Created by the Security Executive Council
Some people think that security is doing their ultimate job when their peers within the organization do not know that security is there. There is a certain logic to this. If there is no cyber breach, if there is no incident of violence, if material has not been stolen from the grounds then we must be doing a good job and if we are doing a good job people will notice. Right?
Security is no different than any other business function. If management does not readily recognize the value a business function is bringing to the organization management will increasingly marginalize that business function. Optimally run organizations do not spend money on activities that do not return value. Therefore, it is important to know how your organization perceives security. It is one significant factor affecting your ability to build successful programs.
Brand image is not about a logo, it is about the way your internal customer perceives you. Creating a clear and concise brand image builds executive confidence and support.
Here are some warning signs that Security's "brand" might be less than optimal:
- There is a realignment of Security to a lower level, which impacts unfettered access to the top
- Security is thought of as specific stereotypical tasks ("gates, guns and guards") - not a business function that mitigates risks
- Internal customers do not know what services Security provides or can list services provided to them specifically in the last 12 months
- Security is not included in business decisions that have risk considerations
The following is a document that describes some additional warning signs along with eight things to consider when re-branding your security program, and an example security SWOT table to start you on your way.