Emphasising security's strategic value in business

October 2002 News & Events

Security is not a separate entity. Rather, in order for any security programme to succeed, it should form part of a company's holistic business plan. For the most part, this can only be achieved if those charged with the task of implementing security policies have the support of their colleagues in other areas of business such as the finance manager or the IT consultant.

However, often a security manager may go about the wrong way in trying to get his peers or employers to understand security policies. As author and security consultant Carl Roper points out: "The problem is that as security professionals, we have failed in many instances to properly educate senior management about the fundamentals of security. We tell them about the threats, what must be done to counter them, and how much it will cost. We do not sell them on the broader benefits of security nor explain to them how security can help the bottom line."

According to Roper in order to get security's message across, security managers need to address three points: knowledge base, including technical terms; management style; and inattention. Below is a synopsis of the key factors that he believes are essential for the security manager to get the support he needs from senior management:

Understanding: Security managers often mistakenly assume that executives are already well versed in the fundamentals of security. That false premise can create communication problems. Since a project's approval may hinge on the decision makers' understanding of a principle such as risk management, managers should not presume prior knowledge of the concept. For example, risk management may have one meaning from an IT perspective, another from an accounting perspective, and yet another from a security perspective.

The security manager should, therefore, offer brief incisive overviews of the principles on which a project is based. These can be introduced with phrases such as "As many of you may already know..." to avoid the impression that the security manager is talking down to the executives. The overview ensures that everyone will have at least a basic level of knowledge on which to base the funding decision.

Senior managers may also be unfamiliar with technical terms. Undefined terminology is an obvious impediment to communication. Some managers may think that making a presentation that is technical will cause decision makers to simply approve the project. That outcome is unlikely, however. A presentation laden with indecipherable terms is more likely to cause annoyance and frustration as executives are forced to ask repeatedly for explanations. And in some cases, decision makers will just 'fill in the blanks,' guessing at the meaning without asking, which is bound to result in misinterpretations. And when these misinterpretations lead to failures later, it is not the executive who will take the blame.

Operational approach: Every manager has his or her own style. The security manager who fails to craft a presentation to fit the decision maker's operational approach can doom a project proposal. The security manager must also recognise the concerns of other departmental managers - the focus on getting the job done. If the perception is that security is becoming a roadblock to the business objectives, it must be overcome. The security manager can do so by stressing how an effective security program supports the business goals. In addition, when making a specific project proposal, the security manager should relate it to specific corporate objectives that are viewed as vitally important, emphasising how the one benefits the other using as many specifics as possible.

Listening: Keeping executives' attention focused on security also entails listening. Only by listening to and understanding management's broader concerns can the security manager make sure that the security program fully addresses these concerns. In so doing, the security manager brings senior management to security's side and helps these executives to understand the entire process and their role in it.

Only by educating top management about security's role can the security manager obtain full support for the security program. And that objective can be achieved only when the security professional has learned to communicate effectively with senior management.

Till next month

Gerard Peter - Editor





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Blue Security ranked best reaction team in KZN
News & Events Commercial (Industry)
Blue Security has been ranked the Best Reaction Team in KwaZulu-Natal following its outstanding performance at the SAIDSA Reaction Man Competition 2025, which took place on 25 September at the Ballito Defensive Sport Shooting Club.

Read more...
Sophos launches advisory services to deliver proactive cybersecurity resilience
Information Security News & Events
Sophos has launched a suite of penetration testing and application security services, designed to identify gaps in organisations’ security programs, which is informed by Sophos X-Ops Threat Intelligence and delivered by world-class experts.

Read more...
Why Securex matters more than ever
Securex South Africa News & Events Fire & Safety Facilities & Building Management
Visitors will observe the application of integrated security solutions, including AI-enhanced surveillance, cloud-based access control, cybersecurity tools, and perimeter protection within residential, commercial, logistics, and industrial environments

Read more...
SA’s private security industry receives multi-million USD investment
News & Events Security Services & Risk Management
South Africa's private security sector has attracted significant international attention, with the world’s largest tactical flashlight manufacturer, Nextorch, announcing a major investment in its local operations, Nextorch Africa.

Read more...
Kaspersky highlights biometric and signature risks
Information Security News & Events
AI has elevated phishing into a highly personalised threat. Large language models enable attackers to craft convincing emails, messages and websites that mimic legitimate sources, eliminating grammatical errors that once exposed scams.

Read more...
Keenfinity launches Radionix as new intrusion brand
Perimeter Security, Alarms & Intruder Detection News & Events
Keenfinity Group’s Intrusion & Access Business Unit has launched Radionix as its new brand for intrusion alarm systems, unlocking new potential and growth opportunities.

Read more...
From the editor's desk: Can it be October already?
Technews Publishing News & Events
Welcome to the final SMART Handbook of the year. In this issue, we focus on residential estate security, from the fence to the gate and beyond. We also review our Durban SMART Estate Security Conference, ...

Read more...
Cape Town estates gain access to advanced security technology at Securex
Securex South Africa News & Events Integrated Solutions
For the first time, estate and complex security decision-makers in the Western Cape will have direct access to the breadth of solutions and expertise these shows are synonymous with.

Read more...
From prevention to protection
Securex South Africa News & Events Fire & Safety
The Western Cape’s varied landscapes and rapid urban development present a range of fire safety challenges, from densely populated city centres to remote industrial sites, and from heritage buildings to new high-rise developments.

Read more...
ProtecLink 2025 spotlights industry tensions and transformation
Magtouch Electronics t/a Ithegi Electronics Security Services & Risk Management News & Events
ProtecLink 2025, created and hosted by Ithegi Electronics, brought together key stakeholders from the security, finance, and innovation sectors under the theme "Connecting Security, Finance, and Innovation: Inspiring Transformation in the Industry."

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.