Beyond controlling access and protecting against physical threats, they must play a more proactive role in implementing and enforcing security policies, standards, and procedures; auditing access, ...