The answer is to say the least problematic for the majority of business executives, local government officials, school board members, utility administration management, property managers, and others, as inevitably the decision is based on cost versus safety and liability.
A myriad of factors play into the equation that determines an adequate level of protection for the specific entity involved, which may include one or all of the following major headings:
- Basis of Security Understanding & Level of Protection
- Threat Level
- Accepted Security Industry Standards and Practices
- Legal Compliance
- Environment
- Incident History
- Liability
- Type of Facility
- Cost
- Risk Acceptance
- Insurance Requirements
- SVA (Security Vulnerability Assessment) Recommendations
- Other
The list can seem endless, but at the very least, the level of protection for a given entity, regardless of what that entity is, has to be an adequate level that will protect and keep safe the persons and assets from obvious threats as determined by the Threat Level analysis.
Download the full white paper here: What is an adequate level of security?