In a recent survey we did among STE’s audience, they reported that IT management was a key decision-maker in the security technology implementation process. As technology continues to evolve, how is this IT relationship going to impact the role of the corporate security director?
The impact is obviously considerable…on both sides of the relationship. For organizations to effectively mitigate risk across the enterprise and achieve their business objectives, traditional and logical security practitioners must open the lines of communication and work in conjunction with one another. One of the most significant challenges posed to the evolution of the relationship is the knowledge gap that exists between the two fields of security. While the degree of separation varies from professional to professional and from organization to organization, it remains quite prevalent.
ASIS understands the challenges facing its members and the community of security practitioners around the world and has actively sought to identify educational and informational resources to prepare and support these transitional relationships. Where possible, ASIS has entered into both formal and informal partnerships to provide physical security directors and managers access to their logical security counterparts across the industry. To date, ASIS has had the opportunity to work with IT security-centric organizations such as ISACA, ISSA, and (ISC)2.
This year, as a result of a recently signed MOU, the first annual (ISC)2 Security Congress will be co-located with the ASIS International Annual Seminar and Exhibits in Orlando, Sept. 19-22. This important partnership is a reflection of the rapidly converging roles of traditional security and information security. Registrants of both events may attend educational sessions and networking events offered by each organization.
Technological advancements coupled with cross education and dual certification will serve to narrow the gap that exists today and new security practitioner roles will ultimately emerge.
What is the C-level expecting from its security department and how can they deliver?
The role and perception of the security director and his team has changed dramatically over the past decades. Once viewed as “overhead” and perceived as limited in function, business leaders have learned that knowledge and experience within the security function is a vital tool in an age of commerce marked by rapid development of a global marketplace, increased competition, economic pressures, tremendous technological innovations and more. Today, the security director is often called on to work alongside top company executives in an effort to not just protect and preserve assets, but to further business plans and increase the bottom line. It’s a far cry from the security director’s past realm, which is best summed up as “gates, guards, and guns.”
The C-suite has come to recognize that nearly all areas of the business can benefit from the inclusion of the security director who has become the essential leader in risk management across the entire enterprise. Now, a much-valued member of the “total” organization — the security director is a highly skilled individual with a defined role that can strategically influence a company’s future.
CEOs expect their CSOs or security directors to be strategic leaders and to understand the language of business. It is not enough to know business — security leaders need to actively engage in the business of their organization, act and think globally, and be skilled in marketing their security program.
To ensure current and rising CSOs have the required business knowledge, ASIS has partnered with the Wharton School and Northeastern University in the United States and IE Business School in Madrid, Spain, to develop and deliver customized executive education programs that prepare security professionals to meet the complex security challenges they face today with strategic business solutions.
What has been the most dramatic change in the role of security at the enterprise level since 9/11?
Without question new regulation and compliance regimes have most dramatically changed the role of enterprise security over the course of the past decade. As new threats emerge and business transactions become increasingly intricate, more complex regulations and compliance guidelines come forth.