Since I write and speak so much on the subject of security convergence, it would seem to follow that The Security Minute would be about convergence. And in many ways it is—but it is even more about enterprise security risk management. 1

We want to take advantage of the technology convergence (expanding physical security system capabilities based upon the use of information technology). We also want to converge our physical security and IT security functions in the ways that are appropriate for our organizations.

But convergence is a means to an end. It is that end result that I want to focus on in The Security Minute, which is:

An enterprise achieving optimal security risk.

I use the word “achieving” because security is an ongoing process. Achieving optimal security risk requires balancing business functions (which require access to protected assets), protective measures, limited security resources and risk tolerance.

Threats, assets, people, and the functions of the enterprise all change. Thus security must change and expand to keep pace with them, or even better—to outpace them, which means continuous security improvement.

In many ways this is an exciting time for security practitioners. We have more technology capabilities and more security management knowledge available to us than ever before. Sure the job is a significant challenge, but that’s whatmakes us valuable to our organizations, isn’t it?

Most successful enterprises have unsung heroes. Security practitioners are among them.

Best regards,
Ray Bernard


1 The term “enterprise security risk management” was introduced by the Alliance for Enterprise Risk Security Management (AERSM), an alliance of the three leading international security associations: ASIS InternationalInformation Systems Audit and Control Association (ISACA), and the Information Systems Security Association (ISSA). The Alliance, which represents over 90,000 global security practitioners, was created to address the integration of traditional and information security functions and to encourage board and senior executive level attention to critical security-related issues and the need for a comprehensive approach to protect the enterprise. Download a 27-page report by Booz Allen Hamilton commissioned by AERSM, which presents the convergence drivers to the integration of traditional and information security functions.