Are You Considering All Your Risk?
Dec 1, 2007 12:00 PM, By Marleah Blades
If someone told you that your security program neglected to consider major risks to your organization, you would probably want to know immediately what you'd missed and what you could do to correct the problem. But corporations all over the country are in this situation right now, and many of the security practitioners in charge of their programs feel no sense of urgency to heed the warnings and make the necessary changes.
When corporate security tries to assess enterprise risk without the input of other business units, they may overlook risks and miss some of the most efficient ways to approach them. Trade magazines, such as Access Control & Security Systems, as well as industry associations and Web sites regularly warn of this possibility, but many practitioners continue to take the “wait and see” approach or simply ignore their admonitions because of local turf wars.
The problems inherent in a siloed approach to risk assessment and management are real. Only by forming a team of representatives from other business units can corporate security ensure that their assessment process truly considers all the risks to the organization. You can't determine the sources of risk or which risks to mitigate, transfer, avoid or accept unless you have a clear, enterprise-wide view of the risks that are present. The Security Executive Council calls this concept Unified Risk Oversight (URO). Boards of Directors are now requiring corporations to identify enterprise or board-level risk. They're also requiring CEOs to report on these risks, how they're being mitigated and who's responsible for each one. So security executives have a choice: Be proactive by instituting URO now or wait until the Board requires you to do it and takes you to task for neglecting it in the past.
The Security Executive Council's Web site offers a presentation that includes information on URO and gives examples of what a URO team might look like. For information about this presentation, visit https://www.securityexecutivecouncil.com/secstore and click on “Aligning Security Services with Business Objectives.”
Don't leave your business open to unnecessary risk. Team up with peers in your business to develop an enterprise perspective.
Marleah Blades is senior editor for the Security Executive Council, an international professional membership organization for leading senior security executives spanning all industries, both the public and private sectors and the globe. For more information about the council or about Unified Risk Oversight, visit www.SecurityExecutiveCouncil.com/?sourceCode=access.
Want to use this article? Click here for options!
© 2012 Penton Media Inc.
Today's New Product
|
Privaris Biometric Verification SoftwareIn support of the Privaris family of personal identity verification tokens for secure physical and IT access, an updated version of its plusID Manager Version 2.0 software extends the capabilities and convenience to administer and enroll biometric tokens. The software offers multi-client support, import and export functionality, more extensive reporting features and a key server for a more convenient method of securing tokens to the issuing organization. |
advertisement
This month in Access Control
- Targeting The Customer
- Electronic Pedigrees
- One Hero Among Many
- Who? What? When? Where? Why?
- More from September's issue
Latest Jobs
advertisement