By ASG's Professional Services Group
Over the past 10 years, The Security Executive Council has been tracking changes in and around the security industry. The intelligence they have collected about the security organization: their people, processes and procedures, provide valuable insights into the entire ecosystem. When security executives gain access to this information, they can leverage it in their organizations.
For example: one of these tools takes a closer look at the importance of focusing on the critical tasks important to an organization’s security. While each organization will differ, the Security Barometer provides direction in identifying the top 5 risks to an organization’s security.
I was asked to take a look at this ‘Barometer’ and provide my perspective on how this might be used within the security organizations that our Professional Services Group have touched.
First, I find it interesting that that internal influences rank so high. This means that your organization isn’t unique. There is a culture inside your organization. There are influences inside the culture. This culture and its influences are often termed ‘political’. If you are not aware of the politics, find them. If you know where they exist, seek to understand and then create guiding coalitions that can identify needs and direct the proper communication around change. By this simple step, you will begin to break down walls through leadership and communication. This will help counter the ‘stories’ that create the myths that impede progress.
Second, regulations are becoming a critical area of interest and will continue to do so as the Federal Government attempts to keep our data safe. A good advisor will not only tell you what the critical components are for your organization now, but how regulations will change and what your landscape will need to look like in the future. That is, they will define the baseline as well as a roadmap for the future.
Third, Risk and Business Continuity go hand and hand. We may initially feel like senior managers and leaders do not care about security. That may be true to some degree. But, I guarantee that they understand risk and the continuity of the business. As senior leaders inside the organization, we need to articulate both of these factors to them clearly and explain how security fits into the picture. This will help elevate security’s role in the organization from simply guards and gates to a leveraged leadership and knowledge position focused on the key business drivers during times of crisis. This could come in the form of infrastructure such as creating an operations center to provide real time communications and risk intelligence or providing an information portal that would provide secure documentation through an authoring, release and publication workflow, and a communication vehicle for critical information to executives and employees explaining the risks and preparing them to mitigate risks when and if they appear. Sometimes all it takes is talking about and documenting the risk to enable a company to overcome them.
Finally, the evolution of physical security’s technical architecture and infrastructure demands a new and highly leveraged relationship with Information Technology (IT). If you are avoiding confronting this challenge and opportunity then you are costing your company money, time and resources.
The answers that each of us need exist. Our first mission is to see, objectively, how our people perform in a process using tools (technology) to accomplish the goals of the security organization. The second mission is to understand what expertise is needed to provide that objectivity internally and externally. Resources like the Security Executive Council and organizations, like ASG, that have invested in understanding how technology can support or improve the core processes and people in the fulfillment of their mission are examples of external resources. Bringing these together within a team context is critical.
I would appreciate hearing from each of you after you have checked your Security Barometer. What are the top five security risks to your organization and what processes and tools are you using to address them?