Created by the Security Executive Council
Over the last 15 years, the SEC has helped hundreds of security leaders guide their programs to the next level. Each organization's journey to security evolution is unique, but success often shares a series of common indicators.
- The program is Risk Based and Aligned with Organizational Goals. Successful programs are based not on what's been done in the past or what other companies are doing, but on the assessed and examined risks to their organization. Each risk mitigation process and technology should be matched to the board-level risk it addresses. (Click here for more... )
- The program engages Cross Functional Team Influencers. Security does not exist in a vacuum. Success relies upon input from leaders across the organization who provide valuable expertise, influence, and opportunities for resource and intelligence sharing. (Click here for more... )
- The state of security matches the Organization's Level of Readiness. What does security mean to your organization? If senior management's answer is out of alignment with your vision or strategy for security, your organization may not be ready for the programs you wish to implement. Knowing the organization's state of readiness for an advanced state of security strategy arms the risk mitigation leader with the correct way to plan and communicate to senior management.
- The program has the Right Leader at the Right Time. The SEC has identified seven distinct security leader types, which tend to fall into a continuum of evolution. As a leader moves through the continuum, he or she may transform from a creator of programs to a facilitator, to a promoter and director of the expansion of security and its value across the organization, and finally to an industry recognized innovator, often contributing to the organization's bottom line. However, the leadership type needs to fit with the organization. (Click here for more... )
- It is Relevant to Corporate Culture. The corporate culture is similar to a fast-flowing river that the organization operates on. Exhaustive rowing may get you to your destination, but most initiatives will need to flow with the culture of the organization if you expect them to be successful. Corporate culture largely impacts how you need to communicate your programs and strategies. (Click here for more... )
- It is based on a Baseline of Regulatory Compliance. Corporate security-related laws, regulations, voluntary guidelines and standards have proliferated over the years, even in less heavily-regulated fields. Successful security programs use a strong knowledge of these requirements to fuel executive support, much as cyber security currently does.
- Security Operates like a Business. The successful security program functions as any other business unit, integrated into the operations of other functions, representing itself professionally, taking the pulse of internal customers, and communicating in common business terms and concepts. (Click here for more... )
- The security team Communicates Effectively Across the Organization. In a successful security program, the security leader and the entire security team communicate across the company by telling the same concise, cohesive "brand story" to the different levels of audiences and internal stakeholders. The goal is consistent messages that are delivered through multiple channels over long periods of time. (Click here for more... )
- The security program Fosters Strategic Thinking Across the Team. The successful program trains and builds up promising new leaders who have skill sets that will benefit the program long term, so that there is a succession plan to build upon when the program grows and changes. (Click here for more... )
- The program both Measures and Communicates Value. If the security program is not measured, there will be no adequate way to monitor or communicate its efficacy. Successful programs build and maintain robust security metrics programs and use those metrics to influence change. (Click here for more... )
- It is Horizon Oriented. The successful program does not focus solely on past risks or crises; it looks forward to emerging issues that may impact the organization in the future, and it communicates these issues to management. It also fosters innovative and cross-functional solutions to current and future challenges. (Click here for more... )
- The program Adds Business Value and Manages Resources Efficiently. The successful program shows executive management how it adds value to the organization's bottom line, and it acts as an effective steward of company resources by engaging in strategic planning and budgeting. (Click here for more... )
Want to reach these success indicators in your own program? We can help. We draw on the expertise and experience of successful former CSOs and CISOs and our pioneering research to deliver insight, program proficiency and value. Visit this page for more information on what the SEC can offer you.
You can download a PDF of this page below: