Insight into Program Best Practices

We help clients with our collective expertise to advance security leader and program success. Find SEC insight, trends and perspectives on security program development or enhancement.

Filter by

Insight into Program Best Practices

SEC COVID Resources: 2020-2021

SEC-created pandemic‐related security checklists, visuals, research results, slide decks, guidance documents, and collective knowledge from 2020-2021.
Click for more details
Insight into Program Best Practices

SEC COVID-19 Decision Inisghts: 2020-2021

A collection of short articles created by SEC faculty to address questions they heard from security leaders every day through the height of the COVID-19 crisis.
Click for more details
Insight into Program Best Practices

Emerging Threats: How High-Performing GSOCs Are Adapting

Exploring the role of the GSOC in identifying and managing emergent threats, the power of executive influence, and more.
Click for more details
Insight into Program Best Practices

The Manager's Handbook for Business Security

The Manager’s Handbook for Business Security is the quick-reference guide to successful security management. New security managers don’t always have the luxury of time to deeply research comprehensive textbooks on security fundamentals before they start taking action to build their programs. The same applies to security practitioners transitioning from the...
Click for more details
Insight into Program Best Practices

How Proactive Investigations Can Boost the Bottom Line

Organizations can incur criminal loss through many avenues – organized crime, theft and diversion, intellectual property loss, myriad types of internal and external fraud involving insurance, employee benefits, misappropriation, kickbacks, and more. Each of these loss avenues may be managed by a different function in the company, which is why...
Click for more details
Insight into Program Best Practices

Security State of the Industry: Travel Security

New research report examines travel security program trends, risk factors, policy and program elements.
Click for more details
Insight into Program Best Practices

Security Barometer: Are Investigations Evolving?

These research results delve into how security practitioners are adjusting to leverage newer technologies and techniques to fight fraud loss.
Click for more details
Insight into Program Best Practices

The State of Security Convergence

Are preconceptions about the convergence of corporate and cyber security accurate in practice?
Click for more details
Insight into Program Best Practices

Personal Safety and Security Playbook: Risk Mitigation Guidance for Individuals, Families, Organizations, and Communities

Organizations have a Duty of Care to their staff and employees that includes protecting their health and safety while in the office environment. But what about helping to protect them at home? Showing staff and employees that the organization cares about their wellbeing beyond the campus builds a positive corporate...
Click for more details
Insight into Program Best Practices

Operational Excellence in Contract Security Performance Measurement

The focus in this paper is on measuring the performance of security service providers. The Security Executive Council believes that there needs to be a more in-depth consideration of what constitutes "excellence" in these operations given the consistent growth of outsourcing to guard service companies.
Click for more details
Insight into Program Best Practices

Business Continuity Playbook

The robustness of a company’s business continuity plan often decides whether it will thrive, survive, or sink. This Playbook is meant to serve as a framework to help security leaders build a business continuity program from the ground up or enhance the program that is currently in existence. The materials...
Click for more details
Insight into Program Best Practices

Physical Security Strategy and Process Playbook

The Physical Security Strategy and Process Playbook concisely and comprehensively lays out the requirements of physical security management as a critical part of sound business management. The book includes an explanation of basic physical security concepts; a description of the probable security risks for more than 40 functional areas in...
Click for more details
Insight into Program Best Practices

Early Fraud Detection: The Secret to Security ROI?

Internal or occupational fraud prevention or recovery could be the ROI Holy Grail security leaders have been wishing for.
Click for more details
Insight into Program Best Practices

What Makes a Comprehensive Business Continuity Program?


Security directors must be ready to show the C-suite what a strong comprehensive business continuity program looks like and how their program measures up.
Click for more details
Insight into Program Best Practices

Expected Employee Response to Mandatory COVID-19 Vaccinations

Fallout can be expected regardless of whether your organization requires vaccinations to return to work.
Click for more details
Insight into Program Best Practices

GSOC: Business Drivers and Service Scope

During COVID-19 companies with existing Security Operations Centers have been able to leverage their SOC/GSOC capabilities to add value like never before.
Click for more details
Insight into Program Best Practices

Is Your GSOC Contributing to Operational Excellence?

This brief self-assessment can help prepare you for a conversation about your GSOC's needs and capabilities with executive management
Click for more details
Insight into Program Best Practices

Protest Guide for Security Leaders

Help your organization analyze its risk and take action in areas that may be impacted by civil unrest.
Click for more details
Insight into Program Best Practices

Information Protection Playbook

Whether or not Corporate Security has direct responsibility for Information Security, excellence in risk management and information protection relies upon collaboration and coordination between these related functions. Without shared knowledge on strategy, methods, and threats, coordination will be difficult to achieve. The Information Protection Playbook provides a high-level overview that...
Click for more details
Insight into Program Best Practices

Security Barometer Results: Do Cyber and Corporate Security Work Together in Your Organization?

Both cyber/information security and corporate/physical security have roles to play in protecting and securing the organization.
Click for more details
Insight into Program Best Practices

Addressing COVID-19 Related Complaints and Reporting

Organizations need to be prepared to respond to questions and concerns about new risk mitigation procedures and protocols as well as address non-compliance.
Click for more details
Insight into Program Best Practices

Access Control Fundamentals

One of the recurring themes of discussion amongst security leaders regarding COVID-19 has been the use of access control systems and procedures to mitigate spread.
Click for more details
Insight into Program Best Practices

COVID-19 Security Response Tactics and Strategies to Consider for Business Resumption Plans

Created by Dan Sauvageau, SEC Subject Matter Expert. Many security departments are currently busy focusing on the immediate needs of managing their COVID-19 response plans, assessing their resources, evolving their tactics, and fielding questions from employees, executives, and other stakeholders. Some may have not had the time or opportunity to...
Click for more details
Insight into Program Best Practices

Developing a Robust Travel Security Program

Those having travel security plans and programs in place are better positioned to deal with quarantines, travel bans, and extracting their employees from potentially high-risk regions.
Click for more details
Insight into Program Best Practices

The Business Response to Misconduct Allegations

Investigations is one of the oldest services Security provides. Many security leaders would confidently say their function can manage investigations well in any situation. But COVID-19 has changed that. Now we all must reimagine how to investigate theft, information loss, conflict of interest, fraud, and sabotage in a primarily remote...
Click for more details
Insight into Program Best Practices

Workplace Security Playbook: The New Manager’s Guide to Security Risk

When an employee without a security background is charged with the protection of people, facilities, or assets, he or she may have a hard time finding resources to help them develop policies and procedures and make solid protection decisions. The Workplace Security Playbook is designed to act as a reference...
Click for more details
Insight into Program Best Practices

Critical Incident Decision Matrix


A simple matrix can serve as a visual resource to assist in outlining and prioritizing Incident Management Team decisions.
Click for more details
Insight into Program Best Practices

Event Risk Analysis Template

Use this template to identify and organize risk factors to help your organization make informed event security decisions.
Click for more details
Insight into Program Best Practices

Structured Critical Incident Response (Parts 1-4)

This four-part Structured Critical Incident Management, demonstrates how to develop and train an Incident Management Team (IMT) to protect a private-sector company during a critical incident.
Click for more details
Insight into Program Best Practices

Personnel Protection: Advance Procedures (Parts 1-5)

This five-part series describes some advance security planning and arrangements for executive protection.
Click for more details
Insight into Program Best Practices

Top Security Practices for a Resilient Business


A group of security leaders gathered to share lessons they have learned from challenging experiences.
Click for more details
Insight into Program Best Practices

Personnel Protection: Concepts of Executive Security (Parts 1-2)

This presentation presents an overview of both the proactive and reactive components of personnel protection, covering the layering of security measures, target hardening, intelligence gathering, and awareness.
Click for more details
Insight into Program Best Practices

Domestic Violence Spills Over Into the Workplace (Parts 1-4)

Created by Rosalind W. Jackson, Security Executive Council staff member. In this series, Rosalind Jackson, SEC media and publications manager, discusses ways to assess the danger, help the survivor and keep the workplace safe. She discusses the signs and types of abuse; developing and communicating a domestic violence policy; the...
Click for more details
Insight into Program Best Practices

The Risk Assessment Threat Matrix and Heat Map

After identifying hazards and vulnerabilities this tool can help effectively analyze and communicate the results.
Click for more details
Insight into Program Best Practices

It Happens. Are You Prepared to Respond?


This summary of an SEC Security State of the Industry briefing provides insight on preparing for and managing all types of critical incidents.
Click for more details
Insight into Program Best Practices

Incident Management Flowchart


The framework helps clarify that one point of contact is responsible for communicating to the various Incident teams in order to alleviate the typical flood of calls at the early stages of an incident.
Click for more details
Insight into Program Best Practices

Physical Security: Assessing the Needs of Your Business

In order to build a security system that works for business, the needs of that business must first be assessed.
Click for more details
Insight into Program Best Practices

Personal Safety Guidelines for International Travel

Security and safety awareness practices should be part of any travel, but safe international travel demands special preparation.
Click for more details
Insight into Program Best Practices

The Mission is Not Cybersecurity- It's Enterprise Security

Security's current business model can deliver on the routine service demands, but our role in meeting these increasingly consequential risks will require a much more inclusive and mature presence.
Click for more details
Insight into Program Best Practices

When Emotions Run High: Dealing with Stress in Crisis Management


It's important to remember that when a crisis hits a company, no matter how well prepared that company is, emotions will run high.
Click for more details
Insight into Program Best Practices

Uniformed Security Officer Programs Under Fire

In this Security Barometer the SEC investigated the effect that the constant pressure to cut costs while increasing effectiveness has on uniformed security officer programs.
Click for more details
Insight into Program Best Practices

The Case of the Reluctant Complainant

How does the non-security professional handle the employee who reports a misconduct yet is very insistent that you promise not to act upon the information?
Click for more details
Insight into Program Best Practices

Five Essential Considerations for Establishing a Valued Global Security Operations Center (GSOC)

Whether you are in the proposal stage of building your GSOC or in active operations, here are five critical elements to consider that are critical to success.
Click for more details
Insight into Program Best Practices

How to Plan an Investigation

At many companies, small security staffs mean other departments— commonly human resources or legal—necessarily help conduct investigations. This is an abridged excerpt on the planning phase of an investigation.
Click for more details
Insight into Program Best Practices

Economic Espionage and the Growing Case for Corporate Counterintelligence

The theft of information and intelligence is increasingly gathered on U,S, companies by foreign entities that use the results for a variety of different type of what is now called economic espionage.
Click for more details
Insight into Program Best Practices

SEC Security State of the Industry: Could Your Security Program Fall Below Industry Standard of Care Resulting in a Finding of Negligence?

A summary of a SEC Security State of the Industry briefing featuring a study of recent case law involving workplace violence programs.
Click for more details
Insight into Program Best Practices

Workplace Violence Cross-Functional Risk Management Teams

The roles and responsibilities of the cross-functional team are identified and documented through a process of team member selection, indoctrination, training and performance results.
Click for more details
Insight into Program Best Practices

Management by Walking Around Gets You Ready for a Crisis


A chief security officer has to nurture, cultivate and respect relationships with internal and external partners who are essential to resolving a critical incident. One way to do so is to simply walk around.
Click for more details
Insight into Program Best Practices

How Does Your Insider Threat Compare?

Many companies are now building or enhancing their insider threat program – and beyond classified information security.
Click for more details
Insight into Program Best Practices

The Threat of the Malicious Insider: What Is the CFO's Responsibility?

Malicious insiders can do far more damage to the organization than any external attack. The insider threat should be a significant concern for both public and private organizations.
Click for more details
Insight into Program Best Practices

Defining Best Practices in Global Security Operations Centers

This is the initial report from a SEC GSOC program. It incorporates extensive benchmarking of corporate security organizations to gather baseline data on participating company and security department demographics.
Click for more details
Insight into Program Best Practices

Measures and Metrics for Business Continuity Programs


All security programs should be measured for performance. Successful security leaders have used the slides in this presentation to demonstrate the value their Business Continuity programs are delivering to their organizations.
Click for more details
Insight into Program Best Practices

Vendor Resilience Questionnaire


This checklist provides a good starting point to help you determine how prepared your key vendors are to quickly and effectively manage disruptions to their operations that could impact you.
Click for more details
Insight into Program Best Practices

Development of an Insider Threat Program

The SEC created a graphic that depicts the main elements of a insider threat program.
Click for more details
Insight into Program Best Practices

Corporate Security Policy Template

A strong policy can make a significant impact on security's ability to set, communicate, and enforce requirements for managing risk. The attached template, based on research conducted by the Security Executive Council, can help guide you as you write your next one.
Click for more details
Insight into Program Best Practices

Business Continuity Program Strategic Plan Cycle


BCP review and evaluation must remain connected to other company planning cycles and should be an annual strategic priority.
Click for more details
Insight into Program Best Practices

Security State of the Industry: The Emerging Role of Information Protection and Counterintelligence (CI) in Corporate Security

Corporations are now being targeted at such a high rate that it's creating an urgent responsibility for corporate security to address the issue.
Click for more details
Insight into Program Best Practices

Security Policies that Organizations Have in Place

This Security Barometer peer poll looked at what security policies organizations have in place and corporate security's responsibility.
Click for more details
Insight into Program Best Practices

Insider Threat is a Challenging Organizational Problem

Based on intensive research and insights from leading companies, the Security Executive Council (SEC) recommends a comprehensive monitoring and screening process to address ongoing perceived and real insider risk
Click for more details
Insight into Program Best Practices

Four Interdependent Risk-Based Functions of Business Continuity Planning


This chart highlights the four interdependent risk-based functions of BCP: assessment of business needs and risks, and preparedness for, response to, and recovery from emergencies.
Click for more details
Insight into Program Best Practices

Next Generation Security Leader Forum: Driving Unified Risk Oversight through Global Security Operations Centers Executive Summary

This is the Executive Summary from a SEC Next Generation Security Leader (NGSL) Executive Development curriculum hosted by the Boeing Company.
Click for more details
Insight into Program Best Practices

Corporate Contingency Planning Umbrella


To ensure value, an organization's BCP must align with its overall mission and purpose.
Click for more details
Insight into Program Best Practices

SOC/GSOC Benchmark Survey Results

The following results are from the SEC’s GSOC Best Practices Group that brings together over 50 global organizations to share proven practices and develop program strategies.
Click for more details
Insight into Program Best Practices

The Top Action to Combat Insider Threat

Now perhaps more than ever, insiders both malicious and otherwise can wreak a significant amount of damage to organizations almost instantaneously.
Click for more details
Insight into Program Best Practices

Not Following Established Policy Tops List of Most Significant Threats to Information Protection

This early release summary of "Threats to Information Protection 2015" provides a glimpse into the results of extensive research performed by Kennesaw State University's Center for Information Security Education (CISE) in partnership with the SEC.
Click for more details
Insight into Program Best Practices

Who Owns Investigations?

Whether you want to bring investigations in under your department or just help eliminate investigative confusion this paper will help you get started.
Click for more details
Insight into Program Best Practices

Which is the Most Popular Business Continuity Standard?


This Security Barometer quick poll explores what business continuity standards security leaders were using when developing their programs.
Click for more details
Insight into Program Best Practices

Faculty Advisor: Establishing an Emergency Response Plan

Can you give me some advice on communicating with key business managers about the value of developing a coordinated response plan in advance of an incident?
Click for more details
Insight into Program Best Practices

Faculty Advisor: Dealing with Stress in Crisis Management When Emotions Are Running High

Managing employee emotions during a crisis event.
Click for more details
Insight into Program Best Practices

Faculty Advisor: Preparing for Crises Beforehand

Questions to ask before the next crisis.
Click for more details
Insight into Program Best Practices

Business Continuity and You - Tips, Tales, and Tools


Business continuity planning identifies potential risks and the resources needed to provide effective assessment, preparedness, response, and recovery from those risks.
Click for more details
Insight into Program Best Practices

Workplace Violence Continuum

This graphic is a process chart, an internal awareness tool and program development tool.
Click for more details