Security requirements are changing as threats continue to evolve. For many reasons Security has seen a shift from operational to strategic While

Size: px

Start display at page:

Download "Security requirements are changing as threats continue to evolve. For many reasons Security has seen a shift from operational to strategic While"

Elijah Nash
5 years ago
Views:

1 1

2 Security requirements are changing as threats continue to evolve. For many reasons Security has seen a shift from operational to strategic While individual security disciplines have their specific concerns and realities, the organization as a whole and their associated threats need to be considered to properly manage risk. When security issues are viewed in silos, the overall security program is only as strong as the weakest silo. Given what is at stake the safety of personnel and the value of assets being protected expectations about our jobs as a Corporate Security Executives are rising. As expectations about security rise, why not expect more from your various security service providers? Or if you are a provider its an opportunity to deliver more What does that more entail? More is often but not only - about data. The focus of the presentation is on the frontline security services - The tie into to front line security contribution and taking advantage of the multiple data points that can be optimized because today they are often ignored 2

The challenge - Countering a trend in certain security service segments where commoditization has been diminishing the overall value of the security program.

3 The challenge - Countering a trend in certain security service segments where commoditization has been diminishing the overall value of the security program. The weakest link and now the shift front line security services as a key contributor to the program - To counteract commoditization, security departments must have data at their fingertips on how they impact the business as a whole. - Contract Management ability, automation and methodology = 70% Very Relevant or Critical - Only 42% of respondents perceive their security guard invoice as an investment with measurable Return on Investment (as opposed to an expense, with little or no ROI). Technology and solid data/facts is the differentiator! 3

What is your reason for attending today? Attending today because either you use, are or need security services or changes to it? Wanting to enhance your Security program?

4 What is your reason for attending today? Attending today because either you use, are or need security services or changes to it? Wanting to enhance your Security program? Your goal as a corporate security professional is to protect corporations assets you need to know versus hope to know that: - Your resources are the right ones - When an incident happens how severe it is and what is the impact across the organization - Be able to roll them into corporate objectives - Managers don t know what they don t know 4

5 We did an End User or security manager survey in 2016 they overwhelmingly asked for more A.R.T. from their security service provider This is important because for security to be seen as a critical function to business success it has to speak the language of business Interestingly - When we talk incident, operations data we are not sharing anything new. Corporate Security practitioners have been using data for years in the risk assessment or the TRA process. Data is at the root of how you assess the likelihood of an incident occurring, whether your adopted approach is a worst-case scenario or most-likely scenario. 5

A couple of Quick Definitions There are multiple drivers to this drive for technology but at the end of the day the reason for the NOWness of this is that technology has improved and is much more

6 A couple of Quick Definitions There are multiple drivers to this drive for technology but at the end of the day the reason for the NOWness of this is that technology has improved and is much more accessible then it ever was The first of the drivers - ESRM is a management process used to effectively manage security risks, both proactively and reactively, across an enterprise. The management process quantifies threats, establishes mitigation plans, identifies risk acceptance practices, manages incidents, and guides risk owners in developing remediation efforts. According to a recent allsecurityevents.com survey 72% of responding organizations are on or about to be on an ESRM process Another driver - Convergence relates to the degree of integration within organizational structures that combines physical-security and information-security teams. Essentially about alignment. Security Planning: Proper comprehensive project planning is essential to successful security project and incomplete planning and analysis are frequently root cause for project failure consult the risk analysis flow chart in the David G Patterson book implementation physical protection systems a practical guide 6

Ultimately when thinking ESRM and the security program The need is to harness information because it helps security originations get what they need as they: Look

7 Ultimately when thinking ESRM and the security program The need is to harness information because it helps security originations get what they need as they: Look Across multiple departments and are considered to being company wide Information becomes corporate intelligence And the value of the security function increases 7

8 8

9 Where is your pain... Brain spinning.. thinking about how you used to do it..how you do it now..or want to do it in the future? Industry Inflicted Pains Guard Force Issues Expectations? Why should senior management care? 9

10 Introduction to the case study Scenario: Know versus hope you know. Protect your Security program and position with data/facts Challenged on Spend 10

You can surely relate to being challenged Imagine a jump in incidents from 189 to 691 Picture the Panic that set in for Senior Management The security manager was being hit with the

11 You can surely relate to being challenged Imagine a jump in incidents from 189 to 691 Picture the Panic that set in for Senior Management The security manager was being hit with the killer question and you may be as well - what does security actually do! The security team began to address the root cause and identify Number of actual incidents with data and details 11

Adopted technology to support incident reporting and workforce management and Results were straight forward: Ease of reporting process for accurate picture = KNOW!

12 Adopted technology to support incident reporting and workforce management and Results were straight forward: Ease of reporting process for accurate picture = KNOW! Defend budget and get more budget this is a tough job for all of us (just ask your boss!) Defending your budget with numbers Connectivity and Mobility support harnessing data - if integrated into your security program, allow you to be the first to know. You can be the hub of information for your organization By being the person that feeds senior management with critical, value-building information, you may just give yourself a seat at the decision table. Protect the organization and add to its value With the powerful analytics reporting he could now identify incident trends and adjust the security program to reduce corporate risk and exposure. Key Takeaway The root cause of the problem was that the old method of incident reporting was archaic and inefficient. Goal - Documenting an incident became so easy agents actually filled out reports every time, When to assign resources to counter the issues» Where they were occurring» How to reduce the corporation s risk. In the end - What is it going to do for you Increase security s relevancy across the organization 12

13 Defend budget with analytics 13

Concrete examples of what to automate take aways Keep in mind that to manage by exception you need an Operations Dashboard with real time data Analytics to provide full value to your

14 Concrete examples of what to automate take aways Keep in mind that to manage by exception you need an Operations Dashboard with real time data Analytics to provide full value to your client, internal or external, then you need to be able to run statistics on incidents Automated incident reporting that is customizable to your locations? 76% Relevant to Critical 14

15 Distributed workforce presents it s share of problems Span of control Management of exceptions Focus on urgent items 15

16 Calm on top crazy behind the scenes and underneath That my security guard service provider can offer me the ability to make data driven security decisions - 74% Relevant to Critical 16

A few concrete take aways for shared services because Not everyone relies on permanent guards so what about shared services? Mobile, alarm response, etc.

17 A few concrete take aways for shared services because Not everyone relies on permanent guards so what about shared services? Mobile, alarm response, etc. Talk about What to automate in this setting: But before that - Great that you have identified the risk and defined the response you need to get the right resource there with the right tools Key points: Dashboard with an active operations view including progression Analytics Monitor in real time And then of course the list on the screen are a solid start repeatble activities 17

As end users or corporate security it is easy to neglect the fact that automating the operations of your security service provider s important to you as well.

18 As end users or corporate security it is easy to neglect the fact that automating the operations of your security service provider s important to you as well. Security companies rely on human resources / i.e. human assets. These human Assets are distributed i.e. tough to manage directly Important for you because your service provider or you are striving for = Right guard, Right Place, Right time, Right skills, Right Things your client expects this of you There are too many variables to track if this is not automated. Harness data on those that deliver helps optimise what they deliver, take away the pain of innacurate admin and allocating time and resources to inneficient processes i.e. Billing data Invoices, Mobile, Contracts allows you to focus on bringing value to your corporation, operation or client with better security 93% of Security managers have told us that - Presence of an automated operations plan that covers, scheduling, performance monitoring, site instructions, dispatching, is Relevant to Critical Manage by exception and Focus on delivery But by using workforce management software focused on exceptions, in the course of half an hour, the supervisor can survey 20 security sites while remaining mobile and can easily identify where he or she should concentrate on site coaching. The coaching enables the supervisor to provide guidance and training to a particular guard and to receive feedback from the client to improve individual performance and 18

19 customer satisfaction. See list 18

Know the environment and take advantage of technology: Workforce technology is not the goal unto itself it is what is behind it for the company and their clients that is important.

20 Know the environment and take advantage of technology: Workforce technology is not the goal unto itself it is what is behind it for the company and their clients that is important. To quote an ASIS International Security Service Council colleague of mine, you have to ask yourself, Is the client hiring a placement agency or a security company? As a professional service company or security force you want to be able to: Provide advice Avoid Litigation and issues Evaluate performance based on concrete metrics Base performance on a predefined service level agreement Harness the data agents gather daily and translate the insights into concrete actions, insights and results. 88% Relevant to Critical - That my security guard service provider can offer me the ability to make data driven security decisions Only if time permits Top 10 features 19

21 Dashboard live communication Toolbox post orders, video back up, lone worker, message board Reporting rich reporting Tracking Analytics Client portal Dispatch & patrol Contracting and invoicing Scheduling and attendance BI 19

22 Can paper reports be considered Real time? 10 benefits of Real time reporting By adopting real-time reporting systems, you can link your incident categories and severity levels to your documented vulnerabilities. These linkages will improve proper response levels. 20

23 Closing statements! While you are proud of the security program you have put in place within budget, doubt never leaves you. When you look at the security guard company s invoice one of the largest, if not the largest, expense of your entire security program ask them to harness data not advocating technology for technology s sake. Being an early adopter who just loves technology and will adopt anything in an effort to be cutting edge can actually harm you in the long run - a trap to be avoided at all costs. Automating and using the data is a mindset piecemeal is to be avoided as a whole the benefits are self multiplying. 21

24 22