Protective Intelligence Terminology Glossary

How would you define "insider threat"? What exactly is the difference between Executive Protection and Close Protection? Getting started in protective intelligence can be overwhelming, especially when you consider the myriad of intelligence terms, concepts and techniques that security professionals and decision makers must become proficient in to excel in their role.

To assist those digging into the complex world of physical and cyber security, we've compiled a list of common terms in this protective intelligence terminology glossary, sorted from A to Z.

Asset: Anything within an environment that should be protected, including anything used in a business process or task. It can be a computer file, network, product, device, intellectual property, reputation, etc.

Asset Management: In terms of security, this generally refers to protection of company assets like goods, facilities, brand reputation, etc.

Be on the Lookout (BOLO) Report: Refers to a type of report alerting protectors to a potential threat they should be aware of. The report includes the most pertinent information used to identify the person. The term “BOLO” can also be used more casually to refer to a person who security personnel are actively trying to identify.

Case Management: Processes and tools that assist security practitioners in investigating incidents by collecting and databasing all relevant information in a single location.

Corporate Security: Programs, policies, and processes designed and implemented to protect the personnel, assets and intellectual property of an organization. Corporate security programs typically are created to mitigate risks and ensure the continuity of operations.

Cybersecurity: The art of protecting networks, devices, and data from unauthorized access; the practice of ensuring the confidentiality, integrity and availability of information.

Dark Web: A subset of the deep web, with two general characteristics: one, the sites are not indexed by the major search engines; and two, they must be accessed by using special software, methodologies, and related permission layers. The Dark Web is often used by social deviants, criminals, hackers, and other outliers.

Deep Web: The remainder of the internet that has not been indexed by search engines. Generally, it is accepted that about 95% of the internet is the deep web, while about 5% of the internet is the surface web.

Due Care: Also referred to as ordinary care or reasonable care. A legal concept used as a test of liability for negligence. The degree of care that an ordinary and reasonable person or company would normally exercise over his or her own property or under circumstances like those at issue.

Due Diligence: The process of acquiring objective and reliable intelligence, generally on a person or activity within a company or corporation, prior to a specific event or decision. It is usually a systematic research effort used to gather critical facts and descriptive information about the subject that are most relevant to making an informed decision on a matter of importance.

Duty of Care: The requirement that a person or company act toward others and the public with the watchfulness, attention, caution and prudence that a reasonable person in the circumstances would use. If a person's actions do not meet this standard of care, the acts are considered negligent, and any damages resulting may be claimed in a lawsuit for negligence.

Executive Protection: Also called Close Protection (CP) or executive personal protection. Private risk mitigation programs and security measures designed to ensure the safety of individuals (principals) and their family members.
Learn more about Executive Protection

Field Observations: Information obtained by field operatives, either through direct observation of specific behaviors or areas of interest, or via interaction with a subject.

Global Security Operations Center (GSOC): Also known as a “fusion center”. A central office typically operated 24/7 where all physical security information is collected, filtered, analyzed, and disseminated to appropriate stakeholders.

Insider Threat: Threats posed by individuals who have insider information about or access to an organization’s physical or cyber assets that could cause harm to the organization, either intentionally or accidentally. An insider threat could be an employee, contractor, former employee or other knowledgeable individual with an understanding of internal assets or controls. Learn more about Insider Threat

Intelligence: The product resulting from the collection, processing, integration, analysis, evaluation and interpretation of available information.

Investigative Research: Techniques used to collect information from different sources to uncover additional details used to further an investigation.

License Plate Reader (LPR): Also referred to as License Plate Recognition. The ability of a program to identify and catalog license plates in a database. Requires hardware and software components to function. Useful when tracking BOLOs near assets.

Open Source Intelligence (OSINT): Open-Source Intelligence is publicly available information appearing in print or electronic form including radio, television, newspapers, journals, the Internet, commercial databases, and videos, graphics, and drawings.

Personally Identifiable Information (PII): Information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context.

Physical Security: The protection of people, property, and physical assets from actions and events that could cause damage or loss.

Protective Intelligence: an investigative an d analytical process used by protectors to proactively identify, investigate, assess, and mitigate threats to protectees.
Learn more about Protective Intelligence

Real-Time Threat Detection: Processes and tools that provide monitoring and alerts detailing threats to an organization, most often focused on identifying and detecting emerging threats to an organization’s security and business continuity as they occur.
Learn more about Real-Time Threat Detection

Risk: Potential for an unwanted outcome resulting from an incident, event, or occurrence, as determined by its likelihood and the associated consequences. (According to the Department of Homeland Security)

Risk Landscape: The collective understanding of risk exposure based on and amalgamation of the threat environment.

Risk Management: The process of identifying and analyzing potential risks to an organization and creating and administering effective strategies to mitigate, avoid, transfer, or accept each risk.

Risk Mitigation: The preparation to weigh the impact of potential events or incidents and plans to lessen the impact when they occur.

Risk Tolerance: The degree of risk that an organization is willing to accept for identified risks.

Safeguard: A security control or countermeasure taken to remove or reduce a vulnerability or protect against one or more specific threats. Safeguards are the means by which risk is mitigated or removed. Example: installing a software patch, using protective intelligence measures, hiring security personnel, using access control, performing risk assessments, etc.

Safety: The conditions of being safe from causing or experiencing hurt, injury, or loss.

Safety Risk Management: Programs and processes designed to identify hazards that could cause a safety risk and implement effective countermeasures to mitigate those risks.

Security: The activities, personnel and tools involved in protecting a person, organization, facility or asset from harm or damage. (inclusive of the 3 Gs, cyber)

Security Intelligence: Information collected and analyzed to protect an organization against internal and external threats.

Surface Web: Parts of the internet that have been indexed/crawled by search engines such as Google, and are thus searchable via various search engines.

Threat: Natural or man-made occurrence, individual, entity, or action that has or indicates the potential to harm life, information, operations, the environment and/or property. (According to the Department of Homeland Security)

Threat Assessment: An objective, fact-finding process that is used to determine if a person, group, or situation poses a risk of violence to an identified or identifiable target (e.g., employee, facility, or event) - and if so, to develop and implement plans to reduce the threat and/or protect the target. The entire process is also known as “behavioral threat assessment and management” or “BTAM.” Efforts to implement plans to reduce the threat and/or protect a target - regardless of whether a threat assessment was conducted - may be referred to simply as “threat management.”
Learn more about Threat Assessment

Threat Landscape: The collective picture of internal and external threats (all-hazards) to an organization, its people and assets.

Threat Management: The process for identifying and managing a threat through its life cycle to assess potential risk and prepare a response.

Threat Mitigation: The process of identifying and acting on threats to prevent or lessen the impact of a possible incident or event.

Threat Protection: A set of policies and tools used to block threats.

Vulnerability: A flaw or weakness that could be exploited, exposing the organization to threats. The absence or weakness of a safeguard or countermeasure is a vulnerability. Vulnerabilities can be exploited by threat actors to cause harm to assets.

Workplace Violence: An act or threat of physical violence, harassment, intimidation, or other threatening and disruptive behaviors that occurs in the workplace.