Strategic Security Management supports data driven security that is measurable, quantifiable and practical. Written for security professionals and other professionals responsible for making security decisions as well as for security management and criminal justice students, this text provides a fresh perspective on the risk assessment process. It also provides food for thought on protecting an organization's assets, giving decision makers the foundation needed to climb the next step up the corporate ladder.
Strategic Security Management fills a definitive need for guidelines on security best practices. The book also explores the process of in-depth security analysis for decision making, and provides the reader with the framework needed to apply security concepts to specific scenarios. Advanced threat, vulnerability, and risk assessment techniques are presented as the basis for security strategies. These concepts are related back to establishing effective security programs, including program implementation, management, and evaluation. The book also covers metric-based security resource allocation of countermeasures, including security procedures, personnel, and electronic measures.
Strategic Security Management contains contributions by many renowned security experts, such as Nick Vellani, Karl Langhorst, Brian Gouin, James Clark, Norman Bates, and Charles Sennewald.
- Provides clear direction on how to meet new business demands on the security professional
- Guides the security professional in using hard data to drive a security strategy, and follows through with the means to measure success of the program
- Covers threat assessment, vulnerability assessment, and risk assessment - and highlights the differences, advantages, and disadvantages of each
Inhaltsverzeichnis
1;Front cover;1 2;Title page;5 3;Copyright page;6 4;Table of contents;9 5;About the Author;11 6;Contributing Authors;13 7;Acknowledgments;17 8;Introduction;19 9;Chapter 1: Data-Driven Security;25 9.1;Data-Driven Security;25 9.2;Security Metrics;28 9.3;SMART Metrics;30 9.4;Data-Driven Assessments;32 10;Chapter 2: Asset Identification and Security Inventory;35 10.1;Definitions;36 10.2;Asset Classification;39 10.3;Identifying Critical Assets;41 10.4;Target Selection;41 10.5;Consequence Analysis;42 10.6;Countermeasure Inventory;44 10.7;Security Assessments;47 11;Chapter 3: Threat Assessments;51 11.1;Threat Formula;52 11.2;Threat Identification and Classification;54 11.3;Threat Information Sources;57 11.4;Assessing Threats;58 11.5;Emerging Threats;61 11.6;Threat Dynamics;63 11.7;The Homeland Security Advisory System;70 12;Chapter 4: Crime Analysis;75 12.1;Statistics for Security Management;76 12.2;Crime Triangle;77 12.3;Purpose of Crime Analysis;79 12.4;Data Sources;82 12.5;Law Enforcement Data versus Social Disorder Models;85 12.6;Advantages of Law Enforcement Data;85 12.7;Geographic Levels;93 12.8;Methodology;95 12.9;Return on Security Investment (ROSI);106 13;Chapter 5: Vulnerability Assessments;109 13.1;Definition;110 13.2;Vulnerability Assessments;110 13.3;Scope of Vulnerability Assessments;112 13.4;The Vulnerability Assessment Team;113 13.5;Asset-Based and Scenario-Based Vulnerability Assessments;114 13.6;Vulnerability Assessment Steps;115 13.7;Vulnerability Rating Scale;117 13.8;The Security Survey Report;119 13.9;The Vulnerability Assessment Report;124 14;Chapter 6: Risk Assessments;133 14.1;Definition;133 14.2;Risk Assessments;136 14.3;Qualitative Risk Assessments;136 14.4;Quantitative Risk Assessments;137 14.5;Specialized Risk Assessment Methodologies;137 14.6;Risk Mitigation;138 14.7;Risk Assessment Report;140 15;Chapter 7: Information Technology Risk Management;157 15.1;Why Information Technology Security Is Important to Traditional Security Decision Makers;1
57 15.2;Information Technology Risk Management;158 15.3;Asset Identification;159 15.4;Information Technology Risk Assessment;160 15.5;Information Technology System Characterization;163 15.6;Threat Assessment;165 15.7;Vulnerability Assessment;167 15.8;Control Evaluation;168 15.9;Likelihood Determination;169 15.10;Impact Analysis;169 15.11;Risk Determination;170 15.12;Control Recommendations;171 15.13;Results Documentation;172 15.14;Risk Mitigation;172 15.15;Control Implementation Methodology;174 15.16;Control Categories;175 15.17;Cost-Benefit Analysis;179 15.18;Residual Risk;180 15.19;Evaluation and Refinement;180 16;Chapter 8: Prevention;183 16.1;The Need and Practical Application of Theoretical Study;184 16.2;Situational Crime Prevention;187 16.3;Rational Choice;189 16.4;Routine Activity;190 16.5;Crime Prevention Through Environmental Design (CPTED);191 16.6;Crime Displacement and Diffusion of Benefits;193 16.7;Prevention Measures;194 17;Chapter 9: Security Measures: Policies and Procedures;197 17.1;Security Awareness;198 17.2;Security Plan;200 17.3;Emergency Management Plan;203 17.4;Conclusion;205 18;Chapter 10: Security Measures: Physical Security;207 18.1;Introduction;208 18.2;Types of Physical Security Countermeasures;208 18.3;Integration of Multiple Physical Security Countermeasures;230 18.4;Integration of Physical Security Countermeasures with Personnel and Policies and Procedures Countermeasures;231 18.5;Determining Physical Security Countermeasure Needs;232 18.6;Matching Product to Need;234 18.7;Defining Cost and Cost-Benefit Analysis;236 18.8;Cost-Benefit Analysis;238 18.9;Best Practices;238 18.10;Codes and Ordinances;239 18.11;Summary;239 19;Chapter 11: Security Measures: Deploying Physical Security;241 19.1;Countermeasure Selection;241 19.2;Creating Management Buy-In;247 19.3;Countermeasure Implementation;251 19.4;Auditing Effectiveness;253 20;Chapter 12: Security Measures: Personnel;255 20.1;Introduction;256 20.2;Training;256 20.3;Metric-Based Security
Deployment;257 20.4;Off-Duty Law Enforcement Officers versus Security Officers;259 20.5;Contract Security Forces versus Proprietary Security Forces;263 20.6;Quality Control and Performance Evaluation;266 20.7;The Soapbox: Increasing Professionalism;272 21;Chapter 13: Project Management;275 21.1;The Security Project Manager;277 21.2;The Security Project Team;279 21.3;Security Project Management Success: Subjective and Objective Criteria;281 21.4;Financial and Resource Management;283 21.5;Return on Security Investment;285 22;Chapter 14: Premises Security Liability;289 22.1;Premises Security Law;289 22.2;Plaintiffs Theories;296 22.3;Security Officer Misconduct;296 22.4;Negligent Hiring Liability;297 22.5;Reducing the Risk of LiabilityEvaluating the Security Program;299 22.6;Crime Risk AnalysisAn Initial Step;299 22.7;The Role of Statutes, Ordinances, and Regulations;300 22.8;National Security Standards;300 22.9;Standards versus Guidelines;301 22.10;The Rationale for National Standards;302 22.11;Security Risk Assessments;302 22.12;Conclusion;306 23;Chapter 15: Forensic Security;309 23.1;Premises Liability Matters;310 23.2;Tortious Conduct;311 23.3;Qualifications for Forensic Security Consulting;312 23.4;Strategies to Market Ones Forensic Practice;314 23.5;The Retention Process;316 23.6;Assessing the File;317 23.7;The Consultant Forms a Supportive Opinion;320 23.8;Security Premises Liability Forensic Consulting;321 23.9;The Defense Experts Opinions;326 24;Chapter 16: Ethics in Security Consulting;329 24.1;Introduction;329 24.2;Ethics in Practice;331 24.3;Walk-Away Value;335 24.4;Advocate versus Educator;336 24.5;Rules to Live by:;339 24.6;Forensic Consulting/Easy Conflicts;339 24.7;Conclusion;339 25;Appendix A: Certified Security ConsultantSM Code of Ethics;343 26;Appendix B: Best Practice #2, Forensic Methodology of the International Association of Professional Security Consultants;347 27;Appendix C: Risk Assessment Report;351 28;Appendix D: Crime Analysis Report;367 29
;Bibliography;381 30;Recommended Reading;385 31;Index;399
