| |
| |
Preface | |
| |
| |
Acknowledgments | |
| |
| |
Foreword | |
| |
| |
Introduction | |
| |
| |
| |
Introduction to the Role of the Security Professionals and Security Metrics Management | |
| |
| |
| |
The Security Profession and Its Role in Supporting Business and Government Agency Assets Protection Needs | |
| |
| |
Introduction | |
| |
| |
The Need for Security Professionals in Business | |
| |
| |
Corporate Security Today | |
| |
| |
The Role of the Corporate Security Professional | |
| |
| |
The Required Skills of the Security Professional | |
| |
| |
What Kind of People Are Needed? | |
| |
| |
Why the Corporate Security Professional? | |
| |
| |
Where is Security's Place in the Corporation? | |
| |
| |
Summary | |
| |
| |
| |
Management and Security Metrics Management Foundation | |
| |
| |
Introduction | |
| |
| |
Security From an Executive Management Perspective | |
| |
| |
Summary | |
| |
| |
| |
Policies, Procedures, Processes, Plans and Projects | |
| |
| |
Introduction | |
| |
| |
Triad of Assets Protection and Security Functional Drivers | |
| |
| |
Part One of the Security Drivers' Triad: Risk Management Drivers | |
| |
| |
Part Two of the Drivers' Triad: Corporate Decisions' Drivers | |
| |
| |
Part Three of the Drivers' Triad: Laws, Regulations, Best Business Practices, Ethics and Privacy Drivers | |
| |
| |
Summary of Drivers | |
| |
| |
CAPP-Related Policies | |
| |
| |
CAPP-Related Procedures | |
| |
| |
CAPP-Related Processes | |
| |
| |
Process Management | |
| |
| |
Performance Management | |
| |
| |
CAPP-Related Plans | |
| |
| |
CAPP-Related Projects | |
| |
| |
Security Duties and Responsibilities | |
| |
| |
Corporate Assets Protection Program (CAPP) | |
| |
| |
Summary | |
| |
| |
| |
Security Metrics Management Program-An Overview | |
| |
| |
Introduction | |
| |
| |
First Steps in the Development of an SMMP | |
| |
| |
Security Metrics Management is not Rocket Science | |
| |
| |
Questions Concerning Data Collection | |
| |
| |
SMMP Chart Designs | |
| |
| |
Using Technology to Deliver Metrics Data | |
| |
| |
Quality and Oversight | |
| |
| |
Security Metrics and Processes | |
| |
| |
Cost-Avoidance Metrics | |
| |
| |
Using Metrics Charts for Management Briefings | |
| |
| |
Sequence of Assets Protection Charts for Management Briefings | |
| |
| |
Case Study: Metrics Data Collection Example-Badge-Making Process | |
| |
| |
SMMP and Executive Management | |
| |
| |
Case Study: Use of Metrics in Times of Downsizing Security Staff | |
| |
| |
More on SMMP and Downsizing | |
| |
| |
Case Study: Charting Assets Protection Infractions as Part of an SMMP and Briefing Management on the Results | |
| |
| |
Case Study-Using Metrics to Determine Success | |
| |
| |
Summary | |
| |
| |
| |
Case Study: Measuring the Costs of Security | |
| |
| |
Introduction | |
| |
| |
IWC Assets Protection Survey Questionnaire | |
| |
| |
Examples of Some Metrics Charts | |
| |
| |
Summary | |
| |
| |
| |
Case Study: Six Sigma | |
| |
| |
Introduction | |
| |
| |
A Case Study-Another Approach to Security Metrics Management | |
| |
| |
Case Study-Patch Management | |
| |
| |
Conclusion | |
| |
| |
| |
Administrative Security Metrics | |
| |
| |
| |
Information Security | |
| |
| |
Introduction | |
| |
| |
Three Basic Categories of Information | |
| |
| |
An Information Protection Philosophy | |
| |
| |
Business Information Types and Examples | |
| |
| |
Security Drivers | |
| |
| |
Information Security Process Flowcharts | |
| |
| |
What, When, Who, Where, How of Data Collection | |
| |
| |
Sample Metrics Charts | |
| |
| |
A Case Study | |
| |
| |
Summary | |
| |
| |
| |
Personnel Security | |
| |
| |
Introduction | |
| |
| |
Pre-Employment and Background Investigations | |
| |
| |
Basics of Pre-Employment Checks | |
| |
| |
What Are Pre-Employment Background Investigations? | |
| |
| |
Pre-Employment and Background Investigations Drivers and Flowcharts | |
| |
| |
Sample Pre-Employment and Background Investigations Metrics Charts | |
| |
| |
Workplace Violence | |
| |
| |
Workplace Violence Prevention Program | |
| |
| |
Case Study | |
| |
| |
Summary | |
| |
| |
| |
Security Education and Awareness Training | |
| |
| |
Introduction | |
| |
| |
SEATP Organization | |
| |
| |
SEATP Drivers and Flowcharts | |
| |
| |
SEATP Metrics | |
| |
| |
Sample SEATP Metrics Charts | |
| |
| |
Data Collection And Metrics Management | |
| |
| |
SEATP Case Study | |
| |
| |
Summary | |
| |
| |
| |
Security Compliance Audits | |
| |
| |
Introduction | |
| |
| |
SCA Organization | |
| |
| |
SCA Drivers and Flowcharts | |
| |
| |
SCA Metrics | |
| |
| |
SCA Metrics Charts-A Sampling | |
| |
| |
The Who, How, Where, When, Why and What of SCA Metrics Tracking | |
| |
| |
SCA Case Study | |
| |
| |
SCA Summary | |
| |
| |
| |
Surveys and Risk Management | |
| |
| |
Introduction | |
| |
| |
SRM Drivers and Flowcharts | |
| |
| |
Sample SCA Metrics Charts | |
| |
| |
The Who, How, Where, When, Why and What of SRM Metrics Tracking | |
| |
| |
Case Study | |
| |
| |
Summary | |
| |
| |
| |
Corporate Assets Protection Program | |
| |
| |
Introduction | |
| |
| |
The CAPP and Other Drivers, Plans and Their Flowcharts | |
| |
| |
CAPP Data Collection and Security Metrics Management | |
| |
| |
Is the CAPP Working as Planned? | |
| |
| |
Is It Effective? | |
| |
| |
How Much Does It Cost? | |
| |
| |
How Can It Be Done Better? | |
| |
| |
How Can It Be Done Cheaper? | |
| |
| |
Case Study | |
| |
| |
Summary | |
| |
| |
| |
Contingency Planning | |
| |
| |
Introduction | |
| |
| |
Contingency Planning Organization | |
| |
| |
Contingency Planning Drivers and Flowcharts | |
| |
| |
Examples of Contingency Planning Metrics' Measurement Tools | |
| |
| |
Contingency Planning Case Study | |
| |
| |
Summary | |
| |
| |
| |
Physical Security Metrics | |
| |
| |
| |
The Guard Force | |
| |
| |
Introduction | |
| |
| |
Guard Force Security Organization | |
| |
| |
Guard Force Security Drivers and Flowcharts | |
| |
| |
Guard Force Metrics Charts Examples | |
| |
| |
Guard Force Case Study | |
| |
| |
Guard Force Summary | |
| |
| |
| |
Technical Security Systems | |
| |
| |
Introduction | |
| |
| |
Technical Security Systems Organization | |
| |
| |
Technical Security Systems Flowcharts | |
| |
| |
Technical Security Systems Metrics | |
| |
| |
Technical Security Systems Case Study | |
| |
| |
Summary | |
| |
| |
| |
Locks and Keys | |
| |
| |
Introduction | |
| |
| |
Locks and Keys Organization | |
| |
| |
Locks and Keys Drivers and Flowcharts | |
| |
| |
Locks and Keys Examples of Security Metrics | |
| |
| |
Lock and Key Case Study | |
| |
| |
Summary | |
| |
| |
| |
Fire Protection | |
| |
| |
Introduction | |
| |
| |
Fire Protection Organization | |
| |
| |
Fire Protection Drivers and Flowcharts | |
| |
| |
Fire Prevention And Suppression Metrics Examples | |
| |
| |
Case Study-Outsourcing Fire Prevention and/or Suppression | |
| |
| |
Summary | |
| |
| |
| |
Executive Protection | |
| |
| |
Introduction | |
| |
| |
Executive Protection Organization | |
| |
| |
Executive Protection Drivers and Flowcharts | |
| |
| |
Executive Protection Examples of Metrics | |
| |
| |
Executive Protection Case Study | |
| |
| |
Summary | |
| |
| |
| |
Event Security | |
| |
| |
Introduction | |
| |
| |
Event Security Organization | |
| |
| |
Event Security Drivers and Flowcharts | |
| |
| |
Event Security Metrics | |
| |
| |
Event Security Case Study | |
| |
| |
Event Security Summary | |
| |
| |
| |
Security Operations Metrics | |
| |
| |
| |
Investigations and Noncompliance Inquiries | |
| |
| |
Introduction | |
| |
| |
Investigations and NCI Organization | |
| |
| |
Investigations and NCI Drivers and Flowcharts | |
| |
| |
Investigations and NCI Examples of Metrics | |
| |
| |
Investigations and NCI Case Study | |
| |
| |
Investigations and NCI Summary | |
| |
| |
| |
Government Security | |
| |
| |
Introduction | |
| |
| |
IWC's Government Security Organization | |
| |
| |
Government Security Drivers and Flowcharts | |
| |
| |
Government Security Examples of Metrics | |
| |
| |
Government Security Case Study | |
| |
| |
Government Security Summary | |
| |
| |
| |
Information Systems Security | |
| |
| |
Introduction | |
| |
| |
Infosec Organization | |
| |
| |
Infosec Drivers and Flowcharts | |
| |
| |
Infosec Examples of Metrics | |
| |
| |
Infosec Case Study | |
| |
| |
Infosec Summary | |
| |
| |
| |
Mergers, Acquisitions or Divestitures Security | |
| |
| |
Introduction | |
| |
| |
MAD-Related Security Organization | |
| |
| |
MAD Security Drivers Flowcharts and Checklists | |
| |
| |
MAD-Examples of Metrics | |
| |
| |
Checklists | |
| |
| |
MAD Cast Study | |
| |
| |
MAD Summary | |
| |
| |
| |
Outsourcing | |
| |
| |
Introduction | |
| |
| |
Outsourcing Organization | |
| |
| |
Outsourcing Drivers and Flowcharts | |
| |
| |
Outsourcing Examples of Metrics | |
| |
| |
Post-Contract Award | |
| |
| |
Outsourcing Case Study | |
| |
| |
Outsourcing Summary | |
| |
| |
| |
The Security Profession and Metrics Management in the Future | |
| |
| |
| |
Security Metrics Management Technology of the Future and How to Prepare Now to Use It | |
| |
| |
Introduction | |
| |
| |
New Technology | |
| |
| |
Applying High Technology to the Security Metrics Management Program | |
| |
| |
Application Software Tools For Today | |
| |
| |
Evaluating Current And Future Data Collection Needs | |
| |
| |
Current and Future-"Tools"-Hardware and Software to Support an SMMP | |
| |
| |
Summary | |
| |
| |
| |
Security Benchmarking Group Survey | |
| |
| |
About the Authors | |
| |
| |
Index | |