Are you having trouble receiving buy-in from senior leadership for your security programs? Are you having difficulty obtaining funding for your programs outside of the usual three G's — guards, guns, and gates? Let me share how I have been successful in gaining buy-in for investing in security from senior leadership.
The goal is to focus on changing senior leadership's mindset and culture. How do I do it? The answer is data. Security is in the customer service business. Our customers drive the services that we provide to our organization. Data tells our story. Most senior leaders do not understand the depths of security and our daily duties. Security typically operates in a vacuum, which makes it difficult to tell our story. And if we are unable to tell our story, we will never receive buy-in from leadership. Still not sold? Allow me to elaborate.
For each security program you have, start tracking each service you provide. A perfect example of this would be how law enforcement tracks its calls for service. For instance, when a dispatcher sends a police officer to a call, that call is recorded in a tracker that is used to generate working hours at the end of the calendar year.
You can apply the same concept to each of your IT security programs. For example, in February, the Security Department's Identity Credentialing and Access Management (ICAM) program compiled the following numbers for ID cards:
- New Issuance: 83
- Pin Resets: 43
- Physical Access Control Mapping: 84
- Certificate Updates: 37
- Lost/Stolen/Missing Card Replacements: 12
- ID Card Destructions: 7
- Employee Separations: 8
- Employee Onboarding: 12
Now, imagine tracking the services for all your security programs, administrative taskers, staff hours, and so on. Sure, there will be growing pains when you're formulating a tracking sheet and asking your staff to take on the added workload. I can assure you, though, that the extra effort is worth it and will return on your investment of time.
Another benefit to the process of recording these numbers monthly is that your senior security officer can also use this data to provide weekly, monthly, and year-end reports to senior staff. Having the ability to provide data, at any given time, for essential security services is vital to the organization and its mission.
The most significant element is that you now have the data to justify your security program's needs. The data will also help security officials determine whether security programs provide value to an organization or cost them unnecessary funds that could save the organization money. Reallocating that funding could benefit other areas of the organization, including procuring security equipment, systems, or even training. That data could also be used to justify staffing needs.
Most importantly, the goal is to let the data tell your security program's story and defeat the old mindset that security is only about the three G's.