Security management

For the magazine, see Security Management (magazine).

Business administration
Management of a business
Types of business Company Joint-stock company Limited liability company Privately held company Conglomerate State-owned enterprise
Business entity Cooperative Sole proprietorship Partnership Corporation
Corporate governance Annual general meeting Board of directors Supervisory board Advisory board
Corporate titles Chairman Chief executive officer (CEO) Chief financial officer (CFO) Chief information officer (CIO) Chief human resources officer (CHRO) Chief business officer (CBO) Chief technology officer (CTO)
Economy Commodity Public economics Labour economics Development economics International economics Mixed economy Planned economy Econometrics Environmental economics Open economy Market economy Knowledge economy Microeconomics Macroeconomics Economic development Economic statistics
Corporate law Commercial law Constitutional documents Contract Corporate crime Corporate liability Insolvency law International trade law Mergers and acquisitions
Finance Financial statement Insurance Factoring Cash conversion cycle Insider dealing Capital budgeting Commercial bank Derivative Financial statement analysis Financial risk Public finance Corporate finance Managerial finance International finance Liquidation Stock market Financial market Tax Financial institution Working capital Venture capital
Accounting Management accounting Financial accounting Financial audit
Trade Business analysis Business ethics Business plan Business judgment rule Consumer behaviour Business operations International business Business model International trade Business process Business statistics
Organization Architecture Behavior Communication Culture Conflict Development Engineering Hierarchy Patterns Space Structure
Society Marketing Marketing research Public relations
Types of management Asset Brand Business intelligence Capacity Change innovation Commercial marketing Communications Configuration Conflict Content Customer relationship Distributed Earned value Electronic business Enterprise resource planning management information system Financial Human resource development Incident Integrated Knowledge Materials Network Office Operations Performance Power Problem Process Product life-cycle Product Project Quality Records Resource Risk crisis Sales Security Service Strategic Supply chain Systems administrator Talent Technology
Business and economics portal

Security management is the identification of an organization's assets (including information assets), followed by the development, documentation, and implementation of policies and procedures for protecting these assets.

An organisation uses such security management procedures as information classification, risk assessment, and risk analysis to identify threats, categorise assets, and rate system vulnerabilities so that they can implement effective controls.^[1]

Loss prevention

Main article: Loss prevention

Loss prevention focuses on what your critical assets are and how you are going to protect them. A key component to loss prevention is assessing the potential threats to the successful achievement of the goal. This must include the potential opportunities that further the object (why take the risk unless there's an upside?) Balance probability and impact determine and implement measures to minimize or eliminate those threats.

Security risk management

Management of security risks applies the principles of risk management to the management of security threats. It consists of identifying threats (or risk causes), assessing the effectiveness of existing controls to face those threats, determining the risks' consequence(s), prioritizing the risks by rating the likelihood and impact, classifying the type of risk and selecting an appropriate risk option or risk response.

Types of security threats

External

Strategic: like competition and customer demand...
Operational: Regulation, suppliers, contract
Financial: FX, credit
Hazard: Natural disaster, cyber, external criminal act
Compliance: new regulatory or legal requirements are introduced, or existing ones are changed, exposing the organisation to a non-compliance risk if measures are not taken to ensure compliance

Internal

Strategic: R&D
Operational: Systems and process (H&R, Payroll)
Financial: Liquidity, cash flow
Hazard: Safety and security; employees and equipment
Compliance: Actual or potential changes in the organisation's systems, processes, suppliers, etc. may create exposure to a legal or regulatory non-compliance.

Risk options

Risk avoidance

The first choice to be considered. The possibility of eliminating the existence of criminal opportunity or avoiding the creation of such an opportunity is always the best solution, when additional considerations or factors are not created as a result of this action that would create a greater risk. As an example, removing all the cash from a retail outlet would eliminate the opportunity for stealing the cash–but it would also eliminate the ability to conduct business.

Risk reduction

When avoiding or eliminating the criminal opportunity conflicts with the ability to conduct business, the next step is the reduction of the opportunity and potential loss to the lowest level consistent with the function of the business. In the example above, the application of risk reduction might result in the business keeping only enough cash on hand for one day’s operation.

Risk spreading

Assets that remain exposed after the application of reduction and avoidance are the subjects of risk spreading. This is the concept that limits loss or potential losses by exposing the perpetrator to the probability of detection and apprehension prior to the consummation of the crime through the application of perimeter lighting, barred windows and intrusion detection systems. The idea here is to reduce the time available to steal assets and escape without apprehension

Risk transfer

Transferring risks to other alternatives when those risks have not been reduced to acceptable levels. The two primary methods of accomplishing risk transfer are to insure the assets or raise prices to cover the loss in the event of a criminal act. Generally speaking, when the first three steps have been properly applied, the cost of transferring risks is much lower.

Risk acceptance

All remaining risks must simply be assumed by the business as a risk of doing business. Included with these accepted losses are deductibles which have been made as part of the insurance coverage.

Security policy implementations

Intrusion detection

Alarm device

illish ase?

Access control

Locks, simple or sophisticated, such as biometric authentication and keycard locks

Physical security

Environmental elements (ex. Mountains, Trees, etc.)
Barricade
Security guards (armed or unarmed) with wireless communication devices (e.g., two-way radio)
Security lighting (spotlight, etc.)
Security Cameras
Motion Detectors

Procedures

Coordination with law enforcement agencies
Fraud management
Risk Management
CPTED
Risk Analysis
Risk Mitigation
Contingency Planning

References

↑ "Manage IT Security Risk with a Human Element". Dell.com. Retrieved 2012-03-26.

Notes

BBC NEWS | In Depth. BBC News - Home. Web. 18 Mar. 2011. <http://news.bbc.co.uk/2/shared/spl/hi/guides/456900/456993/html/>.
Rattner, Daniel. "Loss Prevention & Risk Management Strategy." Security Management. Northeastern University, Boston. 5 Mar. 2010. Lecture.
Rattner, Daniel. "Risk Assessments." Security Management. Northeastern University, Boston. 15 Mar. 2010. Lecture.
Rattner, Daniel. "Internal & External Threats." Security Management. Northeastern University, Boston. 8 April. 2010. Lecture.
Asset Protection and Security Management Handbook, POA Publishing LLC, 2003, p358
ISO 31000 Risk management — Principles and guidelines, 2009, p7
This article incorporates public domain material from the General Services Administration document "Federal Standard 1037C" (in support of MIL-STD-188).

This article is issued from Wikipedia - version of the 11/16/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.