If You Had Three Wishes
If you could have anything you wanted for your risk management program what would it be?
How Best to Evaluate Security Program Threats, Risks and Mitigation StrategiesHaving a confident and thorough understanding of the current state of your program and how it stacks up to others is an essential part of being a Tier 1 Security Leaderâ„˘. Successful business leaders know that developing plans without first obtaining a comprehensive understanding of the current operating environment is like playing the lottery. The Council's Enterprise/Security Alignment Review pairs security executives with former security executives who have found success in managing risk in corporations. These reviews are specifically tailored to meet the needs of each client and/or company. This program is used to help executives understand the relationship between the company's strategic business objectives and its security programs. Click here to learn more about our Enterprise/Security Alignment Review.
Communicating the Value of Security to Senior ManagementUltimately our jobs depend on our ability to demonstrate the value we bring to the organization. This is not always an easy task and unfortunately sometimes our understanding of our worth does not match what others perceive. In most cases the root cause of this can be tracked down to an inability to effectively communicate the value we or our programs are providing. The Council understands this and has developed many resources to help that have a positive impact. For example, we have presentations developed by former successful executives that can be used for ideas for crafting your own presentations. Our Board Level Risk visual explanation can be used to highlight Security's impact on the enterprise-level risk concerns. We also pair Tier 1 Security Leaders with faculty (former CSO/CISOs) to bounce ideas off of and help craft the right level of messaging.
Defining Appropriate Security MetricsMeasuring performance is critical to understanding how a system is performing. It can also be helpful in demonstrating the value a risk management program is providing. As George Campbell, well known thought leader on the subject of risk management metrics and member of the Security Executive Council Faculty, has stated that measuring performance is not something extra to do, it is a key element of management and an expectation of your position. The Security Executive Council has a library of free advice on creating metrics programs. If you are looking for more focused assistance let us know what you are seeking: firstname.lastname@example.org
Knowing the Total Cost of SecurityOne of the most common questions we are asked by risk mitigation management is how does the cost of their security program compare with others. If you have investigated this issue you know that finding cost of security data is very difficult. The Security Leadership Research Institute is attempting to address this problem through their charter to provide independent and actionable research to the security and risk community. The only cost of joining is a small is a small amount of your time. Click here to find out more about what you can get from participating in the Security Leader Research Institute.
Here is an example of the type of requests the Security Executive Council has successfully responded to for their Tier 1 Security Leaderâ„˘ participants: