CSO/Leadership

 

 

https://adminsm.asisonline.org/Pages/Editors-Note---Supply-and-Demand.aspxSupply and DemandGP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a43444652018-11-01T04:00:00Zhttps://adminsm.asisonline.org/pages/teresa-anderson.aspx, Teresa Anderson<p>​Growing up in rural Oklahoma, I thought "Government Cheese" was a brand name, like Kleenex or Coke. My grandmother's freezer was full of the stuff and we never left her house without a 5-pound brick. Salty, gritty, and smelly, it was a staple ingredient in the casseroles and grilled cheese sandwiches of my childhood. It was also a cautionary tale of economics, supply and demand, and unintended consequences.</p><p>Government Cheese began as government milk. In an article for the History Channel's website, "How the U.S. Ended Up with Warehouses Full of 'Government Cheese,'" Erin Blakemore writes that "during the 1970s, as Americans sat in long gas lines and watched the economy tank, they faced another crisis: an unprecedented shortage of dairy products. In 1973, dairy prices shot up 30 percent as the price of other foods inflated. When the government tried to intervene, prices fell so low that the dairy industry balked."</p><p>In 1977, under President Jimmy Carter, the government implemented a new policy that injected $2 billion into the dairy industry in just four years, as explained in a recent episode of NPR's Planet Money podcast. </p><p>This left the U.S. federal government with tons of milk. How to store such an easily spoiled commodity? Cheese.</p><p>Once the government started producing cheese, storage spaces were overrun. "We had cheese in every cold storage in the United States," former government cheese inspector Bob Aschebrock told Planet Money.</p><p>"Within five years, the government was storing two pounds of cheese for every single American citizen," according to the podcast.</p><p>However, all this cheese was creating another problem. If the government sold the cheese, it would be economically displacing actual cheese producers. Flooding the market would push the price of cheese down, not up. So, they gave it away to the poor and the elderly. Government Cheese was born.</p><p>This month's cover story by Associate Editor Holly Gilbert Stowell addresses another supply-and-demand crisis—a scarcity of copper—and details the solutions deployed to mitigate the rash of copper thefts in Alberta, Canada. Stowell interviewed Ross Johnson, CPP, senior manager, security and contingency planning at Capital Power in Alberta about the program he helped implement to curb metal theft.</p><p>"Since you cannot mine copper fast enough to keep up with the demand, the shortfall is made up from the recycling industry, and that's what drives up the value of copper," he notes. "Generally, when the price per pound on the scrap market goes up, what happens is the theft goes up as well."  </p><p>Instead of lobbying for measures to address copper prices, the electricity, metal, and telecommunications industries worked alongside law enforcement, the recycling industry, and the government to tackle the crime. </p><p>Stowell details how the coalition, using a suite of crime-prevention tools, thwarted metal thieves and avoided unintended consequences.</p>

CSO/Leadership

 

 

https://adminsm.asisonline.org/Pages/Editors-Note---Supply-and-Demand.aspx2018-11-01T04:00:00ZSupply and Demand
https://adminsm.asisonline.org/Pages/Federal-Misconduct.aspx2018-11-01T04:00:00ZFederal Misconduct
https://adminsm.asisonline.org/Pages/Career-in-Security-Pathways.aspx2018-11-01T04:00:00ZCareer Pathways in Security
https://adminsm.asisonline.org/Pages/Building-a-Hostility-Free-Work-Place.aspx2018-11-01T04:00:00ZBuilding a Hostility-Free Workplace
https://adminsm.asisonline.org/Pages/How-to-Foster-A-Safety-Culture.aspx2018-10-01T04:00:00ZHow to Foster A Safety Culture
https://adminsm.asisonline.org/Pages/An-Investment-in-Employees.aspx2018-10-01T04:00:00ZAn Investment in Employees
https://adminsm.asisonline.org/Pages/Editors-Note---Code-Talkers.aspx2018-10-01T04:00:00ZCode Talkers
https://adminsm.asisonline.org/Pages/Employees-Lead,-Managers-Facilitate.aspx2018-09-26T04:00:00ZEmployees Lead, Managers Facilitate
https://adminsm.asisonline.org/Pages/Microsoft’s-Howard-Wins-Don-A.-Walker-Award.aspx2018-09-25T04:00:00ZMicrosoft’s Howard Wins Don A. Walker Award
https://adminsm.asisonline.org/Pages/Exceptional-Volunteers-Receive-Top-Award.aspx2018-09-25T04:00:00ZExceptional Volunteers Receive Top Award
https://adminsm.asisonline.org/Pages/Marquez-Memorial-Honoree-to-be-Recognized.aspx2018-09-24T04:00:00ZMarquez Memorial Honoree to be Recognized
https://adminsm.asisonline.org/Pages/Artful-Manipulation.aspx2018-09-01T04:00:00ZArtful Manipulation
https://adminsm.asisonline.org/Pages/Stay.aspx2018-09-01T04:00:00ZStay
https://adminsm.asisonline.org/Pages/A-World-of-Risk.aspx2018-09-01T04:00:00ZA World of Risk
https://adminsm.asisonline.org/Pages/Certification-Profile-Tim-Sutton,-CPP.aspx2018-09-01T04:00:00ZCertification Profile: Tim Sutton, CPP
https://adminsm.asisonline.org/Pages/Book-Review-Adaptive-Business-Continuity.aspx2018-09-01T04:00:00ZBook Review: Adaptive Business Continuity
https://adminsm.asisonline.org/Pages/Editor's-Note---Failing-to-Plan.aspx2018-08-01T04:00:00ZEditor's Note: Failing to Plan
https://adminsm.asisonline.org/Pages/Checking-In-and-Coaching-Up.aspx2018-07-01T04:00:00ZPerformance Conversations: Checking In & Coaching Up
https://adminsm.asisonline.org/Pages/Editor's-Note---In-Sync.aspx2018-07-01T04:00:00ZEditor's Note: In Sync
https://adminsm.asisonline.org/Pages/Editor's-Note---Dangers.aspx2018-06-01T04:00:00ZEditor's Note: Dangers

 You May Also Like...

 

 

https://adminsm.asisonline.org/Pages/Five-Insights-on-ESRM.aspxFive Insights on ESRM<p>​There are five overall concepts that provide guidance about the nature of enterprise security risk management (ESRM). These concepts describe what ESRM is, what it can do for security managers, how security can gain C-suite approval for it, and how to implement a vibrant ESRM program for the enterprise. </p><h4>ESRM Is a Philosophy</h4><p>ESRM is not a standard, nor is it a rigid set of rules to follow. ESRM is a philosophy of managing security. It is based on standard risk management practices, the same ones that guide most of the other business decisions made by the enterprise. It requires partnership with the business leaders in the organization.</p><p>This philosophy gives the security leader the ability to manage security risks. This ability is not based on the latest incident or scare in the news, nor is it based simply on the manager’s own ideas of what is most important to protect. Instead, it is based on a shared understanding of what the business deems critical for risk mitigation, and what level of risk the business is willing to accept in different areas. This ability also requires that the business fully understand why the security risk mitigation tactics have been put in place, and what the impact of not having those mitigations might be. </p><p>The emphasis here is on business. ESRM philosophy recognizes that security risk does not belong to security. It is a business risk, like any other financial, operational, or regulatory risk, and final decisions on managing that risk must belong to the business leaders. That shift in understanding sets a security program up for a greater level of success because security leaders are delivering only what the business needs, and, more important, what the C-suite understands that it needs.​</p><h4>ESRM Is a Process </h4><p>ESRM is not merely an academic philosophy. A general approach for setting up and running a security program can be derived from it. Under that approach, ESRM in action is a cyclical program, and the cycle of risk management is ongoing:</p><p>1. Identify and prioritize the assets of an organization that need to be protected.</p><p>2. Identify and prioritize the security threats that the enterprise and its assets face—both existing and emerging—and the risks associated with those threats.</p><p>3. Take the necessary, appropriate, and realistic steps to protect and mitigate the most serious security threats and risks.</p><p>4. Conduct incident monitoring, incident response, and post–incident review, and apply the lessons learned to advance the program. ​</p><h4>ESRM Aligns with the Business</h4><p>Aligning the security program with business requirements is the most critical component of the ESRM philosophy. This means that the security program must receive governance and guidance from the business. We recommend the formation of a security council to ensure this alignment. </p><p>There are several ways to implement a council. It could be a loose, informal group that provides input as needed, or it could be a board-level initiative that has formal roles, meetings, charters, and documented responsibilities for ensuring security compliance. The council can be a venue for discussing security topics and risk management strategies, and it can host resolution attempts for conflicts in the process. </p><h4>ESRM Covers All Security </h4><p>There is no aspect of security that cannot be managed in alignment with the ESRM philosophy.  Many security professionals already practice much of the ESRM philosophy without thinking of it that way. For example, performing a physical security risk assessment on a facility is equivalent to the ESRM steps of identifying and prioritizing assets and risk. And setting up a crisis management plan can be considered an aspect of ESRM risk mitigation, as well as incident response.</p><p>The critical difference between programs that do these activities as part of a traditional security program versus an ESRM program is the consistency of approach in ESRM. In ESRM, these activities are not performed on an ad hoc basis but consistently across all areas of security risk. They are not applied to one area of the organization and not to another. And, vitally, they are not performed in a vacuum by security and for security, but in full partnership with the business leaders driving the decision making process for all risk mitigation.​</p><h4>ESRM Is Possible</h4><p>Implementing ESRM cannot be done overnight.  It’s an iterative process that allows your security program to evolve over time into a pure risk management approach. For the security manager, the first step to fully understanding the ESRM philosophy is to communicate it to the executives and business leaders in the enterprise.  </p><p>When implemented thoughtfully and practiced consistently, ESRM can completely change the view of the security function in any organization. The old view of security as “the department of no” will shift when business leaders understand that security is a partner in ensuring that the assets and functions of the enterprise most critical to the business are protected in accordance with exactly how much risk the business is willing to tolerate.  </p><p><strong><em>Rachelle Loyear i</em></strong><em>s ESRM Program Manager for G4S and chair of the ASIS Crime Management and Business Continuity Council. </em><strong><em>Brian J. Allen, Esq., CPP,</em></strong><em> is a member of the ASIS ESRM Commission. Allen and Loyear are coauthors of </em>The Manager's Guide to Enterprise Security Risk Management <em>and the forthcoming book </em>Enterprise Security Risk Management: Concepts and Applications.</p>GP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465