Case Study: HQ Security
Situation A global software company wanted to assess how other leading companies secured their headquarters. Following 9/11 they had taken a number of steps to increase security and wanted to compare these to other similar companies. This would allow them to measure their relative positioning, identify areas for improvement and present solutions to their leadership team with a data-driven rationale. Five corporations participated in a comprehensive sharing of techniques, methodologies and resource data. The study analyzed the company's current practices and sought to identify alternatives used at other large companies and evaluate whether they would be appropriate at the client headquarters. An internal analytic module was developed to determine the client’s own needs and priorities in advance of engaging external benchmark participants. Each participant company completed a comprehensive questionnaire focused around the data, priorities and resourcing established from the internal client module, and hosted a group meeting and tour of its premises. Threat environments at each company were profiled and relative threat and vulnerability indices created. These were then use to determine each company’s risk positioning. Analysis & Results Important
differences between the companies were identified. Each had a threat
environment that varied considerably from each other and this required
the
creation and use of threat and vulnerability indices for
normalization to
enable meaningful comparison. A number of areas of relative weakness
together
with potential remedies for mitigation were identified through
third-party
comparison. While the client led the group in certain key security
practices,
it lagged in several others. A major internal obstacle to improvement
within
the client organization was also uncovered and addressed in the final
recommendation. The study provided the data and external comparison to
engage
the senior leadership team and solicit their support to close important
gaps. Benefits to Client Assurance was provided that internal customer needs and security provision were in alignment. Several best practices were identified that had the potential to cost effectively improve security for the client. Most importantly, the client was able to quantify how their mitigation strategies compared to those of their peers and compare them in the context of greatly different threat environments. This methodology allowed the company to get around “apples to oranges” comparability and quantify the investment required to adjust their risk posture to one more appropriate given the threat environment in which they found themselves. |
Case Studies
- Cost-Benefit Analysis
- Governance Model
- Security Integration
- US Site Security
- Physical Security Benchmarking
- Security Vision and Strategy
- High-Profile Landmark Building
- Risk Based Resource Allocation
- Threat Analysis
- Disaster & Terrorism Preparedness
- Pandemic Preparedness