Sign In

Subscribe to our Weekly Newsletter to get latest updates to your inbox
APRIL, 20228 IN MY OPINIONSECURITY INTELLIGENCE ­ FORECASTING THE WEATHER FOR YOUR BOARD, NOT READING THEM THE NEWSBY RICHARD STEVENS, DEPUTY LEADER GLOBAL SECURITY (DCSO), PWC One of the arguments regularly cited for the lack of penetration of security on the board agenda is that it is difficult to show the `value' of security to the c-suite. Proving the value of security when nothing `appears' to happen will always be a challenge, and the perception that security is nothing more than a cost-centre will remain, unless the industry can introduce new ideas and concepts to re-frame that perception.However, the span of threats, and the ability to identify, understand, and manage those threats is not a new scenario. Having spent 18 years as a Military Intelligence Officer (MIO), I know from first-hand experience that the government's and intelligence communities' response to dealing with these dynamic and ambiguous threat scenarios has been the development of a comprehensive intelligence framework. It is designed with a single focus; to deliver intelligence reporting which allows decision makers to make proactive and informed security/risk decisions. Sir David Omand identified this capability as `strategic foresight'. They have developed a process which provides structured, repeatable, and auditable decision support to leaders. A critical characteristic of intelligence reporting is that it must be actionable, otherwise why have it? It is similar to the difference between forecasting the weather and reading the news. So how can this translate into the security professional's ability to `add value'? At its most basic component, the security manager, the intelligence officer, and the risk specialist all have a common aim. They are looking to identify (forecast) a risk which could impact their strategic objectives, identify that risk at the earliest possible junction, and attempt to avoid that risk. Perhaps the difference in many cases is that the intelligence officer and the risk specialist are more comfortable identifying dynamic risks, which are shaped by constantly changing influences, and require pro-active management. Is there something which the security manager can identify in the practices of the intelligence officer, or the risk specialist, which can allow them to deliver that `added value' to the decision maker? Could the concept of security intelligence provide a more wholesome view of the threat environment, and help business leaders better `understand' the threat environment in which their businesses operate. At the heart of the intelligence process is the Intelligence cycle, which will have an air of familiarity for those who use the risk management cycle; a four-step process which provides a framework for converting information into intelligence. The intelligence cycle Richard Stevens
< Page 7 | Page 9 >