A Practical Introduction to Security and Risk Management
eBook - ePub

A Practical Introduction to Security and Risk Management

  1. 408 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

A Practical Introduction to Security and Risk Management

About this book

This is the first book to introduce the full spectrum of security and risks and their management. Author and field expert Bruce Newsome helps readers learn how to understand, analyze, assess, control, and generally manage security and risks from the personal to the operational. They will develop the practical knowledge and skills they need, including analytical skills, basic mathematical methods for calculating risk in different ways, and more artistic skills in making judgments and decisions about which risks to control and how to control them.

Organized into 16 brief chapters, the book shows readers how to: analyze security and risk; identify the sources of risk (including hazards, threats, and contributors); analyze exposure and vulnerability; assess uncertainty and probability; develop an organization's culture, structure, and processes congruent with better security and risk management; choose different strategies for managing risks; communicate and review; and manage security in the key domains of operations, logistics, physical sites, information, communications, cyberspace, transport, and personal levels.

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access A Practical Introduction to Security and Risk Management by Bruce Newsome in PDF and/or ePUB format, as well as other popular books in Politics & International Relations & National Security. We have over one million books available in our catalogue for you to explore.
PART
I
Analyzing and Assessing Security and Risks
The chapters in this part of the book will help you understand, analyze, and assess security and capacity (Chapter 2); risk (Chapter 3); hazards, threats (the sources of negative risks), and contributors (the sources of positive risks) (Chapter 4); target vulnerability and exposure (Chapter 5); probability and uncertainty (Chapter 6); and events and returns (Chapter 7).
In the process, readers will learn how different advocates and authorities contest the definitions, analysis, and assessments, how different activities, operations, and missions face imperfect trade-offs that are exacerbated by poor analysis and assessment, and how some simple rules and practical techniques dramatically improve understanding and functionality.
C H A P T E R
1
Introduction: Why Security and Risk Management Matters
What is this book about?
In this book, readers will learn how to understand, analyze, assess, control, and generally manage security and risks from the personal to the operational.
Security, as described in Chapter 2, is, essentially, freedom from negative risks. Risks, as described in Chapter 3, are the potential returns (consequences, effects, etc.) of an event. Risks are inherently uncertain, and many people are uncomfortable with uncertainty, but security and risk management is a practical skill set that anyone can access. Readers of this book do not need to learn theory or many facts but will be introduced to the processes by which security and risks can be managed and to the contexts of many real risks. Readers will be left informed enough to start managing security and risks for themselves or to further investigate the subject.
We all should care about better security and risk management because, if done well, we would live in a more secure and less risky world. Awareness of risk is entirely healthy, because everything we do is literally risky; by simply interacting socially or undertaking any enterprise, “everyone willingly takes risks” (Adams, 1995, p. 16).
Unfortunately, not all security and risk management is conscious or sensible. People tend to obsess about certain risks and ignore others or manage risks in distorted ways that discredit the whole practice of management. Unfortunately, in the past, security management and risk management were routinely separated, with all sorts of disciplinary and professional incompatibilities, but security and risk management are complementary and properly tackled together.
Public expectations for security continue to grow, but sensitivity to certain risks and dissatisfaction with their management also continue to grow. In the last two decades or so, official and private authorities—international institutions, governments, trade associations, general managers, employers, contractors, and employees—have formally required better management and specified how it should be delivered, stimulating more disputes about proper definitions and practices.
This book provides a new practical guide to the proper synthesis of security and risk management.
Private Requirements for Security and Risk Management
Outside of government, private citizens and managers of commercial activities want or are expected to take more responsibility for their own security. For instance, public authorities urge private citizens to prepare for emergencies at home, to consult official advisories before they travel, and to rely less on public protections. Commercial organizations reserve more internal resources or acquire their own protections after finding public protections or private insurers less reliable. Managers of projects, operations, information, acquisitions, and human resources now routinely include security or risk management within their responsibilities. According to Gary Heerkens, “Risk and uncertainty are unavoidable in project life and it’s dangerous to ignore or deny their impact . . . Risk management is not just a process—it’s a mindset” (2002, pp. 142, 151).
Public Attention to Risk
Security is a primary responsibility of government, which acquires militaries, police forces, coast guards, border protections, health authorities, and various regulators to ensure the security of their territory and citizens. By the 1970s, public authorities managed security and risks mostly in the sense that they managed public safety and controlled crime. For instance, in 1974 the British legislated in favor of a Health and Safety Executive, passed new legislation protecting employees, and increased public entitlements. However, these actions failed to control other risks, such as terrorism, and encouraged inflated views of some risks, such as workplace risks (which have declined), while neglecting other risks, such as sexual risks (which have increased). Even where risks have not increased in any real sense, societies have developed into risk societies that show increased sensitivity to risk in general, though they neglect or activate certain hazards, such as environmental hazards, due to misplaced attention to some risks over others (Beck, 1995; Beck, Ritter, & Lash, 1992; Wisner, Blaikie, Cannon, & Davis, 2004, pp. 16–18).
Requirements for Better Management
The increased salience of both security and risk is indicated by the shift in United Nations (UN) operational management from an official objective of safety and security to security risk management (since 2005), followed by the Humanitarian Practice Network’s similar objective (2010). A publicly accessible online tool (http://books.google.com/ngrams) suggests that use in books of the terms risk, security risk, international risk, and global risk grew over the last three decades by several orders of magnitude each and peaked around 2006 (the data runs out in 2008).
Increased attention to security and risk does not always produce better management of security and risk. The requirement for wider security management is often met by narrower sets of skills. Requirers could outsource to specialist security or risk management contractors, but some of these providers have betrayed their clients with superficial skills and even ethical or legal violations. For instance, in February 2013, the U.S. Government unveiled a civil lawsuit, following similar suits by several states and the District of Columbia, alleging that a risk rating agency had defrauded investors by supplying ratings of the risks of financial products that were not as independent as the agency had claimed.
Organizations usually lack a manager trained to manage risks across all domains and levels, although general managers may have some training. Organizations often assign corporate responsibilities for risk management to their finance, information, or project managers, who should offer some generalizable skills in security management or risk management, although each domain has peculiar risks and a particular approach. Financial risk management and project risk management are not perfectly transferable and have suffered crises of credibility since the latest global financial crash (2007–2008).
Project risk management is tainted by repeated official and corporate failures to manage the largest acquisition projects. Information managers also often lead corporate risk management, but national governments continue to complain about growing information insecurity. Meanwhile, many corporations are in the habit of hiring former law enforcement or intelligence officials as security or risk managers, but their particular skills usually do not extend to generalizable skills in security and risk management.
Criminologists generally “maintain that security is a subject that has yet to be adequately covered by any specific discipline or in a satisfactory interdisciplinary fashion” (Van Brunschott & Kennedy, 2008, p. 18). Even in practices and professions of relevance (such as policing), security and risk management is not necessarily a focus, as noted in the following:
The wide array of risk-related concepts shows how deeply embedded these ideas are in our thinking about crime. Yet, relatively little effort has been made to sort out the different meanings of risk and their importance for analyzing criminal events . . . It is also the case, as we will demonstrate, that criminologists have spoken about and understand risk as an element of crime. Interestingly enough, in their discussions of risk, these analysts have tended to treat risk lightly, rarely incorporating it explicitly into their studies of motivation, opportunity, or prevention (although, of course, a large part of the field is attuned to the ideas of risky lifestyles and rational choices based on risk). (Kennedy & Van Brunschot, 2009, pp. 10, 12)
Official Standardization
Some of the dissatisfaction with security and risk management has prompted more standardization, in the hope that the many competing and loosely defined ways in which people manage security and risk can be replaced by the best ways. Standardization is the process of defining standards for behavior and understanding. Standards describe how concepts should be understood and how activities should be performed. Standardization certainly helps interoperability and accountability and may replace inferior practices with superior practices.
Over the last few decades, more international authorities, national authorities, trade associations, and private corporations have developed standard practices for managing risk and security and for describing their management of security and risk to each other. From the late 1980s, after comparisons with the apparently superior performance of the private sector in delivering services or acquiring items as planned, democratic governments started to escalate the importance of risk management and standardized how their agents should manage risks, initially mostly in the context of the acquisition of capabilities. For instance, in 1989 the U.S. Defense Systems Management College issued guidance on risk management. In 1992, the British Ministry of Defense (MOD) started to issue risk guidelines. In both cases, the emphasis was on defense acquisitions.
In 1995, the Australian and New Zealand Governments issued their first binational risk management standard, which was adopted by or influenced many other governments, including the British, Canadian, and U.S. Governments. However, the latter three governments continue to negotiate between international standards and departmental standar...

Table of contents

  1. Cover Page
  2. Halftitle
  3. Title
  4. Copyright
  5. Brief Contents
  6. Detailed Contents
  7. About the authors
  8. Part I: Analyzing and Assessing Security and Risks
  9. Part II: Managing Security and Risk
  10. Part III: Managing Security in Different Domains
  11. References
  12. Index
  13. Advertisement