The Manager's Handbook for Business Security is designed for new or current security managers who want build or enhance their business security programs. This book is not an exhaustive textbook on the fundamentals of security; rather, it is a series of short, focused subjects that inspire the reader to lead and develop more effective security programs.Chapters are organized by topic so readers can easily-and quickly-find the information they need in concise, actionable, and practical terms. This book challenges readers to critically evaluate their programs and better engage their business leaders. It covers everything from risk assessment and mitigation to strategic security planning, information security, physical security and first response, business conduct, business resiliency, security measures and metrics, and much more.The Manager's Handbook for Business Security is a part of Elsevier's Security Executive Council Risk Management Portfolio, a collection of real world solutions and "e;how-to"e; guidelines that equip executives, practitioners, and educators with proven information for successful security and risk management programs. - Chapters are organized by short, focused topics for easy reference- Provides actionable ideas that experienced security executives and practitioners have shown will add value to the business and make the manager a more effective leader- Takes a strategic approach to managing the security program, including marketing the program to senior business leadership and aligning security with business objectives
Security Leadership
Establishing Yourself and Moving the Program Forward
This chapter addresses establishing yourself as a security leader within the organization and developing core competencies that are consistent with existing security requirements and corporate culture. Content focuses on three inter-related, high-level views of security leadership. Each grouping focuses on security leadership through a different lens of personal impact, organizational impact, and next generation security skills.
Keywords
Effective leader; core competencies; security model; policy; communication; next generation security leader; team leader; thought leader; business enabler; risk management; security policies; framework; qualitative analysis; program management; risk awareness
Introduction
What produces an effective leader in your particular company? There are competencies and styles that work well in one culture and are less effective in others. Do you understand yours? Where is a model you could emulate? Is there a positive or negative legacy you need to address? What are your team’s expectations for a leader they can respect?
Business Value
A good leader will manage a team that is respectful, knowledgeable and committed to service excellence. Leadership in anticipating and responding to risk, influencing policy, and communicating on the shared responsibility for asset protection are success factors for the shareholders of the company.
The Essentials
This chapter focuses on three interrelated, high-level views of security leadership: leadership competencies, keys to organizational influence and impact, and the “next generation security leader.” Each grouping focuses on security leadership through a different lens of personal impact, organizational impact, and next generation security skills.
The first view offers nine competencies the individual should bring to the job and further develop as part of a planned growth strategy. The second view of security leadership summarizes five measures of influence that are clearly reflective of organizational leadership, and the third displays 65 knowledge elements and skills that serve to enhance corporate leadership. This latter inventory enables rating yourself against a next generation model as well as allowing you to outline the knowledge and skills you seek to hire in order to complement the team.
Leadership Competencies
The successful security executive is a leader in a variety of critically important ways:
1. Team leader—First and foremost, you are the leader of the security team. Inspire them to learn, excel, and be customer focused. Hire the best. Avoid those who seek to be the corporate cop. Only engage those contractors who are capable of understanding the corporate culture and your vision for the program.
2. Thought leader and subject matter expert—Our profession brings unique expertise to the organization. You need to consider how this knowledge can be blended into corporate strategy and tactics.
3. Business enabler and creative problem-solver—We need to support corporate efforts in succeeding in the competitive marketplace. We do this by enabling the business to engage in processes that might otherwise be too risky.
4. Business strategist and advisor—You must understand the businesses you support! Security’s goals reflect the goals and plans of the company, and your ability to lead will be tied to your ability to engage business management on their own terms.
5. Risk management guide—Risk is why you have a job. You have a unique perspective; you see gaps in controls from your risk assessments and incident post-mortems. Your programs provide an ability to connect the dots on risk-related issues that others do not have. Anticipate! Operate the security risk radar and use your pulpit to assure awareness.
6. Influencer of enterprise policy—As a leader, you will be in a position to influence the scope and content of a core set of risk management policies or guidelines. Communicate! Act as a positive change agent on behalf of organizational protection.
7. Relationship manager—An effective working relationship with business unit managers at all levels is a key element in your protection strategy. From this collaborative foundation, you may influence business strategy and better ensure issue resolution.
8. Risk group and security committee leadership—You are a member of the corporate governance team and see risk in unique ways. Work closely with legal, audit, human resources, risk management, and others to gain perspective on risk and to influence risk management strategy.
9. Management model—You model the behavior essential to a company that believes and acts with integrity. You lead your team to excel and practice quality in their craft.
Note the absence of characteristics that resemble a command and control orientation. While knowledgeable command is essential in a crisis, security is effective only when it is embedded in business process and ownership for secure operations is shared with business unit managers and an aware employee population. Your perceived authority is embedded in your corporate accountability; and, when security assumes a posture of “corporate cop,” you may stray from being seen as a teammate and enabler. Leadership that proactively aligns security with business objectives and brand protection will add measurable value and have strong management support for its programs.
“Leadership is the art of accomplishing more than the science of management says is possible.” —Former secretary of state Colin Powell
Keys to Organizational Influence and Impact
If we were able to boil success down to a few factors that will most likely assure your ability to be an influential leader and make results happen because you have a responsive audience, consider the following (which we will discuss further in Chapter 5, “Marketing the Security Program to the Business,” and Chapter 6, “Organizational Models”).
1. A framework of security policies explicitly endorsed by senior management—Sell a manageable set of high-level policy statements to senior management. For example, “We will provide safe and secure workplaces for our employees and visitors.” Engage the CEO and others. Who can argue against that statement, which is based in employment law? The follow-up question is, what programs at what cost will ensure that this policy will be met? You may find yourself in a culture that abhors the perceived strictures of “policy.” In that case, label these factors as business principles, jurisdictions, guidelines, or program objectives. The point is that you get buy-in for those few high-level statements that enable goal-setting and a foundation of expectations. See Chapter 6, “Organizational Models,” for a more complete discussion on this factor.
Why is this valid?
An accepted policy framework articulates management expectations. As such, it supports your definition of the work to be performed in order to deliver on each one. An understanding of the work supports defensible alternatives to staffing and budget development.
2. A core management philosophy that holds line managers accountable for protecting the firm—Security is everybody’s job, and you are there to provide leadership, expertise, a workable infrastructure, and the tools to enable line managers to share this important responsibility. Furthermore, management must understand that protecting the company and its shareholders is everyone’s job.
Why is this valid?
If they expect you to protect the company, update your resume. You are an enabler of their fiduciary responsibility to protect the shareholders of the company. You are the expert, the first responder, but the rest of management are the custodians of corporate assets.
What tone has management set with regard to responsibility for managing risk? This notion of delivered and accepted accountability is critical to any security executive’s success. Where the tone across the business is one of shared responsibility and accountability, security becomes the navigator and guide, providing tools and leadership while anticipating risk and being prepared.
3. A clearly established role in the corporate risk management program—Risk is why they hired you. You know about risks that the rest of the governance team likely hasn’t ever considered. Get on the team and lead in your area(s) of expertise. Use metrics to track trends and measure the results of security strategies. Collaborate on solutions with your colleagues.
Why is this valid?
Consider this: there is a high-level discussion of the risks confronting the company and nobody thought to invite you or ask for your input. “Security” is about the absence of risk! Without your perspective, they don’t have an actionable handle on risk.
4. A qualitative risk analysis and reporting program—Security generates lots of data on a variety of risks. Organize it. Analyze it. Learn what contributed to incidents and identify the vulnerabilities. Inform management and identify what...
| Erscheint lt. Verlag | 7.3.2014 |
|---|---|
| Sprache | englisch |
| Themenwelt | Recht / Steuern ► Strafrecht ► Kriminologie |
| Sozialwissenschaften | |
| Wirtschaft ► Betriebswirtschaft / Management ► Unternehmensführung / Management | |
| Wirtschaft ► Betriebswirtschaft / Management ► Wirtschaftsinformatik | |
| ISBN-10 | 0-12-800200-X / 012800200X |
| ISBN-13 | 978-0-12-800200-1 / 9780128002001 |
| Haben Sie eine Frage zum Produkt? |
PDF (Adobe DRM)Größe: 5,4 MB
Kopierschutz: Adobe-DRM
Adobe-DRM ist ein Kopierschutz, der das eBook vor Mißbrauch schützen soll. Dabei wird das eBook bereits beim Download auf Ihre persönliche Adobe-ID autorisiert. Lesen können Sie das eBook dann nur auf den Geräten, welche ebenfalls auf Ihre Adobe-ID registriert sind.
Details zum Adobe-DRM
Dateiformat: PDF (Portable Document Format)
Mit einem festen Seitenlayout eignet sich die PDF besonders für Fachbücher mit Spalten, Tabellen und Abbildungen. Eine PDF kann auf fast allen Geräten angezeigt werden, ist aber für kleine Displays (Smartphone, eReader) nur eingeschränkt geeignet.
Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen eine
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen eine
Geräteliste und zusätzliche Hinweise
Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.
EPUB (Adobe DRM)Größe: 5,6 MB
Kopierschutz: Adobe-DRM
Adobe-DRM ist ein Kopierschutz, der das eBook vor Mißbrauch schützen soll. Dabei wird das eBook bereits beim Download auf Ihre persönliche Adobe-ID autorisiert. Lesen können Sie das eBook dann nur auf den Geräten, welche ebenfalls auf Ihre Adobe-ID registriert sind.
Details zum Adobe-DRM
Dateiformat: EPUB (Electronic Publication)
EPUB ist ein offener Standard für eBooks und eignet sich besonders zur Darstellung von Belletristik und Sachbüchern. Der Fließtext wird dynamisch an die Display- und Schriftgröße angepasst. Auch für mobile Lesegeräte ist EPUB daher gut geeignet.
Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen eine
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen eine
Geräteliste und zusätzliche Hinweise
Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.
aus dem Bereich
