In What the Defendant Can Do Wrong, security management and risk management expert witness Ira Somerson, BCFE, CPP, CSC, writes on organizing security functions.
Senior management of most organizations believe that a security function is purely a cost center and does not produce any “net present value” to their organization. For this reason, discovery and investigation will very likely reveal that security departments and/or functions are routinely downsized or eliminated exposing their organization to serious threats. Their objective is economy, but the very opposite will often occur. “The responsibilities of security directors are evolving from “locks, bolts, and badges” (Felson, 1988) and perimeter protection to a more sophisticated involvement in organizational management. Confronted with novel, complex security exposures and attendant risks, traditional security functions are becoming only a part of the larger overall responsibilities of security directors. Given this evolution, the motivating problem of this paper is: What is the best approach to managing the growing complexity of corporate security threats so as to provide minimal security losses, for a particular level of investment in security? This paper argues that to provide an optimum level of security service to the organization not only must the security department be repositioned within the modern corporate but that its management required the development of a new paradigm of organizing security functions. The approach taken here to developing such a paradigm focuses on demonstrating the weaknesses of a cost center management approach, which is considered representative of existing security management practices, and on advocating the strengths of moving toward a profit center management approach…”