Corporate 'dashboard': Aligning security, operations

Risk is arguably the most serious concern and most powerful driver of change today in corporations. The tragedy of 9/11 certainly opened a new era of risk colored by a daunting reality that more and even more horrible terrorist acts are possible. The self-destruction of several large U.S. corporations has also opened the eyes of chief executive officers and boards of directors to huge risks triggered by probably reckless financial strategies or deliberate malfeasance - or a combination of both.

Well below those headlines, and often making no headlines at all, is the mundane world of workplace crime and violence, online identity theft and other cyber crime, cargo theft and seemingly endless litigation. Such problems cost companies billions in losses as well as legal expenses, settlements, insurance premiums, reserves and management distraction.

I recite this litany of risk and loss not to paint a bleak picture of corporate America, but to suggest that today there are not too many issues on the minds of CEOs and other top executives (now called the “C-suite”) that do not sooner or later require corporate security’s involvement. The world of the corporate security director - who is now often called chief security officer - has radically changed. However, the concern and debate is whether or not corporate security has available the types, amounts and quality of information required for C-suite executives to make decisions relating to the security and safety of their employees and property.

In this regard, corporate security has a lot in common with most other corporate functions. Data collection, access and analysis is the Achilles’ heel of many corporations, even those with large IT staffs. CEOs grimly say they are uncomfortable making “bet the company” decisions based on incomplete and/or old information. Information silos in terms of divisions, departments, and subsidiaries not being able - or willing - to share data is a chronic management roadblock.

It is a positive trend that top management is taking the lead to champion “enterprise information management.” Thanks to networked reporting systems and data warehousing, sophisticated “number crunching” can provide concise, frequently updated management reports - often available via a few keystrokes on the CEO’s notebook computer. These information “dashboards” act almost like early warning systems that give the C-suite the power to take action sooner rather than later to address negative trends and risk.

An emerging imperative - and opportunity - for today’s CSOs is to take the lead to design and then partner with their company’s IT department to build security, threat and risk dashboards for their company’s top management. Building a usable and reliable security, threat and risk dashboard is seldom easy, but it is an investment of resources that can generate a huge ROI over many years. This dashboard typically combines front-end software tools with a central corporate data warehouse. It integrates readily available external crime, threat and risk data, with a company’s own incident and risk data. Most organizations already have much of this data, but it is decentralized in other departments and almost certainly under-utilized.

A security, threat and risk dashboard would include:

- Geographic crime vulnerability combining raw local police and FBI crime statistics with various socio-economic data.

- Threat proximity identifying terrorist and crime targets, healthcare and law enforcement resources, and nearby transportation arteries, as well as linking that information to an organization’s crisis management and business resumption plans.

- Crime and safety incidents, not just logs of crimes and accidents, but analysis of key factors such as incident type, location, time of day/week/season and total costs of each incident and incidents overall.

- Employee data, including pre-employment background screening data; reported workplace crime, safety, threat incidents; and logs of employee hotline calls.

- Homeland security information interfaces providing for the integration of company, regional, and industry threat and risk data.

One immediate value of such a dashboard is the ability of the CSO to interact with top management to make informed decisions not just reactively but proactively. This is the essence of data-driven security and risk management.

Jon Groussman is president and chief operating officer of CAP Index Inc., a crime vulnerability and loss prevention analytics and consulting firm. He can be reached at jgroussman@capindex.com