The Manager's Handbook for Business Security - 2nd Edition - ISBN: 9780128000625, 9780128002001

The Manager's Handbook for Business Security

2nd Edition

Editors: George Campbell
eBook ISBN: 9780128002001
Paperback ISBN: 9780128000625
Imprint: Elsevier
Published Date: 13th March 2014
Page Count: 296
Tax/VAT will be calculated at check-out
30% off
30% off
30% off
30% off
30% off
20% off
20% off
30% off
30% off
30% off
30% off
30% off
20% off
20% off
30% off
30% off
30% off
30% off
30% off
20% off
20% off
75.95
53.16
53.16
53.16
53.16
53.16
60.76
60.76
60.99
42.69
42.69
42.69
42.69
42.69
48.79
48.79
99.95
69.97
69.97
69.97
69.97
69.97
79.96
79.96
Unavailable
DRM-Free

Easy - Download and start reading immediately. There’s no activation process to access eBooks; all eBooks are fully searchable, and enabled for copying, pasting, and printing.

Flexible - Read on multiple operating systems and devices. Easily read eBooks on smart phones, computers, or any eBook readers, including Kindle.

Open - Buy once, receive and download all available eBook formats, including PDF, EPUB, and Mobi (for Kindle).

Institutional Access

Secure Checkout

Personal information is secured with SSL technology.

Free Shipping

Free global shipping
No minimum order.

Description

The Manager’s Handbook for Business Security is designed for new or current security managers who want build or enhance their business security programs. This book is not an exhaustive textbook on the fundamentals of security; rather, it is a series of short, focused subjects that inspire the reader to lead and develop more effective security programs.

Chapters are organized by topic so readers can easily—and quickly—find the information they need in concise, actionable, and practical terms. This book challenges readers to critically evaluate their programs and better engage their business leaders. It covers everything from risk assessment and mitigation to strategic security planning, information security, physical security and first response, business conduct, business resiliency, security measures and metrics, and much more.

The Manager’s Handbook for Business Security is a part of Elsevier’s Security Executive Council Risk Management Portfolio, a collection of real world solutions and "how-to" guidelines that equip executives, practitioners, and educators with proven information for successful security and risk management programs.

Key Features

  • Chapters are organized by short, focused topics for easy reference
  • Provides actionable ideas that experienced security executives and practitioners have shown will add value to the business and make the manager a more effective leader
  • Takes a strategic approach to managing the security program, including marketing the program to senior business leadership and aligning security with business objectives

Readership

New security managers, current security managers who are in transition from public to private or one corporate profile to another, and business executives with an interest in or responsibility for corporate security

Table of Contents

Acknowledgments

Introduction

Our Vision for the Value of This Publication

1. Understanding the Business of Security

Introduction

The Security Program Review

Build the Business Case for Crafting a Measurably Effective Security Program

Highlights for Follow-Up

2. Security Leadership: Establishing Yourself and Moving the Program Forward

Introduction

Leadership Competencies

Keys to Organizational Influence and Impact

The Next Generation Security Leader

Highlights for Follow-Up

3. Risk Assessment and Mitigation

Introduction

Assessing Viable Threats

Vulnerability Assessment

Board-Level Risk and Security Program Response Research

A Risk Quantification Process

A Risk Management-Based Concept of Operations

Highlights for Follow-Up

4. Strategic Security Planning

Introduction

Strategic Security Program Focus

Eight Key Strategic Issues

The Security Planning and Program Development Process

Business Alignment and Demonstrating Security’s Value

Highlights for Follow-Up

5. Marketing the Security Program to the Business

Introduction

The Essentials

A Marketing Strategy

Brand Recognition

The Mission Statement

Policies and Business Practices

Applying Standard Security Practices to Business Objectives

Highlights for Follow-Up

6. Organizational Models

Introduction

Baseline Elements

Program Characteristics

What Organizational Model Works Best in Your Company

Alternative Organizational Models

Consolidated Service Model

Seriously Explore the Potential Advantages of a Security Committee

Unified Risk Oversight

Access Is the Fundamental Essential

Highlights for Follow-Up

7. Regulations, Guidelines, and Standards

Introduction

Typical Regulatory Elements

How Many Security Regulations Apply to Your Company?

The Legislation, Regulations, Voluntary Compliance, and Standards (LRVCS) Breakdown

The Security Professional’s Role

The Implications of Noncompliance

Highlights for Follow-Up

8. Information Security

Introduction

Critical Importance of Information Security

Core Information Assurance Requirements

Information Has Value

Information Moves at Warp Speed

Key Assessment: What Is the State of Control?

Organizing the Information Security Program

Information Security Infrastructure and Architecture

Day-to-Day Operational Security

Cyber Incident Response Planning

Highlights for Follow-Up

9. Physical Security and First Response

Introduction

Your Objective: An Integrated Solution

Physical Security at a Glance

Alignment with the Threat

Security Operations

The Quality of First Response

All Space Is Not Created Equal

Physical Security as a Force Multiplier

Equipment Removal and Value of Risk Assessments

Security Riding on the Corporate Network

A Note on Convergence

Highlights for Follow-Up

10. Security Training and Education

Introduction

Objectives of Security-Related Training and Education

Training Options

In-House Training

Certificate Programs

Academic Programs

Development Plan

Contractors and Vendors

Training Business Units in Security-Related Responsibilities

Tracking Training Administration

Highlights for Follow-Up

11. Communication and Awareness Programs

Introduction

Strategies

Tactics

Security Awareness Approaches

Tailoring the Message

Highlights for Follow-Up

12. Safe and Secure Workplaces

Introduction

Predictability of Risk

The Policy Framework

Workplace Violence Policy

Protecting Key Executives and Key Individuals

Highlights for Follow-Up

13. Business Conduct

Introduction

Know Your Adversary

Corporate Hygiene

Learning from Business Conduct Cases

High-Level Policy or Guideline Statement

Checklist for Conduct of Internal Misconduct Investigations

Highlights for Follow-Up

14. Business Resiliency

Introduction

Your Focus

High-Level Policy or Guideline Statement

Track Business Continuity Readiness

NFPA Standard 1600

National Response Framework

Regulatory Requirements

Highlights for Follow-Up

15. Securing Your Supply Chain

Introduction

An Example of the Elements of Supply Chain Risk Oversight: Customs Trade Partnership Against Terrorism, Shipment Guard (C-TPAT) Security Criteria for Importers

A Focus on Supply Chain Security Has Multiple Benefits

Highlights for Follow-Up

16. Security Measures and Metrics

Introduction

What Are Measures and What Are Metrics?

What Are the Key Objectives for Our Metrics?

Why Measure? What Are the Benefits of Measures and Metrics?

Roles and Responsibilities

It’s about Communication and Risk Management

Where Do I Find the Data for My Measures and Metrics?

Business Alignment—Demonstrating Value to Management

Pitfalls to Avoid

Five Metrics You Might Consider

Conclusion

Highlights for Follow-Up

17. Continuous Learning: Addressing Risk with After-Action Reviews

Introduction

After-Action Review (AAR) and Incident Post-Mortem

Know Your Audience

Outline for the Incident Post-Mortem Management Plan and Briefing

Highlight for Follow-Up

Appendix A. Risk Review Elements

Business Risk Environment

Policy Framework

Threats

Location Risk

General Data

Business Continuity Incidents

Internal Risk

Information Security

Hazardous/Dangerous Material Issues

Base Building Risks

Owned Properties

Contractors

Background Investigation

Data Management

Business Continuity Planning

Emergency and Crisis Management

Security Awareness

Appendix B. Security Devices, Equipment, and Installation Labor Costs

Appendix C. Request for Proposals for Contract Security Services at [Specific Company Location(s)]

Introduction

Instructions to Bidders

Proposal Contents

Selection Criteria

General Conditions of the RFP

RFP Timeline

Appendix D. Workplace Violence Incident Response Guideline

Introduction

Workplace Violence Prevention Program Template

Some Critical Elements to Consider In Determining Dangerousness

Appendix E. Code of Business Conduct and Ethics Template

Company Assets

Compliance with Laws and Regulations

Confidential Information

Conflict of Interest

Dealing with Public Officials

Environmental Protection

Equal Employment Opportunity

Financial Records

Gifts, Gratuities, Favors: Giving and Receiving

Insider Trading

Intellectual Property Rights

Political Contributions

Workplace Safety

Reporting Violations and Policy Enforcement

Certification

Appendix F. Corporate Incident Reporting and Response Plan

Planning Philosophy

Corporate Emergency Plan

Corporate Emergency Response Team

Appendix G. Considering the Essentials: Questions for People and Program Development

Focus

A Suggested Approach

About the Contributing Editor

About Elsevier’s Security Executive Council Risk Management Portfolio

Index

Details

No. of pages:
296
Language:
English
Copyright:
© Elsevier 2014
Published:
Imprint:
Elsevier
eBook ISBN:
9780128002001
Paperback ISBN:
9780128000625

About the Editor

George Campbell

George Campbell served until 2002 as the chief security officer (CSO) at Fidelity Investments, the largest mutual fund company in the United States, with more than $2 trillion in customer assets and 32,500 employees. Under Campbell’s leadership, the global corporate security organization delivered a wide range of proprietary services including information security, disaster recovery planning and crisis management, criminal investigations, fraud prevention, property and executive protection, and proprietary security system design, engineering, and installation. Since leaving Fidelity, Campbell has served as a content expert for the Security Executive Council, of which he is a founding Emeritus Faculty member.

Prior to working at Fidelity Investments, Campbell owned a security and consulting firm, which specialized in risk assessment and security program management. He has also been group vice president at a system engineering firm that supported government security programs at high-threat sites around the world. Early on in his career, Campbell worked in the criminal justice system, and served in various line and senior management positions within federal, state, and local government agencies.

Campbell received his bachelor’s degree in police administration from American University in Washington, D.C. He served on the board of directors of the International Security Management Association (ISMA), and as ISMA’s president in 2003. Campbell is also a long-time member of ASIS International. He is a former member of the National Council on Crime Prevention, the High Technology Crime Investigation Association, and the Association of Certified Fraud Examiners, and is an alumnus of the U.S. State Department’s Overseas Security Advisory Council.

Affiliations and Expertise

Emeritus faculty, Security Executive Council; former chief security officer (CSO), Fidelity Investments

Reviews

"If you want one book to help you go into a new place and shake up the security in a businesslike way, The Manager’s Handbook for Business Security is your go-to book...Highly, highly recommended for the reader who aspires to be a chief security officer, or is in corporate security already and wants to brush up."--Professional Security Magazine Online, July 18,2014