The Enterprise Security Competency Model is based on research conducted by the ASIS Foundation investigating security risks and risk mitigation skills
(Click to see larger image)

The ASIS Foundation & the University of Phoenix College of Security and Justice's Enterprise Security Competency model

Are you competent in your security job or profession? How do you know?

According to research carried out by the ASIS Foundation, security has begun to evolve beyond guarding doors, checking IDs and screening briefcases and purses. Today, something called Enterprise Security Risk Management (ESRM) is subsuming the traditional concept of physical security.

Enterprise Security Risk Managers identify and mitigate risks department-by-department, location-by-location, across a company’s entire business structure — in ways that contribute to the organisation’s business goals. They also respond to and lead the recovery from Enterprise Security events.

“Security as guards, gates and guns is the old paradigm,” says Dr. Linda Florence, CPP, Vice President and Dean of Specialized Programs of the University of Phoenix College of Security and Criminal Justice. “ESRM goes well beyond the old paradigm.”

The new paradigm

Florence observes that large and small businesses, corporations and government agencies organise themselves with departments that perform different functions, each raising certain enterprise risks. Human Resource departments, for instance, recruit and retain new people. While it may not happen often, new employees sometimes have criminal pasts and current criminal plans. Thoroughly checking the backgrounds of new hires ranks as an enterprise risk management function that protects business goals.

The ASIS Foundation has
undertaken a series of research
projects designed to define
security risks that will arise in
coming years, while identifying
the skills necessary to mitigating
those risks

Similarly, other departments face enterprise risks. Accounting and finance risks include fraud and waste. Purchasing departments risk buying from companies that can’t ultimately deliver. Production and warehousing risks include safety lapses leading to injuries. Transportation departments risk liability problems stemming from negligent accidents.

“A large company may have thousands of people providing security and risk management functions in various departments in dozens of multi-national offices around the world,” Florence says. “Yet the only obvious security functions are the guards and the gates.”

In light of the comprehensive scope of ESRM, it stands to reason that ESRM organisations require more comprehensive sets of risk management skills from security staffs as well as employees working behind the scenes battling enterprise risks in various corporate departments.

What skills and competencies does ESRM require?

In recent years, the ASIS Foundation has undertaken a series of research projects designed to define security risks that will arise in coming years, while identifying the skills necessary to mitigating those risks and responding to and recovering from events.

With the benefit of that research, the ASIS Foundation and the University of Phoenix College of Security and Criminal Justice developed an Enterprise Security Competency Model. Florence was part of the team that developed the model, which identifies competency skills required by entry-level people as well as by those developing careers across a broad spectrum of ESRM capacities.

Enterprise Security Competency Model

The accompanying illustration above shows that the Competency Model takes the form of a tiered pyramid that illustrates how various sets of personal and occupational skills fit together to form a professional career path.

The model identifies competency
skills required by entry-level people
as well as by those developing
careers across a broad spectrum
of ESRM capacities

The broad foundational first tier represents “personal effectiveness competencies,” which include skills such as working with others, integrity, professionalism, the ability to take initiative and others. These are entry level qualities that anyone interested in a job in corporate America needs — including those that study for and eventually enter ESRM functions noted in the model’s higher tiers.

Academic competencies follow on Tier 2. These include critical and analytical thinking, STEM (science, technology, engineering and mathematics) literacy, communications skills as well as business and security basics. Anyone who wants a career needs personal and academic competencies — as well as the workplace competencies identified on Tier 3 of the Competency Model. The workplace requires skills in teamwork, planning, innovative and strategic thinking, technology skills and the business acumen one develops with experience.

“Tiers 4 and 5 describe competencies related to entire industries and within specific industry sectors,” Florence says. “People spend their entire careers in one or another of the functions described in those two tiers.

“If you are managing a function on Tier 5, you must know everything on each of the tiers below.”

The areas above Tier 5 move into the C-Suite, where competencies include everything from Tier 1 up plus the fine judgments and creative initiatives that competent C-Suites use to push their companies to the top of the heap.

The Competency Model: That’s how you can find out if you’re competent in your current position and what you have to do to take the next step in your career.

Download PDF version Download PDF version

Author profile

Michael Fickes End User Correspondent, SecurityInformed.com

In case you missed it

Anviz Global expands palm vein tech for security
Anviz Global expands palm vein tech for security

The pattern of veins in the hand contains unique information that can be used for identity. Blood flowing through veins in the human body can absorb light waves of specific wavelen...

Bosch sells security unit to Triton for growth
Bosch sells security unit to Triton for growth

Bosch is selling its Building Technologies division’s product business for security and communications technology to the European investment firm Triton. The transaction enc...

In age of misinformation, SWEAR embeds proof of authenticity into video data
In age of misinformation, SWEAR embeds proof of authenticity into video data

The information age is changing. Today, we are at the center of addressing one of the most critical issues in the digital age: the misinformation age. While most awareness of thi...

Quick poll
What is the most significant challenge facing smart building security today?