http://riskcenter.com/story.php?id=13964
Operational Risk - Challenges Facing Contemporary Corporate Defense
Location: New York
Author: Sean Lyons
Date: Tuesday, December 12, 2006
Contemporary Corporate Defence
The core objective of contemporary corporate defence is to defend an
organisation from a multitude of threats and vulnerabilities.[1] To this
end each organisation has already implemented a variety of what could be
best described as corporate defence related activities. Each
organisation will have its own structures in place to address the
management of defence related activities in their broadest terms.
Unfortunately very often those entrusted with the management of these
activities are not always in alignment with one another, as a variety of
individual activities may be in operation simultaneously.
These activities are frequently of a specialist nature (e.g. Compliance,
Intelligence, Security and Assurance etc), with certain elements within
these activities actually requiring a very precise expertise (e.g. SOX
Compliance, Data Mining, Network Security or Forensic Accounting etc).
For this reason they often tend be fragmented, disjointed and operating
as discrete functions in isolation (e.g. in silos), thereby creating
vulnerability, and reducing their potential for overall effectiveness.
Each of these activities represents an important link in the chain to
help organisations defend against internal and external threats, however
the situation represents an asymmetric challenge, as each individual
link must be defended, for it is the weakest link which is most likely
to be exploited. For corporate defence to be effective it must
incorporate all of these activities in a co-ordinated and systematic manner.
In order to achieve this holistic solution to corporate defence, the
symbiotic relationship which exists between these activities must be
understood and fully appreciated. Corporate defence requires a strategic
outlook, and the convergence and alignment of a number of existing
activities under the one umbrella.
An evolution in cross-functional convergence
In recent years this imperative[2] appears to be at least partially
recognised, with the emergence of a number of cross-functional
initiatives including the following:
*
GRC Management (including governance, risk & compliance)
*
Integrated Intelligence (including business intelligence &
knowledge management)
*
Unified Security (including physical & logical security)
*
Enterprise Resilience (including business continuity & protection
etc)
While this evolution is considered to be progressing in the right
direction, a further transformation is still required. Unfortunately in
many cases the progress to date has simply led to the creation of even
larger corporate fiefdoms, with their associated power struggles and
turf battles. Using advanced technologies however it is now possible to
consolidate a sustainable fusion between these activities, and eliminate
any disconnection or ?chinese walls? which may previously have existed.
What needs to be created is a cybernetic loop whereby communication
includes multi-dimensional feedback, both top-down and bottom-up, as
well as operating in-depth horizontally, at every level within the
organisation.This difficult challenge requires a flexible approach, and
a strategic agility which will allow the organisation to quickly adapt
to an evolving environment, and enable it to react in a speedy and
integrated manner, to incidents which occur in an ever-changing set of
circumstances. A successful integration program should involve
understanding the complex interdependencies and correlations which exist
between the various defence related activities, in order to avoid
unnecessary duplication, omission or conflict. Effective enterprise-wide
vulnerability and threat management requires co-operation from all of
these activities.
The task facing Corporate Defence Management (CDM)
To do this effectively all activities need to be operating in unison
with a common set of objectives, and with corresponding performance
expectations. The task of CDM involves the consolidation of all
defensive activities, including the alignment of a multitude of
interrelated domains.[3] CDM must be all inclusive in order to be
effective, as to be truly holistic it must include collaboration from
Front, Middle and Back Office activities.
This management, co-ordination and supervisory role relates to a diverse
group of disciplines, and people as individuals, with a diverse set of
knowledge and skills. It also relates to diverse processes, systems and
technologies. This task of integrating and co-ordinating all of these
activities demands astute political insights and subtle communication
skills from those entrusted in this role. Fundamentally it requires all
parties involved to be working together in a positive and proactive manner.
Cross-functional challenges
CDM by its very nature must be considered a cross functional discipline
as it seeks to unite a number of discrete functions within the
organisation. This means that it faces unique challenges as it needs to
address the diverse points of view and expectations of several partners,
each of which will have their own independent objectives and strategies.
The challenge will be to develop a mechanism to ensure that these
diverse functions are in a durable alignment with a common set of
objectives and expectations.
The CDM role will need to work closely with each of these functions,
individually and collectively, to help ensure all are operating in
unison. The partnership alliance must consist of the appropriate
positions and individuals within the organization, in order to get the
requisite buy-in and support. The importance of ?on the ground?
involvement and commitment cannot be overly stressed as it is essential
to the successful implementation of a corporate defence program. Clear
reporting lines and delegations of authority must be in place from the
very outset. Extreme care must be taken to ensure a clear understanding
by all, and to avoid any possible misinterpretations or ambiguities.
This will enable the required timely decision making, by appropriately
delegated individuals. Sufficient time, effort and resources should be
employed in the areas of education and communication, in order to ensure
that a clear and consistent message is communicated to all concerns on a
timely basis. Finally, a successful corporate defence program requires
that all of the partners in the alliance are operating within a
framework of collaboration and with a spirit of co-operation.
[1]See ?Corporate Defence: Are Stakeholders Interests Adequately
Defended?? ? Sean Lyons - RiskCenter.com
[2]See ?Why Corporate Defence Management (CDM) is a Strategic
Imperative? ? Sean Lyons ? RiskCenter.com
[3]See ?An Executive Guide To Corporate Defence Management (CDM)? ?
Whitepaper ? Sean Lyons ? RiskCenter.com
Article Printed From RiskCenter.com
+++
--------------------------
Want to discuss this topic? Head on over to our discussion list, [EMAIL
PROTECTED]
--------------------------
Brooks Isoldi, editor
[EMAIL PROTECTED]
http://www.intellnet.org
Post message: osint@yahoogroups.com
Subscribe: [EMAIL PROTECTED]
Unsubscribe: [EMAIL PROTECTED]
*** FAIR USE NOTICE. This message contains copyrighted material whose use has
not been specifically authorized by the copyright owner. OSINT, as a part of
The Intelligence Network, is making it available without profit to OSINT
YahooGroups members who have expressed a prior interest in receiving the
included information in their efforts to advance the understanding of
intelligence and law enforcement organizations, their activities, methods,
techniques, human rights, civil liberties, social justice and other
intelligence related issues, for non-profit research and educational purposes
only. We believe that this constitutes a 'fair use' of the copyrighted material
as provided for in section 107 of the U.S. Copyright Law. If you wish to use
this copyrighted material for purposes of your own that go beyond 'fair use,'
you must obtain permission from the copyright owner.
For more information go to:
http://www.law.cornell.edu/uscode/17/107.shtml
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/osint/
<*> Your email settings:
Individual Email | Traditional
<*> To change settings online go to:
http://groups.yahoo.com/group/osint/join
(Yahoo! ID required)
<*> To change settings via email:
mailto:[EMAIL PROTECTED]
mailto:[EMAIL PROTECTED]
<*> To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
