While a number of useful countermeasures are being taken across corporate boards, progress remains relatively slow in the face of borderline existential threats. Not so long ago, companies thought of cybersecurity as a technology problem to be overseen by the chief security officer or the chief information officer, or as a compliance issue to be managed with audit functions. Today, thankfully, a more holistic, proactive and analytical approach is generally taken. There is more security training and better hygiene and most boards now count a seasoned CISO as one of their directors.
I’ve written previously about the need to embrace our corporate or institutional culture and the language of business into enterprise physical security. All too often, we practical folks engaged in the day-to-day operations of our departments dismiss these concepts as superfluous or mere hoops to jump through to please some higher authority. As I’ve been known to preach about, regularly, is the need to market our services to our customers, both internal and external. One “corporate speak” method of marketing our work with the value added benefit of guiding our decision making is in the form of value statements.
