You should be in continual dialogue with business leaders to ensure security strategy compliments business strategy in order to accomplish the company’s goals. If success only comes from the security department acting in isolation, it does nothing to ensure the company’s future. The linkage to the business side is crucial - a successful set of security programs must “bring value” to the company or will become viewed only as a cost by business leaders.
The security leader’s perspective should include:
The strategic security program focus should include:
The following graph points to the critical areas impacting both security professionals and business professionals; that is, how to design security programs to enhance profitability. If the security program is expensive but adds no value, the proposition fails. If the company is financially successful, can it continue that success without investing in adequate protection programs? If the financial success is low, can security programs enhance financial success? Security programs for regulated sectors such as utilities can still enhance financial success by leveraging security programs to the sector group and developing standards in which costs can be identified and recovered through the regulatory process.
The following graph is a take on the business scorecard but from the Security Organization perspective.
The critical issue for the security executive is to share the same perspective as the business leader in explaining how a security program enhances financial success.
Answer provided by the late Dick Lefler, Security Executive Council founding Emeritus Faculty member.