eBook - ePub
Security Risk Management Body of Knowledge
Julian Talbot, Miles Jakeman
This is a test
- English
- ePUB (apto para móviles)
- Disponible en iOS y Android
eBook - ePub
Security Risk Management Body of Knowledge
Julian Talbot, Miles Jakeman
Detalles del libro
Vista previa del libro
Índice
Citas
Información del libro
A framework for formalizing risk management thinking in today¿s complex business environment
Security Risk Management Body of Knowledge details the security risk management process in a format that can easily be applied by executive managers and security risk management practitioners. Integrating knowledge, competencies, methodologies, and applications, it demonstrates how to document and incorporate best-practice concepts from a range of complementary disciplines.
Developed to align with International Standards for Risk Management such as ISO 31000 it enables professionals to apply security risk management (SRM) principles to specific areas of practice. Guidelines are provided for: Access Management; Business Continuity and Resilience; Command, Control, and Communications; Consequence Management and Business Continuity Management; Counter-Terrorism; Crime Prevention through Environmental Design; Crisis Management; Environmental Security; Events and Mass Gatherings; Executive Protection; Explosives and Bomb Threats; Home-Based Work; Human Rights and Security; Implementing Security Risk Management; Intellectual Property Protection; Intelligence Approach to SRM; Investigations and Root Cause Analysis; Maritime Security and Piracy; Mass Transport Security; Organizational Structure; Pandemics; Personal Protective Practices; Psych-ology of Security; Red Teaming and Scenario Modeling; Resilience and Critical Infrastructure Protection; Asset-, Function-, Project-, and Enterprise-Based Security Risk Assessment; Security Specifications and Postures; Security Training; Supply Chain Security; Transnational Security; and Travel Security.
Preguntas frecuentes
¿Cómo cancelo mi suscripción?
¿Cómo descargo los libros?
Por el momento, todos nuestros libros ePub adaptables a dispositivos móviles se pueden descargar a través de la aplicación. La mayor parte de nuestros PDF también se puede descargar y ya estamos trabajando para que el resto también sea descargable. Obtén más información aquí.
¿En qué se diferencian los planes de precios?
Ambos planes te permiten acceder por completo a la biblioteca y a todas las funciones de Perlego. Las únicas diferencias son el precio y el período de suscripción: con el plan anual ahorrarás en torno a un 30 % en comparación con 12 meses de un plan mensual.
¿Qué es Perlego?
Somos un servicio de suscripción de libros de texto en línea que te permite acceder a toda una biblioteca en línea por menos de lo que cuesta un libro al mes. Con más de un millón de libros sobre más de 1000 categorías, ¡tenemos todo lo que necesitas! Obtén más información aquí.
¿Perlego ofrece la función de texto a voz?
Busca el símbolo de lectura en voz alta en tu próximo libro para ver si puedes escucharlo. La herramienta de lectura en voz alta lee el texto en voz alta por ti, resaltando el texto a medida que se lee. Puedes pausarla, acelerarla y ralentizarla. Obtén más información aquí.
¿Es Security Risk Management Body of Knowledge un PDF/ePUB en línea?
Sí, puedes acceder a Security Risk Management Body of Knowledge de Julian Talbot, Miles Jakeman en formato PDF o ePUB, así como a otros libros populares de Betriebswirtschaft y Versicherung. Tenemos más de un millón de libros disponibles en nuestro catálogo para que explores.
Información
1
Introduction and Overview
1.1 WHY SRMBOK?
We live in a world of uncertainty; the world is changing at an ever accelerating pace. Life, society, economics, weather patterns, international relations, and risks are becoming more and more complex. The nature of work, travel, recreation, and communication is radically altering. We live in a world where, seemingly with each passing year, the past is less and less a guide to the future.
Security is involved in one way or another in virtually every decision we make and every activity we undertake. The contributions that Security Risk Management (SRM) make to society, personal safety, and national stability are easy to underestimate but hard to overlook. We have been concerned about safety, security, and protection since the dawn of our species and yet will still struggle to consistently define or reliably manage our security risks.
This is to a large extent understandable-although the fundamentals remain consistent, advances in security and related disciplines continue unabated. The global environment has never been more volatile, and societal expectations for security are increasing if anything.
The complexities of globalization, public expectation, regulatory requirements, transnational issues, multijurisdictional risks, crime, terrorism, advances in information technology, cyber attacks, and pandemics have created a security risk environment that has never been more challenging.
Despite the continuing development of security as a discipline, no single framework pulls together all the excellent but disparate work that practitioners and researchers are continually developing. Overall, there is little dispute that risk is a factor that must be considered by decision makers when deciding what, if anything, should be done about a risk that falls within their responsibility. Security is one such area where there has been less than total agreement as to what this means in practical terms.
The body of knowledge (BOK) surrounding Security Risk Management continues to evolve, but even the most dynamic of fields needs a point of common agreement, or at least agreed debate. It is unreasonable to expect SRMBOK to be all things to all people, but we the society, and the profession, need a place to collectively discuss and shape our thinking surrounding core concepts in SRM.
Much of the existing body of knowledge on risk management was developed for issues that do not possess the same degree of complexity, uncertainty, and ambiguity as those associated with modern security-related decision making. For example, managing financial or operational risk can be quantified more easily than some of the abstract concepts that security practitioners must manage. These areas offer us insights into the tools and techniques that have been pioneered in other disciplines. Areas such as safety management systems, financial formulas, project methodologies, engineering science, hazard identification, and human factors analysis, to name just a few, also have much to offer security practitioners.
1.1.1 Key Challenges
The abundance of valuable but disparate material from Security Risk Management and other disciplines presents a significant challenge for developing a common framework to assess and consider risk when making security and related policy decisions. In addition to risk assessment methodological questions, other questions plague organizational risk deliberations. Among them are the following:
- Who is responsible for the risk assessment?
- Who is responsible for managing risk?
- How should alternative courses of action be developed, and how should they be evaluated?
- How does one perform cost/benefit analysis on an abstract problem where potential consequences are astronomical but probability is unknown and may be close to zero?
- How should terrorist and criminal adaptive responses to security measures be taken into account as potential security measures are being considered?
Security professionals everywhere are making some progress in answering these questions, and more significantly, the profession is developing a more mature understanding of the complexities involved. Increasingly, academic and practical research is also refining our understanding of the issues and giving us a basis for more risk-informed decision making.
Much of the past practices in security have revolved around the three Gs (guns, guards, gates), national security, intelligence and defense, firewalls, and cryptography. As important as these are, moving from a focus on threat mitigation to benefit realization is a growing imperative for many security professionals and for most organizations.
1.2 WHERE DO WE GO FROM HERE?
“The empires of the future are the empires of the mind.”
SIR WINSTON CHURCHILL
We are facing an increasingly complex and interdependent future in which information and intangible assets are likely to become increasingly valuable, and tangible assets are likely to diminish in value by comparison.
Risk-management activities in the 21st century are likely to continue to move away from the early focus on compliance and loss minimization toward opportunity realization. Although Security Risk Management will continue to require sound management of threats and minimization of losses, already we are starting to see threat mitigation as just part of standard management practice, rather than a standalone discipline.
The organizations and societies of today are seeking a greater understanding of the true nature of risks. This is not an altruistic or inherent desire for risk management per se, but it is an endeavor to better exploit opportunities and minimize harm.1 As illustrated in Figure 1.1, organizations typically start out as risk controllers with a focus on compliance and loss minimization. Over time, they realize that quality SRM adds value to operational performance, and if integrated across the enterprise, SRM can become a significant contributor to both organizationa...