BREAKING DOWN A PRIMARY SECURITY FUNCTION 1

Breaking Down a Primary Security Function

SECURITY FUNCTION 2

Breaking Down a Primary Security Function

Corporate Security is essential to the success of any organization. The amount of

money saved by preventing serious or critical incidents, retail shrinkage, and training that

prevents lawsuits will more than justify its existence. Security isn’t a one-size-fits-all

solution, and it must be customized to suit the industry, assets, or personnel it protects.

Even though corporate security can have a myriad of functions within any organization, it

should have several primary functions that are crucial to maintaining a business’

continuity and safety. Today, one of the biggest issues that businesses face is finding

ways to secure their technology, prevent data breaches/leakage, and prevention of ransom

attacks on unsecured networks.

The Role of a Chief Security Officer (CSO)

There are several benefits to having an experienced Chief Security Officer or

“CSO” for short. The first and probably not as obvious to the position as people would

think is that a CSO provides a liaison between different departments or sections and will

ensure that they work together to maintain proper security posture within the

organization. Having the ability to get people to work together is a rare skill that

maintains the homeostasis of the organization. While having proficieny in corporate

security functions is paramount for the position, Zorz (2018) writes how “people skills,”

or the ability to justify security positions to those who often times would rather just pay a

fine and be done with it when faced with the two decisions; is something that can provide

long-term dividends because those fines can add up or turn into something more serious

if the issue makes it to court. A good CSO keeps the organization out of the courtroom

by implementing good security practices across the board.

SECURITY FUNCTION 3

The Importance of Information & Technology Security

Never has there been such a demand to secure non-physical assets as there is

today. Many businesses in the modern world now possess just as many digital assets as

they do physical ones, or they rely heavily on digital transactions for their profitability.

This shift from physical assets to digital and non-physical assets has caused corporate

security to shift towards the use of technology to bring the cost of personnel down, to

increase efficiency, and to increase their skillset in the realm of information security.

Cyber-Security breaches can be detrimental to a small- and medium sized

enterprises/businesses (SMEs/SMBs) because they usually have far more limited assets

than that of a larger organization or their business model relies more on digital assets that,

if more vulnerable to attack; could cripple or completely bankrupt the business’s

finances. Weak corporate security, as Bada & Nurse (2019) point out; is often due to the

lack of expertise or resources to upgrade defenses against cyber-attacks.

Another thing to consider is the human aspect of how cybersecurity plays a large

role in keeping SMEs/SMBs safe from cyber-attacks. Poor security practices or

lackluster training on cybersecurity directly influences employee behavior and actions.

Phishing, spear phishing and whaling attacks are all “white-collar” crimes that can

involve behavioral engineering attempts to steal intellectual property. Employees who

are trained to realize they have a direct role in maintaining and protecting an

organization’s digital assets or proprietary information can be all the difference in

preventing lawsuits or intellectual property theft. (Intellectual Property Theft/Piracy,

2016) While many of the laws have evolved to address the prosecution of these issues, it
SECURITY FUNCTION 4

is still up to the company or organization to be innovative in their approach to protect

their assets.

Information & Technology Security Services

A Chief Security Officer can be well-versed in the realm of information security,

but typically, as either a counterpart or subordinate; an expert in the field is sought out

and hired for the job of Chief Information Security Officer (CISO) or Chief Information

Officer (CIO). This is especially typical for larger businesses because of the many roles

that a CSO already has, a CISO can place their primary focus on maintaining the digital

infrastructure/security of the organization. Businesses that don’t fully understand how or

why a security function is necessary can benefit by having an subject-matter expert

(SME) explain and justify the reasons why it is important and how it plays a part in

maintaining profitability in the overall scheme of things. (OAS, 2015) (Zorz, 2018) Last

year, the FBI noted (2020) that the number of cybercrime complaints rose by 69%

totaling 791,790 and resulting in over $4.2 billion dollars in losses. For comparison, a

large business such as Wal-Mart has a market cap of $382 billion dollars so that would

only be about 1% of their total worth, however; a smaller business such as Petco has a

market cap of $6.5 billion dollars making that kind of loss almost two-thirds or 67% of

their total worth. (Webull.com, n.d.)

Spending money on cybersecurity infrastructure is a long-term investment at a

fraction of a cost of regular employment. Consider the cost breakdown given by

Gelbstein (2015) when he notes $5 billion dollars in cybersecurity was spent by the

Department of Defense, however; when breaking it down “year per employee” it rounds

out to be a daily cost of around $2.50 dollars per employee. This cost is miniscule in
SECURITY FUNCTION 5

comparison to what it could cost in legal fees, ransoms, or the cost of having to go back

and “do things the right way” if proper security protocols are not followed or

implemented the first time around.

Conclusion

There is no easy way to justify the cost of corporate security, especially when

security isn’t directly associated with generating revenue or profits. Gelbstein (2015)

argues that a CSO may end up having to identify the difference between an investment

and an operational expenditure so those making the financial decisions can better

understand where to pull money from and why it is necessary in the first place. Zorz

(2018) outlined how companies that choose to adopt new technology and upgrade their IT

platforms keep their information security infrastructure from becoming exploited.

Failing to do so can have massive fallout such as data loss, intellectual theft, digital

finance theft, or denial of access that lead to ransoms. In the end, this leads to higher

costs of having to react and deal with these issues as well as paying for the upgrades in

technology that should have been implemented in the first place. (Gelbstein, 2015)
SECURITY FUNCTION 6

References:

Bada, M., & Nurse, J. R. (2019). Developing cybersecurity education and awareness
programmes for small- and medium-sized enterprises (SMEs). Information & Computer
Security, 27(3), 393-410. doi:10.1108/ics-07-2018-0080

Bada, M., Sasse, A.M. and Nurse, J.R.C. (2015), “Cyber security awareness campaigns: why do
they fail to change behaviour?”, The International Conference on Cyber Security for
Sustainable Society, SSN+, pp. 118-131.

Federal Buerau of Invesitgation. (2020). Internet Crime Report 2020 (Rep.). Retrieved October
3, 2021, from Federal Buerau of Invesitgation website:
https://www.ic3.gov/Media/PDF/AnnualReport/2020_IC3Report.pdf

Gelbstein, E., Ph.D. (2015). Return on Security Investment— 15 Things to Consider. ISACA
Journal, 1, 1-5. Retrieved October 3, 2021, from https://www.isaca.org/resources/isaca-
journal/issues/2015/volume-1/return-on-security-investment15-things-to-consider

Intellectual Property Theft/Piracy. (2016, May 03). Retrieved from

https://www.fbi.gov/investigate/white-collar-crime/piracy-ip-theft

OAS (2015), “Cybersecurity awareness campaign toolkit”, available at: www.sites.oas.org/cyber/

Documents/2015%20OAS%20-%20Cyber%20Security%20Awareness%20Campaign
%20Toolkit%20(English).pdf (accessed 23 September 2018).

Webull.com. (n.d.). Investing in Stocks, Trading, Online Broker and Research the Market.
Retrieved from http://www.webull.com/

Zorz, Z. (2018, July 02). The modern CSO: Future-proofing your organization in a disruptive
world. Retrieved October 3, 2021, from
https://www.helpnetsecurity.com/2018/07/02/modern-cso-george-gerchow/
SECURITY FUNCTION 7