Security by Design – Access to Subject Matter Experts By Kent Howard

One of my favorite mantras is, “It’s hard to beat a man (or woman) at what they do for a living.” There are areas within most any given security program in which additional expertise is needed in order to plan, build, implement and effectively operate a security program. Though, you have to be willing to ask for help.

For larger organizations that have staff dedicated to security, this may just be some occasional managerial consultation or a program check-up. For smaller organizations or others that are not fully staffed, outside help can be a very effective means of obtaining access to subject matter expertise.

Following are a few areas to consider for using subject matter experts.

Consultants

As Security Technology plays an ever-increasing role, the expertise needed to design and execute an appropriate technology strategy may not be on staff. Consultants abound in the security technology space and can help with everything from simple project management of a security tool implementation effort all the way up to the development of a full security technology program strategy.

For smaller organizations that are not yet to the point of having a security staff, a virtual Chief Information Security Officer (CISO) and/or Chief Security Officer (CSO) can come in the form of a qualified consultant or “virtual” resource. The idea behind this is that the virtual – that is, part-time – CISO/CSO can plan and develop an appropriate security program without the expense of having this person on staff. Note: The term Virtual CISO/CSO is, seemingly, becoming more common and more consultancies are now advertising this service.

There are many other areas in which consultants can be used within security programs. These include, among others, the development of program standards or operational procedures, training, threat, and intelligence services, program strategy and planning, the development of services like crisis management or business continuity, etc.

Areas of Specialization

Workplace Violence Prevention is a topic that is probably best left to individuals or groups that possess the experiential capability to help manage this important area of risk. That is, you only get one chance to do things right during and immediately after an event. Inappropriate or out-of-touch responses can be damaging and, in the past, have cost good companies far more than monetary fees associated with lawsuits, etc. Corporate reputations can and have been impacted because of responses to unfortunate events.

Regulatory Requirements

The state of New York now requires financial services firms operating within their state to implement a cybersecurity program. One of the required elements is access to a qualified security specialist, whether this person is on staff or is a virtual resource. This is a great example of how outside expertise can be utilized.

Outsourcing

Without getting into a deeper conversation regarding the ins-and-outs of outsourcing versus direct hire, there are occasions in which contract services can make sense for various elements of a security program.

One common consideration is almost always the simple cost of hiring and maintaining a staff for a given function. However, security risk should be the primary concern and must be weighed against the rote response to simply save money.

A great example of this is the decision that one company made to maintain a hybrid security guard staff. Under this model, officers directly employed by the company are used during normal business hours when the security risk associated with people being present is highest. The contract guard staff then fills the hours that are outside of business hours – nights, weekends and holidays. In the end, there was some cost savings realized, but the security culture was maintained by having direct employees on patrol during business hours and the elements of security risk management were addressed.

Access to subject matter experts is an important component of a security program. Carefully weighing the options and keeping security risk management at the top of the decision tree will help ensure success.

via Technology & Innovation Articles on Business 2 Community http://bit.ly/2Nrcjq5

Advertisements

One thought on “Security by Design – Access to Subject Matter Experts By Kent Howard

  1. Pingback: Security by Design – Access to Subject Matter Experts By Kent Howard — Technopreneurph | HADMARS.NET

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.