Deliver Your News to the World

Knowing Your Security Risks


Tampa/Florida/US – WEBWIRE
Chatter - Web based software for security risk management designed by Oversight
Chatter - Web based software for security risk management designed by Oversight

​For a multinational company that has a global presence, its especially important to KNOW your security risks. Your ethical and legal obligations…your Duty of Care responsibilities to your employees require this. CEO’s and senior executives should ask simply, “Are we secure”?

A couple of weeks ago ASIS (the leading organization for security professionals worldwide) published their new Risk Assessment Standard. Not only is does this document represent a quantum leap in thinking and best practices from the previous guideline (published in 2003). But the Standard is highlighted by the joint efforts working alongside risk colleagues from RIMS – the Risk Management Society. This insures that security professionals have a document which is very much aligned with ISO 31000 and consistent with all of the current thinking within the broader risk management field. As a result, as we discuss and apply tenants of this new ASIS Standard, we are much more likely to resonate with other stakeholders and risk practitioners within our organizations.

A few years ago I published an article entitled, “Improving Security Risk Management”. In it I cited a conversation with a senior security professional who commented that, thus far he had been “successful in avoiding organizational pressures to have the security department participate their ERM efforts”. In the last year I’ve reviewed a number of white papers and presentations confirming that still only about 25% of US multinationals have begun their journey into ERM. However, clearly every year more security professionals are being exposed to the risk management framework, and the benefits of leveraging those practices throughout their organizations.

For a multinational company that has a global presence, its especially important to KNOW your security risks. Your ethical and legal obligations…your Duty of Care responsibilities to your employees require this. CEO’s and senior executives should ask simply, “Are we secure”?

The answer isn’t just a binary “Yes” or “No”. To answer the question, security professionals first need to KNOW their security risks across the operational portfolio. Then be able to answer specifically if security risks are within levels acceptable to the organization. Where certain risks are elevated and outside acceptable ranges, they should receive more attention and resources. While being mitigated, they also need to be communicated to executives and affected employees. Not knowing your security risks means that you are flying blind. Unfortunately too often this contributes to an organization remaining reactive.

Incorporating security risk management process not only improves the security for your people, but it can significantly add efficiency in the service delivery of security programs across your organization. In short, budgets and resources should be driven in part by security risk levels. Risks are a part of our daily lives and not all risks need to be mitigated. The adept security practitioner learns how to frame resource discussions, priorities and even KPI using risk and security assessments to support their arguments.  

Congrats and thanks to all those ASIS and RIMS colleagues who contributed to our new Standard. I encourage all security colleagues to use the tools and information to better KNOW and understand your security risks.  


( Press Release Image: https://photos.webwire.com/prmedia/25161/200443/200443-1.png )


WebWireID200443




 
 Risk Management (ERM)
 Security
 Security Management
 Security Consulting
 Multinationals


This news content may be integrated into any legitimate news gathering and publishing effort. Linking is permitted.

News Release Distribution and Press Release Distribution Services Provided by WebWire.