Security Risk Management Body of Knowledge

ACKNOWLEDGMENTS xv

ABOUT SRMBOK xvii

1 INTRODUCTION AND OVERVIEW 1

1.1 Why SRMBOK? 1

1.2 Where Do We Go from Here? 3

1.3 What is Security Risk Management? 4

1.4 How does SRM Relate to Risk Management? 11

1.5 Conclusion, 14

2 SECURITY RISK MANAGEMENT CONTEXT 15

2.1 The Changing Security Environment, 15

2.2 Changing Concepts in Security Risk Management, 16

2.3 Origins of Security and Risk Management, 18

2.4 Trends and Future Directions, 18

2.5 Globalization, Opportunity, and Volatility, 19

2.6 Transnational and Extrajurisdictional Risks, 20

2.7 Law, Regulatory Framework, and Ramifications for Management, 21

2.8 Diversification or Concentration? 22

2.9 Political Awareness, 23

2.10 Risk versus Reward, 24

2.11 Summary of Key Points, 24

3 SECURITY GOVERNANCE 27

3.1 Introduction, 27

3.2 What Is Security Governance? 28

3.3 Duty of Care, 28

3.4 Resilience, 30

3.5 Security Culture, 37

3.6 Governance Frameworks, 38

3.7 Incident Management and Reporting, 41

3.8 Summary of Key Points, 42

4 SRMBOK FRAMEWORK 43

4.1 SRMBOK Guiding Principles, 46

5 PRACTICE AREAS 53

5.1 Introduction, 53

5.2 Security Management, 56

5.3 Physical Security, 59

5.4 People Security, 63

5.5 ICT Security, 77

5.6 Information Security, 81

6 STRATEGIC KNOWLEDGE AREAS 97

6.1 Introduction, 97

6.2 Exposure, 105

6.3 Risk, 130

6.4 Resources, 166

6.5 Quality, 172

7 OPERATIONAL COMPETENCY AREAS 195

7.1 Business Integration, 195

7.2 Functional Design, 202

7.3 Implementation Management, 204

7.4 Assurance and Audit, 211

8 ACTIVITY AREAS 219

8.1 Introduction, 219

8.2 Intelligence, 224

8.3 Protective Security, 230

8.4 Response, 231

8.5 Recovery and Continuity, 242

8.6 Summary of Key Points, 253

9 SECURITY RISK MANAGEMENT ENABLERS 255

9.1 Introduction, 255

9.2 Summary of Key Points, 259

10 ASSET AREAS 261

10.1 What Is an Asset? 261

10.2 Key Asset Groups, 264

11 SRM INTEGRATION 269

11.1 SRM Integration with Enterprise Risk Management, 273

11.2 ERM Frameworks, 274

11.3 Implementing an Integrated ERM Program, 276

11.4 Summary of Key Points, 282

12 SRM LEXICON 285

12.1 Introduction, 285

12.2 Illustrations, 286

12.3 Notes to Readers, 289

12.4 Definitions, 290

13 SAMPLE TEMPLATES 339

13.1 Security Risk Register form (Example 1), 340

13.2 Security Risk Register form (Example 2), 340

13.3 Risk Treatment Schedule (Example 1), 341

13.4 Risk Treatment Schedule (Example 2), 341

13.5 Outline Security Plan, 342

13.6 Day-to-Day Operational Governance Registers, 343

13.7 Property Selection and Security Planning Checklist, 349

13.8 Sample Commitment Statement to Security and Risk Management, 361

13.9 Sample Bomb Threat Checklist, 362

13.10 Sample Bomb Threat Room Search Checklist, 364

13.11 Evaluation Criteria for Business Continuity and Organizational Resilience, 365

14 ABOUT THE LEAD AUTHORS 417

14.1 Julian Talbot, CPP, 417

14.2 Dr Miles Jakeman, 418

BIBLIOGRAPHY AND OTHER REFERENCES 419

INDEX 427