Issue link: https://securitytechnologyexecutive.epubxp.com/i/690996
22 SECURITY TECHNOLOGY EXECUTIVE • May/June 2016 www.SecurityInfoWatch.com ENTERPRISE RISK MANAGEMENT of personnel security," says Lowell, who adds that the functional organizational infrastructure would include the intelligence section, investi- gations, executive protection, corporate safety, and the two 24x7 Global Security Operations Centers (GSOCs). "In the personnel section, which is my area of responsibility, I have two intelligence analysts, an investigator, and a lead who manages the safety program and the GSOCs — which have a mixture of proprietary and contract emergency communications specialists," Lowell concludes. Fundamentally, the program's Global platform concept is standardized. It has a risk assessment methodology to identify the risk level of each domestic and international office. Staff then designs a corresponding physical security plan using various risk assessment components to address each unique threat. Using tools like CAP Index scores help fine tune risk levels and miti- gation responses. "The technical execution may vary based on the technology available in the respective coun- tries, but quite honestly, I think we are doing a better job as an industry to address the compat- ibility and distribution issues," Cowie says. It is a broad global view of the business and the potential threats it faces that drives Cowie's department's mission. Having the knowledge that the mantra of security and risk mitigation is understood and woven into the fabric of their company's culture certainly has earned the con- fidence of her C-Suite colleagues. "To have an enterprise-wide view and man- agement approach to risk in these operational areas, you have to have an enterprise program. You can't operate in a silo," Cowie says. " We started focusing on U.S. operations and then expanded outside the country. There are still challenges given the complexities of the lan- guages, the cultures, and overall operations." Those challenges include incident reporting and executive protection, along with leveraging boots-on-the-ground resources in the countries in which they operate. "We have a centralized security model, but we understand the value of having subject matter experts in the various countries and have built a network of trusted resources in those countries to complement our internal security and risk expertise," Cowie says. The company added an intelligence operations group -four years ago to help protect people and assets around the globe, which is unusual for most corporate organizations. The intelligence analysts focus on brand protection, protecting production operations, and traveler security, working in conjunction with the GSOCs. Cowie is emphatic about the importance of the GSOCs to her overall risk strategy. "They really are the eyes and ears of the organization and in reality are the only place in our com- pany where employees can call in 24/7 for help and assistance," she says. "I'm so proud of that operation because of the scope and magnitude of what they do and the impact they have. They are the first trigger to report to any response team within our organization as well as manag- ing incidents on a daily basis before they ever reach a critical level. This group is so skilled at looking at intelligence, then analyzing and miti- gating the threat." A Team Effort The establishment of a company-wide enter- prise risk model and the consistent engage- ment with senior leadership by Cowie and her ' It is a broad global view of the business and the potential threats it faces that drives Cowie's department's mission. '