Hi-Tech Security Solutions Hi-Tech Security Solutions
Follow us on:
Follow us on Facebook  Share via Twitter  Share via LinkedIn
   
 




















 

The changing role of the security manager
March 2011, Enterprise Solutions

Hi-Tech Security Solutions spoke to three industry players about what they believe the impact of security is on different designations, such as HR, IT, safety/security, operations, risk, facility managers, financial director etc. Points such as how risk management and security will change the job descriptions of these traditionally non-security roles were raised. This article also looks at how the job of the traditional security operations manager is changing.

In pursuit of greater professionalism and increased technical competence it has been necessary for security managers to cease being solely concerned with loss prevention. For example, the role of the security manager has broadened to include knowledge of pertinent and topical matters such as the law, health and safety, fire prevention, security survey and risk assessment, business continuity planning, and crisis and disaster management.

Kevin Monk, technical director at Bidvest Magnum Group, said that he has seen a growing interaction between the security manager and the HR department at his clients. “This can be attributed to the fact that biometrics and identity management control have become so prevalent in access control. In integrated security solutions, companies now offer a time and attendance approach, which is a perfect example of the synergistic cooperation between security and HR.

“Time and attendance is applicable to every staff member entering the company’s premises but due to protection of personal rights, obviously the fingerprints can only be used for internal use.

“By involving shop stewards and the unions in the whole integration process, security managers are also increasingly involved in the legal side of the business since they need to be aware of the laws surrounding protection of information and identity. This will become more prevalent, not only for internal (staff) security, but also for access control for customers and suppliers as the Consumer Protection Act comes into effect,” he added.

Chief operations officer at Ideco Biometric Security Solutions, Marius Coetzee, said his company had undertaken an analysis of a number of major players in the security industry a few years ago to determine the benefits a secure visitor management system can bring to the various departments within an organisation.

“What we discovered was that assurance and accountability is the product of an increased focus on risk and compliance. The effort of risk management within any organisation therefore has a broad impact on the organisation.”

Coetzee pointed out that some of the results derived from this analysis included the impact on the financial department whereby the bottom line is increased through an investment in an access control infrastructure that prevents risk of losses and liabilities arising from unauthorised access. “We also found that companies benefited from the security department working closely with the HR department to ensure that all visitor information was gathered in compliance with the Occupational Health & Safety (OHS) Act.”

With regard to the IT interface, Coetzee said that there were great benefits to be derived from integrating company IT systems with existing electronic access management and appointment systems. “In short, by developing an open line of communication between the various departments and ensuring a basic understanding of what each department’s expectations are from a security and risk perspective, a complete enterprise-wide solution for managing visitor information is developed.”

What has security got to do with it?

Monk said that the role of the IT personnel in security issues has changed somewhat with the shift to IP-based peripherals. “We find that when we sell an integrated solution into a company they generally allow the IT personnel to have the final say because of the IP capabilities.

“This can be problematic if the IT personnel are not stringent in securing their entire IT solution, so there is a great need for communication between the security department, the IT department, the HR department and management to ensure across-the-board compliance and risk management. Ultimately, risk should be determined by the risk manager in collaboration with management.”

Risk assessment, simply put, is a means of having a degree of certainty about the future. Therefore, as decision makers, security managers have risk assessment available as a tool which allows them to make informed decisions. “The security or risk manager can add benefit to the overall equation by becoming more familiarised with IP solutions,” Monk said.

Teryl Schroenn, CEO of Accsys, said that another issue that needs to be considered with regard to the role of IT in security is the ready access to people’s personal details. “Whenever you apply for credit or sign up for a service you are required to provide your ID number or date of birth.

“With the advent of the electronic era this has presented its own set of unique problems, not least of which is the issue of passwords and pin codes. Research indicates that the majority of people use some form of their birth date as a means of accessing private and sensitive issues, so it does not take much effort for an opportunistic hacker to compromise your privacy.”

Two other problem areas, according to Schroenn, are the downloading of information from a PC or laptop onto a portable USB stick and the accessibility of information via social media such as Facebook. “How difficult is it for you to leave a facility with your flash stick? How do companies control this potential theft of information from a company’s database? Companies really need to implement layered security access in terms of who in the company is allowed access to certain sensitive information. However, unless this is carefully monitored it will have little value.”

Schroenn pointed out that IT security is evolving into more of a business-level discussion. “To date, IT personnel have been given a high level of access to information that should ideally be for management eyes only. In many cases this could be due to the ignorance of the operability of IT systems by anyone other than an IT specialist. This is why management and security personnel involvement in the security of IT systems needs to become more of a pressing issue.

“What we typically see is that a number of companies have a closed circuit with regard to access to personnel data, but the loop seems to break when financial systems are concerned. This is obviously an issue that needs to be addressed as a matter of urgency and the security manager could play a big role in helping to plug the holes,” Schroenn said.

With regard to Facebook, Schroenn said that the younger generation are not always cognisant of the risks posed when entering personal information onto their Wall. “However, unless they acknowledge that this information is in the public domain, they will never regard it as a high risk pursuit. Companies need to be aware of the high risk level introduced with careless Facebook behaviour by employees.

“A major challenge is that there are widely variant perceptions of what is acceptable in terms of information sharing. The primary driver for me is that there needs to be more effective communication between the security department and other company role players,” Schroenn added.

Enterprise-wide consultation

Monk believes that because companies are moving towards totally integrated solutions in terms of all their IT requirements, enterprise-wide consultation will definitely be key to success. “The individual departments need to motivate their IT security needs in terms of human rights and legislation compliance and the financial department needs to buy into the programme by seeing the budgetary benefits outlined by a more secure system.”

In today’s complex, interconnected world, protection of information assets has become a core corporate function that must be addressed at the highest levels of the organisation and not be regarded as a technical speciality with accountability relegated to the IT department.

Right at the bottom of the list, where the emphasis with respect to security should be placed, is allocating security to a specific role, which drives home the point about needing to see the security manager’s role as one piece of the puzzle.

It seems that security managers have little choice but to go beyond the simplistic loss prevention role and develop additional skills. These skills add to the competence of security managers to fulfil their role in the modern world and would include knowledge of the basic workings of the various interrelated departments in a company.

The question we need to ask is that, with other company departments becoming increasingly involved in security, does this mean that we will see the demise of the security manager? The answer would seem to be that the importance of the specialist roles, either in security management or in a security or risk management advisory capacity, is not going to diminish in the conceivable future. What is probable though is that the role of the security/risk manager may evolve into more of a facilitating capacity with regard to enterprise-wide security.


  Share via Twitter   Share via LinkedIn      

Further reading:

  • Residential estate security a mixture of people, processes and technology
    May 2014, Technews Publishing, Residential (Industry), Enterprise Solutions
    Hi-Tech Security Solutions hosted another Executive Breakfast in March, this time in Cape Town, focusing on residential estates. Sponsoring this event were Castle Access Control Systems, Centurion Systems, Comb Communications, Elvey Security Technologies, Powell Tronics and VixNet.
  • A building on your smartphone
    May 2014, Technews Publishing, Enterprise Solutions
    Simplicity and auto-discover: coming to a BMS near you soon. Have you talked to your air conditioner lately? Hi-Tech Security Solutions asked a couple of BMS vendors for their thoughts on the current state of building management systems.
  • The rise of Web Intelligence
    April 2014, Enterprise Solutions
    Web enables you to take unstructured data and monitor and analyse the chatter in order to gather intelligence and in turn identify a specific threat, target, or trend.
  • The future of security is information
    March 2014, Camsecure, Enterprise Solutions, CCTV, Surveillance, Access Control, Fire & Safety, Perimeter Security, Alarms & Intruder Detection
    Ten years on at Camsecure and we see information gathering as the next evolution of the surveillance systems. Camsecure has always been a supporter of event driven system philosophy stating that the ideal ...
  • First SSD+HDD dual drive
    February 2014, Products, Enterprise Solutions
    Innovative 2,5-inch drive pairs 120 GB SSD with 1 TB hard drive to deliver maximum performance, data control in ultimate upgrade for notebook, AIO, single-drive bay systems.
  • ZKTeco becomes a full enterprise solutions provider
    January 2014, ZKTeco, News, Enterprise Solutions
    Over the past decade ZKTeco has established itself as the market leader when it comes to pioneering new and innovative biometric security technologies.
  • Aesthetics and functionality
    January 2014, Elvey Security Technologies, Enterprise Solutions, Residential (Industry)
    Elvey recommended the DSC intruder detection system, which fulfilled the developer’s requirements perfectly. The DSC wireless alarm system took less than an hour to install eight zones in a unit.
  • Energy management reduces costs
    January 2014, Powell Tronics, Enterprise Solutions
    e-Green automation is a fully integrated building management system aimed at optimising energy efficiency in order to reduce electricity consumption and costs at a price which puts it within financial reach of most companies and residences to reduce and manage electricity demand.
  • Comprehensive fire and security installation offerings
    January 2014, Firetech Projects, Fire & Safety, CCTV, Surveillance, Access Control, Enterprise Solutions, System Integration
    Firetech Projects is one of the leading systems integrators of fire detection and suppression, access control, CCTV, evacuation and building management systems.
  • Giving a voice to evacuation systems
    November 2013, TID - Technology Innovated Distribution, Enterprise Solutions, IT infrastructure in security, Transport (Industry)
    Airports, railways stations and bus depots are highly vulnerable areas in terms of passenger safety and security. One of the biggest issues faced within these large environments, where thousands of people are constantly moving around, is the adequacy of a suitable loudspeaker and evacuation system.
  • Customer-centric mission in ­integrated solutions
    November 2013, Tyco Security Products, Enterprise Solutions, System Integration
    Reputed to be the world’s largest pure-play integrated fire and security solutions company, Tyco has perfected its high-tech one-stop-shop philosophy.
  • All-in-one fleet management
    November 2013, MASS, Asset Management, EAS, RFID, Enterprise Solutions, Transport (Industry), Products
    Two factors play a large role in the profitability of company fleets: theft of vehicles with or without cargo; and misuse/abuse of vehicles. Hi-Tech Security Solutions looked at a system that offers a complete fleet management solution from Management and Supply of Security Solutions (MASS).

 
 
 
Search...
Hi-Tech Security Solutions Business Directory


         
Contact:
Technews Publishing (Pty) Ltd
1st Floor, Stabilitas House
265 Kent Ave, Randburg, 2194
South Africa
Publications by Technews
Dataweek Electronics & Communications Technology
Electronic Buyers Guide (EBG)

Hi-Tech Security Solutions
Hi-Tech Security Business Directory (HSBD)

Motion Control in Southern Africa
Motion Control Buyers’ Guide (MCBG)

South African Instrumentation & Control
South African Instrumentation & Control Buyers’ Guide (IBG)
Other
Terms & conditions of use, including privacy policy
PAIA Manual
         
    Mobile | Classic

Copyright © Technews Publishing (Pty) Ltd. All rights reserved.