During the past 15 years the Security Executive Council has been collecting data on what makes some security leaders successful and others less so. The key dividing factor turns out not to be how good they are at identifying and mitigating risk (we are all expected to do that reasonably well) but rather how well they align with and fit their programs in with the business and organization culture.
Recently the SEC wanted to investigate how soon after entering a new leadership role were security practitioners addressing the key tasks necessary to put them on a path to success. The SEC created a self-assessment for security practitioners to measure this and the charts shown here represent the results gathered from that work.
What is most important about these charts is not how many people completed each task but rather what those tasks are. Each of the tasks are key to your success in your current role and are not something you can put off until some later time. You need to take advantage of your grace period to gain a robust and accurate understanding of your current environment.
- Confirm a service delivery model with your management (e.g., centralized, distributed).
- Conduct a staff gap analysis.
- Conduct program gap analysis.
- Conduct an internal capacity / value analysis.
- Conduct a security risk assessment.
- Align mitigation strategies with new risk assessment results.
- Define risk ownership and appetite with senior management.
- Align risk assessment results with identified enterprise risks related to security.
- Identify and interview business leaders for their top security issues and needs.
- Document your security program plans and processes.
- Seek stakeholders input and concurrence on your plans.
- Develop a "security story" to brand and communicate security's value to your stakeholders.
- Assess the previous items in light of the corporation's current conditions, circumstances, culture and resources.
Completing these tasks will not only provide you with a very strong understanding of your current environment but also enhance confidence in your ability to defend your program in times of budget cutting and other future challenges.
Review these tasks and perform a self-assessment of where you stand regarding completing them to your satisfaction. Make sure you understand why they are important and how they can benefit your program and career.
If you prefer, you can participate in the online self-assessment
to get your score.
The SEC has a long history of helping security leaders improve their programs to better protect and demonstrate value to the organization. Contact us
to discuss your situation and find out how we can work with you.