The Value Chain of Security: Assessment Consideration for Large-Scale Enterprises

Corporations, businesses, and larger-scale enterprises with nationwide operations can face a variety of challenges when it comes to crafting day-to-day security programs for its employees, corporate assets, and the community.

Every Chief Security Officer (CSO) knows this.

But, how do you – the CSO – manage competing priorities when cost, human resource concerns, and liability all present significant headwinds? Not to mention, ensuring that your company “brand” is properly represented by your security staff and program?

What if there’s a way to triage your security concerns in a way that visually breaks down your core areas of need, versus areas of ambition.

Understanding that there’s little to no room for error, we have created a “CSO framework” for evaluating where your greatest needs and ambitions might lie – we call it the “value chain of security.”

Illustrated below, this assessment framework approximates three factors: importance, objective (reactive, proactive, preventative), and operating budget for a full operating year.

Each segment of the triangle can expand/contract into other parts depending on the objectives relevant to your security program, but the total area of the triangle cannot change (in real life, of course, operating budgets can change in response to enterprise needs. For our purposes, we kept it finite).

• The ballast for most programs is the physical guards, which provide reactive protocols to situations through deterrence and detection. They also serve as the face of the company, so the importance of selecting the right guards is crucial.
• Next, depending on each client’s needs, a blend of security service solutions can be incorporated to proactively combat unwanted activity. This can be done through a combination of technology and human-guided protocols.
• In the most sophisticated programs, employing a preventative program through a combination of protective, investigative, and technological services can be devised to essentially safeguard against unwanted crime & activity before it occurs. Specialized skillsets are needed for these types of services which could carry with it much higher pay rates. However, they may not be full-time staff, or, brought on for certain ad-hoc responsibilities like travel detail or onboarding of new staff.

The framework takes into account the difference between “importance” and “need.” For example, prevention of crime is every CSO’s ambition. For some organizations, prevention I simply unattainable, so resources to react and protect proactively would require more consideration. In addition, crafting a preventative program in real life varies significantly by company, executive-level profile, and program. And for some smaller companies, such programs can exceed a sustainable operating budget; therefore, “need” is trumped by the realities of a P&L sheet, thus decreasing “importance”.

For today’s CSO, this framework offers a constructive, 3-D way to visualize your security program and rationalize the feasibility of any changes that may be needed.

We urge people who have even the most comprehensive & well-designed security plan to consider outside consultation, something Arrow has done for customers and former clients who want to get an objective perspective on their security program. After all, even the best-laid plans can seek refinement; just ask former heavyweight boxer Mike Tyson:

“Everyone has a plan until they get punched in the mouth.”  

To get started, simply ask yourself: As Chief Security Officer, what’s keeping you up at night this year?

• Nothing, I sleep like a baby
• Physical guard operations
• Threat Assessment
• Cyber-security
• Protective services
• Other security-related items

Let us know. We’re happy to keep all inbounds discrete and as informal (or structured) as you want.

Contact us at info@arrowsecurity.com