ASG's Security Solutions Blog

Great Conversation Button

Connect with ASG

Don't miss a conversation! Continue the Conversation by email.

Your email:

Current Articles | RSS Feed RSS Feed

A Business Case for Organizational Resilience


This is the second article in a series entitled: Data Management and Organizational Resilience. ASG is offering a series of blogs as well as a white paper that aggregates these blogs into one download, with the intent to make the case for data management and its correlation to the Organizational Resilience Management function.

Back in the 1950’s W. Edwards Deming provided us a number of principles of management which hold true today.  These principles are at the core of Organizational Resilience Management and serve as the foundation for the Chief Security Officer function:

How to Approach Implementation


By Robert Birley, Director of Engineering for ASG

When asked how he would tackle the implementation problem, Robert Birley, the Director of Engineering for ASG gave his insight and expertise into how to manage expectations, create a clear project, program and process to ultimately implement the plan!

What is the first thing you do when approaching a project?  Begin by reviewing what you created to get the project approved.  What factors were you trying to resolve?  Did you hit each of them during implementation?  Be sure to list out the risks that will be resolved and identify any business risks while the project is underway.  Finally, determine timelines and work on internal customer communications so that your staff knows who, what, where, why, and when.

The Tool Problem Has an Answer

Keyboard Solution

By Scott Schmidt, VP of Engineering & Professional Services

I took the challenge from our Professional Services Group to answer the probing questions around an approach that might help security professionals choose the right solution, or, a set of tools used for a measurable process by people with definitive roles and responsibilities.

The following are the questions and my answers:

Process and the Security Organization


We had Ron Worman from The Sage Group interview the Global Security Manager of Mentor Graphics, Robert Klohr, to understand his perspective on ‘The Process Problem’

An Interview with Robert Klohr, Global Security Manager of Mentor Graphics.

Mentor Graphics® is a leader in electronic design automation. They enable companies to develop better electronic products faster and more cost-effectively. Their innovative products and solutions help engineers conquer design challenges in the increasingly complex worlds of board and chip design.

As a result, since 1981, Mentor has built a billion dollar company, with over 70 offices worldwide.

Within Mentor is a security organization that has been transforming itself over the last 10 years. Robert Klohr is a key leader in this organization providing a critical role in the security ecosystem both inside Mentor Graphics and within the security industry. Mentor encourages him to work with his service and technology partners to provide them insights into the unique needs of a security organization. By taking the time to do this with partners who want to listen, he has helped improve their responsiveness and their value to Mentor.

The Process Problem

Process Chart

By ASG's Professional Services Group, ASG

Your organization runs by the processes that are developed by security executives/managers like you. Some of them are cultural (this is the way we always do things) and some of them may be documented in writing and stored. Hopefully they are stored somewhere easily accessible by the people who are involved with those processes such as a SharePoint site or a pre-defined location in your corporate database.

Your standard operating procedures (SOP) are dictated by these processes. Without SOP guidelines anchored by core processes and metrics, you are hoping for results, not proactively managing to them. 

Defining an Organization’s Problems: A Series to Help Solve Them


By ASG's Professional Services Group

Your organization is changing quickly. You have problems. Some of them seem small, while some of them seem quite large. Politics, budget, management, wrong people, technology, processes, metrics and ROI questions are crouching at your door. You have a choice as a manager: ‘Do I engage in these issues and, while painful, attempt to fix them, or do I simply turn my head and pretend they don’t exist?’

The next seven weeks are all about the problems you are facing and how you can overcome these problems with a little bit of wisdom, some collaboration and some of the best subject matter experts (SMEs) the industry has to offer. They have seen the problems and they have dealt with the organizational issues that are picking your group apart. And, surprisingly, they don’t have all the answers either. What they do have is situational awareness and experience of working through a process to get to the answers. As well, they have the stories to back them up. Stick with us as we interview these professionals, seek their counsel, and provide you some ideas that may impact change within your own organization.

A New Script for Jack Bauer's "24" - the Virtual SOC


By ASG's Professional Services Group

Fade in:  Unknown location

Jack Bauer quickly runs down a hallway chasing someone in a dark blue suit, gun in hand.  

Jack:  CTU, this is Bauer, where is this guy headed?

CTU Analyst:  Bauer, this is CTU, suspect moving towards the ammunition dump. 

Zoom in: CTU Analyst’s fingers on the keyboard

Span up: to view the blip on the screen moving through a building.

Span out: to full room to show the large back lit screen on the wall ahead where everyone else in the room can see the situation as it transpires. Typing feverishly, she provides Jack with more information about the missing warhead from a screen on her desktop that can access procedures, radiation detectors and a myriad of other applications all at once.
-End Scene

Security Process Optimization: Do You Qualify?


ASG defines Security Process Optimization as a way to manage the roles, relationships, processes and systems that are unique to directing and controlling outcomes within security in order to achieve the organization’s goals, cut costs, drive performance and increase the organization’s value.  

ASG follows three important steps when conducting SPO:

Security Systems and Process Assessment
•    Technology Assessment to identify the current technology and system architecture
•    Process Assessment to identify security’s core processes and the people who manage, support and benefit from it
•    Executive Assessment to define the strategic importance of security to the organization through its risk and opportunity assessment

Process Improvement
•    Once ASG knows what your current situation looks like the next phase is to determine and measure immediate performance improvements as well as improve security’s value over time

Security Planning
•    Create an architecture to guide the design, acquisition and deployment of technology
•    Identify the processes, roles and tools needed for continuous improvement
•    Determine the key performance metrics that will guide the budget, resources and technology
•    Plan the roadmap for the future to provide optimum performance

5 Tips to Creating a Successful Emergency Communication Plan


In light of some very tragic events in the last few years including school and hospital shootings, the topic of emergency communication or mass notification has been a hot button for most security directors and leaders. Many seem to believe that the silver-bullet to minimizing the impact of an emergency situation is technology. While technology is a key element, it’s not the only one. If you truly want to ensure the safety and security of your employees, clients, students and visitors in the event of a shooter scenario, natural disaster or other emergency, even the most advanced technology is no substitute for a well planed, well executed response. So here are 5 tips to help you create your own emergency communication plan.

Are You Applying Newton's Three Laws of Physical Security?

sir isaac newton

Okay, Sir Isaac Newton didn’t actually have anything to do with physical security, but if you examine the principles behind his laws of motion, you can gain some very good insight into how security works in any organization. So if Newton happened to work in security today, here are the Three Laws of Physical Security he might have come up with:

All Posts