ASG's Security Solutions Blog

Data Management & Organizational Resilience: An Introduction

  

 Email Article  

Tweet  

  

  

  

An informative blog series & white paper offering from Setracon, Inc.

This is the first article in a series entitled: Data Management and Organizational Resilience. ASG will be offering a series of blogs as well as a whitepaper that aggregates these blogs into one download with the intent to make the case for data management and its correlation to the Organizational Resilience Management function.

The security industry has experienced significant growth in the past ten years.  In our opinion this growth can be attributed to several factors including global instability, significant advances in information technology, and the efforts of professional organizations such as ASIS International, The Security Executive Council, the Security Industry Association and numerous others to create standards, guidelines, and best practices in the larger domain of the Security Industry.

The introduction of standards which address best practices for Chief Security Officers (CSO) and Organizational Resilience Management (ORM) have provided a capstone to our industry and provide us solid processes allowing practitioners to make the business case for the security function and identifying and treating enterprise risk.

One of the critical elements of making the business case and achieving organizational resilience is the ability to capture and collate information.  The old adage of “You cannot manage what you cannot measure” holds true here.

We need information to establish a baseline for measurement and planning.  Additionally, later on, we need information so we can measure our findings against that baseline.

As we advance our knowledge into the realm of Organizational Resilience Management (ORM), you quickly come to the conclusion that in order to implement and measure a successful ORM program you need information.  Quality information is what enables good decision making.  Many enterprises have the information but it is largely unusable. In many cases it is in bits and pieces, in disparate reports, evaluations, and assessments.

Even the U.S. Department of Homeland Security (DHS) is struggling with this issue.  In 2001 DHS mandated risk, threat, and vulnerability assessments were to be conducted on all water utilities that served a population over 150,000.  The methodology which was chosen for this was Risk Assessment Methodologies for Water Utilities which is the product of Sandia National Laboratories. Since 2001, engineering firms, private enterprise, federal government, and many not for profit organizations have been creating and marketing their own risk assessment tools each creating different information and a different repository.

In addition, we have added eighteen additional sectors which required baseline and annual or bi-annual assessments based on criticality.  Now DHS has thousands of assessments all using different methodologies. Making sense out of the data is difficult. In other words the data has been collected but, in its current formats, is unusable for any kind of decision making, trend analysis or other analytical function.

These same issues are also impacting the private sector, especially large enterprise organizations whose operations are influenced by numerous interdependencies and global issues.

The need for comprehensive, detailed, catalogued, and prioritized information is a necessity if Organizational Resilience Management and the Chief Security Officer functions are going to be successful.

This series of articles and correlating white paper will attempt to detail these processes and present, for consideration, a collaborative tool using Microsoft SharePoint and, with appropriate consoles, provide leaders and decision makers with immediate, factual, and comprehensive data which can be used by the CSO  and other members of the “C” Suite to achieve enterprise resiliency.

The next blog in this series will provide more background information as well as help to establish a business case for organizational resilience.  We look forward to learning your thoughts on this issue and encourage you to download the white paper as well as leave your comments frequently as we continue this series on Data Management and Organizational Resilience.