CSOs in today's corporation can use this new focus on risk management to break down the “silos of independence” that stand in the way of a holistic approach to enterprise security. Implementing a “Risk Council” across the disciplines can be an effective tool. The gradual convergence of security, IT and corporate operational management have made some progress in fostering cooperation and a degree of collaboration but today the prospect of a unified organizational approach is within reach.
The implications of these developments are powerful. Using the analysis of network monitoring systems, for example, security can anticipate security breaches rather than merely respond to them after the fact. Unusual patterns of network access can signal potential data theft, misappropriation of computing resources or other illegal behavior. Working in a seamless, iterative process, security and IT can continuously strengthen data security and the policies and procedures governing those activities. Similarly, financial audits and reports can serve as early-warning systems for security issues.
Back to School
As always, the ultimate success of these new capabilities for achieving strong and comprehensive enterprise security rests with people and the quality of the interactions between them. For security professionals, this means expanding on the traditional skill sets and training objectives. To be successful, they must become capable program/project managers grounded in multiple protection disciplines. They must develop strong business acumen and be diplomatic and adaptable in framing issues within the context of enterprise risk management. Perhaps most importantly, they must embrace an ethic of life-long learning and more rigorously undertake professional training and active involvement in professional organizations both within and beyond the security profession.
Ray O'Hara CPP is Senior Vice President of Vance, a Garda Company and a leading provider in consulting, investigation and security services. He has served as the elected Secretary of the American Society for Industrial Security (ASIS) International Board of Directors. He ALSO has served as president of ASIS' Professional Certification Board, chair of the International Investigations Council and a member of the Substance Abuse Standing Committee. Mr. O'Hara is board-certified in security management by ASIS International