<strong>Journal</strong> <strong>of</strong> <strong>Physical</strong> <strong>Security</strong> 4(2), 35‐47 (2010)paralysis or stagnation (failure to confront serious problems or make necessarychanges), confirmation bias or motivated reasoning (unduly dismissing ideas,arguments, evidence, or data that might call into question our current viewpoints, stronghopes, or past decisions).<strong>Security</strong> Paradigm 32 (<strong>Security</strong> Culture & Climate)Old Paradigm:• <strong>The</strong> importance <strong>of</strong> having a healthy <strong>Security</strong> Culture is given lip service, but theconcept is ill-defined and under-analyzed.New Paradigm:• <strong>Security</strong> Culture & Climate and their effects on security effectiveness are carefullyconsidered, thoroughly analyzed, and fully appreciated.<strong>Security</strong> Paradigm 33 (<strong>Security</strong> Standards)Old Paradigm:• <strong>Security</strong> Standards <strong>of</strong>ten institutionalize misleading terminology and sloppy practice.• <strong>The</strong>y tend not to be researched based, and frequently over simplify complex issues,and discourage careful, critical, and creative thinking about security issues.• <strong>Security</strong> Standards are <strong>of</strong>ten manufacturer-dominated and used as weapons toexclude competitors and discourage alternate approaches (rather than encouragingcompatibility and mutual cooperation).• <strong>The</strong> “certifications” that get institutionalized are <strong>of</strong>ten meaningless.• <strong>The</strong> standards can make security products and practices worse, and can be verydifficult to modify or improve once in place.• <strong>The</strong> claimed consensus is <strong>of</strong>ten illusionary.New Paradigm:• <strong>Security</strong> Standards avoid the problems <strong>of</strong> inflexibility, one-size-fits-all thinking, oversimplification, and domination by special interests.• <strong>Security</strong> efficacy, product quality, careful thinking, understanding, compatibility, andmutual cooperation are all enhanced by the <strong>Security</strong> Standard, not degraded.• Sound terminology and best practices are encouraged.Note: In my view, the recently instituted ISO Standard 17712 for mechanical seals(http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=41017) is a good, bad example <strong>of</strong> a severely flawed security standard that may even bedangerous.46
<strong>Journal</strong> <strong>of</strong> <strong>Physical</strong> <strong>Security</strong> 4(2), 35‐47 (2010)<strong>Security</strong> Paradigm 34 (Control)Old Paradigm:• Control is <strong>Security</strong>.New Paradigm:• Control should not get confused with <strong>Security</strong>, and should be avoided to the extentpractical.• Privacy rights and civil liberties must be protected in any security program.• We don’t win against terrorists by becoming like them, or violating our fundamentalprinciples and values.47
- Page 2 and 3:
Table of ContentsJournal of Physica
- Page 4 and 5:
The Journal of Physical Security 4(
- Page 6 and 7: The Journal of Physical Security 4(
- Page 8 and 9: The Journal of Physical Security 4(
- Page 10 and 11: The Journal of Physical Security 4(
- Page 12 and 13: Journal of Physical Security 4(2),
- Page 14 and 15: Journal of Physical Security 4(2),
- Page 16 and 17: Journal of Physical Security 4(2),
- Page 18 and 19: Journal of Physical Security 4(2),
- Page 20 and 21: Journal of Physical Security 4(2),
- Page 22 and 23: Journal of Physical Security 4(2),
- Page 24 and 25: Journal of Physical Security 4(2),
- Page 26 and 27: Journal of Physical Security 4(2),
- Page 28 and 29: Journal of Physical Security 4(2),
- Page 30 and 31: Journal of Physical Security 4(2),
- Page 33 and 34: Journal of Physical Security 4(2),
- Page 35 and 36: Journal of Physical Security 4(2),
- Page 37 and 38: Journal of Physical Security 4(2),
- Page 39 and 40: Journal of Physical Security 4(2),
- Page 41 and 42: Journal of Physical Security 4(2),
- Page 43 and 44: Journal of Physical Security 4(2),
- Page 45 and 46: Journal of Physical Security 4(2),
- Page 47 and 48: Journal of Physical Security 4(2),
- Page 49 and 50: Journal of Physical Security 4(2),
- Page 51 and 52: Journal of Physical Security 4(2),
- Page 53 and 54: Journal of Physical Security 4(2),
- Page 55: Journal of Physical Security 4(2),