Issue link: https://securitytechnologyexecutive.epubxp.com/i/118926
a more sophisticated way. That sophistication demands the ability to understand and respond to very specific (often divergent) types of threats, while at the same time being able to develop, implement and manage unified risk programs that are seamless across all business units and consistent with organizational culture. Security practitioners that happen to have business-side experience will find themselves better prepared to thrive in this demanding environment, and those that do not possess a business background will need to bridge the gap in several core areas if they hope to be successful. Dealing with Upper Management Security has really never been viewed or taught from the P-side of a P&L.; It is critical that security leaders not only understand what the organization���s security needs are, but also be able to articulate the value of these security services and programs to an organization���s bottom line, or prove that their programs are cost-neutral. Developing this set of specialized information, resources and expertise is an imperative that has the potential to be game-changing. For security and business to be a truly unified discipline, there needs to be a common and shared language for defining risk and mitigation, and articulating the success (or failure) points for any given initiative. Thus, it is crucial to create a common risk language between security professionals, and between security executives and senior management. This common language needs to be accessible and inclusive to all units with an organization, including executives, HR, Legal, Finance and Security. Additionally, today���s security executive needs to be committed to communicating their plans as part of SEC 10K statements and then actively work to achieve that alignment. Private companies that do not need to file 10K statements should also be committed to communicating their perceived risk to their board and implement a unified mitigation strategy. This requirement has all parts of the business ramping up their security efforts. The message here is if you are a security executive who has approached senior management ��� perhaps unsuccessfully ��� in the past about a unified approach to enterprise risk management, go back and try again, because the C-Suite is more likely to listen at this point. Matching Security with Company Culture Today���s security leaders need to attend to their organization���s ���state of readiness��� for their proposed programs. That is, does senior management view security the same way as the security practitioner? If not, there will likely be misunderstandings that prevent the most successful partnership involving security programs. The programs need to be attuned with corporate culture as well. The Security Executive Council has done research in this area and has found different categories of corporate cultures that will have an impact on how programs need to be built and communicated. The most popular corporate cultures include: ��� All about the people; ��� Analytical and logical; ��� Utilitarian and focused on getting the work done; ��� Reserved/guarded; ��� Innovative; and ��� Parental in nature. www.SecurityInfoWatch.com SECURITY TECHNOLOGY EXECUTIVE ��� April 2013 37