The COVID-19 pandemic revealed the weakness of many organizations’ business continuity plans. Many companies learned too late that their plans were inadequate, lacking interoperability with other critical plans for crisis management, disaster recovery, and pandemic readiness.
Last year, ASIS International released the Enterprise Security Risk Management (ESRM) Guideline, which takes a different approach to traditional security. The ESRM Guideline was released at the 2019 Global Security Exchange (GSX) in September, and the Maturity Model is now available on the ASIS website.
What is a security professional to do when you are already operating a lean organization, you are protecting your company’s assets the best you can and you still have to perform better with fewer resources?
As security professionals, we inherently understand the concept of “risk.” We are surrounded by leaders and business partners who also understand these concepts — just with a different lens. To align the differences in our approach, we just need to adjust our understanding, gain a few more skills and approach our programs with a management mindset similar to the way business looks at risk.
We tend to believe that it is the business’s responsibility to understand the importance of security and, therefore, recognize the need to invest. But in the world of business, that’s simply not the case. Business leaders have operations to run and missions to fulfill, and as security leaders we need to understand that it’s up to us to bridge the gap between the security way of thinking and the business way of thinking.
This model allows the security leader and team to work with business leaders to monitor resources, understand security risks, and, together, deliver the most appropriate and effective solutions to mitigate those risks. Security leaders can also use the information gathered during the risk-based reboot to understand and communicate the total cost of ownership of the security program — based on the value of the business’s assets that are exposed to certain security risks — as well as the cost of the various resolutions that are put in place.
This month in Security magazine, we examine how physical security leaders are being propelled into a unique position of revenue preservers and risk managers for their businesses. In addition, we profile Scott Ashworth, Director of Security for Atlanta United. Also, security leaders discuss how to develop cybersecurity careers, election security, data protection strategies, measuring and reporting security operations maturity and more!