Welcome back! I hope you are finding this series informative and useful in developing your approach to Security Risk Management. We have covered quite a bit of ground and we are getting to the heart of this series. This blog is primarily looking at risk concerns and tools to address them, but also watch for your September issue of Security magazine. I have an article there challenging the notion that “enterprise silos” are always a bad thing and discusses how the Security Systems Management Platform can help bring unity to the enterprise. As soon as the digital version is available online, I’ll provide a link to it.
So let’s look at some specific risks and see how the Security Systems (or Enterprise Security) Management Platform can help prevent sleepless nights.
The Human Factor – On this subject, I am not talking about malicious activity but rather errors, omissions or compliance issues related to manual data entry and administrative processes. If you look back at the list of key concepts to the SSMP, most of them deal with approaches to reduce the human factor or provide means to ensure proper engagement and accuracy. The SSMP not only guides each activity but validates key data points along the way to ensure effective completion. Additionally, by tying employee resources and privileges to roles, a change in position or termination will automatically adjust or remove privileges because of the integration with HR systems, and notify the appropriate managers. The SSMP addresses Regulatory Compliance, Corporate Governance, (following business practices to meet company and management objectives) and tightens up security control by ensuring physical and intellectual property are only accessible to those approved.
Insider Threats, Employee and Contractor – These threats can be difficult to catch because the perpetrators exploit vulnerabilities through their knowledge of systems and practices. An effective solution to this issue is the ability to close those vulnerabilities with the capabilities of the SSMP. It is not that you can’t run a tight ship without the SSMP, but it can be the means to help manage and audit those processes. The additional capabilities it can provide are those of operational analytics and user activity monitoring. Operational analytics is the ability to perform audits across multiple systems to identify conflicting activities. User activity monitoring identifies deviations in a user’s routine and invalid activity attempts to create a “risk score” which can notify management at a threshold level. Many times, because contractors can be more administratively intense, they are not managed as tightly as employees for access privileges. Through contractor management processes, the SSMP can ensure contractor personnel only have access and resource privileges when and where they are needed.
Theft of Goods or Assets, Physical and Intellectual – Theft related risks are reduced by the Security Systems Management Platform because of tight integration across all security systems. Surveillance is heightened when information is shared and correlated to create a bigger picture of the enterprise landscape. Some conditions can be automated to alert staff when specific circumstances arise, such as staff presence at one location, when their logical access shows they are at a different location. When operating a Security Operations Center, the more supporting data you can provide operators will help them be more effective. The SSMP notifies operators of critical events and provides visibility to all available surveillance information, a knowledge base of past and current conditions, and directions for response activity. Security will always be about surveillance and the SSMP leverages all systems to create a unified, enterprise approach.
While we haven’t touched every risk or expanded these applications to their fullest potential, I hope it has demonstrated the benefits of a Security Systems Management Platform and how it is able to augment all aspects of enterprise risk management to achieve unsurpassed capabilities. Yes, there is a cost and time investment to establish an effective Security Systems Management Platform, but the payback can be significant not only in risk reduction, but also cost reductions through labor savings and prevention of compliance violation fines.
We are winding down in this series, but I have one more topic that I believe is critical to include in this discussion. The effective operation of security systems includes a product life-cycle management program. I’ll discuss what that involves and how it benefits overall security operations next time.
Don’t forget to watch your mailbox for the September issue of Security magazine and check out my article “Why Security Silos Are the New Unifier.”
Click on the Home link at the top to see the previous blogs.