The Security Budget

An Facility Security Officer (FSO)should put careful consideration into the security budget. This is a primary opportunity in the continuing plan of building credibility. The manager who arbitrarily throws in a number with meritless base is sending the wrong message. However, a well thought out line item count based on risk management, company mission and NISPOM requirements is more apt to impress and build instant respect. The budget contribution should enforce and support a message the FSO is constantly communicating. The budget request should not be first time executives are introduced to figures.
Managements support or lack of support of a security budget demonstrates either a well received or an unsupported security program. The intuitive FSO understands business, the company mission and how the role of protecting classified material fits. In that environment, the FSO provides a risk assessment based on the threat appraisal and speaks intelligently of the procedures, equipment and costs associated with protecting classified information. For example the FSO understands how to contract security vendors to install alarms, access control and other life safety and protective measures. The FSO is also able to demonstrate how the expense will benefit the company either in cost reduction or other tangible results.
The FSO presents the budget in a manner that all business units understand. For example, if part of the budget line is to provide access control there is a significant associated cost. Incorporating management involvement and support builds credibility and puts the company in a better position to provide the funding. Not only is a projected return on investment required, due diligence should be conducted. Sample questions and answers the FSO should be prepared to address are:
• Why is access control necessary? Prevents unauthorized persons from entering the premises and gives an extra layer of protection for classified and sensitive information.
• What happens if we do not implement access controls? The organization would have to commit persons to controlling the access to the company. At a manager’s salary of between $20.00 - $30.00 per hour, this could become expensive over time. The FSO could demonstrate the cost of the access controls against the time a manager takes to ensure someone provides visibility of the doors.
• What is the return on investment for access control? The intangible return on investment is the prevention of damage, injury, theft, and other risks inherent to unauthorized visitors. More tangible is the amount of energy saved while keeping the doors closed and saving energy. In one such study an FSO estimated a cost reduction of $12,000 per year cost reductions on the electric bill.
Other questions abound and the FSO should not hesitate to forward such questions to vendors. These vendors have statistics that they use as selling points for their products.
Speaking the language of business will serve the FSO well and ensure that executives understand the significance of a well supported security program. Security managers who just quote regulations or use “best practices” without putting much thought into the costs or talking points will quickly lose credibility.