The authors commend the branch manager for his "expect the unexpected" attitude and ability to facilitate a safe and efficient robbery. Everyone lives. However, I found myself confused. Why would a branch bank manager NOT expect an armed robbery? The classic John Dillinger quote comes to mind: "I rob banks because that's where the money is." As far as I'm concerned, any branch bank manager who has not prepared himself and his staff for an armed robbery should be fired for dereliction of duty - unexpected, indeed.
If you are a security practitioner, you should never be blindsided by the unexpected, simply because you must expect and prepare for bad things to happen. Every security practitioner should have a plan. Unless you're a Congressman like me. Hey, lady, I said stop hitting me. Ouch!
John McCumber is a security and risk professional, and is the author of "Assessing and Managing Security Risk in IT Systems: A Structured Methodology," from Auerbach Publications. If you have a comment or question for him, please e-mail John at: Cool_as_McCumber@cygnusb2b.com.