CAPO
This has to be done. We need a CAPO — Chief Asset Protection Officer — to unify protection of all assets in an organization.
Allow me to explain.
Assets exist in three domains:
- Physical (humans, buildings, land pieces, printed information, and other tangibles)
- Digital (data)
- Mental (information stored in human brains)
If you don’t agree with this structure, I’d love to understand your perspective.
If you do agree, I have a question for you: why should protection of assets be fragmented in today’s world and the world we can foresee? Today, organizations have senior practitioners who are knowledgeable about and have a focused remit for protection of certain subsets of assets. Even information protection is largely equated with the digital domain, despite the fact that information exists in all three domains as I outlined above.
I hear a lot of chatter from senior asset protection practitioners in functions which are still mistakenly called “cyber security” and “physical security” about ways in which they collaborate. However, collaboration assumes discretion, selection: collaborate on some things, but not on everything. Plus, budgets and reporting lines are likely different, too. Things… slip… through… the…CRACKS.
To protect assets based on a unified risk management framework and with consistent focus, organizations need a single function and a single generalist leader — CAPO.
I know this title sounds like it was borrowed from the Italian mafia. I’m glad I made you smile. Title is not very important in this case. What’s important is centrality of the asset protection function so that we could strive to have consistent visibility and control of all known assets in organizations.
Here are some key actions for this function:
- Define and prioritize the organization’s assets based on criticality (operational, reputational, and financial)
- Identify domains in which individual assets exist (physical, digital, mental)
- Identify asset locations
- Develop the asset protection framework and functional hierarchy commensurate with organization’s objectives and asset criticality ratings
- Build a unified system of metrics relative to asset criticality ratings to measure functional performance
- Find and cultivate talent which represents a justifiable blend of generalists and specialists to fulfil functional scope
- Collaborate with leaders of other functions on meaningful ways to continually define, identify, prioritize, and protect their respective assets
Thank you very much for your attention.
Soar above mediocrity!
