The Manager's Handbook for Business Security

The Manager's Handbook for Business Security

2nd Edition - March 7, 2014

Write a review

  • Editor: George Campbell
  • eBook ISBN: 9780128002001
  • Paperback ISBN: 9780128000625

Purchase options

Purchase options
DRM-free (PDF, Mobi, EPub)
Available
Sales tax will be calculated at check-out

Institutional Subscription

Free Global Shipping
No minimum order

Description

The Manager’s Handbook for Business Security is designed for new or current security managers who want build or enhance their business security programs. This book is not an exhaustive textbook on the fundamentals of security; rather, it is a series of short, focused subjects that inspire the reader to lead and develop more effective security programs. Chapters are organized by topic so readers can easily—and quickly—find the information they need in concise, actionable, and practical terms. This book challenges readers to critically evaluate their programs and better engage their business leaders. It covers everything from risk assessment and mitigation to strategic security planning, information security, physical security and first response, business conduct, business resiliency, security measures and metrics, and much more. The Manager’s Handbook for Business Security is a part of Elsevier’s Security Executive Council Risk Management Portfolio, a collection of real world solutions and "how-to" guidelines that equip executives, practitioners, and educators with proven information for successful security and risk management programs.

Key Features

  • Chapters are organized by short, focused topics for easy reference
  • Provides actionable ideas that experienced security executives and practitioners have shown will add value to the business and make the manager a more effective leader
  • Takes a strategic approach to managing the security program, including marketing the program to senior business leadership and aligning security with business objectives

Readership

New security managers, current security managers who are in transition from public to private or one corporate profile to another, and business executives with an interest in or responsibility for corporate security

Table of Contents

  • Acknowledgments

    Introduction

    Our Vision for the Value of This Publication

    1. Understanding the Business of Security

    Introduction

    The Security Program Review

    Build the Business Case for Crafting a Measurably Effective Security Program

    Highlights for Follow-Up

    2. Security Leadership: Establishing Yourself and Moving the Program Forward

    Introduction

    Leadership Competencies

    Keys to Organizational Influence and Impact

    The Next Generation Security Leader

    Highlights for Follow-Up

    3. Risk Assessment and Mitigation

    Introduction

    Assessing Viable Threats

    Vulnerability Assessment

    Board-Level Risk and Security Program Response Research

    A Risk Quantification Process

    A Risk Management-Based Concept of Operations

    Highlights for Follow-Up

    4. Strategic Security Planning

    Introduction

    Strategic Security Program Focus

    Eight Key Strategic Issues

    The Security Planning and Program Development Process

    Business Alignment and Demonstrating Security’s Value

    Highlights for Follow-Up

    5. Marketing the Security Program to the Business

    Introduction

    The Essentials

    A Marketing Strategy

    Brand Recognition

    The Mission Statement

    Policies and Business Practices

    Applying Standard Security Practices to Business Objectives

    Highlights for Follow-Up

    6. Organizational Models

    Introduction

    Baseline Elements

    Program Characteristics

    What Organizational Model Works Best in Your Company

    Alternative Organizational Models

    Consolidated Service Model

    Seriously Explore the Potential Advantages of a Security Committee

    Unified Risk Oversight

    Access Is the Fundamental Essential

    Highlights for Follow-Up

    7. Regulations, Guidelines, and Standards

    Introduction

    Typical Regulatory Elements

    How Many Security Regulations Apply to Your Company?

    The Legislation, Regulations, Voluntary Compliance, and Standards (LRVCS) Breakdown

    The Security Professional’s Role

    The Implications of Noncompliance

    Highlights for Follow-Up

    8. Information Security

    Introduction

    Critical Importance of Information Security

    Core Information Assurance Requirements

    Information Has Value

    Information Moves at Warp Speed

    Key Assessment: What Is the State of Control?

    Organizing the Information Security Program

    Information Security Infrastructure and Architecture

    Day-to-Day Operational Security

    Cyber Incident Response Planning

    Highlights for Follow-Up

    9. Physical Security and First Response

    Introduction

    Your Objective: An Integrated Solution

    Physical Security at a Glance

    Alignment with the Threat

    Security Operations

    The Quality of First Response

    All Space Is Not Created Equal

    Physical Security as a Force Multiplier

    Equipment Removal and Value of Risk Assessments

    Security Riding on the Corporate Network

    A Note on Convergence

    Highlights for Follow-Up

    10. Security Training and Education

    Introduction

    Objectives of Security-Related Training and Education

    Training Options

    In-House Training

    Certificate Programs

    Academic Programs

    Development Plan

    Contractors and Vendors

    Training Business Units in Security-Related Responsibilities

    Tracking Training Administration

    Highlights for Follow-Up

    11. Communication and Awareness Programs

    Introduction

    Strategies

    Tactics

    Security Awareness Approaches

    Tailoring the Message

    Highlights for Follow-Up

    12. Safe and Secure Workplaces

    Introduction

    Predictability of Risk

    The Policy Framework

    Workplace Violence Policy

    Protecting Key Executives and Key Individuals

    Highlights for Follow-Up

    13. Business Conduct

    Introduction

    Know Your Adversary

    Corporate Hygiene

    Learning from Business Conduct Cases

    High-Level Policy or Guideline Statement

    Checklist for Conduct of Internal Misconduct Investigations

    Highlights for Follow-Up

    14. Business Resiliency

    Introduction

    Your Focus

    High-Level Policy or Guideline Statement

    Track Business Continuity Readiness

    NFPA Standard 1600

    National Response Framework

    Regulatory Requirements

    Highlights for Follow-Up

    15. Securing Your Supply Chain

    Introduction

    An Example of the Elements of Supply Chain Risk Oversight: Customs Trade Partnership Against Terrorism, Shipment Guard (C-TPAT) Security Criteria for Importers

    A Focus on Supply Chain Security Has Multiple Benefits

    Highlights for Follow-Up

    16. Security Measures and Metrics

    Introduction

    What Are Measures and What Are Metrics?

    What Are the Key Objectives for Our Metrics?

    Why Measure? What Are the Benefits of Measures and Metrics?

    Roles and Responsibilities

    It’s about Communication and Risk Management

    Where Do I Find the Data for My Measures and Metrics?

    Business Alignment—Demonstrating Value to Management

    Pitfalls to Avoid

    Five Metrics You Might Consider

    Conclusion

    Highlights for Follow-Up

    17. Continuous Learning: Addressing Risk with After-Action Reviews

    Introduction

    After-Action Review (AAR) and Incident Post-Mortem

    Know Your Audience

    Outline for the Incident Post-Mortem Management Plan and Briefing

    Highlight for Follow-Up

    Appendix A. Risk Review Elements

    Business Risk Environment

    Policy Framework

    Threats

    Location Risk

    General Data

    Business Continuity Incidents

    Internal Risk

    Information Security

    Hazardous/Dangerous Material Issues

    Base Building Risks

    Owned Properties

    Contractors

    Background Investigation

    Data Management

    Business Continuity Planning

    Emergency and Crisis Management

    Security Awareness

    Appendix B. Security Devices, Equipment, and Installation Labor Costs

    Appendix C. Request for Proposals for Contract Security Services at [Specific Company Location(s)]

    Introduction

    Instructions to Bidders

    Proposal Contents

    Selection Criteria

    General Conditions of the RFP

    RFP Timeline

    Appendix D. Workplace Violence Incident Response Guideline

    Introduction

    Workplace Violence Prevention Program Template

    Some Critical Elements to Consider In Determining Dangerousness

    Appendix E. Code of Business Conduct and Ethics Template

    Company Assets

    Compliance with Laws and Regulations

    Confidential Information

    Conflict of Interest

    Dealing with Public Officials

    Environmental Protection

    Equal Employment Opportunity

    Financial Records

    Gifts, Gratuities, Favors: Giving and Receiving

    Insider Trading

    Intellectual Property Rights

    Political Contributions

    Workplace Safety

    Reporting Violations and Policy Enforcement

    Certification

    Appendix F. Corporate Incident Reporting and Response Plan

    Planning Philosophy

    Corporate Emergency Plan

    Corporate Emergency Response Team

    Appendix G. Considering the Essentials: Questions for People and Program Development

    Focus

    A Suggested Approach

    About the Contributing Editor

    About Elsevier’s Security Executive Council Risk Management Portfolio

    Index

Product details

  • No. of pages: 296
  • Language: English
  • Copyright: © Elsevier 2014
  • Published: March 7, 2014
  • Imprint: Elsevier
  • eBook ISBN: 9780128002001
  • Paperback ISBN: 9780128000625

About the Editor

George Campbell

George Campbell
George Campbell served until 2002 as the chief security officer (CSO) at Fidelity Investments, the largest mutual fund company in the United States, with more than $2 trillion in customer assets and 32,500 employees. Under Campbell’s leadership, the global corporate security organization delivered a wide range of proprietary services including information security, disaster recovery planning and crisis management, criminal investigations, fraud prevention, property and executive protection, and proprietary security system design, engineering, and installation. Since leaving Fidelity, Campbell has served as a content expert for the Security Executive Council, of which he is a founding Emeritus Faculty member.

Prior to working at Fidelity Investments, Campbell owned a security and consulting firm, which specialized in risk assessment and security program management. He has also been group vice president at a system engineering firm that supported government security programs at high-threat sites around the world. Early on in his career, Campbell worked in the criminal justice system, and served in various line and senior management positions within federal, state, and local government agencies.

Campbell received his bachelor’s degree in police administration from American University in Washington, D.C. He served on the board of directors of the International Security Management Association (ISMA), and as ISMA’s president in 2003. Campbell is also a long-time member of ASIS International. He is a former member of the National Council on Crime Prevention, the High Technology Crime Investigation Association, and the Association of Certified Fraud Examiners, and is an alumnus of the U.S. State Department’s Overseas Security Advisory Council.

Affiliations and Expertise

Emeritus faculty, Security Executive Council; former chief security officer (CSO), Fidelity Investments

Ratings and Reviews

Write a review

Latest reviews

(Total rating for all reviews)

  • WillaimCrews Sun Jun 24 2018

    The Manager's Handbook for Business Security

    A very good guide for the new security manager or experienced one. Provides great level of detail to ensure your security program is operating to its best ability.