North American Security Deployment Strategies
By John Harlow
Welcome to a part of the Great Conversation focused on deploying security at a local, regional, and national level. My name is John Harlow. I will be facilitating the conversation. Over the past 10 years, I have had many conversations with Security Managers, Directors, and Senior Executive Officers as they have strategized, designed, and deployed their national rollout strategies. My goal for the Great Conversation will be to share with you the best practices from the front lines that comes as a result of the good, the bad and the ugly experiences we have all shared.
I would like to propose an initial security architecture in the form of a series of questions that I believe will stimulate some lively discussion. The key categories are:
Organization (Business) Baseline: We have found that the security teams that can answer the following questions are better able to design and deploy the programs they need to achieve strategic value within their organizations.
1. Given the mission of the organization, translated into a yearly strategic business plan with clear key performance objectives, what is security's role?
2. Should Security do a periodic, independent, objective executive assessment to understand how the Executive Management Team would:
a. define security
b. articulate its value to the company
c. articulate its value to the functional role of each key executive
Security Department Baseline: Creating performance goals without a baseline is a fundamental disconnect that can create an innacurate idea of success or failure within an organization. The following questions can be used to establish metrics that are meaningful to the security department and the organization.
3. Does security have a baseline of performance at a people, process, and tools (technology) level?
a. For instance, people have defined roles within a process using tools to gather, react, analyze, and manage to information within the context of key performance indicator (KPI) goals.
Security Architecture: Once the baselines are understood, strategies can put in place. An architecture is the manifestation of how the pieces should be constructed and why.
4. What is the overarching architecture that all future acquisitions will be measured against?
5. What are the benchmarking strategies for ‘proofing' the technology that will be acquired?
Security Standards that influence Security Outcomes: Industry best practices should align with corporate standards. Security should vet their partners (manufacturers, integrators, etc) as knowledgeable participants and stewards within this process.
6. What standards are in place to ensure uniformity, cost containment, sustainability, and performance across the organization including:
a. Security Design Standards
b. Security Deployment Standards
c. Security Performance Standards
d. People, Process and Tools
This type of general architecture is currently being used by many organizations both large and small, national and international in order to guide their security deployment and management. What about your organization? Have you asked yourself these questions? Do you know the answers? Leave your comments below.