miércoles, 30 noviembre 2022
Visitas totales a la web: 88112485

El portal de los profesionales de seguridad y emergencias

Nº 1 del mundo en español en seguridad global

Soluciones de seguridad global

A CSO’s challenge for building a global risk strategy

Mark Freedman is CEO & Founder of Rebel Global Security, a consultancy that helps security executives build strategies that account for geopolitics, nation-state attacks, espionage, terrorism, and other global threats. Mark is a CPP and former State Department strategy advisor.

Without a strategy, security plans are almost impossible to implement, and C-suite engagement can be jeopardized

Global security risks are mounting, creating a nightmare for senior security executives. From cyber threats to terrorism, pandemics to supply chain compromise, companies must contend with a rapidly changing global risk environment. Staying ahead of threats feels more difficult than ever before, and not keeping up can result in your company’s name in the headlines or even personal legal risk.

Traditionally, there have been some go-to options for security leaders interested in mitigating their organization’s global risk exposure. Geopolitical risk subscriptions can keep leaders informed of foreign political developments. Cyber threat intelligence provides IT security teams insight into the latest tactics, techniques, and procedures from the likes of Russia and North Korea. Travel security and business continuity policies aim to keep company personnel safe overseas and minimize business disruptions. The list goes on.

The challenge with these solutions – which the accelerating global threat environment has laid bare – is in their patchwork nature. Each, whether performed in-house or contracted out, is critical to protecting an organization’s assets. But if there is no overarching strategy that integrates these functions, security executives will forever be reacting to contact instead of driving a proactive risk management agenda.

Revisiting the Value of Strategy

“Strategy” has become one of the most meaningless words in the dictionary, used so frequently and in so many ways that it has lost its salience. For some exposition on this, check out the first few pages of Lawrence Freedman’s (no relation) Strategy: A History.

But despite the word’s overuse, strategy is an important business function that makes leaders and organizations more effective and efficient. It is, simply put, “the way in which a business, government, or other organization carefully plans its actions over a period of time to improve its position and achieve what it wants.”

For security executives, who face persistent cost pressures and a highly unstructured risk environment, having a strategy – and doing the daily work of strategy – is especially important. The strategy provides clarity on how money should be spent (and how to ask for more), how team members’ time should be utilized, and how the security function of an organization can be viewed as a value generator rather than a cost center. Without a strategy – or with one that is not implemented – every decision becomes more difficult to make and every ounce of C-suite and board support harder to extract.

Security leaders who want to wake up from the global calamity nightmare, there isn’t an easy fix. Getting serious about strategy is essential.
Security leaders who want to wake up from the global calamity nightmare, there isn’t an easy fix. Getting serious about strategy is essential.

How to “Do” Strategy

Security leaders who want to build a new global risk strategy or improve their existing one should start with a current state assessment. This phase of the process is focused on fact-finding. Many of the key questions are probably easily answered: What assets do we have? What’s most important to protect? What does our current security posture look like?

Others may require more time and effort: What is going on in the global threat environment that is impacting us now or could impact us in the future? How might cyber, physical, insider, and reputational threats intersect, especially as technology evolves in the next few years? What is special or unique about our organization that may catch the interest of foreign adversaries?

Once these questions are answered and a baseline is established, it’s time to envision a target future state. When doing so, it’s important to pin a date to the wall. For example, where do we want our organization to be in 2025? Then you can tangibly answer questions like What business objectives need to be accomplished by that time? And what will the security function look like – what will it have achieved – to facilitate those business objectives even in the face of the global risks identified?

Once the current and future states are established, it becomes possible to set goals and objectives. You will have to answer: To reach our target future state by 2025, where do we need to spend money today? Which of our security programs requires more focus, and which can be reduced? What activities do we need to start this month, and which can be launched in the middle of next year? How frequently do we need to engage with key stakeholders to keep our strategy on track?

The strategy formulation process concludes with drafting, coordination, and implementation. It’s important to codify the strategy on paper, share it early with partner offices for their input, and then monitor strategy implementation regularly. Security executives should be proactive in assigning actions to team members and establishing regular check-ins to track progress and course correct where necessary. Global threats are ever-changing, so while having a strategy is essential, it will need to be tweaked routinely to keep pace with emerging issues.

This process can sound simple, but few organizations do it well and consistently. Putting a strategy in place requires dedicated time and a structured approach. Once it’s time to implement, other work tends to get in the way, rendering the daily work of strategy an afterthought, something to be revisited annually or in response to an enterprise-wide tasking.

But for security leaders who want to wake up from the global calamity nightmare, there isn’t an easy fix. Getting serious about strategy is essential.

Fecha de publicaciónseptiembre 29, 2022

BELT.ES no se hace responsable de las opiniones de los artículos reproducidos en nuestra Revista de Prensa, ni hace necesariamente suyas las opiniones y criterios expresados. La difusión de la información reproducida se realiza sin fines comerciales. 

Listado de Expertos

Recomendado

Profesión militar: Obediencia debida frente a la obligación de disentir

Con ocasión de la realización de estudios en el Instituto Universitario Gutiérrez Mellado tuve la ocasión de leer y analizar una serie de documentos de opinión que trataban en profundidad las diferentes facetas presentes en el campo de las relaciones cívico-militares; temas que , habitualmente, no han estado presentes en los diferentes cursos y actividades formativas en la enseñanza militar, ni, por supuesto, en la civil.

El amor de Macarena Olona por la Guardia Civil empieza por su pareja, un joven oficial condecorado

El padre de su hijo llegó a la Benemérita como militar de carrera y, los que le...

La artillería ‘made in USA’ comprada por Marruecos que deja fuera de juego a España

El país magrebí sigue reforzando sus fuerzas armadas a golpe de talonario, y no lo hace de...

Últimas noticias

Sistemas de Extinción por Gas: Manual Práctico para el Diseño, Instalación y Mantenimiento

Este Documento Técnico tiene como objetivo dar a conocer las peculiaridades de los Sistemas de Extinción por...

A CSO’s challenge for building a global risk strategy

Without a strategy, security plans are almost impossible to implement, and C-suite engagement can be jeopardized Global security risks...

Este timbre para bicicletas es el lugar perfecto para esconder un AirTag sin que los ladrones lo sepan

Los AirTags de Apple desbancaron con su nacimiento al resto de opciones del mercado entre los usuarios de Apple. Esta solución de rastreo se...

Este timbre para bicicleta es el lugar perfecto para esconder un AirTag sin que los ladrones lo sepan

Bajo un timbre o un portabotellas, esta compañía ha ideado unos escondites para colocar los rastreadores a prueba de robos y pérdidas.

El acuífero detrítico terciario, la gran fuente de agua que abastece todo Madrid

Casi dos tercios de todo el territorio de la Comunidad de Madrid se dispone sobre alguna masa de agua subterránea. La abundancia de este recurso marcó incluso la evolución del lugar, y es que hasta mediados del siglo XIX, la población se abastecía exclusivamente de las aguas subterráneas mediante los denominados 'viajes del agua'.