Today’s online reality and fast-paced business environment drives the need to take an intelligence-led approach when mitigating and managing risk across an organization. As the risk and security landscape continues to broaden, teams must shift from being reactive to being pro-active; collaborating across business units to identify requirements, collecting information from internal and external sources, and analyzing results.
Leveraging the insights gained from an intelligence-led strategy, allows risk and security professionals to be better equipped to mitigate and manage risk across their organization. Toni Chrabot, CEO Risk Confidence Group LLC and former FBI field executive, explains how this works.
Corporate security teams are challenged, every day, to get ahead of the risks, to recognize indicators of emerging threats, and to communicate their value. An intelligence-led strategy helps meet those challenges.
Establishing an intelligence-led strategy does not have to be a huge obstacle within your organization. Here are five steps security and risk professionals can follow to develop an intelligence-led program to increase their visibility, solve problems, and enhance their response capability.
One of the most common challenges for risk and security teams is ensuring clear communication across business units. Identifying specific risk-related requirements provides all stakeholders with a collective understanding of how a risk is defined and the role each department must play in mitigating operational risk. Determining the proper requirements often begins with a few simple questions: What am I trying to protect? What poses the greatest risk? What problems are we trying to solve? These questions lay the foundation for collaboration, clarity, and communication within this process.
Gathering relevant information and data after a collaborative discussion of requirements can identify sources of information and data previously unknown or deem irrelevant. These new sources of information may now be an important focal point of collection. In addition, it is important to understand what internal sources are available. External public data and social information offer additional insights for mitigating risk and should be incorporated into the collection process.
The analysis of the collected information and data is critical to gaining intelligence that will help drive action and decisions. A skilled analyst will review, compare, link, and thread pieces of information together to provide a clearer picture of what is known or unknown. The process of analysis can identify risk and security gaps, recognize emerging threats, highlight patterns and trends, and develop reasoned judgments that support the overall decision-making process.
Documenting the analysis offers insights that can be shared across all business units. Documentation of the risk keeps information consistent and is used to communicate, inform, and educate all stakeholders within the organization to support decisive action. When determining the format of the report, understand who the report is written for and what level of detail is required. For example, an executive may prefer a few bullets and an executive summary. When communicating risk issues it is important to include the problem, what you know, what you don’t know, and the final results of the analysis.
Share the intelligence! Dissemination of the results is critical to effectively communicating the situation and the analysis. Sharing the intelligence across your organization ensures that everyone has visibility into the situation and can make smart, strategic intelligence-led decisions.
The importance of using a collaborative intelligence-led process to bring business units together in a non-adversarial and highly efficient way is evident. This agile process may be used at a strategic level in alignment with company objectives or may be used at a tactical level focused on particular risks. In either case, the intelligence-led process is an effective way to gain a deeper level of intelligence that increases the capability and overall risk confidence within an organization.