Sign In

Subscribe to our Weekly Newsletter to get latest updates to your inbox
APRIL, 20229 SECURITY INTELLIGENCE ­ FORECASTING THE WEATHER FOR YOUR BOARD, NOT READING THEM THE NEWSis the element of the process where the `value' is created, and the insight/foresight is developed. The cycle should be started with `direction', which is shorthand for the decision maker articulating the priority intelligence requirements they require satisfying in order to allow them to make a decision. For the commercial world, this step could link the security organisation directly to the board, and in doing so inextricably link security intelligence directly to the development and management of the business strategy; rather than reacting to an already made business decision. Recent academic research, conducted with over 110 leading UK security professionals, identified overwhelmingly that the board would value security intelligence reporting, which helped them understand what is `not normal' and allowed quick and informed security decisions to be made; but less than 50% of organisations had a process to allow the threat environment to be analysed. The research identified that there was also confusion and contradiction within the security industry about when, and how to use security intelligence. 41% identified that there was a lack of understanding about how security intelligence could support decision making and provide insight; and 36% identified a lack of a framework, which would allow the integration of security intelligence into their organisation, or a lack of skilled resources. So, what does this mean for the security industry? 89% of organisations questioned would actively make use of an internal capability which provided a business advantage. The framework provided by security intelligence could provide the security industry with a `battle proven' process to demonstrate the ability of the security function and to bring `added value' to the organisations decision makers. Yet, many organisations will be subscribing to one of the many high-quality commercial intelligence providers, and perceive that they therefore have a security intelligence process. If the intelligence cycle is deconstructed, commercial intelligence vendors can provide 3 of the major steps of the cycle for their customers; collect, process and disseminate. Where the security manager can add significant value is by taking ownership of the `direction' step. The security manager has the ability to act as the linchpin between the direction and strategy of an organisation, and the commercial intelligence vendors. Doing so allows the security manager a better understanding of the business strategy and priorities, and in return provides the business with focused and tailored intelligence assessments, which further provides a decision maker with pro-active decision support. The added benefit of this process is that the security manager can clearly link the `value' of their activity to the strategic priorities of the organisation.Perhaps the most convincing benefit of security intelligence is that many security managers already have the skills required to implement a security intelligence programme, but are lacking a framework to draw those elements together. The integration of a security intelligence framework into the security industry has the potential to help security professionals transform from a news reader to a weather forecaster. At the heart of the intelligence process is the Intelligence cycle, which will have an air of familiarity for those who use the risk management cycle. "As the world becomes increasingly complex, the protection of assets, the appreciation of business risk, and the role of security in spanning those two evolving environments is the new-normal for the security risk manager. And the question of how to constantly `add value' is now a vital part of the security conversation
< Page 8 | Page 10 >