| Preface | p. xiii |
| Acknowledgments | p. xxi |
| Foreword | p. xxiii |
| Introduction | p. xxv |
| Introduction to the Role of the Security Professionals and Security Metrics Management | p. 1 |
| The Security Profession and Its Role in Supporting Business and Government Agency Assets Protection Needs | p. 3 |
| Introduction | p. 3 |
| The Need for Security Professionals in Business | p. 5 |
| Corporate Security Today | p. 8 |
| The Role of the Corporate Security Professional | p. 8 |
| The Required Skills of the Security Professional | p. 9 |
| What Kind of People Are Needed? | p. 10 |
| Why the Corporate Security Professional? | p. 10 |
| Where is Security's Place in the Corporation? | p. 11 |
| Summary | p. 12 |
| Management and Security Metrics Management Foundation | p. 13 |
| Introduction | p. 13 |
| Security From an Executive Management Perspective | p. 13 |
| Summary | p. 17 |
| Policies, Procedures, Processes, Plans and Projects | p. 19 |
| Introduction | p. 19 |
| Triad of Assets Protection and Security Functional Drivers | p. 20 |
| Part One of the Security Drivers' Triad: Risk Management Drivers | p. 20 |
| Part Two of the Drivers' Triad: Corporate Decisions' Drivers | p. 21 |
| Part Three of the Drivers' Triad: Laws, Regulations, Best Business Practices, Ethics and Privacy Drivers | p. 22 |
| Summary of Drivers | p. 24 |
| CAPP-Related Policies | p. 25 |
| CAPP-Related Procedures | p. 25 |
| CAPP-Related Processes | p. 26 |
| Process Management | p. 27 |
| Performance Management | p. 28 |
| CAPP-Related Plans | p. 28 |
| CAPP-Related Projects | p. 29 |
| Security Duties and Responsibilities | p. 34 |
| Corporate Assets Protection Program (CAPP) | p. 34 |
| Summary | p. 35 |
| Security Metrics Management Program-An Overview | p. 37 |
| Introduction | p. 37 |
| First Steps in the Development of an SMMP | p. 38 |
| Security Metrics Management is not Rocket Science | p. 40 |
| Questions Concerning Data Collection | p. 43 |
| SMMP Chart Designs | p. 44 |
| Using Technology to Deliver Metrics Data | p. 44 |
| Quality and Oversight | p. 45 |
| Security Metrics and Processes | p. 46 |
| Cost-Avoidance Metrics | p. 47 |
| Using Metrics Charts for Management Briefings | p. 47 |
| Sequence of Assets Protection Charts for Management Briefings | p. 48 |
| Case Study: Metrics Data Collection Example-Badge-Making Process | p. 50 |
| SMMP and Executive Management | p. 51 |
| Case Study: Use of Metrics in Times of Downsizing Security Staff | p. 52 |
| More on SMMP and Downsizing | p. 53 |
| Case Study: Charting Assets Protection Infractions as Part of an SMMP and Briefing Management on the Results | p. 56 |
| Case Study-Using Metrics to Determine Success | p. 57 |
| Summary | p. 58 |
| Case Study: Measuring the Costs of Security | p. 59 |
| Introduction | p. 59 |
| IWC Assets Protection Survey Questionnaire | p. 60 |
| Examples of Some Metrics Charts | p. 64 |
| Summary | p. 74 |
| Case Study: Six Sigma | p. 75 |
| Introduction | p. 75 |
| A Case Study-Another Approach to Security Metrics Management | p. 75 |
| Case Study-Patch Management | p. 77 |
| Conclusion | p. 80 |
| Administrative Security Metrics | p. 81 |
| Information Security | p. 83 |
| Introduction | p. 83 |
| Three Basic Categories of Information | p. 87 |
| An Information Protection Philosophy | p. 88 |
| Business Information Types and Examples | p. 89 |
| Security Drivers | p. 90 |
| Information Security Process Flowcharts | p. 90 |
| What, When, Who, Where, How of Data Collection | p. 92 |
| Sample Metrics Charts | p. 93 |
| A Case Study | p. 95 |
| Summary | p. 97 |
| Personnel Security | p. 99 |
| Introduction | p. 99 |
| Pre-Employment and Background Investigations | p. 100 |
| Basics of Pre-Employment Checks | p. 101 |
| What Are Pre-Employment Background Investigations? | p. 101 |
| Pre-Employment and Background Investigations Drivers and Flowcharts | p. 101 |
| Sample Pre-Employment and Background Investigations Metrics Charts | p. 103 |
| Workplace Violence | p. 109 |
| Workplace Violence Prevention Program | p. 110 |
| Case Study | p. 111 |
| Summary | p. 114 |
| Security Education and Awareness Training | p. 115 |
| Introduction | p. 115 |
| SEATP Organization | p. 116 |
| SEATP Drivers and Flowcharts | p. 117 |
| SEATP Metrics | p. 118 |
| Sample SEATP Metrics Charts | p. 119 |
| Data Collection And Metrics Management | p. 122 |
| SEATP Case Study | p. 124 |
| Summary | p. 126 |
| Security Compliance Audits | p. 127 |
| Introduction | p. 127 |
| SCA Organization | p. 127 |
| SCA Drivers and Flowcharts | p. 128 |
| SCA Metrics | p. 129 |
| SCA Metrics Charts-A Sampling | p. 131 |
| The Who, How, Where, When, Why and What of SCA Metrics Tracking | p. 134 |
| SCA Case Study | p. 135 |
| SCA Summary | p. 136 |
| Surveys and Risk Management | p. 137 |
| Introduction | p. 137 |
| SRM Drivers and Flowcharts | p. 139 |
| Sample SCA Metrics Charts | p. 140 |
| The Who, How, Where, When, Why and What of SRM Metrics Tracking | p. 142 |
| Case Study | p. 143 |
| Summary | p. 152 |
| Corporate Assets Protection Program | p. 153 |
| Introduction | p. 153 |
| The CAPP and Other Drivers, Plans and Their Flowcharts | p. 156 |
| CAPP Data Collection and Security Metrics Management | p. 157 |
| Is the CAPP Working as Planned? | p. 157 |
| Is It Effective? | p. 159 |
| How Much Does It Cost? | p. 159 |
| How Can It Be Done Better? | p. 161 |
| How Can It Be Done Cheaper? | p. 161 |
| Case Study | p. 162 |
| Summary | p. 162 |
| Contingency Planning | p. 163 |
| Introduction | p. 163 |
| Contingency Planning Organization | p. 165 |
| Contingency Planning Drivers and Flowcharts | p. 165 |
| Examples of Contingency Planning Metrics' Measurement Tools | p. 171 |
| Contingency Planning Case Study | p. 175 |
| Summary | p. 175 |
| Physical Security Metrics | p. 177 |
| The Guard Force | p. 181 |
| Introduction | p. 181 |
| Guard Force Security Organization | p. 183 |
| Guard Force Security Drivers and Flowcharts | p. 183 |
| Guard Force Metrics Charts Examples | p. 184 |
| Guard Force Case Study | p. 186 |
| Guard Force Summary | p. 188 |
| Technical Security Systems | p. 189 |
| Introduction | p. 189 |
| Technical Security Systems Organization | p. 189 |
| Technical Security Systems Flowcharts | p. 190 |
| Technical Security Systems Metrics | p. 192 |
| Technical Security Systems Case Study | p. 199 |
| Summary | p. 200 |
| Locks and Keys | p. 201 |
| Introduction | p. 201 |
| Locks and Keys Organization | p. 202 |
| Locks and Keys Drivers and Flowcharts | p. 202 |
| Locks and Keys Examples of Security Metrics | p. 203 |
| Lock and Key Case Study | p. 206 |
| Summary | p. 207 |
| Fire Protection | p. 209 |
| Introduction | p. 209 |
| Fire Protection Organization | p. 210 |
| Fire Protection Drivers and Flowcharts | p. 211 |
| Fire Prevention And Suppression Metrics Examples | p. 213 |
| Case Study-Outsourcing Fire Prevention and/or Suppression | p. 216 |
| Summary | p. 216 |
| Executive Protection | p. 217 |
| Introduction | p. 217 |
| Executive Protection Organization | p. 219 |
| Executive Protection Drivers and Flowcharts | p. 220 |
| Executive Protection Examples of Metrics | p. 221 |
| Executive Protection Case Study | p. 223 |
| Summary | p. 223 |
| Event Security | p. 225 |
| Introduction | p. 225 |
| Event Security Organization | p. 225 |
| Event Security Drivers and Flowcharts | p. 226 |
| Event Security Metrics | p. 227 |
| Event Security Case Study | p. 229 |
| Event Security Summary | p. 229 |
| Security Operations Metrics | p. 231 |
| Investigations and Noncompliance Inquiries | p. 233 |
| Introduction | p. 233 |
| Investigations and NCI Organization | p. 233 |
| Investigations and NCI Drivers and Flowcharts | p. 234 |
| Investigations and NCI Examples of Metrics | p. 235 |
| Investigations and NCI Case Study | p. 241 |
| Investigations and NCI Summary | p. 243 |
| Government Security | p. 245 |
| Introduction | p. 245 |
| IWC's Government Security Organization | p. 247 |
| Government Security Drivers and Flowcharts | p. 248 |
| Government Security Examples of Metrics | p. 249 |
| Government Security Case Study | p. 251 |
| Government Security Summary | p. 253 |
| Information Systems Security | p. 255 |
| Introduction | p. 255 |
| Infosec Organization | p. 256 |
| Infosec Drivers and Flowcharts | p. 258 |
| Infosec Examples of Metrics | p. 262 |
| Infosec Case Study | p. 264 |
| Infosec Summary | p. 264 |
| Mergers, Acquisitions or Divestitures Security | p. 265 |
| Introduction | p. 265 |
| MAD-Related Security Organization | p. 266 |
| MAD Security Drivers Flowcharts and Checklists | p. 268 |
| MAD-Examples of Metrics | p. 269 |
| Checklists | p. 270 |
| MAD Cast Study | p. 273 |
| MAD Summary | p. 274 |
| Outsourcing | p. 275 |
| Introduction | p. 275 |
| Outsourcing Organization | p. 277 |
| Outsourcing Drivers and Flowcharts | p. 278 |
| Outsourcing Examples of Metrics | p. 278 |
| Post-Contract Award | p. 280 |
| Outsourcing Case Study | p. 281 |
| Outsourcing Summary | p. 282 |
| The Security Profession and Metrics Management in the Future | p. 283 |
| Security Metrics Management Technology of the Future and How to Prepare Now to Use It | p. 285 |
| Introduction | p. 285 |
| New Technology | p. 286 |
| Applying High Technology to the Security Metrics Management Program | p. 287 |
| Application Software Tools For Today | p. 289 |
| Evaluating Current And Future Data Collection Needs | p. 289 |
| Current and Future-"Tools"-Hardware and Software to Support an SMMP | p. 291 |
| Summary | p. 294 |
| Security Benchmarking Group Survey | p. 295 |
| About the Authors | p. 317 |
| Index | p. 319 |
| Table of Contents provided by Ingram. All Rights Reserved. |
