Corporate Security

The Corporate Security and Risk Management Functions

To be of optimal value in today's corporate environment, Security needs to be viewed in the context of a value-add to the overall mission of the business rather than as a purely functional activity. Mature security organizations, while they address the traditional issues of physical security and incident response, are relied upon by senior management to accurately identify security risks and interdependencies across business functions and processes, and to develop and manage solutions that proactively address those risks and interdependencies. A well thought out and managed security strategy anticipates and addresses the breadth of risk issues; including personnel, IT, IP, capital assets, supply chain, natural disasters, and terrorism. In the era of Sarbanes-Oxley and other regulatory legislation, public companies are recognizing the critical business role that a comprehensive security strategy plays.

Since September 11, 2001, virtually every aspect of business has been impacted by the heightened security environment. Legislation in both the United States and elsewhere has impacted business travel, import and export procedures, banking and finance transactions, telecommunications and internet security, and employee hiring practices.

The evolution over the last several years of the position of Chief Security Officer (CSO) is a recognition of the strategic role the function plays in today's business world. CSO's are viewed in major companies at a peer level to CIOs, CFOs and other strategic management positions. However to be successful at the "C" level, and individual must not only be an expert in the substantive areas of security, but also well-versed in risk management and overall business processes. As a result, effective corporate security professionals at mid-and senior-levels require a range of expertise broader than in the past. This requirement has created an opportunity for institutions to develop programs that address the knowledge and skill gaps that exist in many security organizations.

Senior management's acknowledgment of the business case for addressing security and risk management issues is only the first step. How a company designs its security and risk management functions, how it integrates the concepts that drive those functions into the culture of the organization, and how it balances the importance of security with the criticality of employee productivity are key to the program's success. To be effective, Security needs to be seen by employees and managers as a productivity enhancer that furthers the safety and integrity of the company's people, property and information. While new security practices are not always popular with employees, when they are well considered and proactively communicated, they are more likely to be accepted and complied with. Designing an appropriate program and successfully integrating it into a company's culture, again requires skills sometimes beyond the core expertise of a security practitioner. A strong understanding of organizational dynamics, effective communications, and business process are required.