• No results found

DEVELOP PROGRAM COLLECT DATA. CREATE ALIGNMENT Change Management Process People & Roles Core Process Technology (Tools) Roadmap

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "DEVELOP PROGRAM COLLECT DATA. CREATE ALIGNMENT Change Management Process People & Roles Core Process Technology (Tools) Roadmap"

Copied!
6
0
0

Loading.... (view fulltext now)

Download now ( 6 Page )

Full text

(1)

Security Risk

Management

Services (SRMS)

(2)

WHY IS SRMS IMPORTANT TO THE SECURITY INDUSTY?

According to many studies, security executives have very little time for aggregating knowledge around the local and global risk picture. As well, they have the same challenge with staying current with best practices and standards in their profession. Finally, like their business counterparts, they must leverage subject matter experts to help research and assess new technology that may impact their strategy and their practices.

Additionally, Organizational Resilience Management (ORM) Standards are evolving. The definition of ORM has been dependent on the experience of risk, resilience, and security professionals across several domains such as business continuity, emergency management, physical and logical security. They are challenged in assisting security executives because of the difficulty in how to introduce change across key management disciplines.

“Culture eats strategy for breakfast.”

– Peter Drucker

Change is difficult for most organizations, especially when confronted with new strategies that disrupt or evolve old behaviors. However, the strategy breakfast is the most important meal of the day. So the question ASG posed is: How do you create a high performance culture, adaptable to change and innovation, while creating and leveraging a comprehensive all-hazards risk mitigation program that redefines how the risk ecosystem behaves?

Risks to Business Risk Appetite Governance Information Management & Reporting Assessment & Measurement Management & Control

ERM

Enterprise Risk Mangement People, Process, & Technology Plan

Strategic Outcomes

Baseline Performance Data

ESRM

(3)

We are finding that security executives are longing for a fresh perspective on how to organize and optimize their people performing roles in core processes using technology or tools. A baseline understanding of their current measures of performance are needed before a strategy and plan can be developed. As well, consideration over the culture is paramount.

• How do you create effective and empowered leaders?

• How do you provide them clarity in their purpose and mission?

• How do you create a highly adaptable organization that has a culture of resilience and a culture of continuous change and continual improvement?

UNIFYING BUSINESS AND SECURITY DRIVERS

Security executives can take a page from business executives and move to understand how their organization’s investment in security is inextricably tied to their business drivers and their core processes. They must know their current program performance baseline which will include measures of risk defined by them and their internal stakeholders as well as the efficiencies of their people delivering core processes through technology.

The technology baseline represents potential value creation through mitigation of risk and opportunity. But it must have measures of performance as well. Many of these measures can be expressed across the “ilities”:

• Availability • Reliability • Sustainability • Maintainability

But technology without adapting the people, processes, and tools first, will accelerate problems. If done with a proper methodology, organizational resilience truly becomes the capacity to be adaptive in a complex and changing environment.

To do this well will require a collaborative effort between many management disciplines which are usually silos within an organization. This can be accepted but the measures and feedback from security executives are clear: the more you can integrate the silos – the more time, money and resources you will save and the more secure you will be.

SECURITY RISK MANAGEMENT SERVICES AND ASG

There is a category of services that are emerging that will help navigate this journey. We call this new segment of providers “Security Risk Management Services” or SRMS. A SRMS provider can operate in one of the consulting, services, or technology areas. What differentiates them is their knowledge of their role and competency in helping unify the language, processes, and information management architecture of Enterprise Security Risk Management (ESRM).

(4)

Ultimately, organizations will need to find, assess, contract, and manage the external domains of knowledge and resources within the SRMS category if they truly want to create ESRM. Few organizations have the resources and skills needed to do this ASG believes there is a need and demand to orchestrate the emerging SRMS vendor community

and the internal stakeholders against the needs of the organization.

Aronson Security Group (ASG) has developed a holistic practice around Enterprise Security Risk Management (ESRM) that creates strategic continuity between an organization’s goals and their risk, resilience, and security programs.

ENTERPRISE SECURITY RISK GROUP FOR SRMS

The practice is being deployed within ASG by the newly formed Enterprise Security Risk Group (eSRG). This group has helped guide ASG into a leadership position in the emerging Security Risk Management Services (SRMS) market. The elements that should be deployed by companies in the SRMS market include:

• Defining a common language around risk

• Creating a baseline understanding around all risk owners and their risks

• The formation of an integrated dashboard around risk • Clear measures of performance for people, processes, and

technology

• A Strategic Process and Roadmap for technology

identification, evaluation, acquisition, deployment, and

performance monitoring

• Program Management Augmentation • Strategy and Leadership

• Change Management • Performance Management • Technology Management

• Risk management/mitigation strategies and programs

ADVISORY Inform on critical decisions & strategy EXECUTIVE Align organizational

risk & goals

PERFORMANCE

Measure & improve organizational strength TECHNOLOGY Maximize investments of critical system components

eSRG

Peop le, Pr

ocess, Metrics, Policy, C ulture Perimeter Application Physical Network Data

(5)

eSRG is the turbine that initiates and sustains the security program flywheel. eSRG collects the critical program information and analyzes the way an organization currently identifies and manages risk. eSRG then leverages the ASG Path to Value; a methodology for managing and measuring programs and projects.

eSRG is pivotal in collecting the critical information needed to help define the path to value for the security executive. There are essential elements to creating a 360° picture and managing the implementation timeline. The first step is the business/risk baseline covered by the eSRG team. Other elements might include technology assessments and the formation of a technology roadmap to guide strategic planning and budgeting. As well, design engineering, program management, training, and a performance management plan for optimizing the security devices and software over time will be informed and leveraged through eSRG.

Ultimately, the orchestration of subject matter expertise within the risk, resilience, and security industry, as well as within the client organization, will be critical to the success of the overall program. The SRMS market category will seek to define the position a services and product vendor can successfully perform. eSRG will leverage these vendors as a service to its community and its clients.

COLLECT DATA

– Culture – Assets – People – Geographic – Environmental – Political – Social – Technology

DEVELOP

PROGRAM

– Change Management Process

– People & Roles – Core Process – Technology (Tools) Roadmap

CREATE

ALIGNMENT

– Business Goals – Program Goals – Strategic Outcomes – Metrics – CQI

(6)

To schedule a conversation to discuss your needs

and goals in becoming a highly valued risk,

resilience and security program,

contact [email protected]

Security Risk Management Services (SRMS)

ABOUT ASG

Aronson Security Group (ASG) is the premier independent provider of Security Risk Management Services (SRMS). By creating a Global Security Network of partners, ASG provides services that drive value and mitigate risk through strategic consulting, technology solutions, and professional services. Building on a strong reputation for service for over 50 years, ASG provides engineering excellence, world-class service, and security expertise to premier regional, national, and global organizations. WORLD HEADQUARTERS 600 Oakesdale Avenue SW, Suite 100, Renton, WA 98057 800.547.9988 www.aronsonsecurity.com REGIONAL OFFICES n Spokane, Washington n Portland, Oregon n Eugene, Oregon n Rushville, Indiana n Lake Mary, Florida n Laurel, Maryland

References

Download now ( PDF - 6 Page - 2.78 MB )

Related documents

Kupcsik Adrián. CV Statement portfolio

Adrián Kupcsik developed a versatile but unified pictorial language and a highly conceptual artistic practice based on a series of transformation processes,

M O N O C H R O M E S I T A L I E N S

F O R E W O R D Opera Gallery Monaco is proud to present the exhibition of works of artists from around the world who have contributed to monochrome painting Monochromes Italiens ,

Capital market pressures and the format of intellectual capital disclosure in intellectual capital intensive firms

We draw from this literature, and develop hypotheses of the relationship between IC disclosure in three presentation formats and capital market pressures, proxied by three

Eastman polymers. Processing and mold design guidelines

Plumbing this circuit independent from other cavity cooling channels can be beneficial, as separate water temperature control can be used to optimize molding performance in both

A FAMILY OF MODELS FOR RULE-BASED USER-ROLE ASSIGNMENT

delegated user cannot delegate authority of granting access to an object to other users. Two Level Grant: The first level recipients of delegated authority can further delegate it

"Employment Protection Regulations and New Hiring"

We consider the effect of employment protection regulations on wage, profit, social welfare, employment level, and wage adjustment through renegotiation by a simple, though

ORDINARY SHAREHOLDERS MEETING OF TELECOM ITALIA S.P.A. 16 APRIL 2014 SLATE FOR THE RENEWAL OF THE BOARD OF DIRECTORS

• Financial serviees: 100+ engagements aeross life, non-life insurance and asset management • IndustriaI: 100+ engagements across multiple process (pulp & paper,

Disposition Effect: Evidence from the Karachi Stock Exchange

Odean (1998) says that Individual investor demonstrate significance preference for selling winners and hold losers .Costa Jr et.al (2006) studied Disposition