In this current era of enterprise security risk management (ESRM), there are no shortages of risks to contend with. Most surveys of the top global business risks identify several that are security-related, including terrorism, cyberthreats, pandemics, national disasters, water security, and government instability or collapse.
But as ominous a backdrop as these risks may provide, they have not changed one of the fundamental realities of business: all functions within a company compete for a finite set of resources, and senior executives will fund those that are most likely to help fuel growth.
Given this reality, the problem for support functions like security is that, certain exceptions aside, they are not seen as revenue generators. As a result, the security department must prove that its efforts are strategically aligned with the objectives of the company, and that they are part of the company's overall growth effort. This demands strategic leadership from the security manager.
And such strategic leadership goes beyond being the subject matter expert on all things security. It is not simply about possessing the right kind of knowledge. It is, instead, about being someone able to make that knowledge relevant to, and an integral part of, the company's business goals.
To succeed in this effort, security professionals must fully understand the myriad ways security affects the larger company. With that knowledge in mind, they must focus on creating relationships inside and outside the organization that will enable the security function to produce results valued by the company.
Delivering these valued results often requires the need to think and work differently–that is, to think and work strategically. It demands that security professionals become strategic leaders.
click here to read the full article