The Manager's Handbook for Business Security

Acknowledgments
Introduction
Our Vision for the Value of This Publication


1. Understanding the Business of Security
Introduction
The Security Program Review
Build the Business Case for Crafting a Measurably Effective Security Program
Highlights for Follow-Up


2. Security Leadership: Establishing Yourself and Moving the Program Forward
Introduction
Leadership Competencies
Keys to Organizational Influence and Impact
The Next Generation Security Leader
Highlights for Follow-Up


3. Risk Assessment and Mitigation
Introduction
Assessing Viable Threats
Vulnerability Assessment
Board-Level Risk and Security Program Response Research
A Risk Quantification Process
A Risk Management-Based Concept of Operations
Highlights for Follow-Up


4. Strategic Security Planning
Introduction
Strategic Security Program Focus
Eight Key Strategic Issues
The Security Planning and Program Development Process
Business Alignment and Demonstrating Security’s Value
Highlights for Follow-Up


5. Marketing the Security Program to the Business
Introduction
The Essentials
A Marketing Strategy
Brand Recognition
The Mission Statement
Policies and Business Practices
Applying Standard Security Practices to Business Objectives
Highlights for Follow-Up


6. Organizational Models
Introduction
Baseline Elements
Program Characteristics
What Organizational Model Works Best in Your Company
Alternative Organizational Models
Consolidated Service Model
Seriously Explore the Potential Advantages of a Security Committee
Unified Risk Oversight
Access Is the Fundamental Essential
Highlights for Follow-Up


7. Regulations, Guidelines, and Standards
Introduction
Typical Regulatory Elements
How Many Security Regulations Apply to Your Company?
The Legislation, Regulations, Voluntary Compliance, and Standards (LRVCS) Breakdown
The Security Professional’s Role
The Implications of Noncompliance
Highlights for Follow-Up


8. Information Security
Introduction
Critical Importance of Information Security
Core Information Assurance Requirements
Information Has Value
Information Moves at Warp Speed
Key Assessment: What Is the State of Control?
Organizing the Information Security Program
Information Security Infrastructure and Architecture
Day-to-Day Operational Security
Cyber Incident Response Planning
Highlights for Follow-Up


9. Physical Security and First Response
Introduction
Your Objective: An Integrated Solution
Physical Security at a Glance
Alignment with the Threat
Security Operations
The Quality of First Response
All Space Is Not Created Equal
Physical Security as a Force Multiplier
Equipment Removal and Value of Risk Assessments
Security Riding on the Corporate Network
A Note on Convergence
Highlights for Follow-Up


10. Security Training and Education
Introduction
Objectives of Security-Related Training and Education
Training Options
In-House Training
Certificate Programs
Academic Programs
Development Plan
Contractors and Vendors
Training Business Units in Security-Related Responsibilities
Tracking Training Administration
Highlights for Follow-Up


11. Communication and Awareness Programs
Introduction
Strategies
Tactics
Security Awareness Approaches
Tailoring the Message
Highlights for Follow-Up


12. Safe and Secure Workplaces
Introduction
Predictability of Risk
The Policy Framework
Workplace Violence Policy
Protecting Key Executives and Key Individuals
Highlights for Follow-Up


13. Business Conduct
Introduction
Know Your Adversary
Corporate Hygiene
Learning from Business Conduct Cases
High-Level Policy or Guideline Statement
Checklist for Conduct of Internal Misconduct Investigations
Highlights for Follow-Up


14. Business Resiliency
Introduction
Your Focus
High-Level Policy or Guideline Statement
Track Business Continuity Readiness
NFPA Standard 1600
National Response Framework
Regulatory Requirements
Highlights for Follow-Up


15. Securing Your Supply Chain
Introduction
An Example of the Elements of Supply Chain Risk Oversight: Customs Trade Partnership Against Terrorism, Shipment Guard (C-TPAT) Security Criteria for Importers
A Focus on Supply Chain Security Has Multiple Benefits
Highlights for Follow-Up


16. Security Measures and Metrics
Introduction
What Are Measures and What Are Metrics?
What Are the Key Objectives for Our Metrics?
Why Measure? What Are the Benefits of Measures and Metrics?
Roles and Responsibilities
It’s about Communication and Risk Management
Where Do I Find the Data for My Measures and Metrics?
Business Alignment—Demonstrating Value to Management
Pitfalls to Avoid
Five Metrics You Might Consider
Conclusion
Highlights for Follow-Up


17. Continuous Learning: Addressing Risk with After-Action Reviews
Introduction
After-Action Review (AAR) and Incident Post-Mortem
Know Your Audience
Outline for the Incident Post-Mortem Management Plan and Briefing
Highlight for Follow-Up

Appendix A. Risk Review Elements
Business Risk Environment
Policy Framework
Threats
Location Risk
General Data
Business Continuity Incidents
Internal Risk
Information Security
Hazardous/Dangerous Material Issues
Base Building Risks
Owned Properties
Contractors
Background Investigation
Data Management
Business Continuity Planning
Emergency and Crisis Management
Security Awareness

Appendix B. Security Devices, Equipment, and Installation Labor Costs

Appendix C. Request for Proposals for Contract Security Services at [Specific Company Location(s)]
Introduction
Instructions to Bidders
Proposal Contents
Selection Criteria
General Conditions of the RFP
RFP Timeline

Appendix D. Workplace Violence Incident Response Guideline
Introduction
Workplace Violence Prevention Program Template
Some Critical Elements to Consider In Determining Dangerousness

Appendix E. Code of Business Conduct and Ethics Template
Company Assets
Compliance with Laws and Regulations
Confidential Information
Conflict of Interest
Dealing with Public Officials
Environmental Protection
Equal Employment Opportunity
Financial Records
Gifts, Gratuities, Favors: Giving and Receiving
Insider Trading
Intellectual Property Rights
Political Contributions
Workplace Safety
Reporting Violations and Policy Enforcement
Certification

Appendix F. Corporate Incident Reporting and Response Plan
Planning Philosophy
Corporate Emergency Plan
Corporate Emergency Response Team
Appendix G. Considering the Essentials: Questions for People and Program Development
Focus
A Suggested Approach
About the Contributing Editor
About Elsevier’s Security Executive Council Risk Management Portfolio
Index