Security management

For the magazine, see Security Management (magazine).

See also: ITIL Security Management

Security Management is a broad field of management related to asset management, physical security and human resource safety functions. It entails the identification of an organization's information assets and the development, documentation and implementation of policies, standards, procedures and guidelines.

In network management it is the set of functions that protects telecommunications networks and systems from unauthorized access by persons, acts, or influences and that includes many subfunctions, such as creating, deleting, and controlling security services and mechanisms; distributing security-relevant information; reporting security-relevant events; controlling the distribution of cryptographic keying material; and authorizing subscriber access, rights, and privileges.

Management tools such as information classification, risk assessment and risk analysis are used to identify threats, classify assets and to rate system vulnerabilities so that effective control can be implemented.

Loss Prevention

Loss prevention focuses on what your critical assets are and how you are going to protect them. A key component to LP is assessing the potential threats to the successful achievement of the goal. This must include the potential opportunities that further the object (why take the risk unless there's and upside?) Balance probability and impact determine and implement measures to minimize or eliminate those threats.

Risk Types

External

• Strategic- like competition and customer demand
• Operational-Regulation, suppliers, contracts
• Financial-FX, credit
• Hazard- Natural disaster, cyber, external criminal act

Internal

• Strategic-R&D
• Operational- Systems and process (H&R, Payroll)
• Financial- Liquidity, Cash Flow
• Hazard- Safety & security, employee & equipment

Risk Options

• Accept- Some risk is inherent in business
• Transfer- Insurance
• Reduce- Specific systems and processes
• Eliminate- Ideal, but not always realistic

Loss Prevention Strategy

1. Deter
2. Detect
3. Deny
4. Delay
5. Detain

Range of Tools

These tools are helpful in reducing and eliminating conflicts

• Armed Security
• Coordination with LE
• Personnel with communications capability
• Perimeter alarms
• Personnel
• Monitored alarms
• Biometrics
• Access control cards
• Sophisticated locks
• Security lighting
• Barriers
• Local alarms
• Simple Locks
• Specialist Trained Dogs

See also

• Access control
• Alarm management
• IT risk management
• IT risk
• Loss Prevention
• LP strategy
• Physical Security Professional
• Physical Security
• Range of Tools
• Risk Types
• Security policy
• Security

References

•  This article incorporates public domain material from the General Services Administration document "Federal Standard 1037C" (in support of MIL-STD-188).
• BBC NEWS | In Depth. BBC News - Home. Web. 18 Mar. 2011. <http://news.bbc.co.uk/2/shared/spl/hi/guides/456900/456993/html/>.
• Rattner, Daniel. "Loss Prevention & Risk Management Strategy." Security Management. Northeastern University, Boston. 5 Mar. 2010. Lecture.
• Rattner, Daniel. "Risk Assessments." Security Management. Northeastern University, Boston. 15 Mar. 2010. Lecture.
• Rattner, Daniel. "Internal & External Threats." Security Management. Northeastern University, Boston. 8 April. 2010. Lecture.