LIMITED OFFER
Save 50% on book bundles
Immediately download your ebook while waiting for your print delivery. No promo code needed.
Building a Corporate Culture of Security
Strategies for Strengthening Organizational Resiliency
- 1st Edition - February 24, 2016
- Author: John Sullivant
- Language: English
- Paperback ISBN:9 7 8 - 0 - 1 2 - 8 0 2 0 1 9 - 7
- eBook ISBN:9 7 8 - 0 - 1 2 - 8 0 2 0 5 8 - 6
Building a Corporate Culture of Security: Strategies for Strengthening Organizational Resiliency provides readers with the proven strategies, methods, and techniques they need… Read more
Purchase options
Institutional subscription on ScienceDirect
Request a sales quoteBuilding a Corporate Culture of Security: Strategies for Strengthening Organizational Resiliency
provides readers with the proven strategies, methods, and techniques they need to present ideas and a sound business case for improving or enhancing security resilience to senior management. Presented from the viewpoint of a leading expert in the field, the book offers proven and integrated strategies that convert threats, hazards, risks, and vulnerabilities into actionable security solutions, thus enhancing organizational resiliency in ways that executive management will accept.The book delivers a much-needed look into why some corporate security practices programs work and others don’t. Offering the tools necessary for anyone in the organization charged with security operations, Building a Corporate Culture of Security provides practical and useful guidance on handling security issues corporate executives hesitate to address until it’s too late.
- Provides a comprehensive understanding of the root causes of the most common security vulnerabilities that impact organizations and strategies for their early detection and prevention
- Offers techniques for security managers on how to establish and maintain effective communications with executives, especially when bringing security weakness--and solutions--to them
- Outlines a strategy for determining the value and contribution of protocols to the organization, how to detect gaps, duplications and omissions from those protocols, and how to improve their purpose and usefulness
- Explores strategies for building professional competencies; managing security operations, and assessing risks, threats, vulnerabilities, and consequences
- Shows how to establish a solid foundation for the layering of security and building a resilient protection-in-depth capability that benefits the entire organization
- Offers appendices with proven risk management and risk-based metric frameworks and architecture platforms
Security Directors, Managers, and consultants; Business executives and managers charged with risk management and security responsibilities; Security Management students.
- Dedication
- About the Author
- Foreword
- Preface
- Acknowledgments
- 1. Introduction
- Overview
- Building Security Resilience and Developing Relationships
- Watch Out for Stumbling Blocks
- Vulnerability Creep-in Just Showed Up—It Wasn’t Here Before
- Conclusion
- 2. Strategies That Create Your Life Line
- Overview
- A Need Exists to Create a Set of Uniform Security Strategies
- Security Strategies and Guiding Principles
- Conclusion
- 3. The Many Faces of Vulnerability Creep-in
- Overview
- Vulnerability Creep-in Eludes Many Security Professionals
- Strategic Security Deficiencies Top the List
- Programmatic Security Weaknesses Rank Second Place
- Human and Technology Inadequacies Rate Third Place
- Conclusions
- 4. The Evolving Threat Environment
- Overview
- The Threat Landscape Is Diversified and Sophisticated
- Attack Modes Make Planning and Response a Challenge
- Conclusions
- 5. The Cyber Threat Landscape
- Overview
- Who Is Responsible for Today’s Cyber Attacks?
- The Cyber Threat Continues to Devastate the U.S. Economy and National Security
- Trusted Insiders Bear Watching
- State-Sponsored Cyber Attacks Create Havoc With Our Economy and National Security
- Cyber Practices and Incident Responses Need Improvement
- Conclusions
- 6. Establishing a Security Risk Management Program Is Crucial
- Overview
- Risk Management Measures and Evaluates Risk Exposure and the Ability to Deal With Threats
- Subscribing to a Security Risk Management Program
- A Risk Management Program Establishes Creditability
- When to Measure and Evaluate Performance
- A Risk Management Program Is Key to Performance Success
- Executives Need Compelling and Persuasive Information to Make Sound Business Decisions
- Conclusions
- Appendix A: Risk Management and Architecture Platform
- Relationship Between Measurement and Evaluation
- Architecture Platform
- Evaluation Tools Mostly Used Within Security Organizations
- Quality Assurance: Zero Defects
- 7. Useful Metrics Give the Security Organization Standing
- Overview
- Risk-based Metrics Are Often Underestimated
- Setting the Metric Framework and Architecture Foundation
- Well-Designed Risk-based Metrics Resonate with CEOs
- Theory of Probability
- Benefits of Using Risk-based Metrics
- Conclusion
- Appendix A: Metric Framework and Architecture Platform
- Strategic Relevance
- Operational Reasonableness
- 8. A User-Friendly Security Assessment Model
- Overview
- A Reliable Security Assessment Model That Resonates with C-Suite Executives
- Measuring and Evaluating Performance Effectiveness
- The Benefits Management Enjoys from Using a Risk-Based Model
- Conclusions
- 9. Developing a Realistic and Useful Threat Estimate Profile
- Overview
- Providing Meaningful Strategic Threat Advice to Executive Management Is Essential
- Threat Planning Relies on the Development of a Useful Threat Estimate Profile
- Suggested Composition of a Threat Estimate Profile
- The Local/Site-Specific Threat Assessment
- Identifying the Range of Potential Threats and Hazards Is a Critical Planning Process
- Consequence Analysis and Probability of Occurrence for Threats and Hazards
- Benefits of Having a Threat Estimate Profile
- Conclusions
- Appendix A
- Appendix B
- 10. Establishing and Maintaining Inseparable Security Competencies
- Overview
- Are Your Security Competencies a Top Priority?
- Timely Interdependencies of Security Capabilities
- Conclusions
- 11. A User-Friendly Security Technology Model
- Overview
- A Dire Need Exists to Embrace a Technical Security Strategy
- The Technical Security Planning Process Is Often Misunderstood and Underestimated
- Embracing The Challenges of New Technology Advancements
- Technology Application Has High-Visibility Challenges
- Importance of a Quality System Maintenance Program
- Embracing Inspections and Tests Extends the System Life Cycle
- System Failure Modes and Compensatory Measures
- Conclusion
- Appendix A: Selected Security Technology Deficiencies and Weaknesses
- Overview of Selected Case Histories
- Appendix B: Sample Test Logs
- Safety Information
- 12. Preparing for Emergencies
- Overview
- Security Emergency Planning Is Critical to Organizational Survival
- Planning for Prevention, Protection, Response, and Recovery
- Alert Notification Systems Serve as Triggering Mechanisms to Carry Out Security Planning Considerations
- Planning for Security Event-Driven Response and Recovery Operations
- Strategies for Integrating and Prioritizing Security Response and Recovery Operations
- Security Emergency Response Plan
- Conclusions
- Appendix A: Case Histories: Security Emergency Planning Fallacies
- 13. A User-Friendly Protocol Development Model
- Overview
- Adopting a Protocol Strategy Is Crucial to Quality Performance
- Need for Protocols
- Purpose of Protocol Reviews
- Quality Review Process for Essential Security Protocols
- Benefits Derived from Protocol Analysis
- Conclusions
- Appendix A
- 14. A Proven Organization and Management Assessment Model
- Overview
- Embracing the Mission of the Security Organization
- A Reliable Organization and Management Assessment Model That Resonates with CEOs
- Purpose of Measuring Organization and Management Competency
- Measuring Security Management and Leadership Competencies
- Benefits of an Operational and Management Audit
- Conclusions
- Appendix A: Case Histories – Management and Leadership
- Overview of Selected Case Histories
- 15. Building Competencies That Count: A Training Model
- Overview
- Why Security Training Is Important
- Goals and Value Are Drivers of Effective Training
- A Reliable Training Model Resonates With Chief Executive Officers
- Independent Research and Credence of the Model
- Types of Security Awareness Training Programs
- Specialized Security Staff Training Program
- Course Design Brings Instruction to Life
- Professional Development Is Key for Security Planners
- Benefits Management Enjoys by Adopting the Model
- Conclusions
- 16. How to Communicate with Executives and Governing Bodies
- Overview
- Why Would a CEO Ever Ask You for Help?
- Why Should a Chief Executive Listen to You?
- Speak the Language Executives and Board Members Understand, Care About, and Can Act On
- Impressions Count
- Tips That Will Help You Get Your Message Across
- Think Strategically
- Develop a Management Perspective
- Be Trustworthy, Candid, and Professional
- Be a Verbal Visionary
- Be That Window for Tomorrow
- Give Constructive Advice
- Build a Solid Business Case
- Know When to Pull Your Parachute Cord
- Present Program Results Regularly
- Conclusions
- 17. A Brighter Tomorrow: My Thoughts
- Overview
- A Perspective for the Future
- The Evolving Business and Threat Landscape
- Corporate Image, Brand, and Reputation Hang in the Balance
- Measuring and Evaluating Performance and Productivity
- Security Design Performance and Program Integration
- Training Programs Need a Major Uplift
- Security Emergency Plans and Response/Recovery Procedures
- Communicating with Executives and Governing Bodies
- Security Leadership Needs a Touch Up
- Change Management in the Wind
- What Does Work May Surprise You
- Characteristics of Future Security Leaders
- My Parting Thought
- References
- Index
- No. of pages: 298
- Language: English
- Edition: 1
- Published: February 24, 2016
- Imprint: Butterworth-Heinemann
- Paperback ISBN: 9780128020197
- eBook ISBN: 9780128020586
JS
John Sullivant
John Sullivant creates strategic security planning initiatives for corporations and governments throughout the world. Throughout his lengthy security career, he has held numerous senior security positions in both the public and private sector, served on several national security councils, committees and advisory boards, and spoken frequently at professional security associations and educational institutions. He is the author of a reference on protecting critical infrastructure and his work has appeared in Security Management, the leading Security publication.
Affiliations and expertise
President, Sisters Three Entrepreneurs Security Consultants Company, Nashua, NH, USARead Building a Corporate Culture of Security on ScienceDirect