Dr. Linda Florence
(Click to see larger image) The ASIS Foundation & the University of Phoenix College of Security and Justice's Enterprise Security Competency model Are you competent in your security job or profession? How do you know? According to research carried out by the ASIS Foundation, security has begun to evolve beyond guarding doors, checking IDs and screening briefcases and purses. Today, something called Enterprise Security Risk Management (ESRM) is subsuming the traditional concept of physical security. Enterprise Security Risk Managers identify and mitigate risks department-by-department, location-by-location, across a company’s entire business structure — in ways that contribute to the organisation’s business goals. They also respond to and lead the recovery from Enterprise Security events. “Security as guards, gates and guns is the old paradigm,” says Dr. Linda Florence, CPP, Vice President and Dean of Specialized Programs of the University of Phoenix College of Security and Criminal Justice. “ESRM goes well beyond the old paradigm.” The new paradigm Florence observes that large and small businesses, corporations and government agencies organise themselves with departments that perform different functions, each raising certain enterprise risks. Human Resource departments, for instance, recruit and retain new people. While it may not happen often, new employees sometimes have criminal pasts and current criminal plans. Thoroughly checking the backgrounds of new hires ranks as an enterprise risk management function that protects business goals. The ASIS Foundation hasundertaken a series of researchprojects designed to definesecurity risks that will arise incoming years, while identifyingthe skills necessary to mitigatingthose risks Similarly, other departments face enterprise risks. Accounting and finance risks include fraud and waste. Purchasing departments risk buying from companies that can’t ultimately deliver. Production and warehousing risks include safety lapses leading to injuries. Transportation departments risk liability problems stemming from negligent accidents. “A large company may have thousands of people providing security and risk management functions in various departments in dozens of multi-national offices around the world,” Florence says. “Yet the only obvious security functions are the guards and the gates.” In light of the comprehensive scope of ESRM, it stands to reason that ESRM organisations require more comprehensive sets of risk management skills from security staffs as well as employees working behind the scenes battling enterprise risks in various corporate departments. What skills and competencies does ESRM require? In recent years, the ASIS Foundation has undertaken a series of research projects designed to define security risks that will arise in coming years, while identifying the skills necessary to mitigating those risks and responding to and recovering from events. With the benefit of that research, the ASIS Foundation and the University of Phoenix College of Security and Criminal Justice developed an Enterprise Security Competency Model. Florence was part of the team that developed the model, which identifies competency skills required by entry-level people as well as by those developing careers across a broad spectrum of ESRM capacities. Enterprise Security Competency Model The accompanying illustration above shows that the Competency Model takes the form of a tiered pyramid that illustrates how various sets of personal and occupational skills fit together to form a professional career path. The model identifies competencyskills required by entry-level peopleas well as by those developingcareers across a broad spectrumof ESRM capacities The broad foundational first tier represents “personal effectiveness competencies,” which include skills such as working with others, integrity, professionalism, the ability to take initiative and others. These are entry level qualities that anyone interested in a job in corporate America needs — including those that study for and eventually enter ESRM functions noted in the model’s higher tiers. Academic competencies follow on Tier 2. These include critical and analytical thinking, STEM (science, technology, engineering and mathematics) literacy, communications skills as well as business and security basics. Anyone who wants a career needs personal and academic competencies — as well as the workplace competencies identified on Tier 3 of the Competency Model. The workplace requires skills in teamwork, planning, innovative and strategic thinking, technology skills and the business acumen one develops with experience. “Tiers 4 and 5 describe competencies related to entire industries and within specific industry sectors,” Florence says. “People spend their entire careers in one or another of the functions described in those two tiers. “If you are managing a function on Tier 5, you must know everything on each of the tiers below.” The areas above Tier 5 move into the C-Suite, where competencies include everything from Tier 1 up plus the fine judgments and creative initiatives that competent C-Suites use to push their companies to the top of the heap. The Competency Model: That’s how you can find out if you’re competent in your current position and what you have to do to take the next step in your career.