ABSTRACT
To change the current state of a department, there must be
an honest and complete view of the department’s scope and
its performance in accomplishing that scope. There must
be an understanding of what the current challenges are,
whether they are threat-based or competition or regulatory,
and an educated guess as to what the challenges will be in
the next 3 to 5 years. The security professional must under-
stand his or her own organization, from an operational
detail level down to the internal politics and key players.
Finally, security managers must know themselves and their
staffs’ strengths and weaknesses.