Does anyone have seasoned and sound advice on running a civilian security operations command center (Policies & SOP's)?

2018-03-02T14:47:14-05:00

Response by PO1 William "Chip" Nagel made Mar 2 at 2018 2:56 PM

2018-03-02T14:56:25-05:00

SPC Andrew Griffin Lots of Support for Your Dispatch Officers. Very Stressful Job. I did it for 7 Months for the Oldest Outdoor Shopping Mall in the Country. 18 Buildings 804,000 Square Feet. 55 Acres. Ensure Extra Staffing on Weekends when it is Insane.

Response by PO1 Private RallyPoint Member made Mar 2 at 2018 2:59 PM

2018-03-02T14:59:58-05:00

RUN! Just kidding, but in all seriousness when working at the Naval War College I found the following helped. Always be professional when addressing civilian counterparts because they may be a retired Admiral or Major (I’m from the south and in these moments I revert to my upbringing by responding with “Sir or Ma’am”). Know your stuff. I’m not expected to quote exact paragraphs out of policies or directives but know where to find them and keep a personal FAQs document that you routinely run into. Other than that, it really isn’t much different then running a normal department full of military members.

Edit: I may have misread the question. This advice is for military members running a civilian department.

Response by MSgt Neil Greenfield made Mar 2 at 2018 3:45 PM

2018-03-02T15:45:32-05:00

Well, it sort of depends. Are you speaking for physical security or cyber/information security? Or maybe for cyber-physical security?

Response by SSG Trevor S. made Mar 2 at 2018 5:15 PM

2018-03-02T17:15:24-05:00

Hire Veterans

Response by LTC Private RallyPoint Member made Mar 2 at 2018 8:23 PM

2018-03-02T20:23:28-05:00

I don't think there is a difference between a military or civilian Operations Center. The doctrine remains the same. There are 6 main functions of an Operations Center. I bet you could get military products, staff battle drills, knowledge mgmt_file naming systems, SOP per desk position, daily and weekly battle rhythm, how to conduct Update Briefs, Crisis Mgmt Operations, CCIR development, etc and edit them for your specific applications.

Response by LT Brad McInnis made Mar 3 at 2018 9:50 AM

2018-03-03T09:50:02-05:00

I was a CENTCOM Joint OPS Center XO back in the day (best job I ever had)..... Best advice is don't re-invent the wheel. There are other OP CENTERS. Look at how they are set up, and tailor it to your needs. You can spend a lot of wasted energy building something that might work, instead of massaging something that is already proven to work. Also, and this sucks, but get rid of people quickly that aren't following procedures or do not work well with others. They will cause too much strife in the long run. Move them out of the OPCENTER and into a support role. Lastly, get the battle rhythm right with regards to what watch rotations are, when reports are due, etc.

Response by SSgt GG-15 RET Jim Lint made Mar 3 at 2018 11:12 AM

2018-03-03T11:12:42-05:00

Join ASIS. They have been setting standards for 40+ years?

Response by Lt Col Jim Coe made Mar 3 at 2018 11:45 AM

2018-03-03T11:45:55-05:00

If you're setting up the security ops center from scratch, you're off to a good start asking for advice, other organization's SOPs, etc. From a process improvement guy's point of view, here some things you should consider:
-Know you customer (possibly the CEO, CFO, CIO, owner, and/or board of directors) and understand their quality requirements
-Map out processes first, then write SOPs including standards. Use the SOPs for training and the standards for evaluation of both the process and the people.
-Exploit automation: within your budget, use as many automation tools as you can to reduce labor and increase accuracy. Anything and any one can be spoofed, but top quality IT tools are probably harder to fool than people.
-Continuously test your processes and revise as needed to ensure quality standards are met
-Humans are the weakest point in your security apparatus. "Human engineering" can be used to breach your security. It's amazing how many secretaries or executives will give up their user ID and password to a well scripted and smooth tonged hacker.
-ID cards and passes will be hacked, counterfeited, and stolen. Have a way to verify IDs that looks for these problems.

Response by LCpl Donald Faucett made Mar 3 at 2018 6:06 PM

2018-03-03T18:06:18-05:00

Workers are more efficient standing up.

Response by PFC Paul Preuss made Mar 6 at 2018 2:49 PM

2018-03-06T14:49:17-05:00

what are you looking to find out? I have been running security programs for over 30 years, everything is done based upon the specific project, then designed from the ground up to include SOP's, active shooter responses, post orders, etc.