Security Master Plans

An effective Security Master Plan enables an organization to identify, prioritize, budget for and implement risk mitigation measures that can be adapted as the threat environment and organizational risk profile evolves.

Contact us
/en/services/security-risk-management/security-consulting/security-master-plans service

Best practice security risk management begins with a master plan—a vision of the security goals for the organization, how it intends to reach and finance those goals and how implementation can be measured.

Kroll has often assessed Security Programs that are almost exclusively responsive in nature and budgets that are expended yearly on diverse issues with no formal programmatic goals and milestones. When security departments are “putting out fires” with their yearly budgets instead of progressing towards clearly identified objectives, Kroll tends to find patchwork programs with significant variance in quality and capabilities across program components. We also often see programmatic elements that were prioritized but abruptly dropped when new “fires” arose, leaving incomplete and ineffective security measures in place.

Kroll begins the assessment or development of a Security Master Plan with a review of the currently deployed program, the stated and documented goals of the program from both a corporate and a security management perspective and current initiatives being undertaken by the department.

Due to constant budget constraints in the deployment of effective security  measures, Kroll  focuses on the existing processes for security budget development with the objective of identifying the means for the department to optimize the planning of programmatic upgrades over budget cycles to ensure feasibility and prioritization of program elements.

A primary goal of a Security Master Plan is to optimize needed program development over a chosen timeline with clearly defined milestones and measurable goals. This “roadmap” for the security department allows the prioritization of those elements of the program deemed to be the most important and the forecasting of concrete timelines for deployment.

As important as the timelines and priorities are, flexibility is also paramount in today’s risk management environment. As has been seen in the recent past, security departments must be able to move from response to civil unrest to temperature screening of personnel in a professional and efficient manner. This requires flexibility in budgeting and timelines, which are addressed in a formal Security Master Plan. A roadmap with sufficient alternate routes to adapt to changing conditions allows for an efficient and effective security program.

While often built on best practices developed by Kroll over 30 years, we can customize our Security Master Plans for your organization’s unique needs. In our experience, the most effective plans will incorporate responsibilities not only for preventing, detecting, investigating and responding to incidents but also for ongoing monitoring and updating of the plan itself.

Connect with us

Connect with us

Timothy V Horner
Timothy V. Horner
Senior Managing Director and Global Head of Security Risk Management
Security Risk Management
New York
Jeff Kernohan is an associate managing director
Jeff Kernohan
Associate Managing Director
Security Risk Management
New York
Nicholas Doyle
Nick Doyle
Managing Director and Regional Leader, EMEA and APAC
Security Risk Management

See all servicesStay Ahead with Kroll


Valuation of businesses, assets and alternative investments for financial reporting, tax and other purposes.

Compliance and Regulation

End-to-end governance, advisory and monitorship solutions to detect, mitigate and remediate security, legal, compliance and regulatory risk.

Corporate Finance and Restructuring

Middle Market M&A, Strategic Advisory, Debt Advisory and Private Capital Markets, Restructuring and Insolvency Services, Financial Due Diligence, Fairness Opinions, Solvency Opinions and ESOP/ERISA Advisory.

Cyber Risk

Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.

Environmental, Social and Governance

Advisory and technology solutions, including policies and procedures, screening and due diligence, disclosures and reporting and investigations, value creation, and monitoring.

Investigations and Disputes

World-wide expert services and tech-enabled advisory through all stages of diligence, forensic investigation, litigation, disputes and testimony.

Business Services

Expert provider of complex administrative solutions for capital events globally. Our services include claims and noticing administration, debt restructuring and liability management services, agency and trustee services and more.

Video Library

Security Risk Management –
Hear Ongoing Global Security Insights From Our Security Risk Management Experts


Security Concepts

Jun 30, 2022

Webcast Replay

Threat Management

Oct 12, 2020

Threat Intelligence

Emerging Chatbot Security Concerns

Mar 23, 2023

by Nicole Sette Joe Contino