When developing a master plan, security managers should consider strategic objectives that have proved to be effective in the past:
1. Prevent and mitigate disruptive events through increased domain awareness.
The ability to recognize and then mitigate emerging threats, both natural and man-made, can be enhanced through a variety of initiatives. Surveillance systems, credentialing programs, access control technology, and decision support tools can significantly enhance risk management functions.
2. Develop and sustain a culture of security and preparedness.
Making certain that a security strategy includes clear, unambiguous guiding principles and objectives will contribute significantly towards cultivating a security culture.
In order to focus resources on the most relevant security challenges, managers must guide their enterprises away from the notion that security spending is only an expense to be minimized. To develop a culture of security, master plans should support security initiatives as an investment, not an expense.
3. Leverage technology to enhance and optimize security posture.
Positioning a business to take advantage of all available technology resources, including emergent breakthrough solutions, provides security managers with open access to critical resources that can have a force multiplier effect.
4. Protect lives, critical infrastructure, and key resources through training and exercises.
Training and exercise programs continue to provide a good return with regard to risk mitigation. Developing a standard training program, based on security best practices, is key to optimizing security posture and increasing security awareness.
5. Enhance the ability to respond to and recover from a security incident.
Risk cannot be eliminated, only managed, and no security program is foolproof. Security command and control centers, data management and information sharing capabilities, and technology tools that facilitate decision-making all contribute towards the response and recovery process.
6. Commit to continuous, incremental improvement to meet an adaptive threat.
Security initiatives should be managed on a continual basis. Security professionals should aggressively pursue investments and initiatives that optimize their security posture, and provide a positive return on investment.
An effective master plan requires that existing security capabilities and resources are directly aligned with strategic objectives. Participation and buy-in from relevant stakeholders is essential.
By focusing on continual, incremental improvement, any firm can develop a solid foundation for responding to security incidents.