Last month’s column addressed the security organization reporting to the General Counsel, which studies show is one of the more common reporting relationships for security executives.
This month we will discuss the advantages and disadvantages of reporting to the General Counsel (GC). Most enterprises combine a number of functions under the Office of the General Counsel... the most common include Chief Legal Officer, Chief Compliance Officer, Secretary of the Board of Directors and, in many enterprises, Chief Administrative Officer.
More than 60 enterprise security leaders attended this year’s Security 500 West conference in Los Gatos, California, on May 17, and they participated in high-level panels and conversations about how CSOs and security directors could make a bigger impact on the organization without squashing innovation or compromising the enterprise’s culture – an understandably hot topic in Silicon Valley.
Where within the enterprise the corporate security department reports is often more form over function. It may be personality driven, power driven or simply a corporate culture thing. Many companies have a hard time deciding where corporate security should report.
In my first column I invited you into the office of the CSO and the CEO of a company that had re-positioned itself as a security risk management services (SRMS) provider; a new category that I feel is emerging to address the need for a 360-degree view and understanding of an organization’s risk strategy, plan, processes and metrics.