eBook - ePub
Security Risk Management Body of Knowledge
Julian Talbot, Miles Jakeman
This is a test
Buch teilen
- English
- ePUB (handyfreundlich)
- Über iOS und Android verfügbar
eBook - ePub
Security Risk Management Body of Knowledge
Julian Talbot, Miles Jakeman
Angaben zum Buch
Buchvorschau
Inhaltsverzeichnis
Quellenangaben
Über dieses Buch
A framework for formalizing risk management thinking in today¿s complex business environment
Security Risk Management Body of Knowledge details the security risk management process in a format that can easily be applied by executive managers and security risk management practitioners. Integrating knowledge, competencies, methodologies, and applications, it demonstrates how to document and incorporate best-practice concepts from a range of complementary disciplines.
Developed to align with International Standards for Risk Management such as ISO 31000 it enables professionals to apply security risk management (SRM) principles to specific areas of practice. Guidelines are provided for: Access Management; Business Continuity and Resilience; Command, Control, and Communications; Consequence Management and Business Continuity Management; Counter-Terrorism; Crime Prevention through Environmental Design; Crisis Management; Environmental Security; Events and Mass Gatherings; Executive Protection; Explosives and Bomb Threats; Home-Based Work; Human Rights and Security; Implementing Security Risk Management; Intellectual Property Protection; Intelligence Approach to SRM; Investigations and Root Cause Analysis; Maritime Security and Piracy; Mass Transport Security; Organizational Structure; Pandemics; Personal Protective Practices; Psych-ology of Security; Red Teaming and Scenario Modeling; Resilience and Critical Infrastructure Protection; Asset-, Function-, Project-, and Enterprise-Based Security Risk Assessment; Security Specifications and Postures; Security Training; Supply Chain Security; Transnational Security; and Travel Security.
Häufig gestellte Fragen
Wie kann ich mein Abo kündigen?
Gehe einfach zum Kontobereich in den Einstellungen und klicke auf „Abo kündigen“ – ganz einfach. Nachdem du gekündigt hast, bleibt deine Mitgliedschaft für den verbleibenden Abozeitraum, den du bereits bezahlt hast, aktiv. Mehr Informationen hier.
(Wie) Kann ich Bücher herunterladen?
Derzeit stehen all unsere auf Mobilgeräte reagierenden ePub-Bücher zum Download über die App zur Verfügung. Die meisten unserer PDFs stehen ebenfalls zum Download bereit; wir arbeiten daran, auch die übrigen PDFs zum Download anzubieten, bei denen dies aktuell noch nicht möglich ist. Weitere Informationen hier.
Welcher Unterschied besteht bei den Preisen zwischen den Aboplänen?
Mit beiden Aboplänen erhältst du vollen Zugang zur Bibliothek und allen Funktionen von Perlego. Die einzigen Unterschiede bestehen im Preis und dem Abozeitraum: Mit dem Jahresabo sparst du auf 12 Monate gerechnet im Vergleich zum Monatsabo rund 30 %.
Was ist Perlego?
Wir sind ein Online-Abodienst für Lehrbücher, bei dem du für weniger als den Preis eines einzelnen Buches pro Monat Zugang zu einer ganzen Online-Bibliothek erhältst. Mit über 1 Million Büchern zu über 1.000 verschiedenen Themen haben wir bestimmt alles, was du brauchst! Weitere Informationen hier.
Unterstützt Perlego Text-zu-Sprache?
Achte auf das Symbol zum Vorlesen in deinem nächsten Buch, um zu sehen, ob du es dir auch anhören kannst. Bei diesem Tool wird dir Text laut vorgelesen, wobei der Text beim Vorlesen auch grafisch hervorgehoben wird. Du kannst das Vorlesen jederzeit anhalten, beschleunigen und verlangsamen. Weitere Informationen hier.
Ist Security Risk Management Body of Knowledge als Online-PDF/ePub verfügbar?
Ja, du hast Zugang zu Security Risk Management Body of Knowledge von Julian Talbot, Miles Jakeman im PDF- und/oder ePub-Format sowie zu anderen beliebten Büchern aus Business & Insurance. Aus unserem Katalog stehen dir über 1 Million Bücher zur Verfügung.
1
Introduction and Overview
1.1 WHY SRMBOK?
We live in a world of uncertainty; the world is changing at an ever accelerating pace. Life, society, economics, weather patterns, international relations, and risks are becoming more and more complex. The nature of work, travel, recreation, and communication is radically altering. We live in a world where, seemingly with each passing year, the past is less and less a guide to the future.
Security is involved in one way or another in virtually every decision we make and every activity we undertake. The contributions that Security Risk Management (SRM) make to society, personal safety, and national stability are easy to underestimate but hard to overlook. We have been concerned about safety, security, and protection since the dawn of our species and yet will still struggle to consistently define or reliably manage our security risks.
This is to a large extent understandable-although the fundamentals remain consistent, advances in security and related disciplines continue unabated. The global environment has never been more volatile, and societal expectations for security are increasing if anything.
The complexities of globalization, public expectation, regulatory requirements, transnational issues, multijurisdictional risks, crime, terrorism, advances in information technology, cyber attacks, and pandemics have created a security risk environment that has never been more challenging.
Despite the continuing development of security as a discipline, no single framework pulls together all the excellent but disparate work that practitioners and researchers are continually developing. Overall, there is little dispute that risk is a factor that must be considered by decision makers when deciding what, if anything, should be done about a risk that falls within their responsibility. Security is one such area where there has been less than total agreement as to what this means in practical terms.
The body of knowledge (BOK) surrounding Security Risk Management continues to evolve, but even the most dynamic of fields needs a point of common agreement, or at least agreed debate. It is unreasonable to expect SRMBOK to be all things to all people, but we the society, and the profession, need a place to collectively discuss and shape our thinking surrounding core concepts in SRM.
Much of the existing body of knowledge on risk management was developed for issues that do not possess the same degree of complexity, uncertainty, and ambiguity as those associated with modern security-related decision making. For example, managing financial or operational risk can be quantified more easily than some of the abstract concepts that security practitioners must manage. These areas offer us insights into the tools and techniques that have been pioneered in other disciplines. Areas such as safety management systems, financial formulas, project methodologies, engineering science, hazard identification, and human factors analysis, to name just a few, also have much to offer security practitioners.
1.1.1 Key Challenges
The abundance of valuable but disparate material from Security Risk Management and other disciplines presents a significant challenge for developing a common framework to assess and consider risk when making security and related policy decisions. In addition to risk assessment methodological questions, other questions plague organizational risk deliberations. Among them are the following:
- Who is responsible for the risk assessment?
- Who is responsible for managing risk?
- How should alternative courses of action be developed, and how should they be evaluated?
- How does one perform cost/benefit analysis on an abstract problem where potential consequences are astronomical but probability is unknown and may be close to zero?
- How should terrorist and criminal adaptive responses to security measures be taken into account as potential security measures are being considered?
Security professionals everywhere are making some progress in answering these questions, and more significantly, the profession is developing a more mature understanding of the complexities involved. Increasingly, academic and practical research is also refining our understanding of the issues and giving us a basis for more risk-informed decision making.
Much of the past practices in security have revolved around the three Gs (guns, guards, gates), national security, intelligence and defense, firewalls, and cryptography. As important as these are, moving from a focus on threat mitigation to benefit realization is a growing imperative for many security professionals and for most organizations.
1.2 WHERE DO WE GO FROM HERE?
“The empires of the future are the empires of the mind.”
SIR WINSTON CHURCHILL
We are facing an increasingly complex and interdependent future in which information and intangible assets are likely to become increasingly valuable, and tangible assets are likely to diminish in value by comparison.
Risk-management activities in the 21st century are likely to continue to move away from the early focus on compliance and loss minimization toward opportunity realization. Although Security Risk Management will continue to require sound management of threats and minimization of losses, already we are starting to see threat mitigation as just part of standard management practice, rather than a standalone discipline.
The organizations and societies of today are seeking a greater understanding of the true nature of risks. This is not an altruistic or inherent desire for risk management per se, but it is an endeavor to better exploit opportunities and minimize harm.1 As illustrated in Figure 1.1, organizations typically start out as risk controllers with a focus on compliance and loss minimization. Over time, they realize that quality SRM adds value to operational performance, and if integrated across the enterprise, SRM can become a significant contributor to both organizationa...