The Most Important Security Program Element

Print Friendly

What is the most important element of your security program?

Regular assessments and audits? A standards-based security management system? Regulatory compliance program? Communications? Security training and awareness?

At security conferences where this question has been raised, attendees have given a wide variety of answers.

What about You?

Aren’t YOU the most important element of your security program?

You make the key decisions and set the direction of the security program, don’t you? You are the one who educates the managers above you and reports to them results and progress relating to security, right?

That’s what prompts the next question: Who gives attention to strengthening and supporting you?

For most security practitioners this is a case of self-leadershipyou are the one who will have to regularly update the scope and perspective of your role, set your personal and program priorities, find the tools to help you and your team members, and adjust your workload so that you have time to consider the future track of things, and give attention to expanding your knowledge and skill.

11 Tools that can Support You

Many practitioners say that—with training, travel and staff cut-backs—they have engaged in less of the educational and networking activities that used to support them.

What’s more, they have a heavier work load and find it difficult to get time to think strategically and plan for increasing the security function capabilities.

Now that broad economic conditions continue to impact most organizations negatively, it’s time to consider low-cost no-travel ways for you to increase the support you provide to yourself in your practitioner role.

Below are eleven tools that practitioners have found to be incredibly helpful in strengthening their position and influence, and advancing their security program without each advance becoming more burdensome to them and their team.

Use Micro-Assessments

micro-assessment-template-cover

When you need to make decisions or prioritize planning for management—but you don't really have enough information to do so—use a Micro-Assessment.

A Micro-Assessment is a narrowly focused short assessment that helps you develop the insight you need for decision-making and planning.

Read more and download a template here.

Make Powerful Presentations

the-presentation-ebook-abela_cover_web

THE PRESENTATION: A Story About Communicating Successfully With Very Few Slides

THE PRESENTATION tells the story of David who, with the help of his boss, Barbara and the enigmatic Professor Edwards, is preparing for the most important presentation of his life.In a few short days, David will have to convince the Board that his division—along with his job and those of all his staff—is worth saving.

He has the data he needs, and he thinks he has a good case, but can he pull it all together in a way that will capture the Board’s attention and pitch his proposal successfully, in just a few slides…? Download the free ebook using the Sign-Up link next to the book cover on the author's website.

cover-conference-room-style-presentation

Or Don't Use Slides at All! Conference Room style presentations are much more effective than projected PowerPoint slideshows, when you have to engage a small group of decision-makers. To learn how download the free 17-page instruction book by Andrew Abella: Presenting to Small Audiences: Turn Off the Projector!

Be a 360° Leader

“Lead yourself. That’s where it all starts. Besides, if you wouldn’t follow yourself, why should anyone else?” —John C. Maxwell
360-degree-leader-cover

The 360° Leader: Developing Your Influence from Anywhere in the Organization, by John C. Maxwell, is a book about the unique challenges faced by people who desire to lead from the middle of their organization.

As a security practitioner, you have a significant opportunity to exercise influence in all directions—up (to the boss), across (among your peers), and down (to those you lead). The good news is that your influence is greater than you know, and you will be pleasantly surprised at how easy it is to begin applying the insights in this book.

When you have support from all around you in the organization, many aspects of your job become much easier, and your career path is very positively affected.

Download and read a summary here, or just get the book from the title link in the paragraph above.

Get Recorded ASIS Annual Conference Sessions for 50¢ each

cover-ASIS-recorded-sessions

ASIS records nearly all of the educational sessions in its Annual Seminar & Exhibits.

Go here to see how you can get each year's entire Annual Seminar collection (2005-2012) for about 50¢ per session!

Click to view example slide in another window

This same page also provides free access to a Special Webinar Session: Enhanced Performance through Standards.

View the example slide in a new window.

Strengthen You Framework for Investigations

Corporate Investigations for Non-Security Professionals

There is a lot more to investigations than just finding out “who did what when”. Protecting your organization’s people, property and reputation includes respecting privacy, considering the appearance of bias or discrimination, plus legal considerations.

That includes avoiding unintentional false impressions or creating a basis for legal action against the company or any individual in it.The tricky thing is that non-security personnel—meaning managers, supervisors and executives—can unknowingly cause problems because they are usually the first ones who learn of misconduct or criminal actions and missteps due to their inexperience can be costly.

Download a free preview here.

Use a Standards-Based Security Management System

ASIS Standard: Physical Asset Protection

Having a standard process for managing and improving security operations can significantly lighten the burden on a security practitioner and his or her team. That’s what the ANSI/ASIS standard for Physical Access Protection is about.

If your company has a business unit using an existing ISO management standard, you may get significant help and support in establishing your own security management system. However, that is not a requirement to implement the standard and lighten your workload as a result.

Download the 2012 Physical Asset Protection standard document. It's free if you are an ASIS member, $142.00 for non-members (which is about the cost of an annual membership—something to consider).

Utilize Actionable Security Metrics

Did you know that there is no security program or function you own or share that fails to possess some associated metrics?

It may be said that effectively communicating and advertising how enterprise protection solutions contribute value to the business is related to an ability to inform and tell stories around solid, well-crafted security metrics.

—George Campbell (former Chief Security Officer at Fidelity Investments, the world’s largest privately owned financial services firm)

You can use security metrics to:

  • Track key risk indicators
  • Set security program and staff improvement priorities
  • Reflect the demand for security services
  • Demonstrate security cost-effectiveness
  • Stay on top of security operations performance
  • Present customer-rated security effectiveness
  • Track your ability to influence key company stakeholders
  • Show security's contributions to business mission and strategy
  • Justify security expenditures

Get the following books and start identifying the actionable security metrics available to you now!

Security Metrics Management

Security Metrics Management: How to Manage the Costs of an Assets Protection Program

by Gerald L. Kovacich CFE CPP CISSP and Edward Halibozek MBA

Over 100 checklists, flowcharts, and other illustrations depict examples of security metrics and how to use them in the context of corporate security

About $59 on Amazon, about $45 for the Kindle edition

Preview on Google Books!

Security Metrics: Replacing Fear, Uncertainty, and Doubt

Security Metrics: Replacing Fear, Uncertainty, and Doubt

by Andrew Jaquith

Security Metrics successfully bridges management’s quantitative viewpoint with the nuts-and-bolts approach typically taken by IT security professionals.

About $36 on Amazon, about $27 for the Kindle edition

This book is about security metrics: how to quantify, classify and measure information security operations in modern enterprise environments.

It is a book about current information security measurement practices, as opposed to theoretical ideas.

Preview on Google Books!

Take the Next Step

Grab the tool that resonates the most with you, and increase your power and capabilities while easing the management burden that you now carry.

Don't you deserve the support?