Security Leader Insights for Risk Management: Lessons and Strategies from Leading Security Professionals
Format: PDF / Kindle (mobi) / ePub
How do you, as a busy security executive or manager, stay current with evolving issues, familiarize yourself with the successful practices of your peers, and transfer this information to build a knowledgeable, skilled workforce the times now demand? With Security Leader Insights for Risk Management, a collection of timeless leadership best practices featuring insights from some of the nation’s most successful security practitioners, you can. This book can be used as a quick and effective resource to bring your security staff up to speed on security’s role in risk management. Instead of re-inventing the wheel when faced with a new challenge, these proven practices and principles will allow you to execute with confidence knowing that your peers have done so with success. Part one looks at the risk assessment and subtopics such as compliance, using risk assessments to increase security’s influence, and risk indicator dashboards. Part two discusses risk management topics such as board-level risk, global risk, risk appetite, and enterprise risk management (ERM). Security Leader Insights for Risk Management is a part of Elsevier’s Security Executive Council Risk Management Portfolio, a collection of real-world solutions and "how-to" guidelines that equip executives, practitioners, and educators with proven information for successful security and risk management programs.
- Each chapter can be read in five minutes or less, and is written by or contains insights from experienced security leaders.
- Can be used to find illustrations and examples you can use to deal with a relevant issue.
- Brings together the diverse experiences of proven security leaders in one easy-to-read resource.
provide the reader with an easily accessible overview of current issues. In the event you are forced to make rapid, significant change within your business or organization, this resource can help guide transformational change. Instead of reinventing the wheel when faced with a new challenge, these proven practices and principles will allow you to execute with confidence knowing that your peers have done so with success. Richard E. Chase Vice president and chief security officer, General Atomic 2
and structured than a periodic communication exercise. STRATEGY The test of sufficient awareness is found in the midst of crisis. I frequently remind my colleagues and clients that, as security professionals, we are paid to anticipate. We must proactively identify what could go bump in the night and determine how to prevent, detect, and respond to it. Risk awareness is the result of planful action involving multiple steps. 1. Planning: A risk-aware organization has an established, enterprisewide
powerful measure of security program effectiveness. But we are here because the business recognizes that bad things will occur and the organization has to be prepared to take definitive steps to minimize the consequences. Risk awareness provides the foundation of our ability to react with timely competence. This is a key performance measure of our preparedness to minimize the consequences of the risky event. 5. Consequence analysis and follow-up: Measurable reductions in risk exposure may be
Organization............................................19 Strategies for creating a more risk-aware organization include planning, preparing, training, responding, and analyzing. By George Campbell, former CSO of Fidelity Investments and emeritus faculty of the Security Executive Council. Chapter 6 Building a Risk Indicator Dashboard .................................21 An experienced security executive explains how a risk indicator dashboard can be a highly effective tool for communicating risk
into eight descriptive categories (which the Council calls “board-level risk categories”): financial, business continuity and resiliency, reputation and ethics, human capital, information, legal, regulatory compliance and liability, new and emerging markets, and physical/premises and product. Security leaders can learn much by attempting to group every identified security risk, as well as all security programs and initiatives, into 30 Security Leader Insights for Risk Management one of those