Security Leadership and Management

Running Security Like a Business

January 3, 2012
The next generation of security leaders will be challenged in ways previous generations have not. They will be asked to manage and monitor more risks and to identify and address new risks, including those created by drastic shifts in business operation and philosophy. They will have to do this more quickly, with fewer resources in many cases, and they will be expected to think and strategize at a board of director’s level. 

Last month we addressed the importance of aligning security with the business. The security leader who prioritizes alignment will have built a strong foundation from which to meet the coming challenges of risk management. However, alignment is sometimes a significant challenge. It often requires current and rising security leaders to run security like a business, which includes knowing your business and its level of readiness for your strategies; communicating with and influencing internal customers; demonstrating how and where security resources are being used; and adding value to the organization.  

First, if the security function hopes to align itself with the business’ needs and goals, the organization, the security leader and the security programs must all share the same level of “readiness.” For example, the leader may be extremely mature, with years of experience and a long list of successes at other organizations, but if the organization is not ready for visionary security leadership – or not interested in it – then the leader may have to adjust in order to meet the company’s needs. Or if the organization is prepared to shift from a compliance-focused security strategy to a proactive, growth-focused strategy, but the existing security programs are all built and measured around compliance concerns, a major shift in programs will be in order to match the readiness level of the organization.

A company’s readiness may be impacted by many factors, including budget, senior leadership and culture. To align with the readiness level of their organizations, security leaders must understand their own leadership maturity as well as the company’s risk appetite, management’s awareness level and the drivers of security programs.

Running security like a business also requires communication and influence. A research report released by the Security Executive Council last year, “The Nine Practices of the Successful Security Leader,” identified commonalities among many highly successful individuals in their Tier 1 Security Leader community. (The report is available for download at https://www.securityexecutivecouncil.com/sm9.) “The findings in this report show that much of success revolves around communication and receptiveness,” says Kathleen Kotwica, EVP and Chief Knowledge Strategist for the Security Executive Council. “Each of our findings reflects how security or the security leader is perceived by other business leaders, management and employees based on how the security leader presents risk and, to a great extent, him- or herself.”

In many organizations, security can also enhance alignment by helping improve the bottom line, either by reducing loss or building profit. In a business sense, risk management is not only about transferring or mitigating potentially negative risk; it is about identifying risk that may provide opportunities for growth or profit. While security has traditionally been expected to focus on mitigation, the global economic recession has caused many businesses to push all organizational functions – security included – to identify ways in which they can add value.

To align, therefore, security must extend beyond consequence protection. In order to enable this shift, security leaders will need to show a certain level of business acumen. They will need to be able to find the money by identifying opportunities in existing programs as well as potential value-adding partnerships with other functions. “The ability to promote transaction integrity – asset transfers, data, hiring, purchasing, sales and supply chain – through anomaly detection and mitigation will optimally pay for compliance programming and optimize the business,” explains Francis D’Addario, emeritus faculty for Strategic Influence and Innovation for the Security Executive Council and former vice president of Partner and Asset Protection for Starbucks Coffee. D’Addario has a solid record of business-focused security success. “Injury, loss reduction, and revenue enhancement often yield more than 250 percent ROI with capable protection investment,” he says.

The Council’s Next Generation Security Leader Development Program is offering courses on each of these topics. Next month we will touch on some of the aspects of risk that the next generation of leaders will need to be aware of to reach the height of success.   

Did you enjoy this article? Click here to subscribe to Security Magazine. 

Recent Articles by Marleah Blades

You must login or register in order to post a comment.

Running Security Like a Business

Gregory L. Warren, MEP
January 11, 2012
Excellent article! I think the two most important points highlighted in this article are, is the organization ready for visionary security leadership, and also identifying risk that may provide opportunities for growth or profit. My belief is that today's security professional has to continually think outside the box, as well having a solid knowledge base in the areas of personnel, logistics, operations, training, and intelligence. By exercising strong leadership both vertically and horizontally, today's security professional can add great value that will affect growth and profit. I look forward to next month's article on the aspects of risk to reach the height of success. Maj. Gregory L. Warren, MEP, USA-Ret. Account Manager & Security Director AlliedBarton Security Services

Multimedia

Videos

Image Galleries

ASIS 2013 Product Preview

ASIS International 59th Annual Seminar and Exhibits, September 24-27 in Chicago, Illinois, will include an exhibit hall packed with innovative security solutions. Here are some of the products that will be shown at ASIS this year.

Podcasts

Virtualization and Data Center Security: What You Need to Know for 2014

Data centers are increasingly becoming the center of the enterprise, and data center and cyber security is following the same path for security departments. According to Justin Flynn, a consultant at the Burwood Group, the virtualization of data centers allows enterprises to scale more easily and faster, with a smaller footprint.

However, hosting enterprise data in the cloud can make intrusion detection more difficult – how can enterprise security leaders team up with other departments to keep aware of cyber risks and traffic, and physical and data compliance during the virtual transition? How can CISOs and CSOs discuss cyber threats with the C-Suite to get the resources they need? And how can the proper infrastructure test and verify possible malicious attacks? 

More Podcasts

THE MAGAZINE

Security Magazine

April 2014

2014 April

In the April issue of Security magazine, read about integration partnerships and their growing success. The Boston Marathon bombing has changed the way integrators look at security for sporting events, see where they are one year after the tragic incident. Read about the 2014 RSA conference and this year's theme of "Threat Intelligence. Also, read about the latest products and news in the security industry.

Table Of Contents Subscribe

Background Checks

Who conducts background checks on new employees and contractors in your enterprise?
View Results Poll Archive

THE SECURITY STORE

comptiahighriseproductphoto
CompTIA Security+ Certification Study Guide
CompTIA's Security+ certification is a globally-recognized, vendor neutral exam that has helped over 60,000 IT professionals reach further and higher in their careers. The current Security+ exam (SY0-201) focuses more on being able to deal with security issues rather than just identifying them.
More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.

Vertical Sector Focus: Critical Infrastructures

criticalhomepagethumbFrom terrorism to vandalism, it’s preparedness, response, training and partnerships. Learn about some of the critical security issues facing this sector.

Visit the Critical Infrastructure page to read more.  

STAY CONNECTED

Facebook 40px 2-12-13 Twitter logo 40px 2-12-13  YouTube  LinkedIn logo 40px 2-12-13