Security 500 conference     

 Don’t miss the networking event of the year for security executives!
Register today for the Security 500 Conference.

Security Leadership and Management

Business Evolution Requires Active Security Alignment

December 1, 2011

Business continues to change, and if the next generation of security leaders hopes to succeed, they must be prepared to change with it, says Dick Lefler, former VP & CSO of American Express and current Chairman and Dean of Emeritus Faculty for the Security Executive Council. This will require, among other things, a much more active pursuit of alignment with the organization’s structure, goals and strategies.

“What matters to the organization in terms of a risk management role is that you’re identifying the risks that could either disrupt or enhance the organization’s strategy,” says Greg Niehaus, professor of Finance and Insurance for the Moore School of Business, University of South Carolina. “Alignment is important in that you want everyone in the organization to be thinking about and potentially identifying those risks.” When the security leader is confronted with evolving business goals, evolving operational models, and evolving risks, such alignment can be more of a challenge than it has ever been.

“I think the next generation of security leaders is going to be faced with two significant risk issues to manage,” says Lefler. “First, companies are doing business differently than they have in past generations. The next generation security director will have to demonstrate skills that not only are aligned to the business enterprise but that also reflect change in the way business is conducted.”

The biggest change Lefler sees is an ongoing shift from a vertically integrated business model to a horizontally integrated one, meaning that fewer and fewer business functions are performed in-house. “From that point of view, a lot of your risk lies with somebody else’s employees, goods and services, and the ability to deliver those to you to further enhance or add value to the product and ultimately sell it. In today’s competitive environment, you depend on others to provide raw resources, manufacture goods and manage services like IT. The radical shift is that you’re now managing risk relationships as opposed to managing the risks themselves,” he says.

He offers the example of an electronics company that outsources its manufacturing. “If your manufacturer fails to provide you with adequate supplies based on your contract, you won’t be able to sell as much product as you planned, and that will have a significant impact on your revenue and stock price,” he says. “So part of that risk exposure may be the failure of your electronics manufacturer to adequately vet its employees or manage the risk in its own facilities.” The security executive’s responsibility in this case includes working with Legal to develop contracts that limit this risk exposure and to act as an agent of influence not only on his or her own senior management, but on the management of the contracted manufacturer. This expansion of responsibilities is just one of the elements of business alignment in an evolving risk atmosphere.

The second issue Lefler feels will most impact the next generation of security leaders is compliance. “Compliance in the global marketplace is continuing to grow, and we’re continuing to see sovereign nations work together to create increasing levels of compliance requirements that carry with them penalties for failure to comply. The next generation of security leaders will have to be as sensitive to compliance as they are to the risk issues that can impact on the company. Failure to comply is a risk issue in and of itself.”

Alignment in a changing risk and operational environment will require security leaders to actively engage management in an ongoing dialog, to ensure a shared understanding of business strategies and goals as well as identification of risks that are critical to the company and the Board.

Lefler, Niehaus, and Randy Harrison, managing director of Corporate Security for Delta Air Lines, will instruct a course on business alignment for the Security Executive Council’s Next Generation Security Leader Development Program, a virtual security executive development program launching in January. Their course, Aligning Board Level Risk and Business Unit Mitigation Strategy, will cover the business perspective on alignment and provide the foundation for positive results drawn from the experience of former and current security executives. To learn more or to register, visit www.securityexecutivecouncil.com/nextgen.   

Did you enjoy this article? Click here to subscribe to Security Magazine. 

Recent Articles by Marleah Blades

You must login or register in order to post a comment.

Multimedia

Videos

Image Galleries

ASIS 2013 Product Preview

ASIS International 59th Annual Seminar and Exhibits, September 24-27 in Chicago, Illinois, will include an exhibit hall packed with innovative security solutions. Here are some of the products that will be shown at ASIS this year.

Podcasts

Virtualization and Data Center Security: What You Need to Know for 2014

Data centers are increasingly becoming the center of the enterprise, and data center and cyber security is following the same path for security departments. According to Justin Flynn, a consultant at the Burwood Group, the virtualization of data centers allows enterprises to scale more easily and faster, with a smaller footprint.

However, hosting enterprise data in the cloud can make intrusion detection more difficult – how can enterprise security leaders team up with other departments to keep aware of cyber risks and traffic, and physical and data compliance during the virtual transition? How can CISOs and CSOs discuss cyber threats with the C-Suite to get the resources they need? And how can the proper infrastructure test and verify possible malicious attacks? 

More Podcasts

Security Magazine

September 2014

2014 September

In the September issue of Security Magazine, find out who this year's most influential people are in the security industry are. Also, take a peek at the technology products that ASIS 2014 will be showcasing at the upcoming event. Read about the lessons learned from security at the World Cup, find out why tactical medical training is a must for your enterprise and how Atlanta increased security by sharing surveillance.
Table Of Contents Subscribe

Adopting New Technology

How long do you wait before adopting a new technology?
View Results Poll Archive

THE SECURITY STORE

comptiahighriseproductphoto
CompTIA Security+ Certification Study Guide
CompTIA's Security+ certification is a globally-recognized, vendor neutral exam that has helped over 60,000 IT professionals reach further and higher in their careers. The current Security+ exam (SY0-201) focuses more on being able to deal with security issues rather than just identifying them.
More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.

Vertical Sector Focus: Critical Infrastructures

criticalhomepagethumbFrom terrorism to vandalism, it’s preparedness, response, training and partnerships. Learn about some of the critical security issues facing this sector.

Visit the Critical Infrastructure page to read more.  

STAY CONNECTED

Facebook 40px 2-12-13 Twitter logo 40px 2-12-13  YouTube  LinkedIn logo 40px 2-12-13Google+