Q. My company has done fairly well through the growing pressures of the current economic downturn but it has been made clear that we need to be in for the long haul; management is asking us to identify prioritized targets for cost reductions. Where should I focus my efforts?
A. Even when our mission is clearly understood and accepted, it is unrealistic to believe we will be exempted from the commitment to contribute to expense reductions. In both good and hard times we need to have data to support what we believe is valued and essential work. Good data will provide support to a business case that demonstrates which programs, if eliminated or gutted, would reduce protection below an acceptable threshold of risk. Your metrics need to support the concept that cost reduction efforts that fail to discriminate between programs that provide clear risk reduction results versus less productive activities will add to cost rather than reduce cost of doing business.
Regardless of the state of the economy we demonstrate value when we enable the business to do what would otherwise be too risky. Consider what programs you now have in place that clearly address the specific risks you have identified for your company while implementing a contraction strategy. Then consider how you propose to address the currently unaddressed vulnerabilities that could be exploited, including the greatest threat during this stressful time -- the disgruntled and knowledgeable insider. Working with your HR and other business unit colleagues develop a protection strategy to mitigate potential threats based on the data you have gathered on the ability of your safeguards to detect and respond to likely risk events.
Answer provided by George Campbell, Security Executive Council Emeritus Faculty.
For more information on metrics or measures that may be applied to reliably define and communicate the value security, visit our store at: