Security and the Tao of the Organization

The military is a great matter of the state.It is the ground of death and life,The Tao of survival or extinction.One cannot but examine it.– Sun TzuWhen Sun Tzu wrote The Art of War, he was concerned with the organization and disposition of military units.  In his day, as is true in ours, the military was a tool for the accomplishment of political goals.  In our role as security professionals, we serve to further goals of organizations that fight on a competitive battlefield.Some of us are “foot soldiers”, fulfilling operational roles critical to the daily functioning of the company.  Others are the leaders – managers, CIOs, CISOs – who coordinate the tactics that realize strategic aims set by the sovereign.  While this hierarchy is common, the organizational Tao influences the way these elements are orchestrated.

According to Sun Tzu, the Tao is the Way – the context that defines how actions are perceived and valued.  In a business context, corporate values and culture define the Tao.  The success of any strategy depends on how it is supported by the Tao. 

Why does culture matter when it comes to security?  Is it not enough to expect compliance with published policies and procedures?  An August, 2009 interview with Wharton University’s Andrea M. Matwywhyn shows that the inculcation of a security mind-set is required to deal with evolving threats.  Additionally, an understanding of corporate culture enables the creation of effective security training.

It is important that a security program have the support of management.  However, the management team must be able to accurately assess the program in the context of the company’s cultural and political reality.  Failure to do this will inevitably create a clash between strategic security plans and the operational activities that enable that vision.