Aligning Security and Company Risk – Lessons Learned from Others’ Mistakes
Excellent Lessons Learned from Major Incidents
There is a saying that no leader will live long enough to learn from their own mistakes, so great leaders learn from other people’s mistakes too.
As I was reviewing titles from the November issue of Security Management (an ASIS publication) and on the lookout for lessons learned, I came across the following title: Aligning Security and Company Risk
I clicked on the link and read an article that featured two major security/compliance incidents and what steps leaders from General Dynamics Corporation and Providence Health & Services took after major incidents occurred at their organizations.
The article really got my attention when I read the first paragraph:
After a major incident, companies often decide that they need to purchase new security products to prevent a recurrence of the problem. But sometimes the solution may be nontechnical: to better align security and business risks and to enforce existing policies.
The article offers lessons learned from two organizational leaders who realized their security, compliance and business management efforts needed to be better aligned and that no technology solution was going to “fix” their problems, gaps and weaknesses.
Are you organization’s security, compliance and risk management efforts aligned?
Does your organization have policies and procedures that help all appropriate personnel understand how your organization’s business processes are aligned?
Do all appropriate personnel understand their specific roles, responsibilities and obligations with respect to Security Management? Compliance Management? Risk Management? Reputation Management?
Does your organization need to modernize outdated, fragmented or manually intensive efforts that are making your organization vulnerable to expensive risks or a major incident?
In my experiences performing risk, vulnerability, compliance, safety and continuity assessments…most organizations can definitely learn from other leaders’ and other organizations’ mistakes sooner than later.
on November 30, 2009 on 5:59 pm
The goal is to create fluidiity in tracking of such incidents between worksites, situations and individuals. Having a secure centralized accessed repository is the key to managing and reducing potential incidents of workplace violence. Having a centralized retrieval system permits better data and information management as well as supporting documentation for prosecutions and admininstrative actions.