Sunday, July 12, 2020

Incident Response: Leadership of Security Risk Professionals...

Leadership of Security Risk Professionals (LSRP) begins with a thorough understanding of the current state of the “Organizational Pulse” of the corporation.

Global Enterprise Business Resilience does not just happen overnight, after the CEO sends out the first Crisis-based e-mail alert.

It happens because the Organizational Pulse of the respective silos of responsibility, have been actively learning for years about their People, Processes, Systems and External Crisis Events.

Simultaneously, as the leaders of the Security and Risk domains within the enterprise “Ask”, “Listen”, and then “Clarify” or “Verify” vital information, the organization learns.

Global 500 public organizations, small private businesses and non-governmental organizations have true stories and cases that are considered a security risk crisis.

Confronting a crisis and incident response in one organization will be completely different at another, based upon the type of organization, number of employees, geographic locations and their senior executive process for dealing with a significant disrupting event.

The following question was asked at “Company A” and the top answers were:

What are the top five incidents/events that could cause a significant crisis within your organization?

  • 
Fire or Flood
Violent weather/damage to facility
  • Workplace violence
  • Industrial accident
  • Terrorism
"When the question was asked a different way, to a different group at the same company, the results were even more telling:"
What are five incidents/events that have caused your organization significant crisis in the last three years?
  • 
Counterfeit products or major disruption in the supply chain
Alleged ethics violation of Foreign Corrupt Practices Act (FCPA)
  • Geopolitical unrest in key overseas markets
  • Extended loss of personnel at a manufacturing plant due to COVID-19
  • Data Breach/intellectual property theft by a nation state
Senior executives charged with a “Duty of Care” in todays global enterprise, require new thinking, enhanced skills and relevant solutions to improve crisis leadership.

What is your current readiness factor for the potential of environmental or natural disaster, supply chain disruption, economic espionage, ethics scandal, data breach, employee kidnapping, sabotage, terrorism, workplace violence and other legal risks?

For example, the HR recruiter is more focused on the security risk of hiring a person with a criminal record of violence and substance abuse problems. The Chief Security Officer (CSO) is more focused on the physical and information security of facilities and the Chief Operating Officer (COO) may be more focused on daily operations and securing the resilience of the supply chain.

Throughout the enterprise the functions of physical security, information security, legal and financial liability have all become specialized and these same security risk professionals, have become subjected to the potential for a blindside incident.

“Leadership of Security Risk Professionals” (LSRP) is for industry practitioners to “Cross the Chasm” of crisis leadership...