Recently, I had the opportunity to facilitate a panel at The Great Conversation in Seattle. The discussion was around security’s alignment with the organization regarding the definition of risk and reward. The premise: if alignment could be achieved, it could go a long way to increasing the efficiency of the security operation, as well as articulating its value.
The participants included Mike Howard, CSO of Microsoft; William Raisch, Founder of The Global Risk Network and InterCEP; Jeff Slotnick, an executive at ASIS, as well as the founder of Setracon, a security training and consulting company and OR3M, a security information management company; and Tony Oxford, the Senior Director of Business Development for international security systems and IT systems integrator General Dynamics.
Here are the four key points from the panel:
1. Alignment must begin with security starting the conversation with the business. Turn your assumption that your business and/or IT executives have “put up a wall” and instead consider ways to change the wall into a “platform” for a relationship. Inquire about their risks, problems, and opportunities and look for a bridge to assist them. “Silos create inefficiencies,” Slotnick said. “You need a continuous compliance and quality improvement platform that involves a cross functional team.”
2. Collaborate outside your company with government agencies, first responders, and service and product vendors. William Raisch asked: “What is your globe?” — that is, finding a way to reach out to leverage a network of subject matter experts and peers to make yourself smarter and more efficient.
3. Leverage technology to collaborate. Howard said he has mobilized his core team to look at ways to use technology to keep innovating. His team is consistently reaching out to technology and service vendors as well as internally to see what technology is emerging. His focus lately has been on the cloud.
4. Use metrics. Once you understand the risk and value of the company, and you are aligned to achieve it, you must be able to measure it. “You need a metrics platform and a metrics program,” Oxford explained. “One is the means to collect data from your technology, and the other is collecting data around your program.”
Ronald Worman is the founder and managing director of The Sage Group.