E-Book
E-Book, Englisch, 242 Seiten
Cabric Corporate Security Management
Challenges, Risks, and Strategies
1. Auflage 2015
ISBN: 978-0-12-802935-0
Verlag: Elsevier Science & Techn.
Format: EPUB
Kopierschutz: 6 - ePub Watermark
1. Auflage 2015
ISBN: 978-0-12-802935-0
Verlag: Elsevier Science & Techn.
Format: EPUB
Kopierschutz: 6 - ePub Watermark
Challenges, Risks, and Strategies
E-Book, Englisch, 242 Seiten
ISBN: 978-0-12-802935-0
Verlag: Elsevier Science & Techn.
Format: EPUB
Kopierschutz: 6 - ePub Watermark
Corporate Security Management provides practical advice on efficiently and effectively protecting an organization's processes, tangible and intangible assets, and people. The book merges business and security perspectives to help transform this often conflicted relationship into a successful and sustainable partnership. It combines security doctrine, business priorities, and best practices to uniquely answer the Who, What, Where, Why, When and How of corporate security. Corporate Security Management explores the diverse structures of security organizations in different industries. It shows the crucial corporate security competencies needed and demonstrates how they blend with the competencies of the entire organization. This book shows how to identify, understand, evaluate and anticipate the specific risks that threaten enterprises and how to design successful protection strategies against them. It guides readers in developing a systematic approach to assessing, analyzing, planning, quantifying, administrating, and measuring the security function. - Addresses the often opposing objectives between the security department and the rest of the business concerning risk, protection, outsourcing, and more - Shows security managers how to develop business acumen in a corporate security environment - Analyzes the management and communication skills needed for the corporate security manager - Focuses on simplicity, logic and creativity instead of security technology - Shows the true challenges of performing security in a profit-oriented environment, suggesting ways to successfully overcome them - Illustrates the numerous security approaches and requirements in a wide variety of industries - Includes case studies, glossary, chapter objectives, discussion questions and exercises
Marko Cabric is a globally operating freelance security manager, consultant, lecturer and author based in Tel Aviv, Israel and Belgrade, Serbia. He has more than 20 years of top-ranking security experience from Europe, Middle East and Africa including the Israeli military and homeland security and as a corporate security manager in several industries. Marko manages, teaches, consults, and trains corporate security clients and business teams on various security matters such as corporate security management, physical security, supply chain security, fraud prevention and investigations, crisis management, business continuity, disaster recovery, and information security. He has established corporate security programs for numerous multinational corporations, especially throughout Europe, the Middle East, and Africa.
Marko Cabric is a globally operating freelance security manager, consultant, lecturer and author based in Tel Aviv, Israel and Belgrade, Serbia. He has more than 20 years of top-ranking security experience from Europe, Middle East and Africa including the Israeli military and homeland security and as a corporate security manager in several industries. Marko manages, teaches, consults, and trains corporate security clients and business teams on various security matters such as corporate security management, physical security, supply chain security, fraud prevention and investigations, crisis management, business continuity, disaster recovery, and information security. He has established corporate security programs for numerous multinational corporations, especially throughout Europe, the Middle East, and Africa.
Cabric
Corporate Security Management jetzt bestellen!
Autoren/Hrsg.
Weitere Infos & Material
Chapter 1
About Security
Abstract
With the speedy development of security technology, many security practitioners are caught in the trap of chasing after technology or following the technological mindset by exercising creativity to try and reinvent the essence of security. However, security is not an invented process but actually an evolution of one of the oldest natural processes, dating to the beginning of life and the instinct to protect it. Moreover, real creativity and skills lie in the ability to correctly blend and apply the essence of security in new circumstances to meet new challenges. Instead of reinventing security, we list existing principles and philosophies and arrange them in a logical order and perspective. The often neglected and certainly crucial general principles of security, together with a methodical approach to solving security issues, are a base for any further specialized hands-on engagement.
Keywords
Crime triangle; Layered defense; Means; Motive; Opportunity; Probability; Routine; Security pillars; Value; Worst-case scenario
Security and Its Essence
About Security
Instead of trying to explain security by analyzing the linguistic source of the word and its meaning, to really understand the essence of security we will concentrate more on exploring its real origins, essence, and principles. Basically, even though some other professions are believed to be the oldest ones, which might be true, security is definitely one of the oldest processes, dating to the beginning of life and the instinct to protect it.
The principles of security at the time of our distant ancestors did not change. The caveman guarded his cave with a spear while another was on the lookout on the edge of the settlement with the mission of spotting the danger at the earliest possible stage and alerting the others. Everyone in the community knew exactly what to do in case of danger and who was in charge of making the decisions.
We have the cave as the physical element of security, the spear as technology, information about the proximate danger, communication among community members, all members of the community as the human element and procedures, both as division of tasks in routine as well as emergency procedures, and the community chief as the management. If any of the elements were missing, the system would not work properly.
Then, as well as now, we had the seven pillars of security:
• Physical
• Technical
• Human
• Information
• Communication
• Procedures
• Management (control)
What changed over time is not the essence of security but its technology.
Now that we have cleared the pillars of a security system, we will continue by exploring the periods and the focus of protection. The protection periods, the focus of protection and its value, together with the probable type of threat that we are facing and its impact on our tangible and intangible assets are the elements that will shape our protection strategy and determine how we allocate the seven essential security pillars and transform them into a successful security system.
Protection Periods
We usually divide protection into three phases:
• Prevention
• Reaction
• Recovery
Protection phases correspond with incident phases:
• Prevention corresponds with preparation, which consists of target selection, collection of information, and planning. The preparation phase can last long—days, months, and sometimes even years before the action.
• Reaction corresponds with action, which consists of arrival, action, and escape. Depending on the type of action, it can last a few minutes or even seconds.
• Recovery corresponds with consequences, which can have a devastating impact on people, property, morale, and so forth. Consequences can be felt for a long time after an incident.
Focus
To be able to design applicable security strategies and recognize the threat, the probability of action, and its modus operandi, understanding the protection focus is a crucial starting point. For example, our focus can be on:
• People
• Property
• Process
• Product
• Information
Our focus can also be on the combination of all of the elements with the same or different levels of priority, for example. Different strategies are applied and different resources are used depending on not only what we are protecting but what the situation is and the probable risks, protection obstacles, and worst-scenario consequences. For example, although people are our primary concern, it is different if we are protecting clerks in an office, VIPs, or patients in a hospital. If we are protecting the product, we must first understand its value in terms of the motive for committing a crime against it.
Type of Threat
If we understand the nature of what we are protecting and its value, we also understand the type of threat we are facing (terrorism, theft, hooliganism, political violence, etc.) as well as the type of perpetrators we can expect: a planned organized group, an unprofessional perpetrator, and so forth. When we talk about the type of threat, we are also talking about different probable risks associated with the probable modus operandi of perpetrators. Different types of risk are associated with different types of threat. For instance, a lone drug addict bank robber who needs money immediately is targeting a smaller amount of cash but is more likely to cause greater damage than an organized criminal group that is targeting a much larger amount of cash. A group of criminals will plan the robbery so as to accomplish their goal as efficiently as possible and is completely aware of the different consequences concerning different types of damage.
Concept of Value
One of the key elements of security is the concept of value. Security does not calculate value based on cost, but on a motive for committing crime and in terms of the justified cost of security measures. Basically, the value of what we are protecting gives us the probability of the item (process, product, person, etc.) being a motive for an action against it. It also tells us the type of threat that we are facing and the modus operandi of perpetrators.
If we take a product as an example, tin cans manufactured for a soft drink factory have a value in terms of cost but no value in the security sense.
Furthermore, value can be divided into primary and secondary value:
Primary value is basically the immediate value of a product. For example, cash, jewelry, alcohol, cigarettes, and branded clothing are primary value products. These items can be used immediately by a criminal or easily be sold. As such, they can be attractive as a motive for opportunity crime by a lone perpetrator, but also for organized crime.
Secondary value applies to items that have no usability in their current form: for example, branded shirts are primary value items whereas the textile used to produce them is a secondary value item. It cannot be used directly by the perpetrator but can be used, for example, by another clothes manufacturer. To be resold, it needs to be in a bigger volume, which requires planning, logistics, and prearrangement with the buyer. This indicates that such crime cannot be carried out by a lone perpetrator, but only by an organized group that is able to organize and perform the action.
The classification of value also depends on the volume. Basically, big volumes of primary value become secondary value because executing a theft of big volumes requires planning and logistics. For example, several bottles of wine are primary value whereas a whole truck of wine is secondary value. Stealing a truckload of wine requires an organization, a buyer, logistics, storage space big enough to contain such an amount of items, and so forth.
The type and volume of the protected value, matched with the level of security measures, also indicate the probability of an action and the modus operandi of perpetrators. For instance, in the example of wine bottles, a lone perpetrator is unlikely to target a well-secured warehouse that contains large volumes of packed wine bottles to steal one or two of them. We call this phenomenon the ratio between effort (or risk) and reward.
Another aspect of value is the justified cost of security measures compared with the cost of loss. Basically, the investment in security measures must not exceed the cost of incidents over a reasonable period of time. Organizations prefer not to lose money regardless of where the money is going. Security does not generate profit and its mission is to protect the profit and save costs. If your security measures are more expensive than the incidents, your organizations will opt to accept the risk and lose less.
Crime Triangle
By analyzing the concept of value, we basically analyzed one of the three elements necessary to commit a crime—motive. Motive, opportunity, and means together create the triangle of crime.
A successful security strategy concentrates on understanding the motive, limiting the opportunity, and obstructing the means in the earliest possible stage of an incident by incorporating all of the security elements that we have previously discussed. As an example,...
Bitte ändern Sie das Passwort
