This one question comes up repeatedly during MOST Security Conferences – “What’s the easy way to Define Security’s role?” Am here to tell you that there is no easy or consistent answer to this question.
“To protect people, property, information, reputation, etc.”
Many times, the principled answer to this is given : “to protect people, property, information, reputation, etc.” But is that really the answer to what the role of Security is? If so, then consider the following decisions:
- how much to budget?
- what tools and resources would be needed?
- how quickly they would need to be implemented to protect those assets?
All the above would be Security’s decision if the role of Security is “to protect people, property, information, reputation, etc.”.
A simple conversation with your colleague or Security person will bring up the fact of security’s lack of resources indicating that this isn’t the case.
The True Role Of Baltimore City Security Guards
So, if we don’t have the ability to make these decisions, what then is the true role of security?
This is fundamentally a critical industry question and, I have known experts struggle with this for a long time. Knowing security’s role is important because it can brings purpose to daily security activities, help develop a working philosophy, can drives strategy, etc. That’s true for not just security companies, but anyone in the organized industry world, at any level.
“To Manage Security Risks” – Baltimore City Security Guards
At other times, when the question, “How Would You Define Security’s Role?” comes up, the answer given is “to manage security risks.”
I believe this gets us a bit closer. If that’s the answer, then using general risk management practices (such as ISO’s 3100 International Standard on Risk Management) as guidance, security would be delivering proper governance structures with clearly aligned roles and responsibilities, understanding asset prioritization, aligning and capturing risks to risk registers, and fleshed out a security risk tolerance level throughout the company that would drive security reporting.
The answer, “to manage security risks” aligns better with the business, and contributes more correctly even at the strategic level of structuring a business.
To sum up, I don’t really think the question of what security’s role is a complicated one. Let’s use this as food for thought. So, what do you think? …what is the role of security in your industry? What is the role of the security department? Would your colleagues and business partners have a consistent answer? It’s different than the mission statement and different than then describing the role by pointing out tasks that have been assigned to Security roles. It is a question we should have an answer to.