http://riskcenter.com/story.php?id=13964

Operational Risk - Challenges Facing Contemporary Corporate Defense

Location: New York
Author: Sean Lyons
Date: Tuesday, December 12, 2006

Contemporary Corporate Defence

The core objective of contemporary corporate defence is to defend an 
organisation from a multitude of threats and vulnerabilities.[1] To this 
end each organisation has already implemented a variety of what could be 
best described as corporate defence related activities. Each 
organisation will have its own structures in place to address the 
management of defence related activities in their broadest terms. 
Unfortunately very often those entrusted with the management of these 
activities are not always in alignment with one another, as a variety of 
individual activities may be in operation simultaneously.

These activities are frequently of a specialist nature (e.g. Compliance, 
Intelligence, Security and Assurance etc), with certain elements within 
these activities actually requiring a very precise expertise (e.g. SOX 
Compliance, Data Mining, Network Security or Forensic Accounting etc). 
For this reason they often tend be fragmented, disjointed and operating 
as discrete functions in isolation (e.g. in silos), thereby creating 
vulnerability, and reducing their potential for overall effectiveness.

Each of these activities represents an important link in the chain to 
help organisations defend against internal and external threats, however 
the situation represents an asymmetric challenge, as each individual 
link must be defended, for it is the weakest link which is most likely 
to be exploited. For corporate defence to be effective it must 
incorporate all of these activities in a co-ordinated and systematic manner.

In order to achieve this holistic solution to corporate defence, the 
symbiotic relationship which exists between these activities must be 
understood and fully appreciated. Corporate defence requires a strategic 
outlook, and the convergence and alignment of a number of existing 
activities under the one umbrella.

An evolution in cross-functional convergence

In recent years this imperative[2] appears to be at least partially 
recognised, with the emergence of a number of cross-functional 
initiatives including the following:

     *
       GRC Management (including governance, risk & compliance)
     *
       Integrated Intelligence (including business intelligence & 
knowledge management)
     *
       Unified Security (including physical & logical security)
     *
       Enterprise Resilience (including business continuity & protection 
etc)

While this evolution is considered to be progressing in the right 
direction, a further transformation is still required. Unfortunately in 
many cases the progress to date has simply led to the creation of even 
larger corporate fiefdoms, with their associated power struggles and 
turf battles. Using advanced technologies however it is now possible to 
consolidate a sustainable fusion between these activities, and eliminate 
any disconnection or ?chinese walls? which may previously have existed. 
What needs to be created is a cybernetic loop whereby communication 
includes multi-dimensional feedback, both top-down and bottom-up, as 
well as operating in-depth horizontally, at every level within the 
organisation.This difficult challenge requires a flexible approach, and 
a strategic agility which will allow the organisation to quickly adapt 
to an evolving environment, and enable it to react in a speedy and 
integrated manner, to incidents which occur in an ever-changing set of 
circumstances. A successful integration program should involve 
understanding the complex interdependencies and correlations which exist 
between the various defence related activities, in order to avoid 
unnecessary duplication, omission or conflict. Effective enterprise-wide 
vulnerability and threat management requires co-operation from all of 
these activities.

The task facing Corporate Defence Management (CDM)

To do this effectively all activities need to be operating in unison 
with a common set of objectives, and with corresponding performance 
expectations. The task of CDM involves the consolidation of all 
defensive activities, including the alignment of a multitude of 
interrelated domains.[3] CDM must be all inclusive in order to be 
effective, as to be truly holistic it must include collaboration from 
Front, Middle and Back Office activities.

This management, co-ordination and supervisory role relates to a diverse 
group of disciplines, and people as individuals, with a diverse set of 
knowledge and skills. It also relates to diverse processes, systems and 
technologies. This task of integrating and co-ordinating all of these 
activities demands astute political insights and subtle communication 
skills from those entrusted in this role. Fundamentally it requires all 
parties involved to be working together in a positive and proactive manner.

Cross-functional challenges

CDM by its very nature must be considered a cross functional discipline 
as it seeks to unite a number of discrete functions within the 
organisation. This means that it faces unique challenges as it needs to 
address the diverse points of view and expectations of several partners, 
each of which will have their own independent objectives and strategies. 
The challenge will be to develop a mechanism to ensure that these 
diverse functions are in a durable alignment with a common set of 
objectives and expectations.

The CDM role will need to work closely with each of these functions, 
individually and collectively, to help ensure all are operating in 
unison. The partnership alliance must consist of the appropriate 
positions and individuals within the organization, in order to get the 
requisite buy-in and support. The importance of ?on the ground? 
involvement and commitment cannot be overly stressed as it is essential 
to the successful implementation of a corporate defence program. Clear 
reporting lines and delegations of authority must be in place from the 
very outset. Extreme care must be taken to ensure a clear understanding 
by all, and to avoid any possible misinterpretations or ambiguities. 
This will enable the required timely decision making, by appropriately 
delegated individuals. Sufficient time, effort and resources should be 
employed in the areas of education and communication, in order to ensure 
that a clear and consistent message is communicated to all concerns on a 
timely basis. Finally, a successful corporate defence program requires 
that all of the partners in the alliance are operating within a 
framework of collaboration and with a spirit of co-operation.

[1]See ?Corporate Defence: Are Stakeholders Interests Adequately 
Defended?? ? Sean Lyons - RiskCenter.com
[2]See ?Why Corporate Defence Management (CDM) is a Strategic 
Imperative? ? Sean Lyons ? RiskCenter.com
[3]See ?An Executive Guide To Corporate Defence Management (CDM)? ? 
Whitepaper ? Sean Lyons ? RiskCenter.com

Article Printed From RiskCenter.com

+++



--------------------------
Want to discuss this topic?  Head on over to our discussion list, [EMAIL 
PROTECTED]
--------------------------
Brooks Isoldi, editor
[EMAIL PROTECTED]

http://www.intellnet.org

  Post message: osint@yahoogroups.com
  Subscribe:    [EMAIL PROTECTED]
  Unsubscribe:  [EMAIL PROTECTED]


*** FAIR USE NOTICE. This message contains copyrighted material whose use has 
not been specifically authorized by the copyright owner. OSINT, as a part of 
The Intelligence Network, is making it available without profit to OSINT 
YahooGroups members who have expressed a prior interest in receiving the 
included information in their efforts to advance the understanding of 
intelligence and law enforcement organizations, their activities, methods, 
techniques, human rights, civil liberties, social justice and other 
intelligence related issues, for non-profit research and educational purposes 
only. We believe that this constitutes a 'fair use' of the copyrighted material 
as provided for in section 107 of the U.S. Copyright Law. If you wish to use 
this copyrighted material for purposes of your own that go beyond 'fair use,' 
you must obtain permission from the copyright owner.
For more information go to:
http://www.law.cornell.edu/uscode/17/107.shtml 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/osint/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/osint/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:[EMAIL PROTECTED] 
    mailto:[EMAIL PROTECTED]

<*> To unsubscribe from this group, send an email to:
    [EMAIL PROTECTED]

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
 

Reply via email to