Canadian Security Magazine

Beyond the job description

By Steve W. Ballantyne   


Some of the international and national risks that may impact a security manager’s organization could include a possible terror attack, a flu outbreak (eg, H5N1), natural disasters (such as flood and earthquakes), power blackouts, cyber attacks, civil unrest, and even environmental disasters due to chemical or biological attacks.

In the past few years the world has seen a number of huge risk
incidents such as the hurricane Katrina with its devastation of New
Orleans, the Tsunami in the Indian Ocean with a loss of over 250,000
lives. If an security manager’s organization happened to be in one of
these areas while these events had taken place the security manager’s organization
could have been severely impacted or destroyed all together.  When
international or national risk has the ability to render one’s
organization to a state where it can no longer operate. one should
think that this, indeed, is a concern to any responsible security

A terrorist risk, for example, could come from a “nuclear blast,
biological attack, dirty bomb (radioactive) or a chemical attack. An
influenza pandemic risk could emanate from the virus H5N1 and could
cause local, national, and international casualties as in the Spanish
Flu of 1918 with worldwide death estimates from 20 to 100 million
people.  Climate change could appear from global warming and thus
causing natural disasters such as hurricanes, tornadoes, and/or floods.
Major international and national risk usually start in a specific area
of the world such as the terrorist attacks in New York, Washington and
Mumbai, Class 5 Hurricanes in the Gulf of Mexico or earthquakes in
Asia. SARS is a good example of this, starting in a small village in
China, migrating to places as far away as Canada in only a few short

The world is indeed a ”˜smaller world’. What happens in Katmandu may
well affect the security manager’s organization in Vancouver or Toronto. As this
example using the SARS situation shows, security managers not only
should place an emphasis on international and national risks, but
perhaps place a priority on all international and national equally as
well as local risks.

All responsible security managers must know and
review their key international and national risks and hazards and
prioritize them. An impact analysis of various international and
national risks-such as the effects of a pandemic (H5N1) or a terrorist
attack should be done. Quantified Risk Assessment (QRA), which is now
being developed into a science, may also be useful in the assessment of
such risks.  QRA has three objectives: “ an estimate of the severity of
the problem, an estimate of the probality of the problem occurring, and
finally some criterion of acceptability of the risk
quantified” (University of Leicester, 2006:2-17).


QRA is really a
generic term with the term ”˜to quantify’ meaning to ”˜measure or express
as a quantity’. SARS brought to light how important the concept of
”˜risk scenario planning’ is as an important tool in managing
international and national risks. Through monitoring disaster events
and other identified and manifested risks, a security manager can see
what other companies and governments do specifically in cases of
disasters and how well these disasters are handled.  For example, in
the Katrina hurricane, over half of the New Orleans police department
failed to show for their duties.  An SM could certainly anticipate that
half of his or her own security staff might also not show up in the
case of a manifested risk event, and thereby, plan accordingly.  It is
extremely important that scenario planning be done on a annual basis
for the protection of one’s organization.

There not a lot an security manager can do to prevent an international
or national disaster and this is true even if the magnitude of such
disaster impacts his or her own organization.  What else can security
mangers do to protect their organizations?  There are a number of other
steps security managers can and should take in protecting their
organizations.  The number one step is to have a well-conceived
business contingency (sometimes called continuity) plan.  A business
contingency plan has three main objectives. The first priority is to
control the disaster scene and allow the organization to continue to
function (or to get on it’s feet ASAP).  The second priority is to make
sure of the safety, security and welfare of all customers, suppliers,
and staff.  The third and final priority is to liaise with the
appropriate emergency and government services.  A security manager
shouldn’t make the mistake of trying to plan for a specific hazard or
disaster but should have a well-rounded business contingency plan that
prepares for cogent response to any and all risks that might arise to
impact the well-being of the organization for everyday security

“ By consciously and regularly looking for ”˜what else might happen’
scenarios and by choosing a particular course of action, our
decision-making will obviously be based upon more relevant and complete
information, and we significantly decrease the chances of being
blindsided by some unforeseen scenario or potential crises,”  according to the Treasury Board of Canada Secretariat.

After all, in life, it’s usually the one risk that you hadn’t
anticipated or even thought about that usually does ”˜blindside you in
the end’.  The unfortunate souls in the twin towers of Manhattan, NY
are a good example of this.  How many would have thought that two large
jet airliners, heavily laden with fuel, would have been intentionally
crashed into the two 100-plus story towers and obliterate them. 
Certainly not the highly respected (CSO) Chief Security Officer of the
World Trade Center.  I once read an extremely detailed and
informative article, on international risks and disasters in ”˜waiting’
and something such as the H5N1 virus won’t be the disaster that impacts
society because society knows about this disease in advance. Most
experts had dire warnings about what would happen at the stroke of
midnight. All the world’s computers would crash, power would fail, and
bank machines would refuse to dispense money. Most of civilization
knew beforehand about the problem, hand many months to work on these
problems and make plans and at the stroke of midnight all the lights
stayed on, hence no blackouts, no looting, no riots.  ”˜Foreseen is
Forewarned’ and disaster seems able to be diverted on these terms. 
It’s what is not seen that causes major impact once it becomes manifest.

Should a security manager be concerned with international and national
risks?  Pandemics-SARS, H5N1, Terrorism, Earthquakes, Hurricanes,
Topical Storms, Climate Change, Ice Storms, Power Blackouts and
Failures, Wars, Civil Unrest. Need I say anymore?  The potential risks
are legion.  It is only with a sound business continuity plan and a
constant vigil on current, emerging, and potential risks-as well as
organizational response ability-that organizations can protect
themselves, as much as possible, from the effects of disaster.  The
security manager is responsible for ensuring these proactive steps are
taken so that when a security threat manifests the organization can
take pre-meditated, fast and powerful steps to minimize any possible
negative impact to the organization.

Steve W. Ballantyne has a MSc in Security and Risk Management.  He is a
security management consultant with Securaglobe Solutions Inc.  He can
be reached at


Review of Canadian Best Practices in Risk Management (2005)
Treasury Board of Canada.

University of Leicester, Department of Criminology, MSc in Security and Risk   
Management (2006), Module 4: Managing Risk and Security. Leicester, UK.

Print this page


Stories continue below


Leave a Reply

Your email address will not be published. Required fields are marked *