Corporate Security
Encyclopedia
Corporate security identifies and effectively mitigates or manages, at an early stage, any developments that may threaten the resilience and continued survival of a corporation. It is a corporate function that oversees and manages the close coordination of all functions within the company that are concerned with security, continuity and safety.
is eroding the importance of ‘place’ in the business world; new business practices such as offshoring
challenge companies to manage at a distance; and new forms of accountability, such as corporate governance
and corporate social responsibility
, put added pressure on companies to match their words with deeds, wherever they are operating.
At the same time, security risks have become more complex, too. Many of the threats, such as terrorism
, organised crime and information security
, are asymmetric and networked, making them more difficult to manage. There is also greater appreciation of the interdependence between a company’s risk portfolio and the way it does business: certain types of behaviour can enhance or undermine an organisation’s ‘licence to operate’, and in some cases this can generate risks that would not otherwise exist. As a result, security
has a higher profile in the corporate world today than it did five years ago. Companies are looking for new ways to manage these risks and the portfolio of the security department has widened to include shared responsibility for things such as reputation, corporate governance and regulation, corporate social responsibility and information assurance
.
There are six characteristics of alignment between security and the business:
There are many reasons companies tend to recruit security managers from these backgrounds. The police and
armed forces churn out individuals with intensive training in the practice of security and protection, and have hands-on experience that is rarely available elsewhere. There are a number of reasons greater diversity is essential within the corporate security function.
For security to be aligned with the business, security managers must understand the business and how they contribute towards its objectives.
The Chief Security Officer
(CSO) is the corporation's top executive who is responsible for security. The CSO serves as the business leader responsible for the development, implementation and management of the organization’s corporate security vision, strategy and programs. They direct staff in identifying, developing, implementing and maintaining security processes across the organization to reduce risks, respond to incidents, and limit exposure to liability in all areas of financial, physical, and personal risk; establish appropriate standards and risk controls associated with intellectual property; and direct the establishment and implementation of policies and procedures related to data security.
Introduction
Globalisation has changed the structure and pace of corporate life; the saturation of traditional markets is taking companies to more risky places; the shift towards a knowledge economyKnowledge economy
The knowledge economy is a term that refers either to an economy of knowledge focused on the production and management of knowledge in the frame of economic constraints, or to a knowledge-based economy. In the second meaning, more frequently used, it refers to the use of knowledge technologies to...
is eroding the importance of ‘place’ in the business world; new business practices such as offshoring
Offshoring
Offshoring describes the relocation by a company of a business process from one country to another—typically an operational process, such as manufacturing, or supporting processes, such as accounting. Even state governments employ offshoring...
challenge companies to manage at a distance; and new forms of accountability, such as corporate governance
Corporate governance
Corporate governance is a number of processes, customs, policies, laws, and institutions which have impact on the way a company is controlled...
and corporate social responsibility
Corporate social responsibility
Corporate social responsibility is a form of corporate self-regulation integrated into a business model...
, put added pressure on companies to match their words with deeds, wherever they are operating.
At the same time, security risks have become more complex, too. Many of the threats, such as terrorism
Terrorism
Terrorism is the systematic use of terror, especially as a means of coercion. In the international community, however, terrorism has no universally agreed, legally binding, criminal law definition...
, organised crime and information security
Information security
Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction....
, are asymmetric and networked, making them more difficult to manage. There is also greater appreciation of the interdependence between a company’s risk portfolio and the way it does business: certain types of behaviour can enhance or undermine an organisation’s ‘licence to operate’, and in some cases this can generate risks that would not otherwise exist. As a result, security
Security
Security is the degree of protection against danger, damage, loss, and crime. Security as a form of protection are structures and processes that provide or improve security as a condition. The Institute for Security and Open Methodologies in the OSSTMM 3 defines security as "a form of protection...
has a higher profile in the corporate world today than it did five years ago. Companies are looking for new ways to manage these risks and the portfolio of the security department has widened to include shared responsibility for things such as reputation, corporate governance and regulation, corporate social responsibility and information assurance
Information Assurance
Information assurance is the practice of managing risks related to the use, processing, storage, and transmission of information or data and the systems and processes used for those purposes...
.
There are six characteristics of alignment between security and the business:
-
- The principal role of the security department is to convince colleagues across the business to deliver security through their everyday actions and decisions – not try to do security to or for the company.
- The security department is in the business of change management rather than enforcement and works through trusted social networks of influence.
- Security is there to help the company to take risks rather than prevent them and should therefore be at the forefront of new business development.
- Security constantly responds to new business concerns and, as such, the portfolio of responsibilities and their relative importance will change over time. Security departments should never stand still or become fixed entities. In many companies today, its role is more concerned with overall corporate resilience than ‘traditional’ security.
- Security is both a strategic and operational activity, and departments must distinguish between these two layers.
- The power and legitimacy of the security department does not come from its expert knowledge, but from its business acumen, people skills, management ability and communication expertise.
Core Elements
Core elements of Corporate Security are:- Personal Security
- Physical SecurityPhysical securityPhysical security describes measures that are designed to deny access to unauthorized personnel from physically accessing a building, facility, resource, or stored information; and guidance on how to design structures to resist potentially hostile acts...
- Information SecurityInformation securityInformation security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction....
- Corporate GovernanceCorporate governanceCorporate governance is a number of processes, customs, policies, laws, and institutions which have impact on the way a company is controlled...
- Compliance and Ethics Programs
- Crime Prevention and Detection
- Fraud deterrenceFraud deterrenceFraud deterrence has gained public recognition and spotlight since the 2002 inception of the Sarbanes-Oxley Act. Of the many reforms enacted through Sarbanes-Oxley, one major goal was to regain public confidence in the reliability of financial markets in the wake of corporate scandals such as...
- Investigations
- Risk ManagementRisk managementRisk management is the identification, assessment, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events or to maximize the realization of opportunities...
- Business continuity planningBusiness continuity planningBusiness continuity planning “identifies [an] organization's exposure to internal and external threats and synthesizes hard and soft assets to provide effective prevention and recovery for the organization, whilst maintaining competitive advantage and value system integrity”. It is also called...
- Crisis managementCrisis managementCrisis management is the process by which an organization deals with a major event that threatens to harm the organization, its stakeholders, or the general public. The study of crisis management originated with the large scale industrial and environmental disasters in the 1980's.Shrivastava, P....
- Environment, Safety and Health
Roles
For many years corporate security has been dominated by a ‘defensive’ approach, focused on protection and loss prevention. The head of security was seen as little more than the ‘guard at the gate’, someone whose actions invariably stopped people doing their jobs instead of enabling the business to function more effectively. Typically, heads of security came from a narrow talent pool, namely police, armed forces or intelligence.There are many reasons companies tend to recruit security managers from these backgrounds. The police and
armed forces churn out individuals with intensive training in the practice of security and protection, and have hands-on experience that is rarely available elsewhere. There are a number of reasons greater diversity is essential within the corporate security function.
-
- There is a growing recognition of the strategic importance of security and as a result security departments need to operate at a much more senior level.
- Matrix organisations require a particular approach to management and leadership, which can be antithetical to those with police or armed services backgrounds. In today’s corporate environment, the impact of the security department is proportionate to its ability to persuade individuals and teams all over the company to collaborate and cooperate. This means that dialogue between security specialists and non-specialists is essential.
- Traditional security skills are associated with an approach where security is perceived as a ‘dis-enabler’ of business. Those with formal security training can tend to be risk averse, while businesses need to take calculated risks to stay ahead of competitors, break into new markets and maximise profits.
- The corporate security function needs people who are happy breaking rules, innovating and thinking outside the box.58 Studies of security-related professions such as the police, the ambulance service and local authority emergency planning departments have suggested that ‘too much’ experience in a traditional security context can inhibit people from making innovative responses to security incidents. Heads of security consistently rated qualities such as independent thinking, willingness to challenge assumptions and behaviours and innovation as being ones they value most in their team. One said: ‘I’m looking for people who push the boundaries and constantly challenge the way we work.’
- There is a growing recognition of the value of ‘the human element’. According to experts, many security professionals are typically trained to address security incidents and emergencies in ways that fail to factor in the human dynamics of such situations, including the impact of emotions, perceptions and fear on people’s behaviour. Emotional intelligence is critical to effective alignment, but the human element of security and risk management is routinely overshadowed by the emphasis on technical security skills.
For security to be aligned with the business, security managers must understand the business and how they contribute towards its objectives.
The Chief Security Officer
Chief security officer
A chief security officer is a corporation's top executive who is responsible for security.The CSO generally serves as the business leader responsible for the development, implementation and management of the organization’s corporate security vision, strategy and programs...
(CSO) is the corporation's top executive who is responsible for security. The CSO serves as the business leader responsible for the development, implementation and management of the organization’s corporate security vision, strategy and programs. They direct staff in identifying, developing, implementing and maintaining security processes across the organization to reduce risks, respond to incidents, and limit exposure to liability in all areas of financial, physical, and personal risk; establish appropriate standards and risk controls associated with intellectual property; and direct the establishment and implementation of policies and procedures related to data security.
See also
- ASIS InternationalASIS InternationalASIS International , headquartered in Alexandria, Va., is a professional organization for security managers....
- SecuritySecuritySecurity is the degree of protection against danger, damage, loss, and crime. Security as a form of protection are structures and processes that provide or improve security as a condition. The Institute for Security and Open Methodologies in the OSSTMM 3 defines security as "a form of protection...
- Risk managementRisk managementRisk management is the identification, assessment, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events or to maximize the realization of opportunities...
- Corporate GovernanceCorporate governanceCorporate governance is a number of processes, customs, policies, laws, and institutions which have impact on the way a company is controlled...
- Compliance and ethics programCompliance and ethics programThere has been a long history of business and government excesses and subsequent legal, public and political reaction. Response to criminal misconduct has resulted in legal sanctions, governance practices, compliance standards and cultural transformation...
- Business Continuity PlanningBusiness continuity planningBusiness continuity planning “identifies [an] organization's exposure to internal and external threats and synthesizes hard and soft assets to provide effective prevention and recovery for the organization, whilst maintaining competitive advantage and value system integrity”. It is also called...
- Corporate Social ResponsibilityCorporate social responsibilityCorporate social responsibility is a form of corporate self-regulation integrated into a business model...