Metrics and Methods for Security Risk Management offers powerful analytic tools that have been absent from traditional security texts. This easy-to-read text provides a handy compendium of scientific principles that affect security threats, and establishes quantitative security metrics that facilitate the development of effective security solutions. Most importantly, this book applies these foundational concepts to information protection, electromagnetic pulse, biological, chemical and radiological weapons, theft, and explosive threats. In addition, this book offers a practical framework for assessing security threats as well as a step-by-step prescription for a systematic risk mitigation process that naturally leads to a flexible model for security standards and audits. This process helps ensure consistency and coherence in mitigating risk as well as in managing complex and/or global security programs. This book promises to be the standard reference in the field and should be in the library of every serious security professional. \* Offers an integrated approach to assessing security risk \* Addresses homeland security as well as IT and physical security issues \* Describes vital safeguards for ensuring true business continuity Front matter......Page 2 Copyright......Page 4 Dedication ......Page 5 About the Author......Page 6 Foreword......Page 7 Preface......Page 8 Acknowledgments......Page 12 Introduction to Security Risk or Tales of the Psychotic Squirrel and the Sociable Shark......Page 14 The Fundamental Expression of Security Risk......Page 20 Introduction to Security Risk Models and Security Risk Mitigation......Page 25 Summary......Page 28 References......Page 29 Linearity and Nonlinearity......Page 30 Exponents, Logarithms, and Sensitivity to Change......Page 36 The Exponential Function ex......Page 38 The Decibel......Page 39 Security Risk and the Concept of Scale......Page 42 Some Common Physical Models In Security Risk......Page 44 Visualizing Security Risk......Page 48 An Example: Guarding Costs......Page 53 Summary......Page 54 Introduction......Page 55 Unique threats......Page 57 Motivating security risk mitigation: The five commandments of corporate security......Page 58 Security risk models......Page 59 The Security risk mitigation process......Page 64 Security risk standards......Page 68 Security Risk Audits......Page 80 Summary ......Page 83 Introduction ......Page 88 Likelihood or Potential for Risk?......Page 89 Estimating the Likelihood of Randomly Occurring Security Incidents......Page 92 Estimating the Potential for Biased Security Incidents......Page 95 Averages and Deviations......Page 98 Actuarial Approaches to Security Risk......Page 104 Randomness, Loss, and Expectation Value......Page 106 Financial Risk......Page 113 Summary......Page 114 References......Page 115 Introduction......Page 116 Vulnerability to Information Loss Through Unauthorized Signal Detection......Page 117 Energy, waves, and information......Page 118 Introduction to acoustic energy and audible information......Page 122 Transmission of audible information and vulnerability to conversation-level overhears......Page 124 Audible information and the effects of intervening structures......Page 127 Introduction to electromagnetic energy and vulnerability to signal detection......Page 133 Electromagnetic energy and the effects of intervening material......Page 139 Vulnerability to information loss through unauthorized signal detection: A checklist......Page 142 Explosive parameters......Page 143 Confidence limits and explosive vulnerability......Page 149 A Theory of Vulnerability to Computer Network Infections......Page 153 Introduction......Page 158 Vulnerability to radiological dispersion devices......Page 159 Vulnerability to biological threats......Page 169 Vulnerability to external contaminants; bypassing building filtration......Page 175 Vulnerability to chemical threats......Page 179 The Visual Compromise of Information......Page 180 Summary......Page 182 References......Page 183 Introduction ......Page 185 Audible Signals ......Page 186 Acoustic barriers......Page 188 Sound reflection......Page 190 Sound absorption......Page 191 Electromagnetic shielding......Page 193 Intra-building electromagnetic signal propagation......Page 197 Inter-building blectromagnetic signal propagation......Page 200 Non-point source electromagnetic radiation......Page 201 Vehicle-borne Explosive Threats: Barriers and Bollards......Page 204 Explosive Threats......Page 209 Radiological Threats......Page 212 Particulate filtering......Page 216 Ultraviolet germicidal irradiation......Page 218 Combining UVGI and particulate filtering......Page 220 More risk mitigation for biological threats......Page 222 Relative effectiveness of influenza mitigation......Page 223 Mitigating the Risk of Chemical Threats (Briefly Noted)......Page 228 Guidelines for Reducing the Vulnerability to Non-Traditional Threats in Commercial Facilities......Page 230 Commercial Technical Surveillance Countermeasures......Page 231 Questionnaire for prospective commercial TSCM vendors......Page 239 Electromagnetic Pulse Weapons......Page 240 EMP generated in proximity to unshielded facilities......Page 241 Emp generated in proximity to shielded facilities......Page 243 Summary......Page 244 References......Page 245 Epilogue......Page 248 Appendix A: Scientific Prefixes......Page 250 Appendix B: Sound levels and intensities......Page 251 Appendix C: The speed of sound in common materials......Page 252 Image Resolution......Page 253 Information Security Restrictions......Page 254 Physical Access Authorization Conditions and Signaling......Page 255 Physical Access Authorization Equipment Security......Page 256 Appendix F: Exterior barrier performance criteria and technical specifications......Page 257 Appendix G: Window anti-blast methods technical specifications......Page 258 Appendix H: Qualitative interpretation of Rw values......Page 260 B ......Page 261 D ......Page 262 E ......Page 263 I ......Page 264 L ......Page 265 P ......Page 266 R ......Page 267 S ......Page 268 U ......Page 270 V ......Page 271 X ......Page 272
Not only are corporations and other organizations sometimes targeted by competitors in order to steal their information, they are also targets of political and/or religious groups who understand their economic and symbolic importance. However, a realistic security strategy requires a big-picture approach. At the same time, budgets are decreasing while security departments are dealing with threats that demand greater vigilance. In the wake of the 2008-2009 global economic meltdown, corporate executives are asking difficult questions about effectiveness and efficiency. The need for both information security and physical security is greater today than ever before, and not only to address more complex and dangerous crisis situations, but also to ensure that the methods deployed are proportionate to the risk.
The notion of risk is the lens from which all such problems must be viewed. This book identifies and explains these foundational principles, and shows how they directly relate to an assessment of physical security risk. This book provides the modern security professional with a useful reference that facilitates both rigorous thinking and sensible decisions about key strategic choices.
* Offers an integrated approach to assessing security risk * Addresses homeland security as well as IT and physical security issues * Describes vital safeguards for ensuring true business continuity
Security problems have evolved in the corporate world because of technological changes, such as using the Internet as a means of communication. With this, the creation, transmission, and storage of information may represent security problem. Metrics and Methods for Security Risk Management is of interest, especially since the 9/11 terror attacks, because it addresses the ways to manage risk security in the corporate world. The book aims to provide information about the fundamentals of security risks and the corresponding components, an analytical approach to risk assessments and mitigation, and quantitative methods to assess the risk components. In addition, it also discusses the physical models, principles, and quantitative methods needed to assess the risk components. The by-products of the methodology used include security standards, audits, risk metrics, and program frameworks. Security professionals, as well as scientists and engineers who are working on technical issues related to security problems will find this book relevant and useful. Offers an integrated approach to assessing security risk Addresses homeland security as well as IT and physical security issues Describes vital safeguards for ensuring true business continuity