Security's Biggest Challenge
Created by the Security Executive Council
A Sampling of Comments from ParticipantsWe received many interesting comments on this survey. There were too many to list them all, but here are a few (edited to preserve anonymity).
Insight on Addressing the Challenges...
Security is not seen as a true business partnerWhen senior management does not understand the range of services and capabilities of the Security department or Security staff has trouble explaining to management the value of what the department does, it is time to examine the methods being used to communicate to executives. Too often security leaders think they know what resonates with their management but fail to see that creating a list of their programs is not sufficient for most thoughtful executives.
What is the most important concept you need to communication to management?
Security is not making an effective business case for its value to the organizationFor many years the SEC has been offering insight to security leaders and a common theme is the importance of showing the value Security brings to the organization. The SEC's Measures and Metrics program guides Security away from the easy counting of activities or incidents to presenting meaningful metrics that presents a strong business case to executive management.
Persuading senior management with effective, evaluated security metrics
Security is continually asked to do more with fewer resourcesToo often we see security leaders overly confident with their programs and their standing within the organization. Almost without fail they are eventually faced with an unforeseen shakeup in management that forces them into a defensive stance. Having a strong, fact-based argument, such as that provided by the SEC's Internal Value Analysis process, allows the security leader to defend against attacks on budgets and position the security leader to offer strong business cases for alternatives.
Managing and defending a security budget – laying a foundation
There is a mismatch between Security's mission and management's perception of what we should be doingUltimately the role of Security is not to guard access to a facility or to help mitigate insider threats. Rather, it is to help empower the organization to achieve its goals. Frequently executive management and security leaders are not seeing eye to eye regarding the programs and methods that best enable the organization. The SEC's Enterprise/Security Risk Assessment (E/SRA) has been hugely successful in finding ways to connect Security with executive management on the things that matter most to the organization. An E/SRA is not about checking elements off a list; it helps Security align with the organization's goals and provides an opportunity for security leaders to build stronger ties with top executives.
Contact us for more information about the SEC's Enterprise/Security Risk Assessment.
Much of the Security staff does not think strategicallyMany people within security departments are satisfied being in the proverbial trenches dealing with the day-to-day gritty details of safeguarding organizations from threats. For those that want to lead programs, a strategic view of the battlefield is required. Unfortunately, gaining the experience and knowledge to be effective at a strategic level is difficult. The SEC offers the Next Generation Security Leader (NGSL) program to provide the opportunity to learn from those that have successfully made that transition to strategic leadership.
The evolution of security leadership
Security is unsure security programs are as good as they can beBeyond death and taxes, one thing you can be certain of is that the threat/vulnerability landscape is constantly changing. What is not so clear is whether your security programs are keeping up. The SEC applies its successful experience running programs for some of the most admired organizations in the world when conducting security program reviews. It is our experience that sets apart our holistic all-hazards view point from the alternatives.
More information about Security's challenges and the proven solutions the SEC can offer you can be found here
For more information on this topic see Security Leadership: Development
Watch our 3-minute video to learn about how the SEC works with security leaders. Contact us at: contact @secleader.com.
Copyright Security Executive Council. Last Updated: July 23, 2018
You can download a PDF of this resource below.