NickD wrote:What if a company wanted to spend bad money on this?
EEMmm... Depends what you mean by bad money!
If you mean spending money on security, acquired by dishonest or unethical means, then I guess that happens a lot.... for example - metal theft has been a major issue of late - largely due to the Scrap Metal Dealers (SMD's) not really being bothered about where the metal comes from,but SMD's spend a lot of money on security because the Dealers Yard is one of the best places to nick scrap metal. People who acquire money and goods dishonestly are also far less likely to involve the Police and report their losses, so they can be targeted and can spend loads of money on loss prevention (most often physical security measures).
If you mean inappropriate or disproportionate spending on security then this also happens a lot - a lot of Security Companies sell a "one size fits all" security solution but the security spend should be proportionate to the risk and successfully mitigate the security risks that could have a significant impact on the particular business type. To get that right you have to understand what the risks are that will have significant impact. for example - an obvious starting point is understanding is it vehicles or intrusion by people - or is it employee behaviours (making your vetting procedures a priority) etc. etc.
Getting Site security right requires some expertise - Site security should act as an appropriate Deterrent (e.g. intruder thinks I'm not going in there because if I do I will get caught) - If intruders are not deterred
the determined intruder should be detected as soon they enter the site... Then the physical security measures on the site should create a sufficient delay to allow for an effective response (usually by the Police). You can use "Rated" equipment to give "known" delay periods e.g. CSE (Base, Enhanced or High) rated equipment or LPS (1 to 5) ratings (the red book) for intrusion and PBAS for attack standards etc. Another example is CCTV - Most Security Companies install CCTV as a deterrent, with no consideration for the image quality you actually might need for evidential purposes e.g. 150 to 180 Pixels Per Meter to read a Reg and 300PPM to recognise a face. you also need to match frame rate to target speed - so gate cameras should record at a minimum rate of 12 FPS (25FPS is pretty much real time) and use a Lens that gives >150ppm.
People can sometimes spend lots of money on Physical and Technical Security at their sites, when the greatest risks to the business are from the impacts of the loss of a Companies ability to deliver their Products and Services (e.g. time critical businesses - or where tied in to strict contractual commitments with penalties). This could result from the denial of access to a site or from the failure of a major supplier business. Remote (or off site) incidents such as a chemical spillage, or a loss of Utility Services can cause this type of loss and no amount of on-site security can prevent this. Since the introduction of the Civil Contingencies Act in 2004 there is an expectation that a "Responsible" businesses can manage these risks and will have recovery arrangements and plans in place. Under these circumstances, the Site Security spend without understanding the business risks might be considered "bad money"
Or are you asking if I would be bothered where the money came from.. ?
You can probably tell from this lengthy response that I sometimes get bored at the weekends
which is one of the reasons I thought about freelancing