(My student response)
5-Step Strategy for Selling Security to an Organization
Data concern is common to every organization. An active security strategy is a top priority for organizations because of advanced cyber threats and increasingly sophisticated hackers in today’s world(Puhala, 2016). A security professional selling security solution to an organization should personalize it to fit the unique needs of the organization. Below is a 5-step strategy that will help an IT professional begin the conversation and provide the right security solution to benefit the organization.
The first strategy is to be knowledgeable about the organization’s industry. Being knowledgeable about the customer’s industry will position security experts as a valuable resource that understands the unique needs of the company since different industries have diverse compliance regulations and challenges(Puhala, 2016). One should also educate the customer about the state of cybersecurity as it pertains to the organization and the impact of having a security strategy in place.
The second strategy entails being relevant and sharing the right information. An IT professional should be aware of the audience’s cybersecurity maturity level because a typical customer is not likely to be mindful of, or impressed by the technology under consideration. Even though the IT professional needs to prove the solution with technical specifications, the message passed across should be secondary to the outcomes and benefits for the organization to realize the security solution(Puhala, 2016). An excellent opportunity for sharing information about the security plan entails informing the customer about the importance of data security and identifying the most common threats. The next phase is to demonstrate how the plan will protect the company against potential threats. The message should not rely on the assumption that the audience is aware of technical specifications.
The third strategy entails asking the right questions. A secure environment involves protecting more than the anticipated threats. A security expert should understand the unique business challenges of the customer and workflows to deliver a solution that will overcome such a threat(Puhala, 2016). Therefore, one should ask relevant questions about devices that are used, how they are used, and protocols already in place.
The fourth step entails emphasizing how to integrate. Many customers worry that enacting security solutions is expensive, complicated and challenging. They are intimidated by the implementation process because they fear that these solutions may disrupt the workflow or burden the entire organization(Puhala, 2016). A security expert needs to solve such concerns by being practical. One should address the audience and help them realize where they are, understand their concerns, and agree on an approach that will ensure long-term success. The security expert should consider the cybersecurity maturity model that contains four stages of implementation: predict, respond, detect, and prevent.
Lastly, one should be measurable since an effective cybersecurity plan thwarts attacks, detect potential threats and reduce the impact of a breach. At this stage, one should call to attention metrics of real data infringement that have affected similar organizations, conducts quarterly security reviews with summaries, and maintain frequent cadence to enable the cybersecurity roadmap moving forward(Puhala, 2016). Using the Total Cost of Ownership Calculator, one can demonstrate the importance of a managed security. A custom spreadsheet can achieve this. The security personnel should understand that balancing the product knowledge with an understanding of customer challenges will protect the organization as well as position him or her as a trusted advisor(Puhala, 2016).
(Teacher Response I need 250 word response with a 1 reference)
I am not sure your post fits the intent of this discussion. The point is to sell security or the idea and budget of security to your own organization.
(Response #2 by student. I need 250 word response with a reference)
iscussion Question: Develop a strategy for selling security to your organization. Unfortunately, when security is doing well, those not familiar with the profession may come to the conclusion that downsizing is justified. In today’s world, any security professional at the management level, or who aspires to a managerial position, should be familiar with Microsoft PowerPoint. For this forum, in addition to the forum discussion requirement, provide a PPT attachment consisting, at a minimum, of the following:
3-5 briefing slides
A decision/conclusion slide
More and more patients are reaching out to hospital emergency rooms and the number has been increasing every year since The Affordable Care Act was deployed in 2008. The program has been criticized because of the cost and praised for providing care to, millions of people that once did not have coverage. Whether you like it or hate it, the truth is that emergency rooms were not ready of the increased patient counts or the complexity of the mental health patience’s that would be presenting to each location.
Emergency room doctors which only respective 8 percent of the doctors in the United States are providing 60 percent of the health care needs to the population (Nectar, 2015). This is a strong indicator of the number of people using the emergency room instead of doctors’ offices. The massive amount of patients flooding the waiting rooms, leads to long wait times and security encounters. In many cases, the patients become frustrated and situations escalate to a needed security response.
In many hospitals emergency room the potential for serious injury has resulted in visitor and staff feeling like safety and risk is rising and hospitals are now listening (Neckar, 2015). Nurses want more and more security protocol’s and layers to protect helpless care givers. Recently, hospitals around the country have started deploying magnetometer as a first line of defense when entering the health care facilities (Neckar, 2105). ER’s and after hour entrance has been targeted in the early stages of programs to see what the feedback would be from patients and staff members.
After deploying a few of these devices in our regional hospitals, it quickly became clear that patients, visitors and even employee really liked and appreciated the program. The first few days, people complained about the inconveniences but after seeing and hearing the types of the things that were being caught with the program, the numbers spoke for themselves and most accepted the minor inconveniences. The bigger challenge was finding the money to justify the full-time positions needed to operate these stations. Adding 4.2 full –time positions to 16 locations is a big dollar request. However, our organization was presented the historical data of two months and the collection of contraband in two locations. The numbers supported a real need that could be ignored. Risk and security assessments suggested that a single violent act in the ED would be devastating to the entire organization and the long term cost and public outrage could cripple the future of the location. The cost from a single event would easily outweigh the annual cost to provide the wanted and needed protection.
(Response #3 by student. I need 250 word response with a reference)
Tackling a security strategy can be broken down into three main areas: the assessment, the buy-in, and the support. There are several steps that need to be taken within each area however, these main points are likely to lead to a successful security strategy.
In order to create any plan at all there needs to be a complete assessment done on the organization. The first step in this would be to conduct a risk assessment that also identified the facility security level. “The FSL is based on the characteristics of the facility and occupancies they house. Five factors (mission criticality, symbolism, facility population, facility size, and threat to tenant agencies) are quantified to determine the FSL” (WBDG, 2017). This provides the security personnel some of the information needed to know what type of threats they are up against and specifics of the facility to protect. Additionally, the security personnel must ensure they are abiding by department or agency specific guidance. For example, the Department of Defense guidance may differ slightly from GSA or Department of State. It is critical that the guidance is followed to ensure success. The collective use of this information provides the security personnel the understanding of the organization’s needs while also abiding by overarching and agency specific guidance.
The next step would be to gain the buy-in from all members involved. It is extremely important to get the CEOs buy in because it is their company and how they want to protect it. However, it is just as important to get the employees buy in because they are the ones handling the sensitive information, opening or closing the facility, etc. on a daily basis. They take on the brute of the protection measures. In order to effectively do this, the security plan needs to be as detailed and clear as possible, leaving no gray areas. It is also necessary for the security personnel to know their organization’s people. This week one of the readings focused on integrating millennials into security. This is a prime example that the delivery method of the plan may needs to be tailored to the individuals who are learning it. The manner and focus items for leadership may be big picture what is needed from them versus the everyday employee needs to know what they need to be doing in their day to day work. It then becomes a collective mission versus everyone trying to figure out how they fit in to the plan. The security office should draw that map for them so it never becomes a question of: “where do I fit in?”
Lastly, following the successful implementation of a strategic plan needs to have a way to gain continued support. Leadership needs to understand if funding is cut to x,y, and z, there is going to be potential vulnerabilities and shortfalls. There needs to be tangible items or protections that would be lost in the event of financial cuts. This would aid in the full understanding of the increased risk the organization could face by what may seem like a simple cut.
ASIS. (2017). Integrating Millennials Into Security Organizations. Retrieved from: https://apus.intelluslearning.com/lti/#/document/201623206/1/d6e5eccc93037e1de82d1e155e792e67/84c0353e2cab58dd8c27a0e39142257b/browse_published_content/15278/64719/122181/1/lesson/lesson?hideClose=false&tagId=138962&external_course_id=402482&external_course_name=SCMT553%20I001%20Sum%2019
WBDG. (2017). Security for Building Occupants and Assets. Retrieved from: https://www.wbdg.org/design-objectives/secure-safe/security-building-occupants-assets