Secrets to Success: A Risk Based Security Program
The number of security leaders, who want to create a business-based security department that provides value and is valued by the enterprise, is growing. Through extensive research the SEC has found several actions that top security leaders undertake to fulfill this goal. One of them is creating a security program that is risk based and aligned with organizational goals. Here are some take-aways from that research.
Questions You Need to Answer
Are your programs based on risks agreed upon across the enterprise?
Are you using the same language the Board uses to express these risks?
When and where does Security mitigate those risks?
Key Points You Need to Put Into Action
Define the relationship between your company’s strategic business objectives and the alignment of risk mitigation and security programs.
Adjust security program creation to match vulnerabilities and threats (risks) identified with the future direction of the company. The greater the alignment between the goals of the business units and the security programs developed to support these goals, the greater the success of the company and the security leader.
Delineate the structural issues surrounding the development of security programs, including program maturity, cost considerations, emerging risks and a growing body of regulatory and compliance issues.
Have you conducted a security risk/threat/vulnerability assessment?
Without doing a risk assessment how are you deciding which security controls should be put in place?
If you have conducted an assessment - do you regularly re-assess?
Next StepsThe Security Executive Council has the experience to help guide your exploration into what makes a security program risk based and aligned with the organization's mission. Contact Us to learn how you can leverage our experience to your advantage.
Click here to read more about what the SEC offers.