Security management
Encyclopedia
Security Management is a broad field of management
related to asset management, physical security
and human resource
safety functions. It entails the identification of an organization's information assets and the development, documentation and implementation of policies, standards, procedures and guidelines.
In network management
it is the set of functions that protects telecommunications network
s and systems from unauthorized access
by persons, acts, or influences and that includes many subfunctions, such as creating, deleting, and controlling security
services and mechanisms; distributing security-relevant information
; reporting security-relevant events; controlling the distribution of cryptographic keying material; and authorizing subscriber access, rights, and privileges.
Management tools such as information classification, risk assessment
and risk analysis
are used to identify threats, classify assets and to rate system vulnerabilities so that effective control can be implemented.
Risk Options
Loss Prevention Strategy
Management
Management in all business and organizational activities is the act of getting people together to accomplish desired goals and objectives using available resources efficiently and effectively...
related to asset management, physical security
Physical security
Physical security describes measures that are designed to deny access to unauthorized personnel from physically accessing a building, facility, resource, or stored information; and guidance on how to design structures to resist potentially hostile acts...
and human resource
Human resource
human resource may stand for:* another name for an employee* human resources, another name for labor* Human resource management, the strategic approach to management of human resources* Human Resources , a Doctor Who audio drama...
safety functions. It entails the identification of an organization's information assets and the development, documentation and implementation of policies, standards, procedures and guidelines.
In network management
Network management
Network management refers to the activities, methods, procedures, and tools that pertain to the operation, administration, maintenance, and provisioning of networked systems....
it is the set of functions that protects telecommunications network
Telecommunications network
A telecommunications network is a collection of terminals, links and nodes which connect together to enable telecommunication between users of the terminals. Networks may use circuit switching or message switching. Each terminal in the network must have a unique address so messages or connections...
s and systems from unauthorized access
Access control
Access control refers to exerting control over who can interact with a resource. Often but not always, this involves an authority, who does the controlling. The resource can be a given building, group of buildings, or computer-based information system...
by persons, acts, or influences and that includes many subfunctions, such as creating, deleting, and controlling security
Security
Security is the degree of protection against danger, damage, loss, and crime. Security as a form of protection are structures and processes that provide or improve security as a condition. The Institute for Security and Open Methodologies in the OSSTMM 3 defines security as "a form of protection...
services and mechanisms; distributing security-relevant information
Information
Information in its most restricted technical sense is a message or collection of messages that consists of an ordered sequence of symbols, or it is the meaning that can be interpreted from such a message or collection of messages. Information can be recorded or transmitted. It can be recorded as...
; reporting security-relevant events; controlling the distribution of cryptographic keying material; and authorizing subscriber access, rights, and privileges.
Management tools such as information classification, risk assessment
Risk assessment
Risk assessment is a step in a risk management procedure. Risk assessment is the determination of quantitative or qualitative value of risk related to a concrete situation and a recognized threat...
and risk analysis
Risk analysis (engineering)
Risk analysis is the science of risks and their probability and evaluation.Probabilistic risk assessment is one analysis strategy usually employed in science and engineering.-Risk analysis and the risk workshop:...
are used to identify threats, classify assets and to rate system vulnerabilities so that effective control can be implemented.
Loss Prevention
Loss prevention focuses on what your critical assets are and how you are going to protect them. A key component to LP is assessing the potential threats to the successful achievement of the goal. This must include the potential opportunities that further the object (why take the risk unless there's and upside?) Balance probability and impact determine and implement measures to minimize or eliminate those threats.Risk Types
External- Strategic- like competition and customer demand
- Operational-Regulation, suppliers, contracts
- Financial-FX, credit
- Hazard- Natural disaster, cyber, external criminal act
Internal
- Strategic-R&D
- Operational- Systems and process (H&R, Payroll)
- Financial- Liquidity, Cash Flow
- Hazard- Safety & security, employee & equipment
Risk Options
- Accept- Some risk is inherent in business
- Transfer- Insurance
- Reduce- Specific systems and processes
- Eliminate- Ideal, but not always realistic
Loss Prevention Strategy
- Deter
- Detect
- Deny
- Delay
- Detain
Range of Tools
These tools are helpful in reducing and eliminating conflicts:- Armed Security
- Coordination with LE
- Personnel with communications capability
- Perimeter alarms
- Personnel
- Monitored alarms
- Biometrics
- Access control cards
- Sophisticated locks
- Security lighting
- Barriers
- Local alarms
- Simple Locks
- Specialist Trained Dogs
See also
- Access controlAccess controlAccess control refers to exerting control over who can interact with a resource. Often but not always, this involves an authority, who does the controlling. The resource can be a given building, group of buildings, or computer-based information system...
- Alarm managementAlarm managementAlarm management is the application of human factors along with instrumentation engineering and systems thinking to manage the design of an alarm system to increase its usability...
- IT risk managementIT risk managementThe IT risk management is the application of risk management to Information technology context in order to manage IT risk, i.e.:IT risk management can be considered a component of a wider Enterprise risk management system....
- IT riskIT riskInformation technology risk, or IT risk, IT-related risk, is a risk related to information technology. This relatively new term due to an increasing awareness that information security is simply one facet of a multitude of risks that are relevant to IT and the real world processes it...
- Loss PreventionLoss preventionRetail loss prevention is a form of private investigation into larceny or theft. The focus of such investigations generally includes shoplifting, package pilferage, embezzlement, credit fraud, and check fraud...
- LP strategy
- Physical Security ProfessionalPhysical Security ProfessionalA Physical Security Professional is a certification process for individuals involved in the physical security of organizations. This certification process is offered by ASIS International...
- Physical SecurityPhysical securityPhysical security describes measures that are designed to deny access to unauthorized personnel from physically accessing a building, facility, resource, or stored information; and guidance on how to design structures to resist potentially hostile acts...
- Range of Tools
- Risk Types
- Security policySecurity policySecurity policy is a definition of what it means to be secure for a system, organization or other entity. For an organization, it addresses the constraints on behavior of its members as well as constraints imposed on adversaries by mechanisms such as doors, locks, keys and walls...
- SecuritySecuritySecurity is the degree of protection against danger, damage, loss, and crime. Security as a form of protection are structures and processes that provide or improve security as a condition. The Institute for Security and Open Methodologies in the OSSTMM 3 defines security as "a form of protection...