The ASIS Foundation has released a major metrics research report and security metrics tool.

Once the risk matrix has been populated, management must then prioritize the risks and determine which are the most critical to the viability, survivability and resilience of the enterprise. When that prioritization has been completed, various functions within the organization can be tasked to design the appropriate solution for the risk involved.

New this year is that all participating enterprises have the option to be included in the Security 500 rankings numerically or to be listed alphabetically. We have made this change to allow those concerned with numerical rankings to be included and recognized among the best security leaders in the world.

We share threat information throughout all areas of the organization, we coordinate response events, mitigating controls and we also report to our executive staff and regulatory group on incidents and events. My organization was formed to reduce reputational, financial, operational, and compliance related risks.”

Perhaps the most valuable learning from this panel was that there is not and may never be a “one size fits all” solution for our industry. While there are many economic and operational advantages to a single provider, there are also some risks associated with this model.

Constant vigilance in the marketplace is vital to understanding, responding to and mitigating incidents that can have a devastating impact on your enterprise’s brand and reputation.

Expert testimony before Congress warned that an electromagnetic pulse attack on our power grid and electronic infrastructure could leave most Americans dead.

The battle means that companies might be in danger of losing simply because they lack the manpower to deal with it. The battle means that companies looking for more security staff aren’t going to find them – they’re going to have to create them.

At the recent ISC West Conference and Exposition in Las Vegas, sustainable security solutions were both everywhere and nowhere. As a judge for the Security Industry Association’s New Product Showcase at ISC West this year, I had the opportunity to participate on one of seven judging committees.

Probably the most important first step an organization should take in developing their BCP/COP program is to conduct an inventory of all of the enterprise’s processes, assets and resources (PAR). No one has the time or resources to boil the ocean, so once the inventory has been completed, the next step involves prioritizing the PAR list from the most critical to the least important.