top of page

CSO Outsourced Services - White Paper

Shawn Wurtsmith

Feb 24, 2016

Chief Security Officer - Outsourced Services

By Shawn Wurtsmith, 2/24/2016


Aurora, CO, 2/24/2016 - Security and risk management is as critical to the resilience of small and mid-size companies as it is to Fortune 500 companies. For business leaders today, no task is more important than ensuring confidence and trust in the organizations they lead. The boardroom has woken up to the importance of security and to the enormity of what it will take to protect the company from all forms of attacks.


The majority of companies recognize security and risk management as an important business function. However, they often times do not understand why this function is comparable to the annual budget, strategic plan, profit and loss statement and cash flow. Often time’s security becomes a reactionary point of management only taking priority when an event, incident or attack happens. Most small and mid-size companies will appoint someone in operations or compliance to oversee security - usually as a collateral duty, manage security via committee or have a director of security.


A Chief Security Officer (CSO) is a corporation’s top executive who is responsible for security of personnel, physical assets and information in both physical and digital form. This position typically comes with a salary in the six-figure range and is difficult to justify for the small and mid-size companies. Those people or committees appointed to oversee security within a small to mid-size company typically have a very basic understanding of security and look at it from a single point of view. This approach to security, while affordable, will result in a lot of gaps in the security program leaving the company vulnerable.


A CSO provides senior level security expertise that will work with the board of directors and executive staff to do the following:


Ø  Devise policies and procedures regarding areas such as business continuity planning, loss prevention, fraud prevention, and privacy.

Ø  Oversee and coordinate security efforts across the company, including information technology, human resources, communications, legal, facilities management and other groups.

Ø  Identify security initiatives and standards.

Ø  Oversee network of vendors and directors who secure the company's assets.

Ø  Oversee safeguarding of intellectual property and computer systems.

Ø  Develop procedures to ensure physical safety of employees and visitors.

Ø  Manage the development and implementation of global security policy, standards, guidelines and procedures.

Ø  Ensure security is maintained and updated.

Ø  Create workplace violence awareness and prevention programs.

Ø  Implement video surveillance.

Ø  Prioritize security initiatives.

Ø  Develop network access and monitoring policies.

Ø  Maintain relationships with local, state and federal law enforcement and other related government agencies.

Ø  Develop emergency procedures and incident responses.

Ø  Investigate security breaches.

Ø  Determine disciplinary procedures.

Ø  Conduct audits to find holes in security platform.

Ø  Develop risk management assessments.

Ø  Create global security policy, standards, guidelines and procedures to ensure ongoing maintenance of security.

 

So, the question becomes: How does a small to mid-size company invest time and resources in itself to ensure that its security and risk management program which safeguards its resiliency? Often times a CSO’s compensation package is beyond the capabilities of a small to mid-size company. The answer is: Engage a company that provides part-time outsourced CSO services on an annual basis which will allow for them to become familiar with the organization and integrate themselves into the executive leadership team. By engaging a company that specializes in outsourced CSO services, the small to mid-size company now has access to not only the CSO who is a subject matter expert in security and risk management but also a team of subject matter experts that can support the primary CSO.


As the company grows, the outsourced CSO can increase their engagement until the company can justify the CSO as a full-time position. As an alternative, the company may determine that outsourcing the CSO gives them more flexibility and access to the expertise provided by the CSO services company.


Upon engagement, companies will be able to add the CSO box to their organizational chart, work with the CSO on all security and risk issues and implement a plan that will allow the company to be proactive in managing security and risk for the company. The CSO will be available on an as needed basis for meetings and work with the security/risk team on prioritized initiatives.


For more information about outsourced CSO services, please contact ICIP LLC at (720) 281-5227 or by email at info@ICIPLLC.com.

 



About ICIP LLC: ICIP LLC is a Colorado based company that provides security and risk management consulting services to mission critical facilities and critical infrastructure clientele around-the-world.


ICIP is product agnostic and approaches security from the final objective backwards. We like to define what the perfect security program looks like, specific to our clients’ needs, and then work backwards from that. We take a holistic approach to security believing that a complete security program is made up of the seamless integration of technology, personnel, policies and procedures, training, exercises, cyber security and employee/client awareness. We work very closely with our clients to bring all these components together into a security program that compliments the mission of the organization while maintaining a safe and secure environment for both employees and clients.


ICIP operates both domestically and internationally providing an array of services focused on reducing risks and facilitating operations thereby allowing our clients to operate safely and securely in even the most austere and inhospitable environments. Our staff of experts are knowledgeable in the latest United States and international safety and security regulations and risk management standards.

 

 

 

 

 

bottom of page