Foundations & Fundamentals: Asset Identification and Characterization - Part II

Leading effective teams is a perpetual challenge for leaders such as CSOs, CISOs, and all types of security managers. Building an effective team is vital in conducting a risk, threat, and vulnerability assessment. The essential task is to gather and join together all the appropriate skill sets—often spread out over several departments within the organization—to ensure that every business risk is addressed, so that the organization’s bottom-line objectives can ultimately be achieved.

But to build and lead an effective team, leaders must first understand the immediate environment in which the organization is trying to accomplish its objectives. Often, this immediate environment, which is usually the specific market that the company operates in, exists within a larger complex ecosystem of regulatory requirements, standards, economic pressures, ongoing business processes, customer-vendor interactions, and security threats and vulnerabilities, with all components interacting via a throng of technologies.

This complex ecosystem can be difficult to navigate, so for a team to succeed, the different levels of the organization must be on the same page. Executive management must be willing to listen and participate in the process. Team members must be willing to adopt a different approach to achieving success. And all stakeholders must realize that, while not every effort will be prosperous, setbacks provide a valuable opportunity for learning and improvement.

Our next building block in the process must be the formation of an effective team and who will be assisting in the risk analysis and assessment process. This often brings up the dubious question as to who is responsible for risk within the organization. The simple answer is everyone. Everyone has their part to play within this process – “the whole is greater than the sum of its parts.” In order to complete a thorough and comprehensive review and assessment, it is a necessity that a team mindset is undertaken because each person has their own particular expertise.

Total effectiveness of the team, each interacting with one another, is different or greater than their effectiveness when acting in isolation from one another. Therefore, that combined knowledge and experience should be able to identify assets, assign value, and prioritize level of importance so that the team can create a well thought out risk mitigation plan in the process. This will include the aforementioned Communication plans, Evacuation Plans, Crisis Management Plans, Security Facility Design, etc. It will further serve to address the unfortunately common aspects that have developed in organizations today such as child abuse, bullying and cyber-bullying, and bus safety to name a few. Within in this team roles and responsibilities will be established so that everyone understands their personal accountability to the team.