The New Kid on the Executive Block

For a little while now security has been like a “new kid on the block” in the corporate world. Not that security itself is new. But the consideration now being given to security at senior executive levels is significantly greater than it was a decade ago.

This is due in part to the events of 9/11 and the reality of homeland security threats, and to corporate financial scandals. It is further fueled by internet attackers, and failures to protect personal medical and financial information. Then there is the growth of identity theft (which really should be called identity fraud—they don’t take your identity away, but they do impersonate you).

Another significant driver is legislation affirming the accountability of senior executives for information protection breaches and corporate financial misconduct.

Additionally, the expansion of enterprises requires a broader understanding of the business and its risks than has been previously required of security professionals.

These are the kind of things that most analysts and writers talk about in magazines and at security seminar sessions.

Less frequently talked about is the highly important work of many corporate security practitioners to advance the cause of enterprise security not just for their own company, but for security as a profession and a key risk management function .

Without security practitioners stepping up to the plate, the recent regulatory mandates and new levels of senior executive support wouldn’t amount to anything.

Security Knowledge

Even though many enterprises still have a long way to go to move from their current security profiles to the stronger that are needed, enough companies have made significant security accomplishments that there is a wealth of valuable information available now in terms of best practices, case studies and lessons learned.

For example, CSO Dave Tyson of the City of Vancouver trained his patrolling security officers on desktop information security policies, and achieved a 54% reduction in desktop information security violations in under 90 days. Without spending any more money or adding any new personnel. And he continued those patrols to achieve nearly 90% total reduction in desktop security violations in the following 90 days. The surprise bonus: security officer absenteeism dropped by almost 90%.

While those of us who wave the flag for “the convergence of physical security and IT” love to point to Vancouver as a great example of convergence, Tyson is quick to point out, “It is just common sense.” “IT security doesn’t have the feet,” he says. “They can’t walk around and do that kind of thing, but physical security can.”

Tyson’s perspective reflects the fact that often security is more a matter of commonsense planning and execution than it is technology and security gadgets.

The Security Minute

That’s one purpose for The Security Minute—to bring you commonsense security successes from your fellow security professionals and security stakeholders.

Once or twice a month The Security Minute arrives quietly in your Inbox. In just 60 seconds or so you can read about a security idea that has proven itself for other security practitioners or stakeholders. You’ll be able to see right away if the idea has promise for you, and if you can leverage their success to advance your own company’s security.

One key idea could make a world of difference, couldn’t it?