Security is complex and requires organization and agility

Security.  This term has grown in complexity and become almost esoteric in nature.  In human history, security began with walls and castles, then grew to mean gates, guards, and guns.  Today the term encompasses physical security, cyber security, countering insider threats, protecting against active assailants, dealing with domestic violence in the work place, and domestic and international terrorism.

Security also necessitates protecting against threats originating from nation states, non-nation states, organized criminals, gangs, and individuals whose goals are to steal or to cause havoc for multitudinous reasons.  Our digital age has created a whole new set of threats that are nearly unstoppable.

Many organizations continue to fight against the tide of vulnerabilities within their organizations and the threats poised to infiltrate and steal.  Yet why do these organizations continue to fall short?

The goal of every organization should be to protect its crown jewels: personnel, operations, holdings, and data. The answer to how this protection is accomplished lies in effective organization.

I know it works.  I have successfully led organizations in their fight against these varied threats.  The process, however, is not easy.  It takes leadership, foresight, tenacity, and agility.

The first step in organizing is to bring together all stake holders in security efforts.  The CEO, President, COO, Human Resources, General Counsel, Privacy, Civil Liberties, Physical Security, Cyber Security, IT, CIO, CISO, and the like under one organizational roof.  Without cooperation within these various departments, any effort will fall short.  Organizations must create policies and procedures that merge all efforts into one overall department that reports directly to the CEO and Board.

Secondly, stake holders must understand that many details regarding threats come from each internal department.  Many indications and warnings of potential threats are often overlooked because they were not seen by the right group or missed entirely because of organizational and informational gaps.  Quite often organizations can look backwards and see what information was missed that could have prevented a catastrophic event.  Thus stake holders must create the analytical capability to cross all internal stove pipes and to correlate necessary information, thereby finding indications and warnings of potential events.

The third step is to train the C-suite, senior leaders, mid-level managers, and employees about this new department and to let them all become contributors.  This must be led and advocated by the Board, CEO, and all senior leaders.

Lastly, stake holders must create a proven track record of enforcing security policies.  Leaders must enforce violations with penalties at all levels within the organization.  Selective enforcement proves to be problematic.

AR&O can assist your organization in creating successful security programs and teach how to identify and protect the crown jewels.


Leave a Reply