Adequate employee awareness and training are some of the most vital components of risk assessment and planning.
Failing to include employee training in risk planning leaves one of the manager's most valuable resources unused. Employees have the best and most current knowledge of security vulnerabilities. Employees will often accept these vulnerabilities as being someone else's job, or fail to recognize their importance. Making employees aware of the problem, and their individual responsibility, can often disclose security risks that might be otherwise overlooked. In addition, they may be a significant source of intelligence concerning an impending, or ongoing, threat. Good employee awareness and communication are the first steps in designing and implementing a risk reduction program within an organization.
2.) The roles that the government and private-sector play in the protection of private-sector critical infrastructure facilities is usually determined by two factors; budgetary concerns, and expertise. Currently the federal government plays a significant part during the mitigation phase to train and organize security for these concerns. This is appropriate, as it insures that executives and managers have the latest information concerning research and threats that are constantly changing. This also gives the public a reassurance that the security of these high value assets is coordinated on the federal level. While the government brings considerable expertise to the scenario, the private concern is expected to assume the budgetary requirements.
In a free market economy the private corporation is generally responsible for the immediate security of their assets. This includes physical security and access control. However, the protection of some assets that are critical to the economy, or health and safety, is in the interest of all citizens. The nature of the threat may demand a level of security that is not economically practical for a private business. According to Ortmeier (2008), "Industry standards indicate that the protection cost should be less than 2 percent of the value of the asset to be protected" (p.186). When the cost of security becomes excessive, it is not unreasonable to expect the taxpayer to bear a portion of the cost. Examples would be federal marshals on selected airline flights, or securing material that has a high value to a terrorist for use in explosives. The government should also pass and enforce legislation that mandates security and inspection at critical facilities. The programs that the DEA and EPA currently have that require securing, monitoring, and accounting for drugs and toxic chemicals could be expanded to include other assets.
3.) It is a significant challenge to build employee morale and professionalism in a security organization that has historically suffered from low wages and budget constraints. Maslow's need hierarchy continuum indicates that self-actualization is a higher priority to the individual than wages or a promotion. Self-actualization is achieved when "one's desires for personal growth, self-fulfillment, and reaching one's full potential