E-Book
E-Book, Englisch, 224 Seiten
Smith Workplace Security Essentials
A Guide for Helping Organizations Create Safe Work Environments
1. Auflage 2014
ISBN: 978-0-12-416573-1
Verlag: Elsevier Science & Techn.
Format: EPUB
Kopierschutz: 6 - ePub Watermark
1. Auflage 2014
ISBN: 978-0-12-416573-1
Verlag: Elsevier Science & Techn.
Format: EPUB
Kopierschutz: 6 - ePub Watermark
A Guide for Helping Organizations Create Safe Work Environments
E-Book, Englisch, 224 Seiten
ISBN: 978-0-12-416573-1
Verlag: Elsevier Science & Techn.
Format: EPUB
Kopierschutz: 6 - ePub Watermark
Whether you are a business owner, department manager, or even a concerned employee, Workplace Security Essentials will show you how to improve workplace safety and security using real-life examples and step-by-step instructions. Every organization, be it large or small, needs to be prepared to protect its facilities, inventory, and, most importantly, its staff. Workplace Security Essentials is the perfect training resource to help businesses implement successful security measures, boost employee morale and reduce turnover, protect the company's reputation and public profile, and develop the ability to process and analyze risks of all kinds. Workplace Security Essentials helps the reader understand how different business units can work together and make security a business function-not a burden or extra cost. - Shows how to identify threats using tried-and-true methods for assessing risk in any size organization - Uses real-world examples and scenarios to illustrate what can go wrong-and what can go right when you are prepared - Prepares the reader for worst-case scenarios and domestic violence that may spill over into the workplace - Provides a clear understanding of various electronic systems, video surveillance, and burglar alarms, and how to manage a security guard force
Eric Smith, CPP, is the leading authority on organizational self-defense. Currently, Eric is the HSS Security Director for the Denver-area Sisters of Charity of Leavenworth Health Systems (SCLHS) locations. Before joining HSS, Inc., he spent more than a decade in law enforcement, including working on a special team focused on street-level drug interdiction. He is experienced in security management, directing the security operations at several locations. He teaches active shooter response for school administrators, faculty and hospital staff. Eric has developed staff education and security awareness training programs for employees and security staff members. He instructs critical incident command leaders on how to handle emergency procedures. After authoring various articles on law enforcement and security topics, he has contributed to two books on security program administration and has been cited in the latest edition of Human Resource Management. His most recent publication, 'Healthy Access to Healthcare: Visitor Management for Hospitals, is available online through Amazon.com (paperback) or electronically on Kindle. Recently, Eric developed an active shooter guideline for IAHSS after helping to plan and conduct a full-scale scenario involving SWAT, police responders, bomb squads and negotiators in an urban hospital.In addition to authoring Workplace Security Essentials, as an avid writer and trainer, Eric created the Business Karate Blog. The blog includes security tips and suggestions for business leaders and anyone interested in personal security. Topics range from active shooters, corporate espionage, to suggestions on how to survive a robbery. Eric obtained his Certified Protection Professional (CPP), the preeminent security management certification, through ASIS International. He holds a bachelor of science degree in International Business and Marketing from the University of Colorado."
Eric Smith, CPP, is the leading authority on organizational self-defense. Currently, Eric is the HSS Security Director for the Denver-area Sisters of Charity of Leavenworth Health Systems (SCLHS) locations. Before joining HSS, Inc., he spent more than a decade in law enforcement, including working on a special team focused on street-level drug interdiction. He is experienced in security management, directing the security operations at several locations. He teaches active shooter response for school administrators, faculty and hospital staff. Eric has developed staff education and security awareness training programs for employees and security staff members. He instructs critical incident command leaders on how to handle emergency procedures. After authoring various articles on law enforcement and security topics, he has contributed to two books on security program administration and has been cited in the latest edition of Human Resource Management. His most recent publication, 'Healthy Access to Healthcare: Visitor Management for Hospitals, is available online through Amazon.com (paperback) or electronically on Kindle. Recently, Eric developed an active shooter guideline for IAHSS after helping to plan and conduct a full-scale scenario involving SWAT, police responders, bomb squads and negotiators in an urban hospital.In addition to authoring Workplace Security Essentials, as an avid writer and trainer, Eric created the Business Karate Blog. The blog includes security tips and suggestions for business leaders and anyone interested in personal security. Topics range from active shooters, corporate espionage, to suggestions on how to survive a robbery. Eric obtained his Certified Protection Professional (CPP), the preeminent security management certification, through ASIS International. He holds a bachelor of science degree in International Business and Marketing from the University of Colorado."
Smith
Workplace Security Essentials jetzt bestellen!
Autoren/Hrsg.
Weitere Infos & Material
Chapter 2
Developing a Security Focus
Identifying Critical Assets
Abstract
When you see a karate expert breaking pieces of wood or even concrete, she is getting her power from focus. Focus enables the black belt to put the entire strength of her body into one point, through a block, a punch, or a kick. For a business to develop focus, it must first identify the areas that need to be protected: the critical assets. Only then can the business learn how to shift its focus into preserving vital functions.
This chapter introduces the concept of identifying company assets, then the threats to those assets, and finally the vulnerability or exposure to those threats or A-T-V method. In order to identify assets, a guide is used to outline and prioritize the wide range of assets found in any organization, from the individual employees to the business-critical functions and key data.
Keywords
AssetsData lossEssential personnelFocusInformation securitySecurity risk assessment
Breaking Sticks and Bricks
We’ve all seen it. Maybe on TV or at a live demonstration. But at some point, you’ve seen a karate expert square off against a stack of boards or blocks of concrete. She will get set in position, take a couple of slow motion practice swings, and then with a look of grim determination and one swift movement, the object is broken by her hand, foot, or maybe even head. Ouch! How did she do that? The answer is focus. The black belt is able to channel or focus his or her entire body’s energy into one point. Delivering that power, with speed, requires focus. Failure to use that focus could mean injury. Hesitation or lack of confidence could mess up or distract the martial artist’s focus, causing failure in delivering the necessary power to the right point, and then he or she could injure themself by striking a hard and now immovable object. Done correctly, you get broken boards and smashed bricks. Done incorrectly, you get broken hands and smashed body parts. Karate students practice focus on objects to build confidence and to understand the kind of power and strength they can summon against an adversary should they be forced to defend themselves. The same focus and power can be applied to blocks that will stop an attack cold. These demonstrations and exercises are obviously not designed to ward off attacks by wayward boards and misbehaving blocks but are about building confidence in the ability to focus all that power to one spot.
Organizations or businesses need to develop their security focus in order to channel or focus their protection or security resources to the right location(s). This focus will limit the resources (okay, money), that are invested in security programs or efforts that don’t really protect what is important to the business.
The first step to building a security focus is to identify critical assets. Only then can a business learn how to shift their focus into preserving its vital functions. To help identify critical assets, assets will be classified into one of five categories or levels. This helps break down the process so it is not so overwhelming and will help focus on key areas.
Once the organization’s assets have been identified and prioritized, you can look at the threats that put those assets at risk. The last step is to combine the assets and threats to those assets and calculate the vulnerability or damage that could impact the business. Think of the acronym A-T-V to remember the process: Assets – Threats – Vulnerabilities.
Breaking up Your Assets
So that brings us back to assets. Where to begin? How do you start? Everything that goes into your organization is presumably important, or more likely, critical, especially in tough economic times. If it weren’t, it would have been cut or eliminated, right?
In order to prioritize and sort all the assets in your company, we will sort critical assets into one of the following five groups (Figure 2.1).
Level I Assets
The first level of assets is probably the most obvious, but then maybe not. Picture yourself walking into the CEO’s office and asking him which is more important, people or things. He will say people, of course. If not, you might want to consider looking for another employer. So, your follow-up question will be: Why do we spend so much more time, money, and effort on information technology security than on physical or personnel security? The answer to that question will tell you a lot about the vulnerability of IT assets compared to the risks to people or physical property. It may be due to the number of IT attacks or the critical role that IT plays in your business. It could be because everyone talks about IT security a lot more than about staff security. This type of analysis will be covered more in depth in the next two chapters.
FIGURE 2.1This figure demonstrates the breakdown of assets to help with the security risk assessment.
Hopefully, your organization values its employees. The cost of turnover, finding a replacement, advertising openings, time spent interviewing candidates after reviewing professional resumes, and then, of course, training time and loss of productivity can be very high. The United States Department of Labor estimates that the cost is one-third of the employee’s annual salary!
So the organization’s people will go into the Level I assets. Level I includes everyone, every person who is directly connected to the organization. This should include the employees, of course, but also any vendors or contractors who come onto the property. Certainly, the security of visitors and customers is vital as well. Some organizations, such as schools, hospitals, or retail stores, will have more visitors and customers on site than employees. Even someone passing by the physical location might be considered when thinking of people assets. That person could be a potential customer, depending on your operations, or could become a potential plaintiff in litigation if you do not maintain a safe environment. For example, ignoring burned-out lights or signs of someone hiding in bushes on your property could be what prompts a robber or rapist to use your site as the scene of their crime. The victim may decide that the business ignored the warning signs, causing them harm. Some states even allow unauthorized trespassers, including burglars, to sue property owners in premise liability cases. Right or wrong, fair or unfair, that is the environment in which you do business. So it is important to consider anyone who may touch your business or property as a potential asset.
Level II Assets
People need to have a place to work and the tools to do their jobs. So that leads to the next level of asset classification—buildings, computers, manufacturing equipment, telephones, desks—all the basic property of the business. Think of all the nouns, except people, that make up a business: places and things. These assets make up the Level II category. Many of these may even be listed on the company’s balance sheet. However, this list should take a deeper look. Even areas such as parking lots are something of an asset and certainly one of the locations where employees or customers are present. And their property, their cars, are present and should be considered an asset of the organization. If an employee’s car is broken into or stolen, there will be a definite loss of productivity as focus shifts from normal work to worry about safety issues. A customer dealing with the same loss will likely never return. In that sense customers are an asset beyond the obvious human factor.
Level III Assets
Level III assets are less obvious ones. These are often intangible assets—they are not seen or even going to show up on a balance sheet, but they are extremely important to the organization. This is the company’s image in the eyes of the public and more specifically in the eyes of your customers. This is your public relations and defines your company’s brand and how it is seen in the marketplace.
Unfortunately, it is not difficult to think of firms that have found themselves in a situation, often avoidable, that has severely damaged the firm’s reputation. In 2010 British Petroleum (BP) was operating an off-shore oil drill. There was an explosion that killed 11 employees and the oil well was compromised, leaking millions of gallons of oil into the Gulf of Mexico. Due to the widespread damage caused by the spill and the delays in stopping the spill, the extensive media coverage severely damaged BP’s public image. The company faced fines and will likely face lawsuits for years to come.
As you can see, it is not only security risks that may affect an organization and its reputation. Throughout history, some names have been associated with a tragedy or disaster and will forever be linked to it. I doubt another ship will be named the Titanic. In terms of security, Columbine High School is synonymous with active shooters in schools.
Level IV Assets
The fourth level of assets to consider is information. Information technology or IT security gets a lot of attention. Everywhere you turn, someone is waiting to sell you the latest service to protect you from identity theft. Estimates for losses caused by identity theft vary depending on what crimes are included, but by some accounts were as high as $21 billion in 2012. As far as organizations go, we’ve all heard...
Bitte ändern Sie das Passwort
