Save 50% on book bundles
Immediately download your ebook while waiting for your print delivery. No promo code is needed.
Back to School Savings: Save up to 30% on print books and eBooks. No promo code needed.
Back to School Savings: Save up to 30%
The Manager's Handbook for Business Security
2nd Edition - March 7, 2014
Editor: George Campbell
Paperback ISBN:
9 7 8 - 0 - 1 2 - 8 0 0 0 6 2 - 5
eBook ISBN:
9 7 8 - 0 - 1 2 - 8 0 0 2 0 0 - 1
The Manager’s Handbook for Business Security is designed for new or current security managers who want build or enhance their business security programs. This book is not an… Read more
Purchase Options
The Manager’s Handbook for Business Security is designed for new or current security managers who want build or enhance their business security programs. This book is not an exhaustive textbook on the fundamentals of security; rather, it is a series of short, focused subjects that inspire the reader to lead and develop more effective security programs.Chapters are organized by topic so readers can easily—and quickly—find the information they need in concise, actionable, and practical terms. This book challenges readers to critically evaluate their programs and better engage their business leaders. It covers everything from risk assessment and mitigation to strategic security planning, information security, physical security and first response, business conduct, business resiliency, security measures and metrics, and much more.The Manager’s Handbook for Business Security is a part of Elsevier’s Security Executive Council Risk Management Portfolio, a collection of real world solutions and "how-to" guidelines that equip executives, practitioners, and educators with proven information for successful security and risk management programs.
- Chapters are organized by short, focused topics for easy reference
- Provides actionable ideas that experienced security executives and practitioners have shown will add value to the business and make the manager a more effective leader
- Takes a strategic approach to managing the security program, including marketing the program to senior business leadership and aligning security with business objectives
New security managers, current security managers who are in transition from public to private or one corporate profile to another, and business executives with an interest in or responsibility for corporate security
Acknowledgments
Introduction
Our Vision for the Value of This Publication
1. Understanding the Business of Security
Introduction
The Security Program Review
Build the Business Case for Crafting a Measurably Effective Security Program
Highlights for Follow-Up
2. Security Leadership: Establishing Yourself and Moving the Program Forward
Introduction
Leadership Competencies
Keys to Organizational Influence and Impact
The Next Generation Security Leader
Highlights for Follow-Up
3. Risk Assessment and Mitigation
Introduction
Assessing Viable Threats
Vulnerability Assessment
Board-Level Risk and Security Program Response Research
A Risk Quantification Process
A Risk Management-Based Concept of Operations
Highlights for Follow-Up
4. Strategic Security Planning
Introduction
Strategic Security Program Focus
Eight Key Strategic Issues
The Security Planning and Program Development Process
Business Alignment and Demonstrating Security’s Value
Highlights for Follow-Up
5. Marketing the Security Program to the Business
Introduction
The Essentials
A Marketing Strategy
Brand Recognition
The Mission Statement
Policies and Business Practices
Applying Standard Security Practices to Business Objectives
Highlights for Follow-Up
6. Organizational Models
Introduction
Baseline Elements
Program Characteristics
What Organizational Model Works Best in Your Company
Alternative Organizational Models
Consolidated Service Model
Seriously Explore the Potential Advantages of a Security Committee
Unified Risk Oversight
Access Is the Fundamental Essential
Highlights for Follow-Up
7. Regulations, Guidelines, and Standards
Introduction
Typical Regulatory Elements
How Many Security Regulations Apply to Your Company?
The Legislation, Regulations, Voluntary Compliance, and Standards (LRVCS) Breakdown
The Security Professional’s Role
The Implications of Noncompliance
Highlights for Follow-Up
8. Information Security
Introduction
Critical Importance of Information Security
Core Information Assurance Requirements
Information Has Value
Information Moves at Warp Speed
Key Assessment: What Is the State of Control?
Organizing the Information Security Program
Information Security Infrastructure and Architecture
Day-to-Day Operational Security
Cyber Incident Response Planning
Highlights for Follow-Up
9. Physical Security and First Response
Introduction
Your Objective: An Integrated Solution
Physical Security at a Glance
Alignment with the Threat
Security Operations
The Quality of First Response
All Space Is Not Created Equal
Physical Security as a Force Multiplier
Equipment Removal and Value of Risk Assessments
Security Riding on the Corporate Network
A Note on Convergence
Highlights for Follow-Up
10. Security Training and Education
Introduction
Objectives of Security-Related Training and Education
Training Options
In-House Training
Certificate Programs
Academic Programs
Development Plan
Contractors and Vendors
Training Business Units in Security-Related Responsibilities
Tracking Training Administration
Highlights for Follow-Up
11. Communication and Awareness Programs
Introduction
Strategies
Tactics
Security Awareness Approaches
Tailoring the Message
Highlights for Follow-Up
12. Safe and Secure Workplaces
Introduction
Predictability of Risk
The Policy Framework
Workplace Violence Policy
Protecting Key Executives and Key Individuals
Highlights for Follow-Up
13. Business Conduct
Introduction
Know Your Adversary
Corporate Hygiene
Learning from Business Conduct Cases
High-Level Policy or Guideline Statement
Checklist for Conduct of Internal Misconduct Investigations
Highlights for Follow-Up
14. Business Resiliency
Introduction
Your Focus
High-Level Policy or Guideline Statement
Track Business Continuity Readiness
NFPA Standard 1600
National Response Framework
Regulatory Requirements
Highlights for Follow-Up
15. Securing Your Supply Chain
Introduction
An Example of the Elements of Supply Chain Risk Oversight: Customs Trade Partnership Against Terrorism, Shipment Guard (C-TPAT) Security Criteria for Importers
A Focus on Supply Chain Security Has Multiple Benefits
Highlights for Follow-Up
16. Security Measures and Metrics
Introduction
What Are Measures and What Are Metrics?
What Are the Key Objectives for Our Metrics?
Why Measure? What Are the Benefits of Measures and Metrics?
Roles and Responsibilities
It’s about Communication and Risk Management
Where Do I Find the Data for My Measures and Metrics?
Business Alignment—Demonstrating Value to Management
Pitfalls to Avoid
Five Metrics You Might Consider
Conclusion
Highlights for Follow-Up
17. Continuous Learning: Addressing Risk with After-Action Reviews
Introduction
After-Action Review (AAR) and Incident Post-Mortem
Know Your Audience
Outline for the Incident Post-Mortem Management Plan and Briefing
Highlight for Follow-Up
Appendix A. Risk Review Elements
Business Risk Environment
Policy Framework
Threats
Location Risk
General Data
Business Continuity Incidents
Internal Risk
Information Security
Hazardous/Dangerous Material Issues
Base Building Risks
Owned Properties
Contractors
Background Investigation
Data Management
Business Continuity Planning
Emergency and Crisis Management
Security Awareness
Appendix B. Security Devices, Equipment, and Installation Labor Costs
Appendix C. Request for Proposals for Contract Security Services at [Specific Company Location(s)]
Introduction
Instructions to Bidders
Proposal Contents
Selection Criteria
General Conditions of the RFP
RFP Timeline
Appendix D. Workplace Violence Incident Response Guideline
Introduction
Workplace Violence Prevention Program Template
Some Critical Elements to Consider In Determining Dangerousness
Appendix E. Code of Business Conduct and Ethics Template
Company Assets
Compliance with Laws and Regulations
Confidential Information
Conflict of Interest
Dealing with Public Officials
Environmental Protection
Equal Employment Opportunity
Financial Records
Gifts, Gratuities, Favors: Giving and Receiving
Insider Trading
Intellectual Property Rights
Political Contributions
Workplace Safety
Reporting Violations and Policy Enforcement
Certification
Appendix F. Corporate Incident Reporting and Response Plan
Planning Philosophy
Corporate Emergency Plan
Corporate Emergency Response Team
Appendix G. Considering the Essentials: Questions for People and Program Development
Focus
A Suggested Approach
About the Contributing Editor
About Elsevier’s Security Executive Council Risk Management Portfolio
Index
Introduction
Our Vision for the Value of This Publication
1. Understanding the Business of Security
Introduction
The Security Program Review
Build the Business Case for Crafting a Measurably Effective Security Program
Highlights for Follow-Up
2. Security Leadership: Establishing Yourself and Moving the Program Forward
Introduction
Leadership Competencies
Keys to Organizational Influence and Impact
The Next Generation Security Leader
Highlights for Follow-Up
3. Risk Assessment and Mitigation
Introduction
Assessing Viable Threats
Vulnerability Assessment
Board-Level Risk and Security Program Response Research
A Risk Quantification Process
A Risk Management-Based Concept of Operations
Highlights for Follow-Up
4. Strategic Security Planning
Introduction
Strategic Security Program Focus
Eight Key Strategic Issues
The Security Planning and Program Development Process
Business Alignment and Demonstrating Security’s Value
Highlights for Follow-Up
5. Marketing the Security Program to the Business
Introduction
The Essentials
A Marketing Strategy
Brand Recognition
The Mission Statement
Policies and Business Practices
Applying Standard Security Practices to Business Objectives
Highlights for Follow-Up
6. Organizational Models
Introduction
Baseline Elements
Program Characteristics
What Organizational Model Works Best in Your Company
Alternative Organizational Models
Consolidated Service Model
Seriously Explore the Potential Advantages of a Security Committee
Unified Risk Oversight
Access Is the Fundamental Essential
Highlights for Follow-Up
7. Regulations, Guidelines, and Standards
Introduction
Typical Regulatory Elements
How Many Security Regulations Apply to Your Company?
The Legislation, Regulations, Voluntary Compliance, and Standards (LRVCS) Breakdown
The Security Professional’s Role
The Implications of Noncompliance
Highlights for Follow-Up
8. Information Security
Introduction
Critical Importance of Information Security
Core Information Assurance Requirements
Information Has Value
Information Moves at Warp Speed
Key Assessment: What Is the State of Control?
Organizing the Information Security Program
Information Security Infrastructure and Architecture
Day-to-Day Operational Security
Cyber Incident Response Planning
Highlights for Follow-Up
9. Physical Security and First Response
Introduction
Your Objective: An Integrated Solution
Physical Security at a Glance
Alignment with the Threat
Security Operations
The Quality of First Response
All Space Is Not Created Equal
Physical Security as a Force Multiplier
Equipment Removal and Value of Risk Assessments
Security Riding on the Corporate Network
A Note on Convergence
Highlights for Follow-Up
10. Security Training and Education
Introduction
Objectives of Security-Related Training and Education
Training Options
In-House Training
Certificate Programs
Academic Programs
Development Plan
Contractors and Vendors
Training Business Units in Security-Related Responsibilities
Tracking Training Administration
Highlights for Follow-Up
11. Communication and Awareness Programs
Introduction
Strategies
Tactics
Security Awareness Approaches
Tailoring the Message
Highlights for Follow-Up
12. Safe and Secure Workplaces
Introduction
Predictability of Risk
The Policy Framework
Workplace Violence Policy
Protecting Key Executives and Key Individuals
Highlights for Follow-Up
13. Business Conduct
Introduction
Know Your Adversary
Corporate Hygiene
Learning from Business Conduct Cases
High-Level Policy or Guideline Statement
Checklist for Conduct of Internal Misconduct Investigations
Highlights for Follow-Up
14. Business Resiliency
Introduction
Your Focus
High-Level Policy or Guideline Statement
Track Business Continuity Readiness
NFPA Standard 1600
National Response Framework
Regulatory Requirements
Highlights for Follow-Up
15. Securing Your Supply Chain
Introduction
An Example of the Elements of Supply Chain Risk Oversight: Customs Trade Partnership Against Terrorism, Shipment Guard (C-TPAT) Security Criteria for Importers
A Focus on Supply Chain Security Has Multiple Benefits
Highlights for Follow-Up
16. Security Measures and Metrics
Introduction
What Are Measures and What Are Metrics?
What Are the Key Objectives for Our Metrics?
Why Measure? What Are the Benefits of Measures and Metrics?
Roles and Responsibilities
It’s about Communication and Risk Management
Where Do I Find the Data for My Measures and Metrics?
Business Alignment—Demonstrating Value to Management
Pitfalls to Avoid
Five Metrics You Might Consider
Conclusion
Highlights for Follow-Up
17. Continuous Learning: Addressing Risk with After-Action Reviews
Introduction
After-Action Review (AAR) and Incident Post-Mortem
Know Your Audience
Outline for the Incident Post-Mortem Management Plan and Briefing
Highlight for Follow-Up
Appendix A. Risk Review Elements
Business Risk Environment
Policy Framework
Threats
Location Risk
General Data
Business Continuity Incidents
Internal Risk
Information Security
Hazardous/Dangerous Material Issues
Base Building Risks
Owned Properties
Contractors
Background Investigation
Data Management
Business Continuity Planning
Emergency and Crisis Management
Security Awareness
Appendix B. Security Devices, Equipment, and Installation Labor Costs
Appendix C. Request for Proposals for Contract Security Services at [Specific Company Location(s)]
Introduction
Instructions to Bidders
Proposal Contents
Selection Criteria
General Conditions of the RFP
RFP Timeline
Appendix D. Workplace Violence Incident Response Guideline
Introduction
Workplace Violence Prevention Program Template
Some Critical Elements to Consider In Determining Dangerousness
Appendix E. Code of Business Conduct and Ethics Template
Company Assets
Compliance with Laws and Regulations
Confidential Information
Conflict of Interest
Dealing with Public Officials
Environmental Protection
Equal Employment Opportunity
Financial Records
Gifts, Gratuities, Favors: Giving and Receiving
Insider Trading
Intellectual Property Rights
Political Contributions
Workplace Safety
Reporting Violations and Policy Enforcement
Certification
Appendix F. Corporate Incident Reporting and Response Plan
Planning Philosophy
Corporate Emergency Plan
Corporate Emergency Response Team
Appendix G. Considering the Essentials: Questions for People and Program Development
Focus
A Suggested Approach
About the Contributing Editor
About Elsevier’s Security Executive Council Risk Management Portfolio
Index
- No. of pages: 296
- Language: English
- Published: March 7, 2014
- Imprint: Elsevier
- Paperback ISBN: 9780128000625
- eBook ISBN: 9780128002001
GC
George Campbell
George Campbell served until 2002 as the chief security officer (CSO) at Fidelity Investments, the largest mutual fund company in the United States, with more than $2 trillion in customer assets and 32,500 employees. Under Campbell’s leadership, the global corporate security organization delivered a wide range of proprietary services including information security, disaster recovery planning and crisis management, criminal investigations, fraud prevention, property and executive protection, and proprietary security system design, engineering, and installation. Since leaving Fidelity, Campbell has served as a content expert for the Security Executive Council, of which he is a founding Emeritus Faculty member.
Prior to working at Fidelity Investments, Campbell owned a security and consulting firm, which specialized in risk assessment and security program management. He has also been group vice president at a system engineering firm that supported government security programs at high-threat sites around the world. Early on in his career, Campbell worked in the criminal justice system, and served in various line and senior management positions within federal, state, and local government agencies.
Campbell received his bachelor’s degree in police administration from American University in Washington, D.C. He served on the board of directors of the International Security Management Association (ISMA), and as ISMA’s president in 2003. Campbell is also a long-time member of ASIS International. He is a former member of the National Council on Crime Prevention, the High Technology Crime Investigation Association, and the Association of Certified Fraud Examiners, and is an alumnus of the U.S. State Department’s Overseas Security Advisory Council.
Affiliations and expertise
Emeritus faculty, Security Executive Council; former chief security officer (CSO), Fidelity Investments