Leadership Solutions

glasses2_copy.jpg

Knowledge Corner

The Knowledge Corner offers Council developed security research, tools, solutions, products, articles and thought leader papers written by Council members, Faculty, staff and alliance partners. Explore the topics in the navigation bar.

The icons shown adjacent to the titles of these resources provide information about sources.
  • blue icon = Tools, solutions, research and publications created by Security Executive Council
  • cyan icon = Materials created by Security Executive Council strategic alliance partners
  • green icon = Other material reviewed and deemed relevant to security and risk management executives by the Security Executive Council




Articles

   "Management by Walking Around" Gets You Ready for a Crisis This is Security Executive Council material  
Created By: Rad Jones, SEC emeritus faculty
A chief security officer has to nurture, cultivate and respect relationships with internal and external partners who are essential to resolving a critical incident. One way to do so is to simply walk around.
 
   A Brief Introduction to the Value of Corporate Security for Non-Security Professionals This is Security Executive Council material  
Created By: Bob Hayes, Managing Director and Kathleen Kotwica, Ph.D., EVP and Chief Knowledge Strategist, Security Executive Council
An explanation of the role and responsibilities of the CSO.
 
   A Risk Quantification Process 
Created By: Security Executive Council
Having a list of security-related business risks and their associated countermeasures is an essential part of the risk management process. Understanding how to quantify those risks to set priorities is equally important. This flow chart lays out one approach to the analytical process associated with risk exposure quantification.
 
   Addressing the Knowledge Transfer Gap This is Security Executive Council material  
Created By: Bob Hayes, Managing Director and Kathleen Kotwica, Ph.D., EVP and Chief Knowledge Strategist, Security Executive Council
This article discusses the seven characteristics of a knowledge-sharing program and the need to have a next generation security leader in place to bridge the transfer gap when an individual leaves the organization.
 
   After You've Moved Into a New Role in Security 
Created By: Security Executive Council
As a new Security Leader, or an existing one with new responsibilities, how do you engage the business? To be successful, seek the responsibility and authority to align security with the vision and mission of the business. The following are some thoughts on how to approach this.
 
   Are You Ready to Make Your Business Case?  This is Security Executive Council material  
Created By: Security Executive Council
A business case is a written or verbal outline of the reasoning behind a proposed change, with the goal of gaining decision makers' support.
 
   Are You Where You Want to Be in Your Security Career? This is Security Executive Council material  
Created By: Security Executive Council
In this Security Barometer quick poll we examined whether security practitioners are generally satisfied with the roles they are playing within their organizations.
 
   Are Your Metrics Connected to Top Management’s Agenda? This is Security Executive Council material  
Created By: George Campbell, SEC Faculty
The non-financial board metrics should really inform decisions on which security metrics we target for reporting up.
 
   Assess the Probability of Business Loss This is Security Executive Council material  
Created By: George Campbell, SEC Faculty
Estimate the probability of loss in areas of concern, given known vulnerabilities.
 
   Assess Your Skills to Advance Your Career  
Created By: Security Executive Council
Many of us don't engage in self-assessments until job searches force us to. But assessing your competencies has benefits beyond interview prep. It can help you determine what training and experience you can pursue today that might advance your career and your organizational goals now and down the road.
 
   “Garbage In” Can Cost You Your Job  This is Security Executive Council material  
Created By: Bob Hayes and Kathleen Kotwica, Security Executive Council Staff
Security practitioners and executives today have few options for collecting or accessing accurate, usable information. Currently there are four categories of information out there for security practitioners to draw from. In order of validity and rigor, they are: personal opinion, ad hoc benchmarking, selective and vetted benchmarking, and research.
 
   Baking in Success to Your Workplace Violence Program This is Security Executive Council material  
Created By: Dan Sauvageau, SEC Emeritus Faculty
Creating or reviewing a workplace violence program is a chance to make sure the program contains all the right ingredients.
 
   Balancing Board-Level Risk This is Security Executive Council material  
Created By: Marleah Blades, Security Executive Council Senior Editor
Risk oversight is sometimes confused with risk management; however, the two are complementary but separate functions.
 
   Be a Learning Organization This is Security Executive Council material  
Created By: By George Campbell, SEC Faculty
Root cause analysis is an established process in quality management, engineering and risk management. The objectives are: to objectively, relentlessly identify the factors that created a failure of a control or set of controls so that those conditions may be prevented in the future.
 
   Becoming a Next Generation Security Leader This is Security Executive Council material  
Created By: Bob Hayes, Managing Director and Kathleen Kotwica, Ph.D., EVP and Chief Knowledge Strategist, Security Executive Council
No single skill set or attribute guarantees security leadership success. This article discusses the nine practices of a successful security leader along with some advice to security leaders who aspire to become what we like to call Next Generation Security Leaders - future oriented professionals who work across many domains, run programs that are aligned with their businesses and are influencers in their organizations—should focus both on improving their aptitude and positioning themselves to be in the right place at the right time.
 
   Benchmarks Aren’t Magic, They’re Tools  This is Security Executive Council material  
Created By: Bob Hayes, Managing Director, Kathleen Kotwica, Security Executive Council
Security executives frequently come to us to request assistance in benchmarking their processes or performance metrics with similar companies. Usually we find that their interest is at least partially driven by a strong push from management. Business leaders recognize benchmarking as a proven business practice that can identify competitive strengths and vulnerabilities as well as opportunities for improvement. Benchmarking can inform corporate goal-setting and can play a significant role in strategic planning.
 
   Best Practices and Lessons Learned through Public-Private Collaborations This is Security Executive Council strategic alliance partner material  
Created By: Brit Weber, Security Executive Council Emeritus Faculty
Here are some examples of best practices/lessons learned in public-private partnerships for emergency preparedness taken from the Critical Incident Protocol (CIP) – Community Facilitation Program and from other sources on partnerships.
A Tier 1 Leader item available for purchase. Visit our store.
 
   Budget, Staffing, Accountability: How Can a Service Technology Roadmap Help?  
Created By: Security Executive Council
In the first part of this series, we talked about what a security service and technology roadmap is, what its benefits are, and how to start developing one. Now we focus on some specific situations in which a technology roadmap can help an organization.
 
   Build a Risk Indicator Dashboard This is Security Executive Council material  
Created By: George Campbell, SEC Faculty
Provide a single display of the key information a manager needs to monitor a set of measures and effectively communicate the status of those measures.
 
   Building a Metrics Program that Matters  This is Security Executive Council material  
Created By: Security Executive Council Staff
Those of us who read this magazine regularly know about security metrics. We have read about their value and seen monthly examples of useful metrics and what to do with them. But, ladies and gentlemen, we are still missing the proverbial boat. Some of us are running alongside as it pulls from the dock, waving our arms and begging it to slow down so we can figure out where the ramp is. Others are across the street at the ticket booth wondering why there are so many people in line.
 
   Business Continuity Program Strategic Plan Cycle This is Security Executive Council material  
Created By: Security Executive Council
An imperative for continuous review and evaluation relates to budgeting and company-wide planning.
 
   Business Evolution Requires Active Security Alignment This is Security Executive Council material  
Created By: Security Executive Council Staff
Business continues to change, and if the next generation of security leaders hopes to succeed, they must be prepared to change with it, says Dick Lefler, former VP & CSO of American Express and current Chairman and Dean of Emeritus Faculty for the Security Executive Council. This will require, among other things, a much more active pursuit of alignment with the organization’s structure, goals and strategies.
 
   Collaborate to Minimize the Impact of Activist Events This is Security Executive Council material  
This Faculty Advisor article provides pointers on how to minimize disruption and promote a safe environment during activist activity.
 
   Coping with Changes to Company Leadership This is Security Executive Council material  
Created By: Bob Hayes, Managing Director and Greg Kane, Director of IT and Product Technology, Security Executive Council
A proactive approach to new management is the best recourse; views are easier to change before they become entrenched.
 
   Corporate Contingency Planning Umbrella This is Security Executive Council material  
Created By: Security Executive Council
A diagram that illustrates a suggested framework for a company's business continuity program elements along with the interdependencies of departmental Business Continuity Plans.
 
   Dealing with Security Budget Challenges This is Security Executive Council material  
Created By: David J Quilter, SEC Faculty
What can you do to shore up essential security initiatives and programs and garner support from your business leaders to address known as well as under-resourced or unanticipated security issues?
 
   Dealing with Security Budget Challenges  This is Security Executive Council material  
Created By: J. David Quilter, SEC Faculty
What can the security leader do to shore up essential security initiatives and programs and garner support from your business leaders to address known as well as under-resourced or unanticipated security issues?
 
   Defining Best Practices in Global Security Operations Centers This is Security Executive Council material  
Created By: George Campbell, SEC Faculty
This initial report leverages this body of member experience and examines the range of elements that may serve to define operational excellence and best practices in these critical security services.
 
   Delivering Meaningful Metrics This is Security Executive Council material  
Created By: Marleah Blades, Security Executive Council
If security continues to mature as a business function, senior management will likely ask for a set of metrics to measure performance. Security leaders should prepare meaningful metrics that inform management and improve security effectiveness. Marleah Blades reports on insight shared from the Next Generation Security Leader program's exploration of the development and communication of meaningful security metrics.
 
   Demonstrating Safety and Security Program Value to Executive Management with Metrics This is Security Executive Council material  
Created By: Dean Correia, Security Executive Council Emeritus Faculty
One of the biggest challenges facing many safety and security practitioners today is effectively and consistently communicating the value of their security program.
 
   Demonstrating Security Program Value to the C-Suite This is Security Executive Council material  
Created By: Dean Correia, SEC Faculty
Dean Correia, Emeritus Faculty - Canada, participated in a panel with other security practitioners to discuss how to demonstrate security program value to the C-Suite.
 
   Development of an Insider Threat Program This is Security Executive Council material  
Created By: Security Executive Council
The SEC created a graphic that depicts the main elements of a insider threat program.
 
   Do You Need a Security Service and Technology Roadmap?  
Created By: Security Executive Council
A roadmap is a method of strategic planning that communicates a plan for initiatives at an organization. Organizations of all types can use roadmaps to optimize costs, advance mission performance, and coordinate efforts.
 
   Don't Delay Development This is Security Executive Council material  
Created By: Dean Correia, Security Executive Council Emeritus Faculty
Just like any business objective, you need to develop a plan for your development. Your development means the growth of your team. Realizing the need to develop the next generation of security leaders, the Security Executive Council and its partners led a one-day development program in Seattle on March 4 for the next generation of security leaders. If you want to advance, you have to develop a successor.
 
   Early Fraud Detection: The Secret to Security ROI?  This is Security Executive Council material  
Created By: SEC
What if, by offering a particular service, Corporate Security could show a level of loss prevention or recovery that dwarfed its cost? It would be the ROI Holy Grail a lot of security leaders have spent their careers wishing for. But does it exist?
 
   Economic Espionage and the Growing Case for Corporate Counterintelligence (CI) This is Security Executive Council material  
Created By: John Slattery, SEC Emeritus Faculty
A CI program can and should act as a force multiplier for other corporate security initiatives. CI integration with information assurance and cyber security assets is especially important.
 
   Emerging Issue Awareness This is Security Executive Council material  
Created By: Security Executive Council
Being aware of emerging issues affecting the security of the company means making sure your senior management is never caught by surprise. It means keeping tabs on happenings and changes within the company; its industry; the security industry; business in general; technology; crime; local, national and global politics and threats; and any other arena that could impact the organization. This article gives some insight into the challenges related to these emerging issues.
 
   Event Risk Analysis Template  This is Security Executive Council material  
Created By: Security Executive Council
An Event Risk Analysis template can help identify and organize risk factors to assist organizations making informed event security decisions.
 
   Exploring Our Value Story This is Security Executive Council material  
Created By: George Campbell, Security Executive Council Emeritus Faculty
Our value has to be connected to our success in measurably impacting risk. What are the measures, and how are you communicating the critical messages? Sure, every program is delivering some statistics — typically lists of incidents or activities that they sell as “metrics.” But real metrics inform by creating a storyline that implies the need for action. Lists are just the nails you use to build these stories.
 
   Facility Criticality and Mitigations Option Tool This is Security Executive Council material  
Created By: Security Executive Council
While it would seem that the security organization ought to play a role in developing the enterprise risk assessment (ERA), often they are not. Because of this, the classification of security risk areas, such as facilities by criticality and risk mitigation options may not correspond with classifications identified in the ERA. A more holistic view of risk would better serve the organization.
 
   Faculty Advisor: Concept of Operations and Why It Should Be In Your Toolkit This is Security Executive Council material  
Created By: George Campbell, SEC Emeritus Faculty
One way to achieve clarity and buy-in for security programs is to create a concept of operations (ConOps) document.
 
   Faculty Advisor: Contract Security Challenges and Strategies: Part I This is Security Executive Council material  
Created By: Heather O’Brien, Security Executive Council Content Expert Faculty
Contract security is often a large ticket item on any company’s P&L; unavoidably drawing the attention and sometimes scrutiny to your annual spend. Having the right processes in place and the right team of people assigned to support those processes can be an ongoing challenge - here are some tips.
 
   Faculty Advisor: Contract Security Challenges and Strategies: Part II This is Security Executive Council material  
Created By: Heather O’Brien, Security Executive Council Content Expert Faculty
Utilizing the right quantifiable KPI metrics can illustrate the effectiveness of your security program and demonstrate your ROI on every security dollar spent. The results can be powerful in the C-suite when defending your security budget. Meaningful KPIs are also an excellent tool for managing you contract security provider.
 
   Faculty Advisor: Establishing a Global Security Operations Center This is Security Executive Council material  
Created By: Neil Johnston, Subject Matter Expert Faculty, SEC
A reader asks: We are discussing establishing a GSOC to support our company and security organization. Since this is new to us, could you supply some fundamental considerations we should be thinking about?
 
   Faculty Advisor: Is Transitioning to Private-Sector Security a Good Option for Me?  This is Security Executive Council material  
Created By: J. David Quilter, Security Executive Council Faculty Emeritus
Question: I am considering whether a career in corporate security would be a good option. What steps do I need take to determine if there are enough opportunities in security to make this a good decision? Can you offer some advice on a career path for me? Read SEC Faculty member David Quilter's answer to this question.
 
   Five Essential Considerations for Establishing a Valued Global Security Operations Center (GSOC) This is Security Executive Council material  
Created By: Security Executive Council
Five key considerations from SEC subject matter experts.
 
   Forces of Change: What's on Senior Management's Radar and the Potential Impact on Your Security Strategy  This is Security Executive Council material  
Created By: Security Executive Council
We've tracked a few trends of executive interest that are likely to come up in board meetings and hallway conversations. If you're not ready to talk about your response to these issues, now is a good time to examine them.
 
   Four Interdependent Risk-Based Functions of Business Continuity Planning This is Security Executive Council material  
Created By: Security Executive Council
A chart that highlights the four interdependent risk-based functions of continuity planning: assessment of business needs and risks, and preparedness for, response to, and recovery from emergencies.
 
   Get Ahead of Social Media Reputational Risk 
Created By: Security Executive Council
Negative social media buzz - whether factual or fictional - can quickly damage brand reputation and value. Security practitioners can help protect the organization by having a clear plan for dealing with events.
 
   Global Survey of Workplace Hotline Reports Shows Significant Improvements in Some Key Industries – Data Obtained from 650 Companies This is Security Executive Council material  
Created By: Security Executive Council
The Security Executive Council's 2007 Corporate Governance and Compliance Hotline Benchmarking Report provides a key set of benchmark data for corporations in 10 industries.
 
   GSOC: Business Drivers and Service Scope  This is Security Executive Council material  
Created By: Security Executive Council
The heightened profile of SOCs/GSOCs is likely to continue to pique executive interest in these services well beyond the pandemic. And if you don't already operate a SOC, now may be a good time to learn more and to consider whether one could add value in your organization.
 
   Handling Stress in Crisis Management This is Security Executive Council material  
Created By: Dean Correia, Security Executive Council Emeritus Faculty
We often talk about business continuity in practical, pragmatic terms. But it’s important to remember that when a crisis hits a company, no matter how well prepared that company is, emotions will run high. A fire or flood at a company location, a violent incident or a weather catastrophe that hits multiple stores or facilities across a region: any of these things will cause dam- age, injuries and perhaps deaths. If it’s your company, the people in danger are your friends and col- leagues. If the disaster extends out- side your organization’s walls, your family may be threatened as well. So, in business continuity planning, consider not just the practical, but the emotional factors that will impact preparation, response and recovery.
 
   How Does Your Insider Threat Compare? This is Security Executive Council material  
Created By: Bob Hayes, Managing Director; and Kathleen Kotwica, Ph.D., EVP and Chief Knowledge Strategist, Security Executive Council
A short evaluation of your insider threat vulnerability.
 
   How Firm is Your Security Foundation This is Security Executive Council material  
Created By: Security Executive Council
Sometimes security leaders get so focused on rolling out the "right" programs that they don't stop to think about the foundations those programs will be built upon. Some fall into this trap when they are building a brand-new security department. More often it happens when they are inheriting an existing function and hoping to improve.
 
   How to Design a Tabletop Exercise while Incorporating Public/Private Collaboration This is Security Executive Council strategic alliance partner material  
Created By: Brit Weber, Security Executive Council Emeritus Faculty
This paper provides specific guidance on how to design a tabletop exercise, how to integrate public and private sector stakeholders into the exercise and it includes a simulated critical incident that can be the basis for a tabletop exercise that you manage.
A Tier 1 Leader item available for purchase. Visit our store.
 
   How to Get the Traction Security Needs to Influence the Organization  This is Security Executive Council material  
Created By: Security Executive Council
We all have great ideas for improving security within our organizations. The tough part is getting executive management to listen.
 
   How to Influence with Metrics This is Security Executive Council material  
Created By: George Campbell, Security Executive Council Emeritus Faculty
How will you use the "must have" metrics - both key risk indicators and value indicators - in your organization. You have the data and the results, now how will you use them to influence your business? Think about the results you are seeking, how the measures and data you are communicating are achieving some improved state of security or safety.
 
   How to Plan an Investigation This is Security Executive Council material  
Created By: John Thompson, Security Executive Council Content Expert Faculty
A primer to help non-security personnel conduct effective investigations.
 
   How to Reduce the Cost of False Alarms  This is Security Executive Council material  
Created By: George Campbell
Careful logging of security alarm events can better help determine causes for false alarms, which can represent an area of significant cost reduction for a company and its security operation
 
   How to Use Metrics This is Security Executive Council material  
Created By: George Campbell, Security Executive Council Emeritus Faculty
CSOs generate security data every day. Knowing what to look for and how to analyze it can spell success for a security operation and the organization it serves.
 
   Influential Strategies for Corporate Security This is Security Executive Council material  
Created By: Security Executive Council
A good strategy can mean the difference between Security being thought of as a necessary cost and Security being thought of as an enterprise-level risk partner. The following goals, strategies, and objectives are based on examples we've witnessed as we help organizations move security to that next level.
 
   Insider Threat is a Challenging Organizational Problem This is Security Executive Council material  
Created By: Security Executive Council
Here's how to identify it, set up a plan and prevent failure points.
 
   Interviewing for Your Core Security Team This is Security Executive Council material  
Created By: Security Executive Council
Advice on hiring including questions that can help you decide if a candidate has the skills for the job.
 
   Is it Time for a Corporate Security Maturity Assessment? This is Security Executive Council material  
Created By: George Campbell, SEC Faculty
Maturity is about reliability and indicates levels of acceptance and established practice. A mature process has proven practices that have consistently delivered valued results to the organization. Understanding the current levels of proficiency and acceptance of security processes within an organization should be essential steps in building and maintaining a Corporate Security business plan.
 
   Is Your GSOC Contributing to Operational Excellence? This is Security Executive Council material  
Created By: Security Executive Council
This short self-assessment can be used to help prepare you for a conversation about your GSOC's needs and capabilities with executive management.
 
   Is Your Security Program Viewed as Effective? Warning Signs of Security's Decreasing Influence This is Security Executive Council material  
Created By: George Campbell, SEC Faculty
Does management believe the program is adding value? Does the program have the influence to help eliminate risky business practices? Do employees and management accept the concept of shared responsibility for asset protection?
 
   It Happens. Are You Prepared to Respond? This is Security Executive Council material  
Created By: The Security Executive Council
This briefing provides insight on preparing for and managing all types of critical incidents.
 
   Keeping Your Workplace Violence Program Current This is Security Executive Council material  
Created By: Roz Jackson, SEC Staff
Plan and prepare to dynamically evolve with an ever-changing risk environment.
 
   Key Success Factors I Wish I Had Known: Transitioning from the Public to Private Sector This is Security Executive Council material  
Created By: J. David Quilter
SEC subject matter expert J. David Quilter discusses what he wishes he'd known before he first transitioned to the private sector from a public-sector security career, including the cultural and structural differences, how to translate to corporate speak, and how to be a lifelong learner.
 
   Lack of Executive Support? Hit Them with a Board (Level Risk)  
Created By: Security Executive Council
Half of the respondents to a recent survey lacked confidence in their ability to effectively communicate their value story to key stakeholders. This resource will help you communicate the role security can play in addressing the most significant risks to the organization.
 
   Managing and Defending a Security Budget - Laying a Foundation This is Security Executive Council material  
Created By: Security Executive Council
Don’t be unprepared for a change that could dramatically affect Security’s budget. This article provides valuable insight for corporate security leaders on how to strategically address budgetary issues.
 
   Metrics for Success This is Security Executive Council material  
Created By: George Campbell, Security Executive Council Emeritus Faculty
Creating security metrics is so important that nearly all security leaders interviewed by the Security Executive Council (SEC) for a recent survey stated it was a top priority for them.
 
   Metrics for Success - Nuisance alarms are more than a nuisance This is Security Executive Council material  
Created By: George Campbell, Emeritus Faculty
The reliability of our programs is an essential ingredient of executive confidence and support. If you are looking for a place to focus your quality assurance, shine it consistently on alarm system reliability and response. Whether they be experienced or uninitiated, customers find frequent invalid alarms unacceptable, and they make your responders distrust the validity of calls. When they occur at off-site facilities dependent on law enforcement response, false alarms often cost the company in fines.
 
   Metrics for Success - What is a reportable security violation in your organization?  This is Security Executive Council material  
Created By: George Campbell, Emeritus Faculty
How serious is the notion of compliance in your company? Is your reputation in the marketplace linked to conformance to an established set of laws, rules or standards? Are there protection mandates in the contracts you have with your customers and key suppliers? What are the implications of inadequate security with regard to your insurance? We are a key player in the governance of these internal controls.
 
   Metrics for success - What is the cost of a bad employee?  This is Security Executive Council material  
Created By: George Campbell, Security Executive Council Emeritus Faculty
The knowledgeable insider is at the top of the list of threats to any organization - public or private. Part of our job is to make business leaders aware of the seriousness of this threat by using metrics that catch their attention. This month's graph measures one small aspect of reputational risk: the time involved in resolving an insider misconduct case resulting in termination for cause.
 
   Metrics for Success - What's state-of-the-art in security metrics? This is Security Executive Council material  
Created By: George Campbell, Security Executive Council Emeritus Faculty
File this in the opinion folder. I have always pinned my metrics hunt to that day very early in my CSO career when the boss asked what kind of metrics we had in the can. As I stumbled for a defensible answer, he said, "I want you to think about what metrics we should follow in our organization and why you think they are important for the senior management team." But the more I dig into this security space, the more I have found that measuring and plotting program performance has been an expectation of every boss I've worked for over these past (gulp!) 50-plus years.
 
   Metrics for Success: Accuracy & Integrity  This is Security Executive Council material  
Created By: George Campbell, Emeritus Faculty
There is an old saying that there are three types of lies: “lies, damn lies and statistics.” I won’t dwell on the obvious downside of lies or damn lies in our job, but I will underscore that statistics, when calculated hastily or from poorly managed data, are no better than lies. We must have accuracy and integrity in our use of data and statistics, or we will undermine our initiatives, our programs and our own standing with senior management.
 
   Metrics for Success: Business Alliances and Security's Due Diligence This is Security Executive Council material  
Created By: George Campbell, Security Executive Council Emeritus Faculty
Mergers with or acquisitions of other companies, outsourcing of key business processes to vendors and other strategic alliances may align external organizations with the reputation and well being of your company.
 
    Metrics for Success: Demonstrate a Need for Stronger Background Vetting  This is Security Executive Council material  
Created By: George Campbell, Security Executive Council Emeritus Faculty
A comprehensive background investigation program is critical to the health and integrity of any enterprise — in good times and especially in bad. A worsening of the economy can have a striking impact on the honesty of the employee candidate pool, and it can also affect the quality of internal and external background vetting. Objective: We need to demonstrate to management and HR the impact of the current recession on background investigations and their results, in order to urge greater due diligence in the selection process.
Click to download PDF file
168KB
   Metrics for Success: Demonstrate the Effectiveness of Emergency Response This is Security Executive Council material  
Created By: George Campbell, Security Executive Council Emeritus Faculty
Employee and invitee safety is a core mission of corporate security. Unfortunately, both business and local government resources are under budget pressure that could potentially impact emergency response. We need to encourage continued support by keeping management apprised of our high performance and readiness to respond.
 
   Metrics for Success: Good metrics tell a story This is Security Executive Council material  
Created By: George Campbell, Emeritus Faculty
I am constantly hunting for metrics examples, and I am intrigued by the variety of ways experienced organizations present data. One vital measure of good data is its ability to inform and drive action in a specified direction.
 
   Metrics for Success: It's Time to Get Security Metrics Savvy This is Security Executive Council material  
Created By: George Campbell, Security Executive Council Emeritus Faculty
Security-related metrics are a must. Every business needs to develop and deliver measurable results, including security.
 
   Metrics for Success: Security Issues in Leased vs. Owned Property This is Security Executive Council material  
Created By: George Campbell, Security Executive Council Emeritus Faculty
A company's leasing arrangements may lack the risk-based due diligence appropriate to a standard of protection enjoyed by owned space.
 
   Metrics for Success: The Risks of Outsourcing Information Security This is Security Executive Council material  
Created By: George Campbell, Security Executive Council Emeritus Faculty
Outsourcing has become a fundamental business strategy for most major corporations, but they often overlook the risks that accrue due to the loss of effective business controls over sensitive activities.
 
   Metrics for Success: Who's Accountable for Metrics? This is Security Executive Council material  
Created By: George Campbell, Security Executive Council Emeritus Faculty
Where does accountability lie for the maintenance of a proactive measurements and metrics program?
 
   Metrics For Success: Working with Customers for Better Access Control This is Security Executive Council material  
Created By: George Campbell, Security Executive Council Emeritus Faculty
If you have been reading this column each month, you know of my passion for testing and reporting on the effectiveness of the safeguards we have installed to protect our people and assets. You will not influence anyone with metrics that just count things, but you will with ones that really measure how well you and your customers are meeting your responsibilities to protect the company.
 
   New report offers benchmarks for security budgets, staffing  This is Security Executive Council material  
Created By: Whit Richardson, Security Executive Council Staff
The average security budget as a percentage of an organization's total revenue is 0.07 percent, according to a new benchmark report released by the two-year-old Security Leadership Research Institute, the research arm of the Security Executive Council.
 
   Next Generation Security Leader Development Program: Inside View By Marleah Blades, Senior Editor, Security Executive Council This is Security Executive Council material  
Created By: Security Executive Council
This blog covers the Council's newest initiative, an online executive-level program for security practitioners, led by Council Faculty (current and former CSOs/CISOs) and USC Faculty. Learn more about the program here.
 
   Next Generation Security Leader Forum: Driving Unified Risk Oversight through Global Security Operations Centers  This is Security Executive Council material  
Created By: Security Executive Council
A summary of highlights from a two-day SEC Next Generation Security Leader™ (NGSL) event. This event featured interactive sessions led by security’s most influential leaders. See presentation topics here.
 
   Operational Excellence in Contract Security Performance Measurement This is Security Executive Council material  
Created By: George Campbell, SEC Faculty
The focus of this thought leader paper is on measuring the performance of security service providers. The Security Executive Council believes that there needs to be a more in-depth consideration of what constitutes "excellence" in these operations given the consistent growth of outsourcing to guard service companies.
 
   Personal Safety Guidelines for International Travel This is Security Executive Council material  
Created By: Security Executive Council
Security and safety awareness practices should be part of any travel, but safe international travel demands special preparation.
 
   Physical Security: Assessing the Needs of Your Business This is Security Executive Council material  
Created By: Security Executive Council
Tips to make sure sure physical security makes sense within the context of your business operations.
 
   Planning for Change  This is Security Executive Council material  
Created By: Marleah Blades, Security Executive Council Staff
You have to create a strategic plan knowing that there’s a high likelihood it will change. Does that mean you shouldn’t plan? "Absolutely not,” says Mark Lex, Security Executive Council faculty member and former director of security for Abbott Labs. Over his career, Lex learned through hard-won experience that security strategic planning, done well, incorporates a balance of anticipation and response, detail and flexibility.
 
    Preparing Today's Security Leaders for the Threats of Tomorrow This is Security Executive Council material  
At the Great Conversation conference in Seattle in April, Security InfoWatch had an opportunity to sit down with Francis D’Addario, the former vice president of partner and asset protection for Starbucks and an emeritus faculty member for the Security Executive Council (SEC). D’Addario leads the SEC’s Next Generation Security Leader program, which is designed to provide security executives with the business skills necessary to survive in today’s corporate landscape. For years, many businesses have seen the security department as a cost center rather than a contributor to the organization’s bottom line, so it is crucial for today’s security leaders to show how they’re delivering value to the business.
Click to download PDF file
213KB
   Protest Guide for Security Leaders This is Security Executive Council material  
Created By: Security Executive Council
Ensure your security organization is up to date on intelligence related to potential public disturbances. Reach out to public partners and other local organizations to collect and share information. Help your organization analyze its risk and take action in areas that may be impacted by civil unrest.
 
   Ranking Security Performance This is Security Executive Council material  
Created By: Security Executive Council
If you assess and rank your performance proactively rather than waiting to be asked, you may be exempt from management requirements to perform ranking assessments their way later. A maturity assessment is one way to do this.
 
   Reimagine Risk and Security: Evolving Beyond COVID  This is Security Executive Council material  
Created By: Security Executive Council
If we want to adapt to an uncertain future, we first must look at what we're doing now, why and how we're doing it, and then examine whether that model matches the reality we are facing.
 
   Remembering The 3 Cs Can Ensure A Successful Evacuation Plan This is Security Executive Council material  
Created By: John McCarthy, Security Executive Council Emeritus Faculty
Emergency situations tend to confuse and panic employees, but a carefully crafted evacuation plan can provide a degree of order and discipline to an otherwise chaotic situation. From the October 2007 issue of AC&SS magazine.
 
   Responding to a Changing Risk Picture in an Economic Downturn This is Security Executive Council material  
Created By: Security Executive Council
Security leaders should think ahead proactively about possible business changes and developing strategic plans for this scenario.
 
   SEC Security State of the Industry: Could Your Security Program Fall Below Industry Standard of Care Resulting in a Finding of Negligence? This is Security Executive Council material  
Created By: Security Executive Council
A study of recent case law involving workplace violence programs.
 
   

Security Alert - Enterprise Risk Management This is Security Executive Council material  

Created By: George K. Campbell and Richard A. Lefler, Security Executive Council Emeritus Faculty
When the economy’s down and budgets are stressed the threat level rises. This article addresses the importance of adopting an enterprise risk management perspective as a recession coping strategy.
Resource is for Tier One Leaders only
Resource is for Tier One Leaders only
   Security Barometer: How is Your Organization Approaching Assessing Risks? This is Security Executive Council material  
Created By: Security Executive Council
In this Security Barometer poll, security practitioners shared the steps they use to assess risk and how well they feel their organization is tackling significant security risks overall.
 
   Security Metrics in Context This is Security Executive Council material  
Created By: George Campbell, Security Executive Council Emeritus Faculty
An excerpt from George Campbell's Measures and Metrics in Corporate Security.
 
   Security Metrics: Measuring Performance This is Security Executive Council material  
Created By: Security Executive Council Staff
These articles cover the use of tools such as Key Performance Indicators (KPIs) and balanced scorecards to help you set long-term goals and to evaluate and monitor your progress toward achieving those goals, along with sample charts to generate ideas for KPIs.
 
   Security Risk Assessment Success Factors This has been vetted by Security Executive Council  
Created By: Security Executive Council
Several of our subject matter experts collaborated to develop the following list of security risk assessment success factors, based on their experience and our collective knowledge.
 
   Security Risk Assessment: What Not to Do This is Security Executive Council material  
Created By: Security Executive Council
Research has led us to believe that a significant percentage of risk practitioners are conducting risk assessments that underperform. Don't repeat these mistakes when planning your next risk assessment.
 
   Security State of the Industry (SSoI): Security Leader and Program Value Potential and its Relation to Being Valued by the Business This is Security Executive Council material  
Created By: Security Executive Council
The SEC has been studying programs and leaders for many years now. Our value potential assessment was created to identify the elements of success; find ways to benchmark various leadership styles against programs; and help our security leaders conduct a self-assessment of their program.
 
   Security State of the Industry: Measuring Security Leader and Program Value Potential and its Relation to Being Valued by the Business. This is Security Executive Council material  
Created By: Security Executive Council
After the next crisis happens, will you be ready to quickly explain security's value to the business?
 
   Security State of the Industry: The Emerging Role of Information Protection and Counterintelligence (CI) in Corporate Security This is Security Executive Council material  
Created By: Security Executive Council
When you hear counterintelligence, many think about it in military terms. But corporations are now being targeted at such a high rate that it's creating an urgent responsibility for corporate security to address the issue.
 
   

Security Training Resources This is Security Executive Council material  

Created By: Security Executive Council
The Council conducted research on the skill set today's successful leaders have or have incorporated into their teams. This includes government skills, organizational knowledge, IT security, executive leadership skills, business essentials and emerging issue awareness. Next we gathered from Tier 1 Security Leaders, staff and faculty, recommendations for training courses, certifications, books, online content repositories and degrees available from professional associations, trade associations, for-profit training organizations, and colleges and universities. This document is the result of this effort to date. Send your training recommendations to contact@secleader.com
Resource is for Tier One Leaders only
Resource is for Tier One Leaders only
   Security's Role in Corporate Social Responsibility This is Security Executive Council material  
Created By: Greg Kane, Director, IT and Product Technology, Security Executive Council
Corporate Social Responsibility (CSR) programs should consist of business-driven strategies that also support social benefits. This article discusses security's role and how to get your CSR program started.
 
   Security’s Role in Corporate Social Responsibility  This is Security Executive Council material  
Created By: Greg Kane, Security Executive Council Staff
If your Board of Directors and CEO have begun asking you about social responsibility, you’re not alone. The Security Executive Council has noticed an uptick in the number of security executives being asked to run corporate social responsibility (CSR) programs for their organizations.
 
   Site Risk Assessment Scoring Template  This is Security Executive Council material  
Created By: Security Executive Council
This scoring template is one option. It provides a visual structure for your results, which may help facilitate high-level examination of gaps in policy and safeguards and site-specific consideration of improvements.
 
   Site Risk/Threat Assessment Ranking Template This is Security Executive Council material  
Created By: Security Executive Council
Understanding the nature and scope of security-related risk is a basic expectation of a corporate security program and those engaged in asset protection. The risk assessment process provides for a critical evaluation of mitigation programs.
 
   Six Questions to Ask Yourself About Security Risk Assessments This is Security Executive Council material  
Created By: Security Executive Council
Businesses are more in tune to risk than ever before. Corporate leaders have improved their understanding of the role risk assessments play; however, Security and the rest of the business are not always in agreement on the "why" and the "how". Therefore, Security's risk assessment activities may not be in line with the rest of the organization.
 
   Smart Security: Practices That Increase Business Profits This is Security Executive Council material  
Created By: J. David Quilter, SEC Emeritus Faculty
Learn how to identify the root causes of business loss through communicating with business leaders and understanding operations, and how to hold a frank and open discussion on loss when dealing with business risk.
 
   Solution Innovation Case Study: Emerging Issue: Investigative Program Ownership/Responsibility Confusion  This is Security Executive Council material  
Created By: Security Executive Council
This case study is a demonstration of a Security Executive Council (SEC) service offering for Tier 1 Leader™ companies that experience "investigative confusion." This includes multiple departments with ownership of various aspects of investigations, lack of inter-departmental communication and reporting, and inefficiencies that could result in company brand damage or monetary losses.
 
   Strategic Master Plan for Corporate Security and KPIs This is Security Executive Council material  
Created By: Security Executive Council
The process will be slightly different for any given organization based on industry, risk appetite, organizational structure, and acceptable residual risk levels. This chart lists some of the main steps the SEC has identified for a successful plan.
 
   Strategic Planning: Program Life Cycle This is Security Executive Council material  
Created By: Security Executive Council
The main elements to create the security strategic plan. The process steps are reviewed on a continuous basis.
 
   The Case of the Reluctant Complainant  This is Security Executive Council material  
Created By: John Thompson, Security Executive Council Content Expert Faculty
Key tips for human resources professionals who are approached with misconduct concerns.
 
   The Essentials of a Physical Security Systems Risk Assessment This is Security Executive Council material  
Created By: Security Executive Council
A brief guide on the essentials of a physical security systems risk assessment.
 
   The Mission is Not Cybersecurity-It's Enterprise Security This is Security Executive Council material  
Created By: George Campbell, SEC Faculty
Security's current business model can deliver on the routine service demands, but our role in meeting these increasingly consequential risks will require a much more inclusive and mature presence.
 
   The Threat of the Malicious Insider: What Is the CFO's Responsibility? This is Security Executive Council material  
Created By: Bob Hayes, Kathleen Kotwica, and Richard Lefler
Malicious insiders can and do perpetrate sabotage; fraud; monetary, asset, and data theft; and critical information leaks that can be far more damaging to the organization than any external attack. Financial executives may not feel directly responsible for managing malicious insider activity, but they are uniquely positioned to help detect, prevent and respond to much of it.
 
    They're Watching You This is Security Executive Council material  
Created By: Walt Clements, Security Executive Council Faculty Member
A heightened sense of awareness to surveillance can be a valuable trait when it comes to ensuring the security of personnel and facility.
Click to download PDF file
321KB
   Things I Learned When Starting a New Security Leadership Role  This is Security Executive Council material  
Created By: Bob Hayes, Managing Director, Security Executive Council
When you're interviewing for a position, you're so busy getting the job that you don't ask the right questions about what the job actually is. My expectations more often than not were beyond the reality of what I was about to walk into. Here are the questions I wish I had asked up front.
 
   Threat/Risk Management Process Chart This is Security Executive Council material  
Created By: Security Executive Council
This chart provides an easy to understand diagram of a process with which to make security risk management decisions. It highlights the important aspects necessary to ensure a proper alignment with the organization's goals.
 
   Three Steps to Overcoming Security Challenges This is Security Executive Council material  
Created By: Security Executive Council
Develop a Stable Foundation, Optimize Security’s Story, and Recognize Opportunities and Limitations
 
   Three Ways to Improve Buy-In from Your Internal Customers  This is Security Executive Council material  
Created By: Security Executive Council
Security can borrow a few pages from the Marketing and Sales playbook to improve engagement by better understanding its constituents inside the organization.
 
   Top 25 Most Influential People in Security This is Security Executive Council material  
Created By: Erin Wolford
Security Magazine's Top 25 Most Influential People in Security 2008 included several Tier 1 Leaders and colleagues: Bruce H. Bonsall (Tier 1 Leader), William R. Ramsey (Tier 1 Leader), Richard Yamamoto (Tier 1 Leader), Jerry Brennan (Faculty), Park Dietz (Strategic Alliance Partner), Frances Fragos Townsend (SEC Exec.BOA), Judge William H. Webster (SEC Exec.BOA), and William Crowell (SEC Exec.BOA).
 
   Top Security Practices for a Resilient Business  
Created By: Security Executive Council
Themes that form a set of best practices (the SEC prefers to use the term "proven practices") that can inform any security practitioner aiming for business continuity excellence.
 
   Transitioning from Risk Assessment to Plan  This is Security Executive Council material  
Created By: Security Executive Council
Conducting a security risk assessment is an essential first step in developing successful security programs. But what should the security practitioner do with the results?
 
   Travel Security Framework This is Security Executive Council material  
Created By: Security Executive Council
If your organization doesn't already have a travel security plan or program in place, the coronavirus outbreak serves as a helpful reminder to begin laying the foundation before the next crisis hits.Here is an abbreviated version of a program development process that has proven effective for several of our clients.
 
   Twelve Indicators of Successful Security Programs  
Created By: Security Executive Council
Over the last 15 years, the SEC has helped hundreds of security leaders guide their programs to the next level. Each organization's journey to security evolution is unique, but success often shares a series of common indicators.
 
   Unified Risk Oversight™ - SEC and Security Leadership Research Institute Foundational Findings  
Created By: Security Executive Council
Bob Hayes, Managing Director of the SEC, introduces the Unified Risk Oversight™ model and the role it plays in protecting leading organizations.
 
   Vendor Resilience Questionnaire This is Security Executive Council material  
Created By: Security Executive Council
Your business continuity plan should identify which vendors provide significant services and products to your organization and rank their criticality to your operations. This vendor resiliency checklist is a starting point.
 
   Wanted: A New Type of Security Leader  This is Security Executive Council material  
Created By: Bob Hayes, Kathleen Kotwica and Francis D'Addario
Today's chief security officers need business knowledge to take their organizations to the next level of risk management. Having that knowledge with better help them articulate the value of their security programs to an organization's bottom line, prove that their programs are cost-neutral, and help them establish a common and shared language for defining risk and mitigation and articulating the success or failure points for any given initiative
 
   What Are Your Peers Working On? This is Security Executive Council material  
Created By: Security Executive Council
This list is a recent snapshot from the SEC's project management tool to show you the kinds of things your peers are working on. It also helps answer the question – what exactly does the SEC do? While this is not a complete list of all the ways we have partnered with security leaders like you, it may help you identify ways you can enhance your security programs as well as your career.
 
   What Should Your Corporate Security Organizational Structure Look Like?  This is Security Executive Council material  
Created By: Security Executive Council
When the question arises, whether due to M&A, development of a new corporate security function, or some other reason, it's helpful to see how corporate security in other companies – companies similar to yours – is structured.
 
   When Your Security Nightmare Comes True  This is Security Executive Council material  
Created By: Bob Hayes, SEC Managing Director
If your worst-case scenario were to occur is your security program defensible? Would you and your security team survive? Could you and your team be held accountable?
 
   When Your Security Proposals Keep Hitting a Wall, Try Looking at Your Security Service Delivery Model  This is Security Executive Council material  
Created By: Security Executive Council
Sometimes the service delivery model can be a leading indicator as to why your ideas for enhancing security are not being funded by executive management.
 
   Why Security Needs to Understand Digital Transformation: A Primer  This is Security Executive Council material  
Created By: Security Executive Council
Internal and external customers expect their transactional experiences to be easy, fast, reliable, and often interactive (e.g., online). More and more, this is accomplished by converting physical processes or reinventing processes through technology.
 
   Why the CSO Is the Hardest Job in the Company - Part I  This is Security Executive Council material  
Created By: Security Executive Council
Being a Chief Security Officer has never been easy, but in recent years external and organizational changes have combined to make the CSO role much more complex.
 
   Why the CSO Is the Hardest Job in the Company - Part II This is Security Executive Council material  
Created By: Security Executive Council
In the first article in this series, we discussed the reasons the CSO has become one of corporate America's most complex jobs. But the SEC knows many CSOs who have built successful programs despite the challenges. Here are a few things we've learned from their experiences.
 
   Your Business is Changing, How Does Security Keep Up?  This is Security Executive Council material  
Created By: Security Executive Council
Game changing risk events require security professionals to reexamine what has shifted in their organization, and what needs to shift in their security strategic and operational plans.