Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
ColumnsLeadership & ManagementSecurity Leadership and Management

Managing Risk Across the Enterprise

The key to the risk-based security program is that no matter what issue you examine, every one of them affects the reputation of the enterprise in one manner or another.

By Lynn Mattice
SEC
July 1, 2014
Risk
 

Over the course of the last 18 months we have conducted a fairly exhaustive review of all of the elements that comprise an effective program to identify and analyze the full scope of risks that an enterprise faces while operating domestically or globally. We also explored effective methodologies to examine risk mitigation solution options that can be deployed across the enterprise.

The chart that we provided depicts the various elements of a comprehensive risk-based security program. The key to the risk-based security program is that no matter what issue you examine, every one of them affects the reputation of the enterprise in one manner or another. Understanding the links, dependencies and potential impact of each element of a sound risk-based security program is fundamental to an organization’s ability to effectively deploy this type of program and, ultimately, holistically manage the enterprise’s entire risk portfolio.

The first step is developing an initial risk profile of the enterprise. We have yet to find a single company that has in one place collected the full scope of documentation necessary to create a true snapshot of the enterprise’s risk portfolio. Developing a matrix of current and emerging risks through the implementation of a comprehensive risk intelligence program is absolutely vital. As we previously discussed, there are several different approaches to establishing a comprehensive program to gather risk intelligence. At the end of the day, what is most important is having an effective risk intelligence program for the enterprise, not how it is organized or what function owns it.

Critical elements of the risk intelligence process include: the establishment of the key intelligence questions and the gathering, analysis, processing and distributing of the risk intelligence to those functions that have a legitimate need for the information. The data gathered through the risk intelligence program is also a vital element of the strategic planning process for the enterprise. A trusted risk intelligence program is also critical to ensuring that management has highly accurate and trusted data to utilize in their decision-making process.

Once the risk matrix has been populated, management must then prioritize the risks and determine which are the most critical to the viability, survivability and resilience of the enterprise. When that prioritization has been completed, various functions within the organization can be tasked to design the appropriate solution for the risk involved. Those solutions may involve complex and expensive methodologies to effectively mitigate a given risk. Other risks may involve inexpensive and easy to implement mitigation solutions, third party transfer of the risk through some form of insurance instrument, or the enterprise may simply decide that the probability of the risk occurring is so remote that while an incident could be devastating, the cost to mitigate the risk results in the enterprise simply accepting the risk without deploying any mitigation solutions.

Another key take-away involves the establishment of sound policies, procedures and processes across the enterprise. These provide the foundation for effectively managing the enterprise, establishing the guidelines under which all personnel and functions are expected to operate, and implementing appropriate controls to ensure the long-term viability of the enterprise. Of course, it is necessary to ensure that staff members are thoroughly trained on their roles, responsibilities and accountabilities.

Validation of the design and functionality of policies, procedures, processes and controls are measured through audits, inspections and evaluations. If failures occur or weaknesses are identified in controls, it is vital that an inquiry is conducted to determine the root cause for the failure of the particular management system involved. Once a determination of the cause of a particular failure is made, an appropriate solution can be crafted that prevents the failure from reoccurring. A similar process of evaluation takes place when a risk morphs over time or a new risk evolves which requires an evaluation of the current management systems involved to apply appropriate revisions to mitigate the change to the risks.

Hopefully, through this series our readers have gained a more comprehensive understanding of the full scope of risk that must be gathered, analyzed and mitigated as part of effectively managing an enterprise’s risk portfolio. 

 

About the Authors: Jerry J. Brennan is the founder and Chief Operating Officer of Security Management Resources (SMR Group), the world’s leading executive search firm exclusively focused in corporate security. Lynn Mattice is Managing Director of Mattice and Associates, a management consultancy focused at the development and alignment of Enterprise Risk Management and Business Intelligence Programs, as well as Intellectual Property Protection and Cybersecurity. 

KEYWORDS: security education security leadership security risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Mattice 2016 200px

Lynn Mattice is Managing Director of Mattice & Associates, a top-tier management consulting firm focused primarily at assisting enterprises with ERM, cyber, intelligence, security and information asset protection programs. He can be reached at: matticeandassociates@gmail.com

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cyber Tactics Column
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Logical Security
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Coding

AI Emerges as the Top Concern for Security Leaders

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

Shopping mall

Victoria’s Secret Security Incident Shuts Down Website

Laptop with coding on ground

Stepping Into the Light: Why CISOs Are Replacing Black-Box Security With Open-Source XDR

Gift cards and credit cards

Why Are Cyberattacks Targeting Retail? Experts Share Their Thoughts

2025 Security Benchmark banner

Events

June 24, 2025

Inside a Modern GSOC: How Anthropic Benchmarks Risk Detection Tools for Speed and Accuracy

For today's security teams, making informed decisions in the first moments of a crisis is critical.

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

From animal habitats to bustling crowds of visitors, a zoo is a one-of-a-kind environment for deploying modern security technologies.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Lynn Mattice & John Brennan

    Founding Security on Enterprise Risk Management

    See More
  • success feat

    Why Risk Intelligence is the Key to Successful Security

    See More
  • SEC column

    Controlling Brand Risk

    See More

Related Products

See More Products
  • Risk-Analysis.gif

    Risk Analysis and the Security Survey, 4th Edition

  • security culture.webp

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Events

View AllSubmit An Event
  • May 14, 2012

    Effective Risk Communication: Theory, Tools, and Practical Skills for Communicating about Risk

    Stay ahead of the curve by attending this in-depth program, featuring the latest scientific findings on risk perception, case studies from around the world, a suite of practical tools, and hands-on skill training.
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing