Electronic Books

Th is is a golden opportunity for security professionals to prove they are business managers
?¬? rst and security professionals second. It is the security practitioner??™s responsibility to protect the
company, but it is not possible or cost-e?¬? ective to attempt to mitigate all risk. Some risk, especially
with lower impact, must be accepted.
When going through this exercise, try not to limit the analysis within the con?¬? nes of the
department??™s current scope. Ask the tough questions, like whether the security department would
be the best place to perform other tasks currently provided by another department, and the converse,
whether another department would be the best place for some work currently being done
by the security department. Not everyone believes in the convergence of IT security and more
traditional security roles. Look beyond preference and bias and determine if the company would
bene?¬? t before ignoring it outright. As an example, what about background checks? A survey
in the Institute of Management and Administration??™s July 2006 edition of Security Director??™s
Report showed that 89 percent of companies responding had background screening conducted by
??’??’
Department-Level Transformation
87
Human Resources (HR) and not Security. One of HR??™s main functions is to bring people in, not
to keep people out. Keeping people out is something Security excels at, so which department is
better equipped to perform background screening?
Every company??™s experience will be di?¬? erent and it may take several drafts and about three
months, with about two to four hours of work a week, to complete.


Pages:
149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173