How to Develop and Implement a Security Master Plan  book cover
1st Edition

How to Develop and Implement a Security Master Plan

ISBN 9781420086256
Published December 17, 2008 by Auerbach Publications
374 Pages 45 B/W Illustrations

FREE Standard Shipping
USD $150.00

Prices & shipping based on shipping country


Book Description

Engage Stakeholders with a Long-Term Solution

The goal: Convince executive management to "buy in" to your security program, support it, and provide the largest possible amount of funding.

The solution: Develop a meticulously detailed long-term plan that sells decision-makers on the dire need for your program, and then maps out its direction and required budget.

Assess and Outline Security Risks to Map Out Mitigation Strategies
This practical guide details how to construct a customized, comprehensive five-year corporate security plan that synchronizes with the strategies of any business or institution. The author explains how to develop a plan and implementation strategy that aligns with an organization’s particular philosophies, strategies, goals, programs, and processes. Readers learn how to outline risks and then formulate appropriate mitigation strategies. This guide provides tested, real-world solutions on how to:

  • Conduct an effective, efficient assessment of the site and security personnel, meticulously addressing the particular needs of many different environments
  • Make decisions about security philosophies, strategies, contract relationships, technology, and equipment replacement
  • Interview executive and security management to determine their concerns, educate them, and ensure that they buy in to your plan
  • Use all gathered data to construct and finalize the Security Master Plan and then implement it into the management of the business

Apply Insights from an Expert with Global Experience at the Highest Level
Author Tim Giles worked at IBM for 31 years serving as Director of Security for the company’s operations in the United States and Canada, as well as Latin America and Asia-Pacific. His immeasurable experience and insight provide readers with an extraordinarily comprehensive understanding that they can use to design and execute a highly effective, tailored security program.

Table of Contents

The Business of Security

Why Should You Develop a Security Master Plan?

Engaging the Stakeholders

What Should Your Security Philosophies Be?

Contract Security Relationship

What Should Your Security Strategies Be?

Technology Migration Strategy

Equipment Replacement Schedules


Evaluate the Business’s Risks

Potential Risks to the Business

Defining What Your Risks Are

Information Gathering

The Workplace Violence Risk and Beyond

Domestic Violence in the Workplace

Other Risk Factors

Risks of Fraud and Corruption

Theft Risks

Overseas-Related Risks

Acts of Nature

Information Sources

Human Resources and the Security Plan

Reacting to a Defined Risk

Placing a Value on the Impact of Risk


Conducting a Site Security Assessment — Part 1

Assessing Aspects of Security Administration

Documenting Post Orders and Procedures

Security Personnel Selection and Staffing Considerations

Employee Selection and Staffing Considerations

Application Form

Security Manual Documentation

Security Education Awareness

Contract Management and Audit


Conducting a Site Security Assessment — Part 2

Assessing Aspects of Physical Security

Exterior Security Assessment — Vehicle Access Controls

Parking Lot Security

Proper Use of Signage

Security Processing Operations — Visitor and Contractor Controls

Proper Use of Lighting

Barriers, Doors, and Building Perimeters

Mechanical Locking Systems — Locks and Keys

Submaster System

Key Administration

Security Officer Patrols

Security Officer Review

Crime Prevention Through Environmental Design

Security Staffing

Monitoring and Administering Physical Protection Systems

Stationary and High-Visibility Posts

Emergency Response Capabilities



Conducting a Site Security Assessment — Part 3

Assessing the Electronic systems

Event Driven

Fully Integrated

Closed Circuit Television

Access Control Systems

Access Control System Policy

Alarm Sensors and Reporting

Radio Systems

Technology Status — Current and Future


Conducting a Site Security Assessment — Part 4

Assessing Information Protection

Information Security Protection Programs

Computer and Network Security Ownership

Security and Computer Use Standards for Employees

Security Requirements

Implementing a Classification System

Investigation Requirements

Processing Departing Employees

Information Asset Security

System Misuse

Summary — Information Protection

Government Regulations


Conducting an Assessment of the Security Organization

Reporting Structure

The Security Organization’s Structure

Mixed Security Forces

Separation of Duties

Other Issues

Security Skills

Evaluating the Security Officers

Evaluating the Shift Supervisors

Evaluating the CSO or Director of Security

Evaluating the Other Security Positions

Staffing Levels

Armed versus Unarmed Officers


Determining What Prevention, Crisis Management, and Recovery Programs Exist

Prevention and Recovery Programs

Business Intelligence Information

Crisis Management Planning

Corporate Reputation Crisis Plan

Corporate Investigations: Fraud, Financial, Criminal, Computer, and Network

Due Diligence Processes

Emergency Response Planning and Testing

Business Continuity and Disaster Recovery

Executive Protection Program

Internal Audit and Business Controls, Monitoring Programs, and Fraud and

Pre-employment Screening and Drug Testing

Risk Assessment Process (Annually)

Security Systems and Procedures

Terrorism, Bioterrorism, and the DHS: Threat Advisory System Response

Workplace Violence Prevention Program



Interviewing Executive and Security Management

Interview Executive Management to Understand Their Concerns and Issues

The Approach

Interpreting the Interview Answers

The Importance of Listening

Where to Start the Process

Beginning the Interview

Educating the Executives and Ensuring Their Buy-In

Interview Security Management to Understand Their Concerns and Issues


Review and Evaluate All Security-Related Contracts and the Information Protection Program

Security Business Contracts

Contractual Right to Audit

Contract Bid Process

Auditing Security-Related Contracts

Reviewing the Information Protection Programs

After-Hours Checks

IT Information Protection

Disaster Recovery Program Review

Information Security Awareness Training

Investigation Requirements

Review of Exit Interview Process

Information Asset Security Review


Constructing the Security Master Plan Document

Compiling, Organizing, and Evaluating the Information Gathered

Developing Your Recommendations

Initial Draft Review with Security Management

Recommendation with Solutions

Developing and Refining Security Philosophies, Strategies, and Goals

Involving the Stakeholders

Documenting the Master Plan

Developing the Recommendations Presentation

Estimating Cost Impacts

Project Management Skills


Typical Contents of a Security Master Plan

Content Listing and Organization

Structural Focus

Budgeting Focus

Establishing an ROI


Finalizing the Security Master Plan Process

The Recommendations Presentation

Where to Begin

Setting Your Goals

Asking the Tough Questions

Submitting the Finalized Security Master Plan


Utilizing Your Plan in Managing Your Business

Utilizing Your Plan for Periodic Quality Checks

It Is All about Timing

Keeping the Plan in Sync with the Business

Testing Your Plan Against the Latest Technology

Benchmarking and Business Process (Matrix) Management

Best of Breed

Business Process (Matrix) Management



View More


This practical guide details how to construct a customized, comprehensive, five-year corporate security plan that synchronizes with the strategies of any business or institution.
– In ASIS Dynamics, May/June 2009

In this well-written, well-organized book, author Timothy D. Giles, CPP, PSP, provides a thorough overview of how to develop a five-year security master plan that aligns with both an organization’s security philosophy and its overall business plan. … In addition to explanation of data collection and analysis procedures, the text features an outline of a plan document including guidelines for how to address the budget and establishing a return on investment, as well as a discussion on how to approach the final recommendations’ presentation. … A valuable appendix includes guidelines for dealing with workplace violence issues, material on executive protection, self-assessment templates, and an example of a format for a consulting proposal. … It is an excellent road map for security professionals to use as a benchmark relative to their own practices and would also be an excellent text for students assigned to evaluate a security program.
—George Okaty, Director of Safety & Security, Tidewater Community College, Virginia, in Security Magazine, September 2010