The Command Center Is Outdated
One of the most frequently heard remarks by security executives I’ve interviewed was that the security command center did not seem to keep up with the other business units of the organization. For example IT has a type of command center called a network operations center. IT security departments have their SOC (pronounced sock) or security operations center. Corporate (physical) security still has a command and control center. One executive I spoke to was chief information security officer (CISO) for a Fortune 500 company in the US who had recently been made head of corporate (physical) security as well. As he toured the physical security command center he remarked, “It looks like a 1980s police department, complete with a pot of Hills Brothers coffee.”
For him, the physical security operation seemed more like a campus safety office than a business unit of the corporation. Frustrated that the security group seemed disconnected with the other business units in the high tech company, he cried, “What does command and control have to do with my business?”
He, like so many other IT-savvy business executives, makes decisions based on data – data organized into useful and relevant information. An executive at a very large transportation organization complained that his company’s security command center hoarded information, “The paper-based operation that relies so heavily on the intuition of the ex-cop security employee simply does not give me the data I need to make risk management decisions.”
Excerpt of Hunt Business Intelligence PSIM Market Overview 2010, reprinted with permission.