There is no custom code to display.

Rate Your Security Program

Rate Your Security Program

Print Friendly, PDF & Email

Most security practitioners don’t get the chance to assess their security programs often enough.

So, to make it easier, I collected together several evaluation approaches that practitioners have found valuable.

They deal with factors determining how easy or hard it is for you to:

  • (a) manage the costs and effectiveness of your program
  • (b) gain broader and more active support within your organization

These approaches are likely to reveal opportunities for improvement from perspectives you have not considered before.

Here are some reasons for taking a special look at your security program and its parts:

  • You inherited the security program from your predecessor, you understand it well enough now and you want to being making improvements.
  • You’d like to start with immediate improvements that could free up your time and attention so you can then focus more on long term improvements.
  • Some program elements need “shoring up”—due to personnel changes or other factors—and you want restore their effectiveness and stability.
  • You’d like to delegate more day-to-day responsibilities and need to figure out where to start.
  • Management has requested a number of security improvements, or has expressed a general interest in improvements, and you need to develop a prioritized list to consider.
  • In order to prepare an annual budget request that includes security program improvements, you need to identify improvements worth making.
  • You’d like to formalize the security program more so that less of the daily activity is ad hoc and more of it is according to plan and established procedure.
  • You want to enhance the skills and knowledge of your personnel according to current and future security function needs.

Why Review or Rate Your Security Program?

Over time, the individual elements of a security program tend to drift what was originally intended, for any number of reasons.

As security responsibilities grow, it can be difficult to make improvements without overloading the existing staff, as well as the head of the security function. When gaps are recognized, or improvements are being considered, it’s important not just to review the people and technology, but also the processes by which security is performed. Without a good handle on security processes, security personnel and security technology are not likely to be as effectively as they could be for you. But all three aspects (people, process and technology) are related, and so these approaches for evaluation address both people and process elements.

  • Manageability provides a detailed chart to help assess your program’s manageability. It also helps you see how to get from where you are now to where you want to be, including lightening your own burden and making it easier for your personnel to do more.
  • Business Alignment provides both a way to rate how closely your program aligns with the business, according to the various stages of security’s focus on, and participation in, the business. Additionally, it presents a way to report this status to security stakeholders.
  • Security Ladder of Involvement is a way to examine and rate the current status of security stakeholders, and also to set short and long term objectives for their roles in supporting security.
  • Relationships and Allies provides a set of questions and a basic chart you can customize for examining the strength and sufficiency of the Security function’s internal organizational relationships and allies.
  • The Prioritizing Tool has two purposes. First, you can use it to gain consensus among security stakeholders, be they top-level decision makers or business unit managers whom the Security function supports. Second, it can be used as a basis for exploratory discussions (one-on-one or in a group) to gain additional insight into the thinking of those responsible for the organization’s critical assets and critical processes.

    The Handbook of Physical Security System Acceptance Testing

    Print Friendly, PDF & Email

    Written by Ray Bernard and Don Sturgis, this is the first-ever comprehensive reference on Physical Security System Acceptance Testing!

    Publication Date: Winter 2017.

    Assure on-time and on-budget deployments for your security system projects!

    Take a peek at the Table of Contents here.

    A Security Executive’s Bill of Rights and Responsibilities

    Print Friendly, PDF & Email

    Republished from Ray’s blog: The Security Minute
    The Security Executive has the right and responsibility:

    1. To develop security objectives, strategies and policies for the organization, for Senior Management approval or amendment.
    2. To identify security risks to the organization’s critical assets and business functions, and their potential business impacts.
    3. To identify and develop security risk mitigation options and recommendations, including their costs and business impacts, for Senior Management approval or amendment.
    4. To monitor for and identify changes to the security risk picture, and to timely act on them.
    5. To keep the Senior Management timely informed about changes to the security risk picture.
    6. To keep Senior Management timely informed about the current state and rationale of corporate asset protection and legal and regulatory compliance.
    7. To have adequate organizational resources allocated for the achievement and implementation of the security objectives, strategies and policies approved by Senior Management.
    8. To receive visible support from the Senior Executives regarding the approved security objectives, strategies and policies, and their related security initiatives.
    9. To implement corporate security as an ongoing process, by means of a security management system that incorporates continuous process improvement.
    10. To plan and execute security programs and projects to achieve the security objectives and implement the security policies set or approved by the Senior Executives.
    11. To maintain his or her continuing education in the field of enterprise security risk management.

    (Note: Senior Management means the senior executives of the organization such as the Chief Executive Officer, Chief Operating Officer, Chief Financial Officer, Chief Risk Officer and anyone in charge of a principal business unit or function.)

    Back to: Security Bill of Rights

    Senior Management’s Security Bill of Rights and Responsibilities

    Print Friendly, PDF & Email

    Republished from Ray’s blog: The Security Minute
    Senior Management has the right and responsibility:

    1. To be informed about security risks to the organization’s critical assets, their potential business impacts, and to be timely informed about changes to the security risk picture.
    2. To be informed about the organization’s security risk mitigation options including their costs and business impacts.
    3. To set or approve the organization’s security objectives, priorities and strategies.
    4. To approve or amend security high-level policies and planning.
    5. To approve or amend large-scale security programs and projects.
    6. To provide visible support for the approved security objectives, strategies and policies, and their related security initiatives.
    7. To be accurately informed about the current state and rationale of corporate asset protection and legal and regulatory compliance.
    8. To keep ownership accurately informed about the current state and rationale of corporate asset protection, and legal and regulatory compliance.
    9. To be accurately informed about current and projected security costs.
    10. To be timely informed about security incidents, their actual and potential business impacts, and the organizational response actions planned and under way.
    11. To establish a Chief Security Officer or other senior security executive position to lead and manage the organization’s security functions. (In a small organization this responsibility may be assigned to an executive or manager with other non-security responsibilities.)
    12. To see that security is implemented as an ongoing process, by means of a security management system that incorporates continuous process improvement.

    (Note: Senior Management means the senior executives of the organization such as the Chief Executive Officer, Chief Operating Officer, Chief Financial Officer, Chief Risk Officer and anyone in charge of a principal business unit or function.)

    Back to: Security Bill of Rights

    A Security Bill of Rights for Ownership

    Print Friendly, PDF & Email

    Republished from Ray’s blog The Security Minute
    Ownership has the right:

    1. To be accurately informed by Senior Management about the current state and rationale of corporate asset protection and legal and regulatory compliance.
    2. To be timely informed by Senior Management about major security incidents, their actual and potential business impacts, and the organizational response actions planned and under way.
    3. To approve or amend the organization’s security objectives, priorities and strategies if desired.
    4. To approve or amend security high-level policies and planning if desired.
    5. To approve or amend large-scale security programs and projects if desired.

    Back to: Security Bill of Rights