CHAPTER 11

IMPLEMENT

PROBLEM
SOLVING
AND AUDIT/
INSPECTION
 Learning Objectives

•At the end of this chapter, the student

will be able to:
•Enumerate the top management's
responsibilities the implementation of
security programs; in
•Enumerate problem solving
techniques and pitfalls in
decision making;
•Enumerate problem solving techniques
and pitfalls in decision making;
•Enumerate factors that affect decision;
•Enumerate the question to be used in
conducting a security audit; and

•Explain formal, informal, structured and

unstructured security audits.
Program Implementation
Top Management's Responsibility
The top management should always be interested
in the implementation of any security program.
They must extend complete support to the
program on a continuing basis. They must be
willing to take actions to ensure that employees at
the other levels comply with the requirements that
have been established for the protection of
personnel and other assets. The responsibility and
accountability for the implementation are
delegated to the security executive. Thus, he
would function as a steward doing the necessary
Involvement of Others

Non-security employees can be of great

assistance in the implementation of the
security program and their active
participation can contribute to its
success. Thus, it is important to keep
other employees aware and involved.
Setting Priorities and Meeting
Schedules

The higher the criticality rating of the

identified vulnerabilities higher is its
priority in the implementation of
countermeasures. the important also
that the time frame established be met
otherwise it could affect the entire
program. It is
Drills and Rehearsals

Some areas of the security program

would need regular drills or rehearsals
which stimulate anticipated conditions,
i.e. crisis management, fire drill, bomb
threat handling, and response to a
robbery.
Validation and Updating of Plans

During program implementation,

opportunities arise to improve
countermeasures or reinforce those
found effective. If new conditions
present themselves, necessary
adjustments sometimes need to be
made in the security program.
Program Evaluation

At the end of the timetable or drills,

rehearsals, the security program or part
of it need to be evaluated. Issues such
as relevance or adequacy of
countermeasures, cost effectiveness,
etc., need to be addressed to check the
existence of vulnerability which may
trigger the need for a much responsive
Problem Solving and Decision-Making

Problem Solving Techniques

The successful security executive is a
problem solver. He is able to solve most
of the problems through quick
evaluation of the situation against
experience and logic employing the
following seven steps of problem
solving:
1. Clearly Defining Problem - He
ensures he has the complete grasp of
the problem at hand. He is able to
define and clarify issues involved.
2. Gathering Information - He gathers
information through research and
interviews. It may require putting the
information gathered in document form,
in tapes or indexes.
3. Interpretation - The gathered
information is put together to arrive at a
clearer picture and try to ascertain the
meaning and related implications.

4. Developing Solutions - The security

executive may come out with a solution
and several alternatives. In this step he
should be guided by the principles and
techniques of effective management and
5. Selecting the Best Solution From
several alternatives the security
executive selects the best practical
solution considering the short and long-
term effect of each possible solution.
6. Putting the Solution into Operation-
One the most appropriate solution is
chosen, implementation is next. This is
critical as it may involve changes be
difficult to accept. There might be a
7. Evaluating the Effectiveness - The
plan or solution should be reviewed
periodically for effectiveness. A
comparison between the ideal solution
and the actual practice may be made.
Some Pitfalls in Decision Making

The appropriate decision and taking

responsibility for it is a critical function
of any executive, much more a security
professional.
The security executive the following:
1. Jumping into conclusion
2. Accepting the first choice
3. Accepting the easiest way out
4. Procrastinating
5. Letting prejudices or emotions influence
6. Failing to get the facts
7. Failing to weigh the alternatives
8. Failing to consider consequences
9. Fearing to take risks and assume
responsibility
Factors Affecting a Decision

1. Prior Experience - A tried and

reliable course of action that worked
before may very much work again in
similar situation.
2. Self Interest - One's own interest may
not be the best for others. The ideal
situation here is to balance one's
interest with those of others.
3. Tradition - There are good traditions
but there are those that limit the way of
doing things and become the basis for
decision because they form the easiest
way out.
4. Creativity - This is the opposite
tradition. It has resulted in a lot of good
in some areas but for the sake of change
is not healthy way to arrive at a
decision.
5. Authority or Expert Opinion- This
should be given great consideration.
However, the security executive should
make certain that they are really
6. Logical Thinking - The decision is
based on sufficient facts and through
analysis leading to clear a conclusion
and good decision.

7. Emotion and Prejudice - Tye decision

should be free from bias and sentiment.
It may lead to favoritism and irrational
decision making.
8. Ease of Execution - All things being
equal, security executives confronted
with problems would like and easy way
out, but the easy way out not usually the
best way out.
Security Audit / Inspection

Rationale for Security Audit

The usually is a need for a formal audit
or inspection to: check the degree of
compliance with the recommended
countermeasures and to determine the
effectiveness and adequacy of the
countermeasures in effect.
Conduct of the Audit

A security audit has for its basis the

security survey and the vulnerability
assessment reports prepared during the
previous period. A checklist for the
purpose ensures that all areas are
covered.
The following questions should also be
used:

1. Why are we doing it?

2. Must we do it all?
3. If we must, is there a better way?
4. Is there a less expensive or more
cost-effective way?
Formal and Informal Security Audit

A formal security inspection is

announced and is communicated to the
organization or unit in advance. All
documents needed are prepared
beforehand. An informal audit are the
result of an entrenched and
institutionalized system understood and
accepted as a part of the organization
Structured and Unstructured Audit

A structured audit has a format for

logical sequence to the process. The
unstructured audit is conducted in a
random manner without any formal or
logical sequencing.
Ascertaining Compliance

The inspector should establish that the

countermeasures are a they ought to be.
It is possible that the unit or people
being audit do not what is expected of
them. Deficiencies notes should always
be highlighted and follow through
scheduled and implemented, otherwise
vulnerabilities will persist.
CONCLUSION