Strategic Master Plan for Corporate Security and KPIs
The ProcessCreated by the Security Executive Council
The process to create a security master plan involves discussions across the enterprise. Security leaders can't do the kind of planning like they used to - it requires a more comprehensive view of the organization. What changed to make this so? There is no one "right" way to create a security program anymore. Every CEO has their own opinion of how to do "security". And on top of that there is now a huge diversity in organizational structure and leadership, which makes planning a very individualistic exercise.
In today's world, understanding an organization's corporate culture is everything. If the security leader does not get that right – the rest does not matter. Additionally, if the right key success factors have not been identified - they will never get key performance indicators (KPIs) right.
The process will be slightly different for any given organization based on industry, risk appetite, organizational structure, acceptable residual risk levels, etc. The chart below lists some of the main steps the SEC has identified for a successful plan. Notes: Some steps may happen concurrently or in a different order depending on circumstances. Also, this process should be revisited periodically.
The need for monitoring and measuring the impact of the strategic master plan cannot be overlooked. KPI identification should be considered concurrently with plan development.
* Program/Services KPI examples (Security owned and where Security supports):
This is a high- level view of the process. We can work with you on the details and your strategic security master plan roadmap. Contact Us to find out more.
For more information on this topic see Security Program Strategy & Operations: Strategic Planning/Management
Watch our 3-minute video to learn about how the SEC works with security leaders. Contact us at: contact @secleader.com.
Copyright Security Executive Council. Last Updated: December 10, 2018
You can download a PDF of this resource below.