Security Barometer Results: Security's Biggest Challenge
The role of the Security function is essentially identifying and mitigating security risks to the organization. While difficult enough that is arguably not the biggest challenge Security is confronted with. In this Security Barometer we wanted to investigate the hurdles that Security must overcome within their organizations to accomplish their goals.
A Sampling of Comments from ParticipantsWe received many interesting comments to this survey. Unfortunately, there were too many to list them all. Here is a selected subset of comments provided by the respondents to the survey - the comments have been edited to preserve anonymity.
Insight on Addressing the Challenges...
Security is not seen as a true business partnerWhen senior management does not understand the range of services and capabilities of the Security department or Security staff has trouble explaining to management the value of what the department does it is time to examine the methods being used to communicate to executives. Too often security leaders think they know what resonates with their management but fail to see that creating a list of their programs is not sufficient for most thoughtful executives. The SEC have years of successful experience assisting security leaders with optimizing their communication materials and techniques to make that connection with executive management.
What is the most important concept you need to communication to management?
Security is not making an effective business case as to its value to the organizationFor many years the SEC has been offering insight to security leaders and a common theme is the importance of showing the value Security brings to the organization. The SEC's Measures and Metrics program guides Security away from the easy counting of activities or incidents to presenting meaningful metrics that presents a strong business case to executive management.
Persuading senior management with effective, evaluated security metrics
Security is continually asked to do more with less resourcesToo often we see security leaders overly confident with their programs and their standing within the organization. Almost without fail they are eventually faced with an unforeseen shakeup in management that forces them into a defensive stance. Having a strong fact-based argument, such as that provided by the SEC's Internal Value Analysis process, allows the security leader to defend against attacks on budgets as well as position the security leader to offer strong business cases for alternatives.
Managing and defending a security budget â€“ laying a foundation
There is a mismatch between Security's mission and management's perception of what we should be doingUltimately the role of Security is not to guard access to a facility or to help mitigate insider threats. Rather, it is to help empower the organization to achieve its goals. Frequently executive management and security leaders are not seeing eye-to-eye regarding the programs and methods that best enable the organization. The SEC's Enterprise/Security Risk Assessment (E/SRA) has been hugely successful in finding ways to connect Security with executive management on the things that matter most to the organization. An E/SRA is not about checking elements off a list, instead it helps Security align with the organization's goals and provides an opportunity for security leaders to build stronger ties with top executives.
Contact us for more information about the SEC's Enterprise/Security Risk Assessment.
Much of the Security staff does not think strategicallyMany people within security departments are satisfied being in the proverbial trenches dealing with the day-to-day gritty details of safeguarding organizations from threats. For those that want to lead programs a big picture strategic view of the battle field is required. Unfortunately, gaining the experience and knowledge to be effective at a strategic level is hard to come by. The SEC offers the Next Generation Security Leader (NGSL) program to provide the opportunity to learn from those that have successfully made that transition to strategic leadership.
The evolution of security leadership
Security is unsure security programs are as good as they can beBeyond death and taxes one thing you can be certain of is that the threat / vulnerability landscape is constantly changing. What is not so clear is if your security programs are keeping up. The SEC applies its successful experience running programs for some of the most admired organizations in the world when conducting security program reviews. It is our experience that sets apart our holistic all-hazards view point from the alternatives.
More information about Security's challenges and the proven solutions the SEC can offer you can be found here
Looking for More?If you would like a more in-depth discussion of how the SEC may be able to assist you in obtaining your goals, contact us.