There is one finding that makes the ASIS Foundation’s new research report a must-read for all corporate security professionals, ASIS International says, and it is in the title of the report: The Critical Contribution of Security to Operational Resilience.

Those potential contributions represent a major opportunity for the corporate security profession because at most organisations the strategy and practice of resiliency are in nascent stages, the researchers point out. This presents an opening for security professionals to insert themselves into positions of strategic importance in ways that drive business value.

A basic definition the researchers give for organisational resilience is “the ability of an organisation to survive a crisis and thrive in a world of uncertainty.” As organisations strive to understand what that means in a practical sense, the notion of operational resilience comes forward, and this is an area security where should be one of the real leaders.

They define operational resilience as “the ability of an organisation to maintain critical services through disruption.” Digging deeper and putting a security lens on that definition, the researches describe operational resilience as “ensuring that protective, detection, and response capabilities are enablers of continued critical service delivery.” Thus, the researchers tie core security roles, including protection, detection, and response capability, directly to vital business functions, such as continuing service delivery.

“Interviewees noted that by simply reframing security as a core component of resilience, rather than viewing it as a separate or isolated function, enhances its value to the organisation,” the report notes. How do you reframe security?

There is much in the report that provides guidance in this area, not the least of which is understanding the business goals of the organisation. Describing security’s role in resilience as enabling the organisation to meet customer and stakeholder demands in a way that builds competitive advantage is an example. But fundamentally there are four phases of resiliency:

• Reduction – Detecting, evaluating, and mitigating risks proactively before disruptions occur.
• Readiness – Preparing systems, people, and processes to absorb stress and respond effectively.
• Response – Implementing coordinated actions during disruptions to contain impacts.
• Recovery – Restoring functionality quickly to acceptable performance levels.

“Security plays a vital role in all four phases—from intelligence gathering and threat detection to incident containment and post-event analysis,” the report says. The opportunity is there, learn more about how you can best position yourself.

More on resilience:

• Security practitioners contribute essential capabilities towards operational resilience, but most security teams are not well integrated into broader resilience planning.
• Sometimes the way to work faster and smarter so everyone on your team can handle a crisis is by getting to the heart of a resilience plan.
• This on-demand webinar examines the frameworks and methodologies that can enable a company to operate through adversity. (Free to ASIS members)

Download the report, here

For more ASIS International news, click here