Further development of corporate security: Enterprise Security Risk Management

At the recent security conference of the ASW in Berlin, Chairman Volker Wagner outlined in his keynote speech the perspectives for the further development of corporate security. It will be important to be able to adequately meet the special challenges that digitization poses to companies, including in the security sector. One of the essential keys to this further development is the inclusion of risk management within the framework of “Enterprise Security Risk Management”.

At the present time, there is no explicitly suitable standard within the ISO framework. In connection with the identification of new topics (new work item proposal), ISO is considering developing such a standard as an international standard. In Austria, a corresponding draft, ÖNORM S 2412:2017, is under discussion. Elsewhere, the new DIN ISO 31000, which has just been adopted as a DIN standard, is used as a basis.

In principle, these considerations are to be welcomed. We are thus taking up a topic that has already preoccupied us in previous InfoLetters (05/2017). In an integrated approach of the different basic disciplines the different capacities should be combined and in a risk-based approach the resilience of the companies should be improved. The decisive factor here is to safeguard the company’s business processes. The distinction between IT and non-IT risks will largely fade into the background.

There is still a long way to go before these considerations are implemented in business practice. A number of large companies have made a start and aligned the future development of Security Management accordingly. The particular opportunities offered by this new approach include the following points: Improving the position of security in the corporate hierarchy, security as a business enabler, improving the links with Continuity and Crisis Management or security awareness and acceptance, and finally responding appropriately to the challenges of the future

At Verismo we have recognized this requirement and through the fusion of IT competencies at Götsch AG and the experience in corporate security at Verismo we have created a platform where the two disciplines meet. In our view, companies have a lot of catching up to do in terms of training and further education. There is often a lack of basic knowledge, especially on the subject of Risk or Process Management. A training program must also be geared to these requirements.

In the future, we will focus our seminars “Risk Management Officer Training” and “Security Management” even more strongly on these issues and supplement our own established seminar program with new topics. In our certificate course in Crisis Management with three modules, we offer an alternative or supplement to other offers on the market, sometimes from a slightly different perspective. Get an overview of our training program on our new website. With our training center we offer excellent training opportunities in a personal environment.

We look forward to talking to you
Klaus Bockslaff and Mathias Götsch