In my last column I wrote about the “Human Factor” of access control and identification. I now recall several negative incidents that I experienced as a security director involving security staffs screening persons entering the lobbies of hospitals.
In today’s technological world, the focus of access control and identification are mainly electronic – utilizing identification cards, biometrics, numeric keypads and passwords. One critical component of access control and identification that is routinely over looked is the use of people.
On the heels of the tenth anniversary of 9/11, it is important to reinforce the need to control access into organizations and to properly identify those persons who are seeking access. Controlling access into and within a building or campus not only thwarts a possible terrorist attack, but reduces the opportunity for the commission of a crime or occurrence of a violent act. It also promotes a feeling of security and safety for employees and other persons utilizing the organizational space.
The Association of Certified Fraud Examiner’s (ACFE) 2010 Report to the Nations on Occupational Fraud and Abusecompiled 1,843 cases of occupational fraud worldwide between January 2008 and December 2009. The survey estimated that a typical organization lost 5 percent of its annual revenue to fraud with a median loss of $160,000; nearly one-quarter of the frauds involved losses of at least $1 million.
For the next generation of enterprise security leaders, is there a clear path forward to success? Enterprise security leaders discuss mentorships, education, certifications and the skills new CSOs and CISOs will need to succeed in their evolving roles and bring value to the business. But the problem is: with existing security leadership roles varying so widely, is the development of a uniform skill set even possible?