Maybe you’re a Security Professional, or maybe you’re just someone who doesn’t want to get your credit card stolen, or get shot walking out to your car at night. Either way, There are a few basics you need for an effective Corporate Security Program. Whether it’s a hospital, a big box store, or a local government agency, or one of the Fortune 100, these Basic Corporate Security elements are essential:
1. Start with a baseline Security Risk Assessment – for both IT Security AND
corporate or physical security. (You can’t improve if you don’t know where
2. Get a plain or fancy Incident Reporting program and start recording and
categorizing ALL security incidents, whether they are related to theft, violence,
natural disasters, Ebola, or active shooters. This gives you the power to stay
on top of new, emerging threats (the ones identified in the security risk
assessment), and make frequent adjustments based on real-time information,
also known as data-driven security.
3. Review and Update your Policies and Procedures to address what’s
changed in the environment. P’s and P’s also add the power of COMPLIANCE
ENFORCEMENT to the security enforcement. This increases security’s
visibility and importance to management.
4. Create Security Awareness among the staff members. You have two
eyes, but if you add in the employees, you have 1000 eyes or more. Eyes
that know what to watch for, how to report escalating incidents early, and
staff members who can improve their personal safety through situational
5. Mandatory annual Security training for all employees. Staff members
need to get the latest information on reporting, information protection, how to
physically protect themselves, and patients, students, customers, visitors and
everyone else who enters your facilities. Many information breaches start
with a theft of a laptop, something that could totally be avoided with
6. At the end of the first year, do a second (and annual) security risk
assessment so you can measure improvements in awareness, in
implementation of critical controls (I have a list of 75), and changes
in the threat profile.
These steps create an annual cycle of Continual Improvement in the
security program, based on fresh evaluation, which also turns out to very
cost effective and informs management about which controls have the
‘best bang for the buck’.
For more information and the matching white paper, send your request to: