HOME

TheInfoList



Click Here for Items Related To - Security Management Studies
OR:
Security Management Studies on:   [Wikipedia]   [Google]   [Amazon]

Security management is the identification of an organization's
asset In financial accounting, an asset is any resource owned or controlled by a business or an economic entity. It is anything (tangible or intangible) that can be used to produce positive economic value. Assets represent value of ownership that can b ...
s i.e. including people, buildings, machines, systems and information assets, followed by the development, documentation, and implementation of policies and procedures for protecting assets. An organization uses such security management procedures for information classification, threat assessment,
risk assessment Risk assessment is a process for identifying hazards, potential (future) events which may negatively impact on individuals, assets, and/or the environment because of those hazards, their likelihood and consequences, and actions which can mitigate ...
, and
risk analysis In simple terms, risk is the possibility of something bad happening. Risk involves uncertainty about the effects/implications of an activity with respect to something that humans value (such as health, well-being, wealth, property or the environ ...
to identify threats, categorize assets, and rate system vulnerabilities.


Loss prevention

Loss prevention focuses on what one's critical assets are and how they are going to protect them. A key component to
loss prevention Retail loss prevention (also known as retail asset protection) is a set of practices employed by retail companies to preserve profit. Loss prevention is mainly found within the retail sector but also can be found within other business environme ...
is assessing the potential threats to the successful achievement of the goal. This must include the potential opportunities that further the object (why take the risk unless there's an upside?) Balance probability and impact determine and implement measures to minimize or eliminate those threats. Security management includes the theories, concepts, ideas, methods, procedures, and practices that are used to manage and control organizational resources in order to accomplish security goals. Policies, procedures, administration, operations, training, awareness campaigns, financial management, contracting, resource allocation, and dealing with problems like security degradation are all included in this vast sector.


Security risk management

The management of
security risk In simple terms, risk is the possibility of something bad happening. Risk involves uncertainty about the effects/implications of an activity with respect to something that humans value (such as health, well-being, wealth, property or the environ ...
s applies the principles of risk management to the management of security threats. It consists of identifying threats (or risk causes), assessing the effectiveness of existing controls to face those threats, determining the risks' consequence(s), prioritizing the risks by rating the likelihood and impact, classifying the type of risk, and selecting an appropriate risk option or risk response. In 2016, a universal standard for managing risks was developed in The Netherlands. In 2017, it was updated and named: Universal Security Management Systems Standard 2017.


Types of risks


External

* Strategic: Competition and customer demand. * Operational: Regulations, suppliers, and contract. * Financial: FX and credit. * Hazard: Natural disasters, cyber, and external criminal acts. * Compliance: New regulatory or legal requirements are introduced, or existing ones are changed, exposing the organization to a non-compliance risk if measures are not taken to ensure compliance.


Internal

* Strategic: R&D. * Operational: Systems and processes (H&R, Payroll). * Financial: Liquidity and cash flow. * Hazard: Safety and security; employees and equipment. * Compliance: Concrete or potential changes in an organization's systems, processes, suppliers, etc. may create exposure to a legal or regulatory non-compliance. Risk options


Risk avoidance

The first choice to be considered is the possibility of eliminating the existence of criminal opportunity or avoiding the creation of such an opportunity. When additional considerations or factors are not created as a result of this action that would create a greater risk. For example, removing all the cash flow from a
retail Retail is the sale of goods and services to consumers, in contrast to wholesaling, which is the sale to business or institutional customers. A retailer purchases goods in large quantities from manufacturers, directly or through a wholes ...
outlet would eliminate the opportunity for stealing the money, but it would also eliminate the ability to conduct business.


Risk reduction

When avoiding or eliminating the criminal opportunity conflicts with the ability to conduct business, the next step is reducing the opportunity of potential loss to the lowest level consistent with the function of the business. In the example above, the application of risk reduction might result in the business keeping only enough cash on hand for one day's operation.


Risk spreading

Assets that remain exposed after the application of reduction and avoidance are the subjects of risk spreading. This is the concept that limits loss or potential losses by exposing the perpetrator to the probability of detection and apprehension prior to the consummation of the crime through the application of perimeter lighting, barred windows, and
intrusion detection system An intrusion detection system (IDS) is a device or software application that monitors a network or systems for malicious activity or policy violations. Any intrusion activity or violation is typically either reported to an administrator or collec ...
s. The idea is to reduce the time available for thieves to steal assets and escape without apprehension.


Risk transfer

The two primary methods of accomplishing risk transfer is to insure the assets or raise prices to cover the loss in the event of a criminal act. Generally speaking, when the first three steps have been properly applied, the cost of transferring risks is much lower.


Risk acceptance

All of the remaining risks must simply be assumed by the business as a part of doing business. Included with these accepted losses are deductibles, which have been made as part of the insurance coverage.


Security policy implementations


Intrusion detection

*
Alarm device An alarm device is a mechanism that gives an audible, visual, combination, or other kind of alarm signal to alert someone to a problem or condition that requires urgent attention. Etymology The word ''alarm'' comes from the Old French ''a l'a ...
.


Access control

* Locks, simple or sophisticated, such as
biometric authentication Biometrics are body measurements and calculations related to human characteristics and features. Biometric authentication (or realistic authentication) is used in computer science as a form of identification and access control. It is also used t ...
and
keycard lock A keycard lock is a lock operated by a keycard, a flat, rectangular plastic card. The card typically, but not always, has identical dimensions to that of a credit card, that is ID-1 format. The card stores a physical or digital pattern that ...
s.


Physical security

* Environmental elements (ex. Mountains, Trees, etc.). *
Barricade Barricade (from the French ''barrique'' - 'barrel') is any object or structure that creates a barrier or obstacle to control, block passage or force the flow of traffic in the desired direction. Adopted as a military term, a barricade denotes ...
. *
Security guard A security guard (also known as a security inspector, security officer, factory guard, or protective agent) is a person employed by a government or private party to protect the employing party's assets (property, people, equipment, money, etc.) ...
s (armed or unarmed) with wireless communication devices (e.g.,
two-way radio A two-way radio is a radio transceiver (a radio that can both transmit and receive radio waves), which is used for bidirectional person-to-person voice communication with other users with similar radios, in contrast to a broadcast receiver, whi ...
). *
Security lighting In the field of physical security, security lighting is lighting that intended to deter or detect intrusions or other criminal activity occurring on a property or site. It can also be used to increase a feeling of safety. Lighting is integral to cri ...
(spotlight, etc.). * Security Cameras. * Motion Detectors. * IBNS containers for cash in transit.


Procedures

* Coordination with
law enforcement agencies A law enforcement agency (LEA) is any government agency responsible for law enforcement within a specific jurisdiction through the employment and deployment of law enforcement officers and their resources. The most common type of law enforcement ...
. *
Fraud In law, fraud is intent (law), intentional deception to deprive a victim of a legal right or to gain from a victim unlawfully or unfairly. Fraud can violate Civil law (common law), civil law (e.g., a fraud victim may sue the fraud perpetrato ...
management. * Risk Management. * CPTED. * Risk Analysis. * Risk Mitigation. * Contingency Planning.


See also

*
Alarm management Alarm management is the application of human factors and ergonomics along with instrumentation engineering and systems thinking to manage the design of an alarm system to increase its usability. Most often the major usability problem is that ...
*
IT risk It or IT may refer to: * It (pronoun), in English * Information technology Arts and media Film and television * ''It'' (1927 film), a film starring Clara Bow * '' It! The Terror from Beyond Space'', a 1958 science fiction film * ''It!'' (1967 ...
*
IT risk management IT risk management is the application of risk management methods to information technology in order to manage IT risk. Various methodologies exist to manage IT risks, each involving specific processes and steps. An IT risk management system ...
* ITIL security management, an
information security management system Information security management (ISM) defines and manages controls that an organization needs to implement to ensure that it is sensibly protecting the confidentiality, availability, and integrity of assets from threats and vulnerabilities. The co ...
standard based on
ISO/IEC 27001 ISO/IEC 27001 is an information security standard. It specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS). Organizations with an ISMS that meet the st ...
*
Physical security Physical security describes security measures that are designed to deny unauthorized access to facilities, equipment, and resources and to protect personnel and property from damage or harm (such as espionage, theft, or terrorist attacks). Physi ...
*
Retail loss prevention Retail loss prevention (also known as retail asset protection) is a set of practices employed by retail companies to preserve Profit (accounting), profit. Loss prevention is mainly found within the retail sector but also can be found within oth ...
*
Security Security is protection from, or resilience against, potential harm (or other unwanted coercion). Beneficiaries (technically referents) of security may be persons and social groups, objects and institutions, ecosystems, or any other entity or ...
*
Security policy Security policy is a definition of what it means to ''be secure'' for a system, organization or other entity. For an organization, it addresses the constraints on behavior of its members as well as constraints imposed on adversaries by mechanisms ...
*
Gordon–Loeb model The Gordon–Loeb model is an economic model that analyzes the optimal level of investment in information security. The benefits of investing in cybersecurity stem from reducing the costs associated with cyber breaches. The Gordon-Loeb model pro ...
for cyber security investments


References


Further reading

* ''BBC NEWS , In Depth.'' BBC News - Home. Web. 18 Mar. 2011. . * Rattner, Daniel. "Loss Prevention & Risk Management Strategy." Security Management. Northeastern University, Boston. 5 Mar. 2010. Lecture. * Rattner, Daniel. "Risk Assessments." Security Management. Northeastern University, Boston. 15 Mar. 2010. Lecture. * Rattner, Daniel. "Internal & External Threats." Security Management. Northeastern University, Boston. 8 April. 2010. Lecture. * Asset Protection and Security Management Handbook, POA Publishing LLC, 2003, p. 358 * ISO 31000 Risk management — Principles and guidelines, 2009, p. 7 * Universal Security Management Systems Standard 2017 - Requirements and guidance for use, 2017, p. 50 * Security Management Training
TSCM Training
* {{Authority control Network management Computer security procedures