In Focus: Proactive Security Planning Avoids Fire-Fighting
Jun/Jul 08
The first step in proactive planning is securing buy-in from the "C"-level suite on the importance of security in protecting the assets of the company. Today's successful security projects are always comprised of a team that includes a member from "C"-level management, IT, security, facilities, and the user. Without input and signoff by this team, the project will face challenges during and after implementation.
How can corporate security executives plan accordingly? Executives should begin with development of a risk/threat assessment matrix that list potential threats, their probability of occurring, and their cost impacts to the organization. The same common-sense approach is then used to develop short-, medium-, and long-term projects and associated budgets targeted to address the organization's risk with the appropriate amount of resources and urgency. Formal risk assessment process is too often ignored by organizations today, forcing them to expend valuable resources on tasks with little long-term impact. Executives must assign costs, budgets, and timeframes, and analyze cost impact, while planning how to address problems in advance.
If you're planning security management and only address the complex problems that are likely to do the most damage (but have a low probability of occurring), you're ignoring the fact that most problems stem from poorly executed basic security measures. Take the risks from your matrix that have the highest probability of occurring and implement security measures that mitigate them. For example, the simple act of outlining rules in a security policies and procedures manual sets expectations and fosters security awareness throughout the organization. Basic security, if executed well, provides the best protection for the organization by allowing time for planning solutions to complex or unique security issues your organization may face when you are no longer putting out fires.
As security systems grow more complex, it's increasingly important to look for integrated, open security systems that push actionable information to the person monitoring the system wherever business needs dictate. Today's security systems provide great flexibility for operations - for example, changing guard locations based on staff, rotating monitoring stations based on work hours, e-mailing security alerts, and supporting physical and logical access. Nowadays, facilities can provide more security for lower cost by leveraging their existing corporate IT infrastructure. Security is no longer forced to provide a separate network.
Overall, successful security planning involves identifying risk/threats, development of accurate budgets, prioritizing projects, and selecting the correct team members. It's about being proactive and planning out in-depth strategy before problems occur. When you take away the fuel, the fires can't start, and you save the time and hassle of fighting them directly.
Jeff Smith is a senior design engineer and security systems project manager for TEECOM Design Group, an Oakland, California-based engineering firm specializing in providing telecommunications, security, and systems consulting. He can be reached at (510) 337-2800. Visit the company's website at www.teecom.com.
Most Read
-
-
A Site Selector’s Checklist for Locating in the U.S.
Location USA 2019
-
Where to Invest in the Booming Aerospace Manufacturing Industry
2019 Auto/Aero Site Guide
-
What Should High-Growth Companies Look for in a Community?
Q4 2019
-
Front Line: Trend Toward Microfactories Continues
Q4 2019
-
A Changing Food Manufacturing Industry
2017 Food Processing
-
33rd Annual Corporate Survey & the 15th Annual Consultants Survey
Q1 2019