There are six characteristics of alignment between security and the business:
1. The principal role of the security department is to convince colleagues across the business to deliver security through their everyday actions and decisions – not try to do security to or for the company.
2. The security department is in the business of change management rather than enforcement and works through trusted social networks of influence.
3. Security is there to help the company to take risks rather than prevent them and should therefore be at the forefront of new business development.
4. Security constantly responds to new business concerns and, as such, the portfolio of responsibilities and their relative importance will change over time. Security departments should never stand still or become fixed entities. In many companies today, its role is more concerned with overall corporate resilience than ‘traditional’ security.
5. Security is both a strategic and operational activity, and departments must distinguish between these two layers.
6. The power and legitimacy of the security department does not come from its expert knowledge, but from its business acumen, people skills, management ability and communication expertise.