Full Transcript

**CHAPTER II. THE IMPORTANCE OF SECURITY MANAGEMENT PLANNING** **INTRODUCTION** **[SECURITY MANAGEMENT]** - **Security management** is defined as the scientific utilization of men, funds and equipment to protect assets and life and to ensure reduction of business interruptions or losses...

**CHAPTER II. THE IMPORTANCE OF SECURITY MANAGEMENT PLANNING** **INTRODUCTION** **[SECURITY MANAGEMENT]** - **Security management** is defined as the scientific utilization of men, funds and equipment to protect assets and life and to ensure reduction of business interruptions or losses, keeping it to the minimum. **The guidelines of a successful management are as follows:** - Understand your role - Study your organization - Serve your customer - Set meaningful and attainable goals - Implement modern management techniques **[SECURITY PLANNING]** - **Security planning** is a comprehensive strategy that involves the identification, evaluation, and future implementation of controls, as well as the allocation of resources such as personnel, contractors, equipment, software, and budget, all aimed at ensuring effective security measures. **[SECURITY MANAGEMENT PLANNING]** - The ultimate goal of security management planning is to create a **security policy** that will implement and enforce it. The beauty of security policy is that it provides a clear direction for all levels of employees in the organizational structure. **Elements of Security Management Planning** At the center of any security management planning is a guide that:  1. 2. 3. 4. 5. 6. **Types of Security Management Plans** 1. **Strategic plan** - It is an important to identify goals and visions that are long term in nature. - The role of security in your organization is defined. - provides more details on how to accomplish the goals and objectives specified by prescribing and scheduling the tests, specific tests.  - Some examples of tactical plans include: - Project plans - Acquisition plans  - Hiring plans - Budget plans - Maintenance plans  - Support plans  - System development plans - talk about the day-to-day operations of your security organization, mostly in terms of how to accomplish various goals in the security policy.  - Some of the topics covered in this type of plan are:  - Resource allotments - Budgetary requirements - Staffing assignments - Scheduling - Implementation procedures **The Top-Down Approach** - The most effective approach in terms of security management planning is top-down. Meaning the senior management needs to initiate it and they'll be responsible for security management in general. This approach makes perfect sense because if you have a security policy that's not supported by your senior management, nobody will follow or comply with it. The security team or department enforcing the security management planning or security policies have to be autonomous to be effective and should be led by the designated chief security officer, reporting directly to the senior management. This way, it can be free from any politically motivated activities in the organization. **Who are Involved?** 1. To further elaborate on this top-down approach. The senior or upper management are responsible for security management in general. The senior management should take security management planning as sort of a business operations issue and take their responsibilities very seriously. Their job is really initiating and defining the security policy.  2. The role of middle management is to turn these security policies into standards, baselines, guidelines, procedures, and so on. This way, it will provide more details and guidance in terms of implementing the security policies. 3. Then the operational managers or security professionals are responsible for the implementation of security policies.  4. Lastly, the end-users are supposed to comply with the security policies. These different roles in the organizational structure demonstrate the top-down approach. 5. Naturally, the senior management are not experts in information system security. In that regard, there needs to be a team of practitioners to help them in developing the security policies. One of their objectives is to educate the senior management on risks, liabilities, and exposures that will remain even after the implementation of the policies.    **Due Diligence & Due Care** - Due diligence must be done, especially in terms of planning and doing research to make an informed decision.  - Due care is mainly a follow-up on due diligence. - At the end of the day, developing, implementing, and enforcing security policies provide evidence of due care and due diligence on the part of senior management.  ![](media/image3.png) **Nature of Desirable Security Management Planning** - In summary, the planning has to be ongoing in terms of development, maintenance, and actual usage. It should also be concrete, clearly defined, and feasible. It's essential to anticipate potential changes and problems when dealing with these planning exercises.  - By doing it properly, it serves as a basis for making an informed decision for your organization as a whole.  - Ultimately, planning is important in the context of security management in general, and all the critical stakeholders have to be closely involved in the planning process. **[Role of an Agency Operator/Security Director]** - The security manager/director be it from a security agency (personnel provider) or proprietary security is perceived to have dual executive personality, that of being the number one expert in security of the organization and that as the highest management man in the hierarchy, and as such he/she is expected to be proficient in handling people; knowledgeable and professionally competent in solving various management problems, and his/her roles are the following: **1. As a Leader** - The Security Director provides leadership to the management of the security organization. Note that the director does not directly manage the department; he or she provides leadership for the manager and management team. Providing leadership means setting the right climate, pointing out directions, suggesting alternative solutions to problems, and encouraging and nurturing the growth of subordinates. **2. As a Company Executive** - Senior Management of the operation should accept him as part of company management team is seen as modern day manager primarily involved in problem solving rather than just a security man. **3. As an executive with high visibility** - High visibility means just that: a Security Director who is well known in and out of the company and who is seen frequently. Ideally, the Security Director should be an interesting and effective speaker who is sought after to make presentation. **4. As an executive with Broad Profile** - A broad profile means that the Security Director has interests in and contributes to other areas of the business beyond the security function. Such exposure and activity not only enhanced the executive image but have other rewards as well. **5. As an Innovator** - The Director is charged with the responsibility of finding new ways to do the job - better and less expensive. He must be a very flexible administrator. **6. As an Counselor and Advisor** - His role is to give advice, suggest alternatives, help solve problems but not solve them. He should not be involved in the operation, he merely must direct. He should be an adviser to the company management in terms of policy, special planning, emergency and disaster planning, executive protection program and executive problems. **7. As a Trainer** - He or she is supportive of an aggressive structured training program within the organization. The Director must personally train, guide and develop his or her immediate subordinate, with the objective of preparing that manager to take over the directorship at the earliest possible date. **8. As a Contemporary Professional** - He is constantly involved in the development and educational program to keep abreast with current developments of the profession, new and improved technology and system, the general part of security as well as the art of management. To attain his objective as contemporary professional, he reads a lot of trade journals, participate as members of local or regional security associations, attend seminars, hear his peers and free to communicate and exchange ideas om a regular basis. **9.** **As a Goal Setter and Strategic Manner** - Establishing objectives and setting goals is a job of a security director. Goals set directions, provide challenges and should require efforts to be achieved. Goals should be either quantitative or qualitative in nature. **Inadequate training or lack of training is the primary contributor to poor performance** [There are three things an employee must know]: 1. 2. 3. 4. 5. 6. 7. 8. **Security Manual** - A security manual should be available to avail regular security personnel and others expected to implement security procedures. - A Security Manual or Handbook is an absolute essential, not only as an operational tool but also as a training guide, and it must be updated on a regular basis. **Behavioral Theories** - When an organization meets the needs of its employees and they are satisfied, the condition has great impact on the socialization process ''likewise on losses''. - The employees learn about employment environment, and appreciate that management and supervisors care, and ultimately help to reduce losses. In Abraham Maslow's Hierarchy of Needs, lower level needs must first be satisfied before the higher level of needs. Such needs are as follows: **1. Basic Physiological Needs:** - Survival needs such as food, shelter sex, and elimination of waste. With the employer assistance, a well-run cafeteria and clean lavatory will satisfy some needs. **2. Safety and Security Needs:** - A person needs to feel free from anxiety and fear. Giving him adequate wages, workplace safety help to satisfy these needs. **3. Societal Needs:** - The need to be loved and need to belong and the societal status as membership and acceptance by a group or members. **4. Esteem and Status Needs:** - The need to be competent, to achieve and to gain approval, and respect **5. Self-Actualization Needs:** - This is the top of the hierarchy of needs, and signifies self-realization and fulfillment. It signifies that a person has reached his or her full potential. An organization can do a lot by training, promotion, etc. in assisting an employee to fulfill this need. **[HOW DO YOU SELL SECURITY TO MANAGEMENT?]** - There are some things a security director or consultant can do to convince top corporation officials that security is worth spending some money for to obtain. Some methods that have proven successful listed below: 1\. Establish a meaningful dialogue with the decision makers in the management hierarchy. First try to **ascertain their feelings** about security. What do they really want a security program to accomplish for them if in fact they want anything? Do not be surprised to learn that some management personnel regard security as a necessary evil and thus worthy of little attention (that is, money and manpower). Marshall the facts. It is good to research the history of security losses experienced by the company and use this information to develop trend projections. 2\. When collecting data to support your position, **deal in principles and not personalities**. Use the technique of non-attribution for all unpublished sources of information. With published sources, such as interoffice memos, except the pertinent data if possible. Avoid internecine power struggles at all costs. Maintain a position of objective neutrality. 3\. Be as professional about security as you can. **The better you are at your job, the greater attention you will command from your superiors.** There are many avenues you can explore to develop the information you need, such as developing contacts with other security professionals who share similar problems. Don\'t reinvent the wheel. Attend security seminars, purchase or borrow relevant books in security and do research work. 4\. In making a proposal to management, hit the highlights and make your proposal as brief as possible. Save the details for later. In any proposal that will cost money make certain you have developed the cost figures as accurately as possible. If the figures are an estimate, label them as such and err on the high side. 5\. It is a wise man who knows his own limitations. If you need outside help (and who does not from time to time) do not be reluctant to admit you need assistance. Such areas as electronics, computers, and sophisticated anti-intrusion alarm systems are usually beyond the capabilities of the security generalist. Do some study yourself and know where to go to get the help you need. 6\. Suggest that management hire an outside consultant. Competent security professionals have nothing to fear by obtaining a \"second opinion.\" More often, the expert from afar\" has greater persuasion over management than members of their own staff. More often than not, the consultant will reinforce your position by reaching the same conclusions and suggesting the same or similar recommendations. 7\. Use the right timing to present your position. Recognize that management\'s priorities are first and foremost the generating of profit. In order to capture management\'s attention one should wait for the right time and circumstances to present a proposal. It is difficult to predict when moment's notice to make your presentation. It will be too late to do the research when you are called before the board of directors without notice to explain just how a breakdown in security could have occurred and what you propose to do to solve the problems for the future. 8\. Develop a program of public relations. Security represents inconvenience even under the best of circumstances. Once you have management thinking favorably about your proposal, you will need to sell it to everyone in the organization in order for it to be successfully implemented. Most employees enjoy working in a safe and secured environment. Use this technique to convince employees that the program was designed as much for their safety and security as for the protection of the assets of the corporation. - Do your homework in a thorough manner and you cannot help but impress management of your capabilities as a security professional. Remember, be patient. Few are those who have been able to sell 100 percent of their security program to management the first timeout of the starting blocks. **CHAPTER III. RISK ANALYSIS AND THE SECURITY SURVEY** **INTRODUCTION** **[RISK]** - **Risk** is associated with almost every activity especially in the business world. It is potential loss or damage to an asset. In simple terms a financial loss to an enterprise, business or organization. - In the insurance business, the term **risk** is also used to mean '**'[the thing insured]**'' for instance, the Dream Company has been insured and therefore, it is the risk. - **Risk** are generally classified as '['**speculative**]'' (the difference between loss or gain, for example, the risk in gambling) and ''**[pure risk]**,'' a loss or no-loss situation, to which insurance will generally apply. **The divisions of risk are limited to three common categories:** 1. **[Personal]** (having to do with people assets) 2. **[Property]** (having to do with material assets) 3. **[Liability]** (having to do with legalities that could affect both of the above such as errors and omissions liability) **[What is Risk Analysis?]** **Risk analysis** is a management tool, the standards for which are determined by whatever management decides it wants to accept in terms of actual loss. In order to proceed in a logical manner to perform a risk analysis is it first necessary to accomplish some basic tasks: 1. Identify the assets in need of being protected (money, manufactured product, and industrial processes to name a few). 2. Identify the kinds of risk that may affect the assets being safeguarded (internal theft, external theft, fire or earthquake). 3. Determine the probability of risk occurrence. Here one must keep in mind that such a determination is not a science but an art, the art of projecting probabilities. 4. Determine the impact of effect, in monetary values, if a given loss will occur. **What is Risk Assessment Analysis?** - A **risk assessment analysis** is a rational and orderly approach and a comprehensive solution to problem identification and probability determination. It is also a method for estimating the anticipated or expected loss from the occurrence of some events that will have adverse effect to the organization. Such key as estimating is often emphasized because risk analysis will never be an exact science. Nevertheless, the answer to most, if not all, questions regarding one's security exposures can be determined by a detailed risk assessment analysis. **How can risk analysis help management?** - **Risk analysis** provides management with information from which to base decisions, such as: It is best always to prevent the occurrence of a situation? Should the policy be to contain the effect a hazardous situation may have? Is it sufficient simply to recognize that an adverse potential exists, and for now do anything but be aware of the hazard? The eventual goal or risk analysis is to strike an economic balance between the impact or risk on the enterprise and the cost of protective measures. 1. The analysis will show the current security posture: (profile) of the company. 2. It will highlight areas where greater (or lesser) security is needed. 3. It will help to assemble some of the facts needed for the development and justification of cost effective countermeasures (safeguards). 4. It will serve to increase security awareness by assessing the strengths and weaknesses of security to all organizational levels from management to operations. **Risk analysis** is not a task to be accomplished once and for all time. It must be performed periodically in order to stay abreast of changes in missions, facilities, and equipment. And, since security measures designed at the inception of a system have generally proved to be more effective than those superimposed later, [risk analysis] should have a place in the design phase of every system. Unfortunately, this it seldom the case. - The major resource required for a risk analysis is [manpower]. - You are conducting a security survey for a medium-sized company with multiple access points to its premises. During your assessment, you notice that the main entrance has a sophisticated access control system, but the side entrances are often propped open for convenience. The employees frequently use these side entrances to save time. The company values efficiency and quick access for its employees. What would be a strategic approach to address this security concern while considering the company\'s emphasis on efficiency? **CHAPTER IV. NAVIGATING CAREER PATHWAYS: SPECIALIZATION, PROGRESSION, AND CONTEMPORARY SECURITY PRACTICES.** **INTRODUCTION** **Public & Private Critical Infrastructures** - - **Energy Sector** - **Water Utilities** - **Information and Communication** - **Transportation (Land, Air, & Sea)** - **Banking and Finance** - **Public Health** - **Emergency Services** - **Agriculture and Food** - **Manufacturing** - **Government Services** - **Real Estate & Strategic Commercial Centers** - **Religious and Cultural Sites and Facilities** **Industrial & Corporate Security** - - **Asset Protection Officer** - **Loss Prevention Specialist** - **Crime Prevention Specialist** - **Physical Security Officer** - **Credit Investigation** - **Fraud Investigation** - **Company Security Officer** - **Guard Force Service Manager** - **Health, Safety, Environment & Security Officer** - **Insurance Investigator** - **Executive Protection** - **Risk Control** - **Security Investigator** - **Accident and Traffic Investigator** - **Security Compliance and Audit** - **Threat & Vulnerability Officer** **Business & Service Partners** - - **Agency Security Officer** - **Field Officer** - **Security Inspector and Investigator** - **Operations and Liaison** - **Protection Agent** - **Training Officer and Instructor** - **Private Detective** - **Lie Detector Examiner** - **Regulatory Compliance** - **CCTV Specialist** - **K9 Specialist** - **Digital and Automation Specialist** - **Red Team and Penetration Specialist** - **Security Advisory & Consultancy** **Academic & Training Institutions** - - Instructor in BS ISM both online and offline - Campus Security Officer - Training Officer and Instructor of Security Training Academy ![](media/image5.png) ![](media/image7.png) ![](media/image9.png) ![](media/image11.png) ![](media/image13.png) ![](media/image15.png) ![](media/image17.png) ![](media/image19.png) **REFERENCES:** **A. Reference Book** - A Textbook in Security & Safety Management, 2nd Edition 2014, Estelito A. Dela Cruz Jr., CPP, CSP, CST. - Contemporary Security Management. John J. Fay. 3rd Edition 2010. - CSP & CSMS Study Guides. Philippine Society for Industrial Security, Inc. & Philippine Association of Detective & Protective Agency Operators, Inc. - Corpuz and Delizo (2011). Industrial security management manual. Quezon City, Philippines: Wiseman's book trading, Inc. - Effective Security Management. Charles A. Sennewald. 5th Edition 2011. - Fulgencio,E.M. (2023). Risk Analysis and the Security Survey - Fulgencio,E.M. (2014). Security management principles, techniques and application - Purpura, P. P. (1991). Security and loss prevention: An introduction. Stoneham, MA: Butterworth-Heinemann. - Vulnerability Assessment Matrix. William (Bill) Nesbitt, CPP. Published Article August 22, 2016. **B. Electronic References** - https://www.lbmc.com/blog/three-categories-of-security-controls/ - https://www.360factors.com/blog/five-steps-of-risk-management-process/ - https://www.securityforward.com/the-importance-of-security-management-planning/ - Security Management E-Letter, ASIS International, Ross D. Bulla, CPP, PSP - Skills for Successful Executive in the Business of Security, Natalie Runyon. **C. Manual** - Philippine Society for Industrial Security, Inc. (n.d). Manual on Professional Industrial Security Management

Use Quizgecko on...
Browser
Browser