A business or organisation needs to consider its overall strategy and approach to security which is often forgotten and not represented at the right degree of importance at Board level, this can mean that the solution is not valued, resilient, or indeed does not meet the overall business requirement – which gives technological security solutions a bad reputation.
In order to establish and explain the need and value of security, HS&S believe that the initial stage should be to define the requirement starting with developing an understanding at a corporate level within an organisation.
Typically we:
- Assess the business need for security: business drivers, reputation, asset base, business vulnerability, horizon mapping
- Developing a headline business plan and programme for security
- Set up of a security structure to meet the defined needs
- Develop methodologies to ensure that security is working – assurance to risk.
By virtue of this process, security can be better understood, and indeed underpin corporate business practice – it is at this point that its potential is realised.