Details

<b>PREFACE xiii</b> <p><b>ACKNOWLEDGMENTS xv</b></p> <p><b>ABOUT SRMBOK xvii</b></p> <p><b>1 INTRODUCTION AND OVERVIEW 1</b></p> <p>1.1 Why SRMBOK? 1</p> <p>1.2 Where Do We Go from Here? 3</p> <p>1.3 What is Security Risk Management? 4</p> <p>1.4 How does SRM Relate to Risk Management? 11</p> <p>1.5 Conclusion, 14</p> <p><b>2 SECURITY RISK MANAGEMENT CONTEXT 15</b></p> <p>2.1 The Changing Security Environment, 15</p> <p>2.2 Changing Concepts in Security Risk Management, 16</p> <p>2.3 Origins of Security and Risk Management, 18</p> <p>2.4 Trends and Future Directions, 18</p> <p>2.5 Globalization, Opportunity, and Volatility, 19</p> <p>2.6 Transnational and Extrajurisdictional Risks, 20</p> <p>2.7 Law, Regulatory Framework, and Ramifications for Management, 21</p> <p>2.8 Diversification or Concentration? 22</p> <p>2.9 Political Awareness, 23</p> <p>2.10 Risk versus Reward, 24</p> <p>2.11 Summary of Key Points, 24</p> <p><b>3 SECURITY GOVERNANCE 27</b></p> <p>3.1 Introduction, 27</p> <p>3.2 What Is Security Governance? 28</p> <p>3.3 Duty of Care, 28</p> <p>3.4 Resilience, 30</p> <p>3.5 Security Culture, 37</p> <p>3.6 Governance Frameworks, 38</p> <p>3.7 Incident Management and Reporting, 41</p> <p>3.8 Summary of Key Points, 42</p> <p><b>4 SRMBOK FRAMEWORK 43</b></p> <p>4.1 SRMBOK Guiding Principles, 46</p> <p><b>5 PRACTICE AREAS 53</b></p> <p>5.1 Introduction, 53</p> <p>5.2 Security Management, 56</p> <p>5.3 Physical Security, 59</p> <p>5.4 People Security, 63</p> <p>5.5 ICT Security, 77</p> <p>5.6 Information Security, 81</p> <p><b>6 STRATEGIC KNOWLEDGE AREAS 97</b></p> <p>6.1 Introduction, 97</p> <p>6.2 Exposure, 105</p> <p>6.3 Risk, 130</p> <p>6.4 Resources, 166</p> <p>6.5 Quality, 172</p> <p><b>7 OPERATIONAL COMPETENCY AREAS 195</b></p> <p>7.1 Business Integration, 195</p> <p>7.2 Functional Design, 202</p> <p>7.3 Implementation Management, 204</p> <p>7.4 Assurance and Audit, 211</p> <p><b>8 ACTIVITY AREAS 219</b></p> <p>8.1 Introduction, 219</p> <p>8.2 Intelligence, 224</p> <p>8.3 Protective Security, 230</p> <p>8.4 Response, 231</p> <p>8.5 Recovery and Continuity, 242</p> <p>8.6 Summary of Key Points, 253</p> <p><b>9 SECURITY RISK MANAGEMENT ENABLERS 255</b></p> <p>9.1 Introduction, 255</p> <p>9.2 Summary of Key Points, 259</p> <p><b>10 ASSET AREAS 261</b></p> <p>10.1 What Is an Asset? 261</p> <p>10.2 Key Asset Groups, 264</p> <p><b>11 SRM INTEGRATION 269</b></p> <p>11.1 SRM Integration with Enterprise Risk Management, 273</p> <p>11.2 ERM Frameworks, 274</p> <p>11.3 Implementing an Integrated ERM Program, 276</p> <p>11.4 Summary of Key Points, 282</p> <p><b>12 SRM LEXICON 285</b></p> <p>12.1 Introduction, 285</p> <p>12.2 Illustrations, 286</p> <p>12.3 Notes to Readers, 289</p> <p>12.4 Definitions, 290</p> <p><b>13 SAMPLE TEMPLATES 339</b></p> <p>13.1 Security Risk Register form (Example 1), 340</p> <p>13.2 Security Risk Register form (Example 2), 340</p> <p>13.3 Risk Treatment Schedule (Example 1), 341</p> <p>13.4 Risk Treatment Schedule (Example 2), 341</p> <p>13.5 Outline Security Plan, 342</p> <p>13.6 Day-to-Day Operational Governance Registers, 343</p> <p>13.7 Property Selection and Security Planning Checklist, 349</p> <p>13.8 Sample Commitment Statement to Security and Risk Management, 361</p> <p>13.9 Sample Bomb Threat Checklist, 362</p> <p>13.10 Sample Bomb Threat Room Search Checklist, 364</p> <p>13.11 Evaluation Criteria for Business Continuity and Organizational Resilience, 365</p> <p><b>14 ABOUT THE LEAD AUTHORS 417</b></p> <p>14.1 Julian Talbot, CPP, 417</p> <p>14.2 Dr Miles Jakeman, 418</p> <p><b>BIBLIOGRAPHY AND OTHER REFERENCES 419</b></p> <p><b>INDEX 427</b></p>

<b>Julian Talbot</b> is the Practice Leader for Risk Management with JBS, a specialist business strategy and risk management company. Previously he held roles as manager of security for the Australian governments most extensive over-seas network (Austrade) and for Australias largest natural resources project, Woodsides $20 billion North West Shelf Venture. He has also held roles as a director with the Risk Management Institution of Australasia (RMIA), director of the Australian Institute of Professional Intelligence Officers, and a research associate with the Australian Homeland Security Research Centre. <p><b>Miles Jakeman</b>, PhD, is the Managing Director of Citadel Group Limited. His key skills cover business strategy, program management, and security risk management. Dr. Jakeman has worked with defense, intelligence, and national security agencies, as well as multinational companies. He is a member of the Australian Institute of Company Directors and the ACT Capital Angels, a preferred risk management supplier to the Australasian Business Travelers Association and an Associate of RMIA.</p>

<b>A framework for formalizing risk management thinking in today¿s complex business environment</b> <p><i>Security Risk Management Body of Knowledge</i> details the security risk management process in a format that can easily be applied by executive managers and security risk management practitioners. Integrating knowledge, competencies, methodologies, and applications, it demonstrates how to document and incorporate best-practice concepts from a range of complementary disciplines.</p> <p>Developed to align with International Standards for Risk Management such as ISO 31000 it enables professionals to apply security risk management (SRM) principles to specific areas of practice. Guidelines are provided for: Access Management; Business Continuity and Resilience; Command, Control, and Communications; Consequence Management and Business Continuity Management; Counter-Terrorism; Crime Prevention through Environmental Design; Crisis Management; Environmental Security; Events and Mass Gatherings; Executive Protection; Explosives and Bomb Threats; Home-Based Work; Human Rights and Security; Implementing Security Risk Management; Intellectual Property Protection; Intelligence Approach to SRM; Investigations and Root Cause Analysis; Maritime Security and Piracy; Mass Transport Security; Organizational Structure; Pandemics; Personal Protective Practices; Psych-ology of Security; Red Teaming and Scenario Modeling; Resilience and Critical Infrastructure Protection; Asset-, Function-, Project-, and Enterprise-Based Security Risk Assessment; Security Specifications and Postures; Security Training; Supply Chain Security; Transnational Security; and Travel Security.</p> <p><i>Security Risk Management Body of Knowledge</i> is supported by a series of training courses, DVD seminars, tools, and templates. This is an indispensable resource for risk and security professional, students, executive management, and line managers with security responsibilities.</p>

US