Comprehensive competence building and holistic operational management are needed to achieve a level of security that breeds competitiveness. Meeting the challenges involved in foresight, on the other hand, requires acute situational awareness, improved resilience and the ability to recover rapidly when threats and risks are realized.

When building trust and competitiveness in the current security environment, you need to recognize the importance of the security culture and communications, as well as emotions and experiences. Security is a shared task between a single organization, business networks and society. In addition to anticipation and risk prevention, it is becoming increasingly important to identify threats and incidents, manage their effects, and recover from them.

An overall view of the operational environment is a prerequisite

Successful security and risk management requires a comprehensive understanding of the operational environment and its various aspects: organizations must have an understanding of what key issues they need to attend to, and with what measures. They must also recognize the statutory requirements – set for certain functions – which are central to the areas of data protection, occupational safety and environmental safety in particular. Each organization must identify the most fitting approach to security and risk management for itself and its operational environment.

Situational awareness must be continuously updated

Building trust and ensuring continuity in a rapidly changing, complex environment form the core of security and risk management. The ability to act and recover when risks are realized, and to learn from incidents, are also essential. This requires continuous updating of situational awareness, and the enhancement of resilience.

Security and risk management increasingly involve procedures and an approach which enable action – rather than a function which limits action and generates costs. Such actions are closely bound up with ethics: what is considered responsible and acceptable action.

Security management supports an organization's strategy

The key objective of security management is to guarantee the operational reliability and trustworthiness of an organization – including during emergencies. Systematic security and risk management supports an organization’s strategy, improves its productivity and competitiveness, and becomes a natural part of its operations.

A chief security officer (CSO) must have a holistic grasp of statutory and voluntary security measures, where the management of people and issues is combined. He or she must have a command of both statutory and organizational requirements for operations, as well as the human perspective. A CSO must also be able to function effectively within his or her own business and partner networks.