Hiring a new employee can be a rushed process, especially if the position is a mission-critical one. But neglecting to follow through on pre-employment screening can be even more disastrous to the enterprise than having an empty seat for a few weeks. A foregone or limited background check, a lack of fact-checking or a single-minded policy about hiring could leave a company with rushed hire and an unsuitable new employee, or worse – a wave of new risks and liability.
Picture this – in 20 minutes, one enterprising hacker at the 2012 Defcon conference in Las Vegas learned one Wal-Mart store’s physical logistics – from the janitorial contractor to where employees go to lunch – key details about the make and version numbers of the Wal-Mart manager’s PC, browser and anti-virus software, and got the manager to upload the address of an external website into his browser – no questions asked.
Utilizing the principles, standards and methodologies of ERM and/or ISO 31000 as the foundation of security programs is vital in order to transform your security program to holistically address the full scope of the risk, threat and hazard landscape that your organization faces today and into the future. Going forward, we will provide some insight into the concepts of ERM and why it is so important to utilize ERM as the foundation of your security program.
Risk appetite isn’t a term that comes up a lot in the security trade media. This is interesting, because understanding risk appetite is a crucial factor in developing acceptable security programs, communicating value, and aligning the function with the goals of the business — all of which are talked about in security circles all the time. So what is risk appetite?
Consolidation and technological advances are changing the face of the guarding industry. How will this affect enterprise security leaders? Learn more about changes to the security officer services industry as well as the Top Guarding Firms Listing in the December 2016 edition. Also in this issue: a new financial focus on cybersecurity, what to do in your first three months as a new CSO, the ostrich style of security management, and more.