the kobit 19 global pandemic has impacted organizations universally as this crisis has unfolded and continues to unfold more and more clients have asked us to help them re-envision or reimagine their risk picture and what it means for their security function reimagining risk and security means three things one recognizing risk shifts based on current events company changes social economic and political changes two reassessing your organization's security risks and revisiting your programs services and mitigation strategies informed by these changes and three prioritizing any modified plans while aligning with the organization's new directions and goals of course while kovid may be the most universal risk event in recent memory it's certainly not the only game changer we've experienced as business and security professionals all kinds of risk events occur every year that cause significant change to organizations from natural disasters to mergers and acquisitions to legislative impacts and pr debacles whenever a large event brings significant change you need to reimagine your risk before you can do that you must take a look at your security foundation is it solid does it need to be updated if you haven't already learned about this process watch the sec's video why isn't this working three steps to overcoming security challenges which is linked in the description below once you've considered your security foundations how do you move forward to reimagine risk and security you begin by taking a look at the security success universe which we developed based on our research of successful security organizations there are 115 success elements here broken into 13 categories when we meet with clients to help them reimagine risk we go through the whole security success universe to identify where the events impacts have landed what has changed what stays the same and what needs to be shifted in order to meet adjustments in the organization's circumstances culture current conditions and resources what we call the c4r from there we can begin to choose from a list of success options to implement let's consider a few examples the risk identification category incorporates risk assessment prioritization and risk ownership post event is the time to revisit and refresh your risk assessment to help reimagine risk and security it's possible that risks you used to focus on no longer exist in a new operating environment or they may have transferred to another function or arm of operations for instance the work from home aspect of the pandemic has both shifted risk away from brick and mortar premises and introduced new risks in the form of remote access security concerns let's stick with that example to look at how working from home impacts the organizational management aspect of security if teams are working from home investigations must be done remotely how does that impact your resource allocations what new issues does it present do you now have more shared responsibilities with other functions such as a close partnership with information security as you work together to help secure off-site devices or with hr as you help coordinate contract tracing or screening with fewer associates and executives on site do you need the same number of staff do you need more contractors most organizations have drastically pared down or eliminated in-person events for the time being is this change temporary or permanent do you still need an events team at all when executives are traveling less frequently does it make sense now to reallocate resources originally intended for travel security if you have increased staffing and operations in your security operations center or global security operations center are these changes sustainable beyond the pandemic event are there new services you're expected to provide moving forward that have not been on your radar in the past using the success universe as a guide we help clients gather information to answer these questions and prioritize success elements in a way that can inform your one year three-year and five-year strategic plan this service has been very beneficial for many of our clients over the last year some companies offer solutions or products that unexpectedly exploded in popularity during the quarantine they began 2020 as startups and suddenly found themselves moving at warp speed in a situation like this they did not have the time to gather all the information needed to make strong security decisions the reimagined risk process helped them to do that other clients have experienced different types of change some experienced a sudden loss in a high number of contracts others saw the passage of legislation that drastically changed demand in their industry some saw major brand damaging events as we said at the start kovit isn't the only crisis that necessitates this level of re-examination what if you're in a company that has always worked in a very traditional way skating by on autopilot and suddenly you find yourself merging with a progressive corporation with a whole other level of expectation this too requires you to reimagine risk and security we can help your security organization reimagine your risk and security plans so you can weather the storms of change and come out stronger we work collaboratively with practitioners providing guidance research and feedback to help you reach your goals twenty years of collective knowledge and security have given us a unique insight we know all the options and we know the questions you need to answer to make plans successful in your organization contact us at contact secleader.com to learn how we can help you