Save up to 30% on Elsevier print and eBooks with free shipping. No promo code needed.
Save up to 30% on print and eBooks.
Building a Corporate Culture of Security
Strategies for Strengthening Organizational Resiliency
1st Edition - February 24, 2016
Author: John Sullivant
Language: English
Paperback ISBN:9780128020197
9 7 8 - 0 - 1 2 - 8 0 2 0 1 9 - 7
eBook ISBN:9780128020586
9 7 8 - 0 - 1 2 - 8 0 2 0 5 8 - 6
Building a Corporate Culture of Security: Strategies for Strengthening Organizational Resiliency provides readers with the proven strategies, methods, and techniques they need…Read more
Purchase options
LIMITED OFFER
Save 50% on book bundles
Immediately download your ebook while waiting for your print delivery. No promo code is needed.
Building a Corporate Culture of Security: Strategies for Strengthening Organizational Resiliency
provides readers with the proven strategies, methods, and techniques they need to present ideas and a sound business case for improving or enhancing security resilience to senior management. Presented from the viewpoint of a leading expert in the field, the book offers proven and integrated strategies that convert threats, hazards, risks, and vulnerabilities into actionable security solutions, thus enhancing organizational resiliency in ways that executive management will accept.
The book delivers a much-needed look into why some corporate security practices programs work and others don’t. Offering the tools necessary for anyone in the organization charged with security operations, Building a Corporate Culture of Security provides practical and useful guidance on handling security issues corporate executives hesitate to address until it’s too late.
Provides a comprehensive understanding of the root causes of the most common security vulnerabilities that impact organizations and strategies for their early detection and prevention
Offers techniques for security managers on how to establish and maintain effective communications with executives, especially when bringing security weakness--and solutions--to them
Outlines a strategy for determining the value and contribution of protocols to the organization, how to detect gaps, duplications and omissions from those protocols, and how to improve their purpose and usefulness
Explores strategies for building professional competencies; managing security operations, and assessing risks, threats, vulnerabilities, and consequences
Shows how to establish a solid foundation for the layering of security and building a resilient protection-in-depth capability that benefits the entire organization
Offers appendices with proven risk management and risk-based metric frameworks and architecture platforms
Security Directors, Managers, and consultants; Business executives and managers charged with risk management and security responsibilities; Security Management students.
Dedication
About the Author
Foreword
Preface
Acknowledgments
1. Introduction
Overview
Building Security Resilience and Developing Relationships
Watch Out for Stumbling Blocks
Vulnerability Creep-in Just Showed Up—It Wasn’t Here Before
Conclusion
2. Strategies That Create Your Life Line
Overview
A Need Exists to Create a Set of Uniform Security Strategies
Security Strategies and Guiding Principles
Conclusion
3. The Many Faces of Vulnerability Creep-in
Overview
Vulnerability Creep-in Eludes Many Security Professionals
Strategic Security Deficiencies Top the List
Programmatic Security Weaknesses Rank Second Place
Human and Technology Inadequacies Rate Third Place
Conclusions
4. The Evolving Threat Environment
Overview
The Threat Landscape Is Diversified and Sophisticated
Attack Modes Make Planning and Response a Challenge
Conclusions
5. The Cyber Threat Landscape
Overview
Who Is Responsible for Today’s Cyber Attacks?
The Cyber Threat Continues to Devastate the U.S. Economy and National Security
Trusted Insiders Bear Watching
State-Sponsored Cyber Attacks Create Havoc With Our Economy and National Security
Cyber Practices and Incident Responses Need Improvement
Conclusions
6. Establishing a Security Risk Management Program Is Crucial
Overview
Risk Management Measures and Evaluates Risk Exposure and the Ability to Deal With Threats
Subscribing to a Security Risk Management Program
A Risk Management Program Establishes Creditability
When to Measure and Evaluate Performance
A Risk Management Program Is Key to Performance Success
Executives Need Compelling and Persuasive Information to Make Sound Business Decisions
Conclusions
Appendix A: Risk Management and Architecture Platform
Relationship Between Measurement and Evaluation
Architecture Platform
Evaluation Tools Mostly Used Within Security Organizations
Quality Assurance: Zero Defects
7. Useful Metrics Give the Security Organization Standing
Overview
Risk-based Metrics Are Often Underestimated
Setting the Metric Framework and Architecture Foundation
Well-Designed Risk-based Metrics Resonate with CEOs
Theory of Probability
Benefits of Using Risk-based Metrics
Conclusion
Appendix A: Metric Framework and Architecture Platform
Strategic Relevance
Operational Reasonableness
8. A User-Friendly Security Assessment Model
Overview
A Reliable Security Assessment Model That Resonates with C-Suite Executives
Measuring and Evaluating Performance Effectiveness
The Benefits Management Enjoys from Using a Risk-Based Model
Conclusions
9. Developing a Realistic and Useful Threat Estimate Profile
Overview
Providing Meaningful Strategic Threat Advice to Executive Management Is Essential
Threat Planning Relies on the Development of a Useful Threat Estimate Profile
Suggested Composition of a Threat Estimate Profile
The Local/Site-Specific Threat Assessment
Identifying the Range of Potential Threats and Hazards Is a Critical Planning Process
Consequence Analysis and Probability of Occurrence for Threats and Hazards
Benefits of Having a Threat Estimate Profile
Conclusions
Appendix A
Appendix B
10. Establishing and Maintaining Inseparable Security Competencies
Overview
Are Your Security Competencies a Top Priority?
Timely Interdependencies of Security Capabilities
Conclusions
11. A User-Friendly Security Technology Model
Overview
A Dire Need Exists to Embrace a Technical Security Strategy
The Technical Security Planning Process Is Often Misunderstood and Underestimated
Embracing The Challenges of New Technology Advancements
Technology Application Has High-Visibility Challenges
Importance of a Quality System Maintenance Program
Embracing Inspections and Tests Extends the System Life Cycle
System Failure Modes and Compensatory Measures
Conclusion
Appendix A: Selected Security Technology Deficiencies and Weaknesses
Overview of Selected Case Histories
Appendix B: Sample Test Logs
Safety Information
12. Preparing for Emergencies
Overview
Security Emergency Planning Is Critical to Organizational Survival
Planning for Prevention, Protection, Response, and Recovery
Alert Notification Systems Serve as Triggering Mechanisms to Carry Out Security Planning Considerations
Planning for Security Event-Driven Response and Recovery Operations
Strategies for Integrating and Prioritizing Security Response and Recovery Operations
Security Emergency Response Plan
Conclusions
Appendix A: Case Histories: Security Emergency Planning Fallacies
13. A User-Friendly Protocol Development Model
Overview
Adopting a Protocol Strategy Is Crucial to Quality Performance
Need for Protocols
Purpose of Protocol Reviews
Quality Review Process for Essential Security Protocols
Benefits Derived from Protocol Analysis
Conclusions
Appendix A
14. A Proven Organization and Management Assessment Model
Overview
Embracing the Mission of the Security Organization
A Reliable Organization and Management Assessment Model That Resonates with CEOs
Purpose of Measuring Organization and Management Competency
Measuring Security Management and Leadership Competencies
Benefits of an Operational and Management Audit
Conclusions
Appendix A: Case Histories – Management and Leadership
Overview of Selected Case Histories
15. Building Competencies That Count: A Training Model
Overview
Why Security Training Is Important
Goals and Value Are Drivers of Effective Training
A Reliable Training Model Resonates With Chief Executive Officers
Independent Research and Credence of the Model
Types of Security Awareness Training Programs
Specialized Security Staff Training Program
Course Design Brings Instruction to Life
Professional Development Is Key for Security Planners
Benefits Management Enjoys by Adopting the Model
Conclusions
16. How to Communicate with Executives and Governing Bodies
Overview
Why Would a CEO Ever Ask You for Help?
Why Should a Chief Executive Listen to You?
Speak the Language Executives and Board Members Understand, Care About, and Can Act On
Impressions Count
Tips That Will Help You Get Your Message Across
Think Strategically
Develop a Management Perspective
Be Trustworthy, Candid, and Professional
Be a Verbal Visionary
Be That Window for Tomorrow
Give Constructive Advice
Build a Solid Business Case
Know When to Pull Your Parachute Cord
Present Program Results Regularly
Conclusions
17. A Brighter Tomorrow: My Thoughts
Overview
A Perspective for the Future
The Evolving Business and Threat Landscape
Corporate Image, Brand, and Reputation Hang in the Balance
Measuring and Evaluating Performance and Productivity
Security Design Performance and Program Integration
Training Programs Need a Major Uplift
Security Emergency Plans and Response/Recovery Procedures
Communicating with Executives and Governing Bodies
Security Leadership Needs a Touch Up
Change Management in the Wind
What Does Work May Surprise You
Characteristics of Future Security Leaders
My Parting Thought
References
Index
No. of pages: 298
Language: English
Edition: 1
Published: February 24, 2016
Imprint: Butterworth-Heinemann
Paperback ISBN: 9780128020197
eBook ISBN: 9780128020586
JS
John Sullivant
John Sullivant creates strategic security planning initiatives for corporations and governments throughout the world. Throughout his lengthy security career, he has held numerous senior security positions in both the public and private sector, served on several national security councils, committees and advisory boards, and spoken frequently at professional security associations and educational institutions. He is the author of a reference on protecting critical infrastructure and his work has appeared in Security Management, the leading Security publication.
Affiliations and expertise
President, Sisters Three Entrepreneurs Security Consultants Company, Nashua, NH, USA
Read Building a Corporate Culture of Security on ScienceDirect