Whether you’re a member of an organization’s C-suite, a business unit manager, or a security practitioner operating in today’s global economic environment, it’s become imperative to have a broad, comprehensive view of risks facing the enterprise to proactively protect people, information, and assets and to create value. Risks — such as a cyber breach, changing regulatory environments, terrorism, corruption, large-scale involuntary migration, or the spread of infectious diseases — might seem distant impacts for your facility or community. Yet their tolls on global employees, supply chain, and customers might be monumental.
And what about your “global” view inside your enterprise? Are you ensuring that all risk partners engage across the enterprise to provide a collective, collaborative view of risk? Are you still mired in a fractured, functional approach where HR oversees background checks, audit looks after investigations, legal has responsibility for compliance, finance handles fraud, and “security” means guards and gates? And yet, none of these functions ever talks to each other?
While risks facing global businesses today are accelerating in number and vigor, many business leaders and security professionals alike struggle to keep pace with effective risk management. The Global Security Risk Management Alliance (GSRMA) envisions changing that. We believe global security for the enterprise can no longer sit in a silo –organizationally or intellectually. Our mission is simple: to provide an emerging and collective view for managing risks that threaten an enterprise. It’s a multi-faceted task:
- An Enterprise Security Risk Management (ESRM) unified security framework for the governance and management of security-related risks must be in place. Reference various models cited in our recent study with the University of Connecticut: Security Governance: A Critical Component to Managing Security Risk.
- Stakeholders, including the C-Suite, Board, and security team, need a dynamic, global vantage point for analyzing security-related risks and possible impacts.
- The Chief Security Officer (CSO) and security team need to speak the language of business, manage risk instead of responding to events, and think vertically, horizontally, laterally, globally, and seamlessly. They must become better at defining their role and at times serve as catalysts in bringing together key players.
- Effective methodologies that measure risk and the enterprise security risk maturity posture are critical to prevent wasting money, technology, or resources on solutions that aren’t really reducing risk. See GSRMA Co-founder Tim Williams’ piece on “Metrics and the Maturity Mindset.”
- The next generation of security practitioners needs the framework and principles of ESRM embedded in its development.
At GSRMA, we want to work together to effect widespread adoption of unified security strategies and the systematic and practical application of ESRM risk principles. We want to engage with you and keep the dialogue under way.
How do we organize or best govern to suit varied industries, cultures, geographies, business models, etc.? How does “security” collaborate more effectively with others across the enterprise? How do we better prepare the next generation of security practitioners and business leaders to embrace ESRM as fundamental to best business practices?
We look forward to exchanging ideas with you.