledge of intelligence operations or the proper way to assess them. Organizations can waster tens-of-thousands of dollars on overhyped and ineffective solutions that rarely deliver as promised.
Alpha Recon will be hosting a series of webinars and delivering content to help prospective buyers understand what to look for and how to differentiate hype and actual value. Based on our core belief in enterprise security risk management, our holistic, comprehensive, and intelligent centered approach focuses on key organizational goals and assets. Alpha Recon will be advising the education industry on optimal risk and security management programs and how intelligence must be at the center of a well-rounded solution. If you are attending this year’s ASIS convention in Las Vegas, we invite you to visit us and we will be happy to help your organization make an inform decision.
Here are three important areas that schools must focus on when choosing a risk intelligence solution:
1. Access and Redundancy of Threat Data
There are several providers that have serious limitations of data acquisition. Many will rely on only one or two data sources (usually social media) that do not provide a complete risk profile. Given the recent privacy controls, vendors that rely mainly on social media will not offer effective intelligence and will mostly be a waste of money. These providers will lock you into an annual contract with a false sense of security. Do not enter into any service contract until you have tried the service for yourself, and have observed relevant threat intelligence.
Look at vendors who, directly or through partnerships, will provide multiple sources of data that include social media, targeted open source web data, blogs, deep web, dark web (as appropriate), crowd-sourced data, and the opportunity to ingest internal data. Paying tens-of-thousands of dollars per year for limited Twitter and Facebook data is not cost effective and will rarely yield the results you deserve. Many students are moving away form these social media channels, and privacy concerns will make these collections extremely difficult.
A good intelligence capability will use cutting edge data technology, tap into multiple and redundant sources, and provide quality content and noise-controlled intelligence to your organization. School districts and states should not use an RFP (request for proposal) type process to find vendors as these will skip any pilot or test programs. The RFP process allows for dishonesty and never allows for a trial process before making a decision. Using the software is paramount to ascertaining real value. Don’t believe the sales pitches. Ask intelligent questions about where companies get their data, how they process information, and what will happen when Twitter and Facebook shut off or limits their access. These are dark secrets they aren’t willing to share with you up front.
2. Timeliness of Intelligence and Realistic Expectations
In several spec-ops deployments, we relied on robust intelligence networks to inform our operation and help us meet requirements. Getting the right intelligence at the right time was critical in saving countless lives. This is equally applicable when protecting your school operations and campuses. How fast does a vendor get their information, what technology processes are used, and how quickly does intelligence get to the decision maker? What vehicles deliver the intelligence and in what format? How quickly can intelligence be used?
Many vendors promise that will get you the information yo need within minutes. There will even be hand-picked case studies that look at the time they received a tweet 7 minutes before the media did. This is exciting, right? Look more closely. Usually the events schools care about won’t necessarily be on the news and aren’t being monitored by these vendors.
Furthermore, the number of incidents missed will far outweigh the events captured promptly. Vendors will not broadcast these statistics. It is more meaningful to look at metrics such as “school relevant threat events detected,” and “a ratio of threat events collected vs. not collected,” or an average time of delivery to the client across all threat categories. It’s easy to highlight the few times you got the information right and delivered it quickly, but how often will this happen and how valuable is the information that these vendors think is important to you?
Some competent intelligence enterprises leverage technology that will be straightforward and honest about what they can and cannot do. But many more will not. It is up to you to ask the right questions about speed and deliver of intelligence across all threat types and sources. Human-derived and analyzed intelligence is slower and more expensive, while technology enabled intelligence is faster but subject to error and relative performance. Make sure yo know what quality control measures are in place, where a human provides curation, and how this impacts the speed of intelligence delivery.
3. Relevance and “Information vs Intelligence”
It is worthwhile to point out the difference between information and intelligence. Raw data information is useless and can be detrimental to operations without it being related and analyzed according to organizational assets, requirements, and operational plans. Many “data-as-a-service” companies are going out of business because client’s don’t have the time, resources, technology, or subject matter expertise to leverage information.
“Noise” in data science and intelligence is a problematic factor, and it data is not made relevant to what you care about (your assets), it just takes up your valuable time and energy to sift evaluate.
Intelligence is aggregated, processed, and finished information that relates to your requirements, assets, and goals while helping you make important decisions. These decisions can be based on immediate threats or trends that require a watchful eye.
Many vendors will provide unfinished information or alerts that don’t relate to what’s important. We call it threat spamming and in some cases the information has not been carefully analyzed by technology or analysts. There are very few vendors that provide finished intelligence that relates to your organization and their assets. Is it enough to get a series of general alerts delivered in an email or SMS message, or do you need context and reporting that explores emerging and current threats more deeply? Intelligence should aid and improve decision making success. It should also work to improve defined outcomes and monitor key risks and vulnerabilities facing your organization. If you are receiving just “information,” you are likely going to spend more time trying to understand it than leveraging it. This makes it less valuable, and in many cases distracting.
Ask vendors to explain the difference between their “information” and “intelligence” and how and what they do to offer true, meaningful intelligence. Also ask them about delivery, context, and reporting capabilities. What algorithms are involved in developing this intelligence? Is ti based on machine learning or merely keyword lists? What formats will you receive and be able to access this intelligence? Is it easy to use and understand? Is the intelligence relevant? Can you shape the collection principles? Can you change the delivery of alerts and viewing of geospatial intelligence? Is the risk intelligence related to your assets? How is that done and how can you utilize it to better protect and manage what matters most? How does it support a risk culture?
We hope you found this useful and helpful to elevate the importance of effective risk intelligence platforms for your schools and campuses. At a minimum, this should stimulate thought and and discussion on this important topic. We at Alpha Recon are passionate about risk management for schools and the education industry. If we can be of any help, don’t hesitate to reach out to us to see how your school can benefit from the most advanced security risk management solution on the market!
CEO & Founder
Toby is a risktech and ESRM futurist who earned two Master’s degrees in Biology (Neuroscience) and International Relations in addition to becoming a member of the US Army Special Forces, more commonly known as the Green Berets. After leaving the military with over 10 years of risk management and intelligence experience, Toby founded Alpha Recon to be a risk technology innovator in enterprise security risk management (EsRM). Focused on rapidly changing and diverse risk management challenges across traditional corporate boundaries, Toby is a proponent of strategy and intelligence-focused risk management, limiting liabilities while advancing opportunities and outcomes for business with the help of machine learning/AI. Toby is an unconventional thinker who believes that solutions have remained siloed, irrelevant, and rarely lower risk or provide opportunity for organizations and their assets in a measurable and proactive way.
Toby served around the world in high threat areas advising senior military, foreign governments, and U.S. government officials and dignitaries. Engaging with local communities he gained first-hand security and risk management experience in complex environments. During this time, Toby became an expert in risk management, intelligence operations, and threat mitigation with an appreciation for proactive and practical methods. His equal appreciation for deep learning and risk models to synthesize multi-variate data and make it valuable is evident in Alpha Recon’s software approach. Toby’s theories and ideas about holistic risk understanding and strategic management challenge the status quo and will no doubt result in better practices and solutions to help the performance of enterprises around the world. Toby enjoys speaking about innovations in risk technology, measurable risk management, and building consensus for enterprise security risk management around the world.
Toby is currently on the technical committee and working group for ESRM on behalf of ASIS, developing the Enterprise Security Risk Management guideline.