In the wake of recent high-profile shootings and incidents, access control, video surveillance and armed guards have become the discussion of the day to deter future attacks. But what can enterprise security leaders do about threats that cannot be prevented? How can you plan for the golden minutes following an incident?
The "Office of No" actually makes enterprises less secure, new research shows. Adopting new technology responsibly and ensuring employee awareness of security risks forms a stronger base for cyber security.
Utilizing the principles, standards and methodologies of ERM and/or ISO 31000 as the foundation of security programs is vital in order to transform your security program to holistically address the full scope of the risk, threat and hazard landscape that your organization faces today and into the future. Going forward, we will provide some insight into the concepts of ERM and why it is so important to utilize ERM as the foundation of your security program.
Problem identified and communicated, plan created, funds provided, problem resolved. This is the lifecycle senior business leaders often expect – and prefer – organizational challenges to have. It’s the way decisions are made and issues addressed for many functions of the business.
During the many conversations we have during the Security 500 research survey and interview process, one trend we do not include in the findings is how busy you are keeping your heads above water. A consequence of being more than fully employed is that many readers tell me that staying current with new trends, technologies and best practices is a constant challenge.
Growth. Most organizations strive for it, but when it happens too quickly, unforeseen issues can arise that translate into a higher level of security related risk than the organization might be comfortable with. While most organizations constantly strive for growth and expansion, they need to recognize that with growth come growing pains and a litany of security related issues that may or may not have been factored into the plans of the organization as it continues to deal with day to day business as well as any new problems that a new acquisition might bring.
For the next generation of enterprise security leaders, is there a clear path forward to success? Enterprise security leaders discuss mentorships, education, certifications and the skills new CSOs and CISOs will need to succeed in their evolving roles and bring value to the business. But the problem is: with existing security leadership roles varying so widely, is the development of a uniform skill set even possible?