Today’s SecurityInfoWatch article entitled, “New threat metrics motivate integrators to offer enhanced solutions,” provides great insight into the needs of and components to programmatic risk management. At Butchko, we support Aronson Security Group’s (ASG) initiative in this area – not simply because is aligns with our own recommended approach, but because it drives the vision with a data-driven and programmatic solution. The ESRM (Enterprise Security Risk Management) program ASG has developed is complimented by both their own research and that of a recent Gartner study, as cited in the article.
Well conceived and deployed programs, such as ASG’s ESRM program and Butchko’s bSMART™ solution work within and alongside the business’ normal activities. Thus, the act of performing regular business functions provides input to the risk program, alleviating the need for additional cost to derive insights and decision-making support. Both programs recognize that, “risk must be measured and addressed as part of the business process.” This focus on the business is the metric by which success is measured. Does the program positively impact the organization? Does it move the company closer to its mission? The metrics that matter are those that positively impact the organization and enhance its mission.
As Ed Bacco astutely points out in the article, despite the growth seen in security professionals, “understanding who owns risk and how to react to threats remains a work in progress.” We believe this points to the need for broader leadership within the organization and for embracing collaboration with other company stakeholders and leaders so that protection and mitigation programs within separate areas of responsibility are complimentary and aligned.
IT and Physical Security are codependent organizations, whether this is appreciated and supported or not. Each relies on infrastructure and support from the other. Thus, risk programs must be similarly complimentary and aligned so that each group can focus on their own core competencies but still support the Corporate Mission.
At Butchko, we believe this is where forward-thinking leaders can have the greatest impact. When they set aside their egos about being “security and risk experts” and instead focus on coordination and cooperation with business leaders and understanding of the needs of the company, security leaders can offer greatest value to the organization as a whole.