The BUSINESS and SECURITY circle
Talking about Security and Business cycle, required to understand something: Our time has a significant amount of changes in the areas of Security and Businesses, new terms appeared in our vocabulary or made a twist in the significance, we are moving on a fast pace environment connected with New Technologies, Globalization, Emerging Markets, Corporate merges or Joint-Ventures and so on.
In this new scenario, Six terms have a preponderance for Security professionals worldwide:
- Risk Management
- Project Management
- Business Continuity
- Business Intelligence
- Business Analysis
- Digital Transformation
I will explain each one and the co-relation with the others but let me be clear, in the end, we are talking about the basic concepts:
Security and Business, the producción, manufacturing or service delivery, with quality, high revenue and always inside parameters of minimum exposition to the risk, internal or external.
Usually accepted as the “identification and evaluation of any threat to the organization, the adequate design, and implementation of the risk reduction plan and the subsequent resilience project.”
How any organization would conduct their activities in the absence of security? hardly if not impossible, risk has to be addressed, avoided, reduced or transferred. Every human activity has inherent risk, no matter what we do, we are exposed to risk, human-created or natural, for this reason, the companies, governments, NGO’s and wealthy families, are requesting the services of professionals with the right expertise in security and intelligence.
According to the Project Management Institute (pmi.org) he PM is “is the application of knowledge, skills, tools, and techniques to project activities to meet the project requirements. Understanding a Project as a temporary activity in that it has a defined beginning and end in time, and therefore defined scope and resources.”
Again a project requires a safe environment to progress and deliver the product according to the planned path, the management of risk affecting to the project is a key point for the success, what to do it a computer fails? what if the executive is kidnapped? what if the information is leaked to the competitor?. Those are some easy question to write during the PM design, but difficult to implement if you are not an expert in Risk Management.
Not a single project could be delivered without the correct analysis of risk and the influence in the results.
If we follow the information from the BCI, (bci.org), the “Business continuity is about having a plan to deal with difficult situations, so your organization can continue to function with as little disruption as possible”.
The ISO 22301 is the Bible of the Business Continuity, a set of standards related to the best practices in this field, companies, and organizations must be certified and even most important, keep serious maintenance and updated program about the implemented actions.
The major problem with the ISO standards is the expertise of those in charge to design and implement the program, minimize the impact of disruptive incidents is the essential part, over the strict following of the recommendations, to get certified is important, but the expertise is even more.
The company Gartner, define the BI as “Business intelligence (BI) is an umbrella term that includes the applications, infrastructure and tools, and best practices that enable access to and analysis of information to improve and optimize decisions and performance.”
Most companies understand the BI as a tool directly connected with the analysis of market and competitors, however, a second review will deliver different results, such Control Risks firm in his web which include political and security issues to consider when we talk about Business Intelligence. Personally, I’m closer to this perspective, BI can be done trough Big Data tools, but political forecast o strategic scenarios are a must.
Wikipedia in his entry about BI said: “Business analysis is a research discipline of identifying business needs and determining solutions to business problems. Solutions often include a software-systems development component, but may also consist of process improvement, organizational change or strategic planning and policy development”.
Organizations conduct analysis to better decision making, the research can be done in different ways and with a variety of tools, but this decision making is affecting the Risk Management, for example, if the firm agrees to start operation in a high-risk location, a new security and resilience plan will be needed or adapted.
The website enterprisersproject.com has an interesting definition: “Digital transformation is the integration of digital technology into all areas of a business, fundamentally changing how you operate and deliver value to customers. It’s also a cultural change that requires organizations to continually challenge the status quo, experiment, and get comfortable with failure.”
And is this integration of new digital technologies, the connection point security/business, not only in the classic view (we have to replace the old analogical cameras by a new IP CCTV system with AI) but in a different sense.
You as CSO in a big corporation would be required to manage the risk associated with a new device or service involving digital technologies, from an electric car to a new App or Secure communications system.
Not to mention the natural evolution into AI managed security services, Corporate Fusion Centers or the management of a Kidnap & Ransom situations involving Cryptocurrency payments.
At that point, probably it’s clear to the reader, the direct link between all those concepts, in many cases difficult to split into separate categories, because in fact, all those disciplines have the main values of Security and Busines.
The Security Managers in this Century, are forced to work and navigate from one activity to the other because all of them are part of the same mainframe: Security maintains the business operating, without security, business it’s a suicide… but Security without business is nonsense.
Our job in Security and Risk Management is simple, we just need to apply the technical knowledge, coordinate and deploy the ISO31000, ISO22301, ISO14000, ISO 27001, ISO45001, fight against Fraud, counterfeits, perform the activities inside the Legality and GDPR regulations, design and implement the adequate action plan, about Risk Management to maintain the operations of the organization on time, with excellence and risk free, in order to achieve the business targets and deliver the product or service on time… easy, very easy… or maybe not and we need companies with a pool of experts.