Security functions are scattered among a trio of corporate "silos": physical security forces, security personnel in information technology units, and risk management executives. Many firms are finding it difficult to effectively coordinate and control urgently needed security activities among these departments, with many major decisions made by middle managers.
The primary responsibility for keeping companies secure is divided among employees responsible for protecting people, goods and facilities, protecting company data and communications networks, and protecting company finances. Managers in these three different company units have distinctly different backgrounds and differing degrees of authority and prestige in their companies. Often, they do not communicate readily with each other.
Physical security specialists are usually recruited from law enforcement agencies and the military and are trained to respect authoritarian command structures. Security units in information technology departments are embedded in the overall IT structure, where innovation and privacy are often admired. Risk managers have financial backgrounds and are largely responsible for maximizing corporate returns, minimizing costs and avoiding losses.
These three units also have different reporting relationships. Physical security is often lodged in middle management and reports to operations managers at the business unit or facility level. Risk management is run by actuaries who generally report through a chain of command to chief financial officers. IT security is vital to all areas of global companies since it manages day-to-day operations.
Despite the widespread differences among these three departments, they have many common denominators. The key to improving corporate security is getting all three areas to cooperate to assure that security is an integral part of the company's overall mission, the board reports.
