Security 500 conference     

 Don’t miss the networking event of the year for security executives!
Register today for the Security 500 Conference.

Leadership & Management Column / Security Leadership and Management

Understanding People, Your Enterprise’s Top Asset and Risk

Singing Kumbayah won’t keep insider threats away.

sec body
 

 

People are always viewed as the most important asset in your enterprise. There has been a significant amount of press about the increasing levels of external risk an enterprise must face on a day-to-day basis.  Most experts agree that the “Insider Threat” is still one of the biggest risks.

The new hire process is the first line of defense for any enterprise. Locating the right individuals with the requisite knowledge, skill and experience is vital to any entity. Just as important, however, is making sure that each individual is a fit with the culture of an organization. Effective screening still is the first line of defense for an entity in managing its Human Capital Risk.

Once an individual has passed screening and assimilated into the organization, the risks increase exponentially and may manifest themselves in a number of different ways. 

First among them is the obligation of providing a safe and secure work environment. Massive liability judgments have resulted from claims of sexual harassment, discrimination, negligent supervision and negligent security, just to name a few. Establishing solid policies, procedures and processes is vital. Deploying a risk-based triad of personnel, physical and information security policies and measures are important steps in creating and maintaining that safe and secure workplace. Part of providing a safe and secure work environment should also include employee assistance programs to help individuals in trouble. Emergency incident response programs are also important. Plus, there should be formalized workplace violence prevention and response programs in place with specialized training for supervisors and all employees.

Many enterprises today operate in far-flung places around the world. It is incumbent on the enterprise to provide guidance, assistance and proper safety and security support to individuals before and during these assignments. Assistance can cover a broad range of support that includes travel risk/security briefings, travel tracking, medical aid, close protection details and evacuation.

Many senior executives in global enterprises do not truly grasp the risks they face operating around the world. How many times have you heard senior executives say things like: “We are all one family here” or “One World – One Company?” While it may seem politically correct to try and establish a Kumbayahstyle environment, it also shows a high degree of naiveté and a lack of understanding of the dramatic cultural, societal and political differences that exist around the world. Enterprises that do not properly take into account and effectively manage these risks will face significant legal exposure that may take the form of civil liability and, in some cases, may result in criminal charges. 

One illustration involves a typical entity’s ethics and governance program. Nearly every company doing business around the world has stated in their company’s values or guiding principles that they will comply with local laws. Now, take into account the highly publicized intellectual property mining by China. Few enterprises that either have a joint venture or key supplier in China understand that the value or guiding principal stated above provides a legal loophole authorizing the wholesale transfer of your intellectual property to the Chinese government. Article 18 of China’s State Security Law(paraphrased) states: Chinese citizens and organizations must faithfully furnish any information requested by State Security. Refusal shall be punished. It probably doesn’t much matter what you have stated in your employment agreement, teaming agreement or vendor/supplier contracts.

Executives need to check their Kumbayahmentality at the door or face a broad range of legal exposures. Many countries have very strong industrial policies and deploy their intelligence agencies to gain an economic advantage to support their economic growth. Understanding the full scope of risks in all the environments where you operate as well as the unintended consequences is vital to safeguarding the enterprise.   

 

About the Authors:

Jerry J. Brennan is the founder and Chief Operating Officer of Security Management Resources (SMR Group), the world’s leading executive search firm exclusively focused in corporate security. Prior to founding SMR in 1997, Brennan enjoyed a 26-year career in domestic and international enterprise risk and security roles. Lynn Mattice is Managing Director of Mattice and Associates, a management consultancy focused at the development and alignment of Enterprise Risk Management and Business Intelligence Programs, as well as Intellectual Property Protection and Cybersecurity. He has more than 35 years of experience heading these programs at the executive level of three major multinational corporations and one mid-cap company in diverse industries.

 

Read moreLeadership & Management online at SecurityMagazine.com/Columns/Leadership

Did you enjoy this article? Click here to subscribe to Security Magazine. 

You must login or register in order to post a comment.

Multimedia

Videos

Image Galleries

ASIS 2013 Product Preview

ASIS International 59th Annual Seminar and Exhibits, September 24-27 in Chicago, Illinois, will include an exhibit hall packed with innovative security solutions. Here are some of the products that will be shown at ASIS this year.

Podcasts

Virtualization and Data Center Security: What You Need to Know for 2014

Data centers are increasingly becoming the center of the enterprise, and data center and cyber security is following the same path for security departments. According to Justin Flynn, a consultant at the Burwood Group, the virtualization of data centers allows enterprises to scale more easily and faster, with a smaller footprint.

However, hosting enterprise data in the cloud can make intrusion detection more difficult – how can enterprise security leaders team up with other departments to keep aware of cyber risks and traffic, and physical and data compliance during the virtual transition? How can CISOs and CSOs discuss cyber threats with the C-Suite to get the resources they need? And how can the proper infrastructure test and verify possible malicious attacks? 

More Podcasts

Security Magazine

Security Magazine 2014 September cover

2014 October

Security takes a look at safety and preparedness for the harshest of weather phenomena in this October 2014 edition of the magazine. Also, we investigate supply chain security and the many benefits of PSIM. 

Table Of Contents Subscribe

Travel & the Ebola Risk

Are you and your enterprise restricting travel due to Ebola risks?
View Results Poll Archive

THE SECURITY STORE

comptiahighriseproductphoto
CompTIA Security+ Certification Study Guide
CompTIA's Security+ certification is a globally-recognized, vendor neutral exam that has helped over 60,000 IT professionals reach further and higher in their careers. The current Security+ exam (SY0-201) focuses more on being able to deal with security issues rather than just identifying them.
More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.

STAY CONNECTED

Facebook 40px 2-12-13 Twitter logo 40px 2-12-13  YouTube  LinkedIn logo 40px 2-12-13Google+

Vertical Sector Focus: Critical Infrastructures

criticalhomepagethumbFrom terrorism to vandalism, it’s preparedness, response, training and partnerships. Learn about some of the critical security issues facing this sector.

Visit the Critical Infrastructure page to read more.