The following article was published in its entirety by Security Magazine as a regular column entitled 'The Corner Office'. You can read the full article at http://www.securitymagazine.com/articles/87835-how-do-you-measure-success
By Phil Aronson
There are critical questions that the enterprise security executive team should be asked before preparing to purchase any physical security solution. I have prepared a few for our conversation today:
1. Is your security program mission critical to the success of the organization?
This is one of the most important questions that must be faced, because it will determine where and how to construct or support the value proposition to the board and the corporate executive team. If it is not strategic, then the purchase has no guiding performance measurement that is aligned with the organization.
2. Have you done a risk assessment?
This is a bit tricky. There are standards for conducting a risk, threat and vulnerability assessment, but we believe it is time to expand the focus to the following:
- Evaluation of the executive owners of risk. This is the key to a persistent advisory resulting in becoming a trusted consultant to the organization. As well, it guides the urgency and scope of work to follow.
- Evaluation of the culture of the organization. According to Peter Drucker, the father of management theory, culture can dramatically impact the performance of the organization. Providing an assessment of the executive messaging and conduct, and the culture’s response, will influence how you proceed.
- Evaluation of the IT Technology standards of the organization. Physical Security must be aligned with the long-term direction of this architecture. Our devices and software must eventually be interoperable with the critical applications that IT provisions.
- Evaluation of the current security technology architecture. Has the IT department evaluated the security technology for the ‘‘-ilities:’’ availability, reliability, scalability, maintainability, and defensibility? Has security done a user performance analysis that would include how the employees use the technology within a process?