Good security risk management begins with a master plan — a vision of the security department, its roles and responsibilities, and the overall concept of the organization.
Today, a strategic master plan is a necessity. Unfortunately, the level of financial commitment from executive leadership is quite poor and security is still largely viewed as an operational cost. Singapore is relatively safe and usually most companies keep procrastinating on spending on security. The result is a mixture of new and old systems performing at varying stages of their useable life cycle. In most major organizations, Data Centre Software is licensed and updated frequently to allow employees to utilize the latest features they require to perform their duties at the greatest level of efficiency. Gaining support from leadership to bring corporate security into a reasonable life cycle management program is often extremely difficult, yet is critical to the success of a long-term security technology strategy.
Step 1: Define a gap?
Creating a Security Master plan is similar to building a bridge. A bridge can be useful when many people are trying to get across a wide gap but can cost a lot of money not just to build but to maintain. What gap justifies a bridge being built? In each organization, a clear gap should be defined between the current operating environment of the corporate security program and the type of environment wherein service level expectations can be not only met but can be exceeded in strategic areas that will benefit the overall enterprise.
Step 2: How wide is the gap?
We ask this question because we need to understand how long the bridge will be to get across and the type of bridge most suited for the gap. An assessment of the current state of the security in an organization is required. You’ll be surprised to find in some large home grown organizations many issues are discovered such as:
Multiple access control / intrusion detection technologies in use and a lack of integration.
Equipment far beyond its useable life cycle
A variety of CCTV platforms and systems installed with some IP based and other parts of building using legacy equipment.
Security policy documents and SOP binders stored on shelf with no one in the organization understanding who it’s meant for.
3rd party security officers with proper training but no direction in the organization they are securing.
Step 3: What type of bridge to build?
So you know how wide the gap is. You know how long the bridge should be. Now comes the planning. What type of bridge to build and across which parts of the gap? The crucial step to effectively bridge the gaps identified is the development of a detailed Security Master Plan. No bridge has ever been constructed without a detailed plan which is also applicable in the construction of a “virtual bridge” within a security organization and should be approved by all key stakeholders. The master plan for a physical bridge will address every necessary element to ensure maximum functionality as well as durability.
Technology + Integration Selection
With professional technical consultative assistance, the first step in this process can be a Request for Information (RFI) process to survey potential suppliers of technology and integration services. In the selection process, a questionnaire listing the features required (and desired) by the security organization should be developed and sent to each segment of the industry that manufactures the products under review. This process should include presentation of each manufacturer’s company profile, ability to meet the project requirements, their future technology road map, and their support program for their distribution network. Utilization an unbiased third party technical consultant will assure a high level of success during this critical phase. Once the responses to these questionnaires are received, reviewed and ranked, the short list of acceptable manufacturers will emerge.
Rollout + Implementation Plan
A typical technology rollout will begin with the provisioning of the Global Security Operations Centre (GSOC). This facility will serve as a central location for all system provisioning, programming and monitoring. Regional Centres may be inculcated for localized monitoring of assets that are geographically dispersed. These Centres, if configured properly, can act as back-up facilities for the GSOC. Use a selection process that is familiar to key stakeholders to select a suite of technology that meets the needs of the enterprise and “feels right” to each member of the selection team.
Optimization: Successful Long-Term Operation
The implementation of a new level of security technology will only deliver its ultimate investment potential when the new platform is integrated with a team of operational professionals dedicated to excellence in the delivery of security services. This team needs to be empowered to operate at maximum efficiency.
Step 4: How much will the bridge cost?
So you know what type of bridge to build. And you know the cost of operating the bridge. Critical budgeting considerations for the GSOC include adequate capital to cater for every physical element including hardened building design, multiple points of access and UPS / generator power backup. Expense budgeting items will include adequate staff to provide monitoring / dispatch duties along with supervisory staff to provide training and oversight during the management of critical incidents. Network and telephony infrastructure need to be planned to enable successful primary operation of the GSOC and the ability to transfer operations to a remote monitoring facility in the event of an emergency.
Step 5: Will anyone pay for it?
A lot of companies see security as an operational cost. But if you can effectively justify how implementing certain security measures can save costs or even better generate revenue well half the battle is won. You’ve got money to build your bridge. A suggestion would be to also include a “Do-Nothing” option and explain to the clients how not doing anything will result in more costs in the future etc. Explaining this to potential clients would not only make your services an option but a basic necessity that should be added to their main yearly budget.
Master Planning Is a Journey
Embarking upon a Master Plan initiative can be a rewarding and exciting journey of discovery. Each Plan will become its own journey, and no two enterprises will follow the exact same path to success. By engaging us, the path that leads most clearly to success will be defined and all participants will be guided to a successful implementation having enjoyed the journey.