An often overlooked risk for CSOs is the security technology management process. Security technologies present risks to the enterprise that must be managed. Security applications aren’t inherently secure; installation practices due to standards deficiencies can open up holes; lax logical security practices and proprietary, end-of-life components are all risks to the enterprise. The bottom line: managing security technology is a complex problem for security leaders today. Mobile technology, cybersecurity concerns, dynamic and disruptive technology being introduced into the security technology stack are factors that warrant technology planning. Our industry is coming to the conclusion that security technology planning should be enabled by, and conducted within, a framework we call Enterprise Security Risk Management (ESRM). And the vendor community needs to respond to this by aligning their services. We call this emerging ecosystem and best practices Security Risk Management Services (SRMS)
As an example, video surveillance is a tool within the security program. It is often left to age into neglected and legacy technology that can lead to a “no longer supported” position by the manufacturer. This situation is common and poses a variety of risks to the enterprise: increasing capital and operating expenses as break-downs occur more frequently, diminishing parts availability coupled with fewer qualified engineers and technicians to service the system and non-correctable security flaws exploitable by a growing number of bad actors.