Tactical security controls for unpredictable events: Aligning security tactics with business continuity for resilience in the face of the unknown

Rachelle Loyear and Mg William J. Walker
Additional contact information
Rachelle Loyear: Vice President of Integrated Security Solutions, Allied Universal, USA
Mg William J. Walker: Chief Security Officer, Allied Universal, USA

Journal of Business Continuity & Emergency Planning, 2025, vol. 19, issue 2, 102-118

Abstract: Unpredictable threats, ranging from civil unrest and cyber-physical disruptions to infrastructure failures, continue to challenge security and business continuity professionals. Traditional risk management approaches often fail in these fast-evolving scenarios, necessitating a shift toward tactical security controls that are adaptable, scalable and integrated within business continuity frameworks. This paper explores the security effects model, a strategic approach that categorises security controls based on the outcomes they achieve rather than the specific threats they address. By leveraging seven key security effects — deterrence, access control, detection, assessment, delay, response, and recording and communication — organisations can design security postures that remain effective even in highly dynamic environments. Among the abovementioned seven, the paper identifies four mission-critical security effects for unpredictable threats: detection, assessment, delay and response. By aligning security controls with these mission-critical effects, organisations can enhance early warning capabilities, streamline crisis assessment, buy critical response time and ensure cohesive multiteam coordination. Using a structured ‘what if?’ methodology, the paper demonstrates how organisations can proactively identify vulnerabilities and prepare security measures that are functional across multiple threat vectors. A case example using the Francis Scott Key Bridge collapse illustrates how applying this approach can improve security resilience against both accidental and intentional disruptions. The paper provides practical, actionable guidance for security and business continuity professionals, emphasising the need for an integrated security-continuity framework that aligns with industry best practices, including ISO 22301 and American Society for Industrial Security (ASIS) enterprise security risk management (ESRM). By shifting away from reactive security models to proactive, effects-based tactical controls, organisations can build resilience against the unknown while ensuring operational continuity in the face of emerging threats. This article is also included in The Business & Management Collection which can be accessed at https://hstalks.com/business/.

Keywords: security resilience; business continuity planning; BCP; unpredictable threats; risk mitigation strategies; what if? scenario planning; crisis response and preparedness (search for similar items in EconPapers)
JEL-codes: M1 M10 M12 (search for similar items in EconPapers)
Date: 2025
References: Add references at CitEc
Citations:

Downloads: (external link)
https://hstalks.com/article/10302/download/ (application/pdf)
https://hstalks.com/article/10302/ (text/html)
Requires a paid subscription for full access.

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:aza:jbcep0:y:2025:v:19:i:2:p:102-118

Access Statistics for this article

More articles in Journal of Business Continuity & Emergency Planning from Henry Stewart Publications
Bibliographic data for series maintained by Henry Stewart Talks ().