AWARENESS

Awareness is the human vigilance that should accompany all security measures. You may be used to hearing about awareness in relation to IT security, but awareness applies not just to information technology protection but to all protective measures. When you want to protect your organisation from unwanted incidents, it is always important to consider and include them in the planning.

In the context of terrorism, this means that people in an open area, such as public spaces or the reception area of a large workplace, are alert and react if something happens that deviates from normality. Examples include vans parked in a conspicuous place or people who appear to be strangers to the location but do not approach staff for help.

Society's defences against modern terror have forced terrorists to be innovative and exploit gaps in systems. Therefore it is difficult to predict what the next attack will be. Thus, it is imperative to include awareness in prevention work for scenarios we do not know about, as these can only be anticipated (but not prevented) through human attention to deviations from normality. 

Technological developments have enabled us to react early, as systems can detect specific impulses that may be signs of a potential incident. Technological solutions are a great help to security professionals. Still, we must be aware that systems cannot detect everything and that the introduction of good electronic systems requires an increased focus on the ability of employees to react to deviations from normality. 

There are many ways to implement awareness among employees in an organisation. Awareness is part of a sound security culture, and therefore, education and training of employees should be included as a regular part of security work. It may be difficult for some to see terrorist attacks as a real threat; thus, consideration needs to be given to how the need for awareness is framed in this context. Here, it can be beneficial to include it as a natural part of the information security training of employees, as awareness is a central part of information security.