The progress among Security 500
organizations is not only measurable. It is visible. Perhaps the best word to
describe the changes during the past year is maturity. The executive thought
process, the technology solutions, the role of the security executive and the
definition and expectations for security have all matured. Even the attitude of
others in an organization toward security’s role and goals has matured toward
acceptance and participation in a more secure culture.
One clear example of
maturity is in the emergency preparedness for Hurricane Ike by government,
business and citizen organizations to prepare for and respond as compared to
the events of Hurricane Katrina.
Since 9/11, the security role has changed; security programs have
been started and restarted; and many security leaders have been hired, fired
and hired again in an effort by boards of directors, CEOs, college trustees and
others to figure out what they want and how they will know when they get it.
Board level strategy person? Operational level tactician? Security belongs
where? Legal, Ops, Executive? Can’t we outsource the whole thing? Where does IT
fit? Is security a business driver or compliance cost? Or both?