Risk Analysis and Security Countermeasure Selection: 2nd Edition (Hardback) book cover

Risk Analysis and Security Countermeasure Selection

2nd Edition

By Thomas L. Norman, CPP/PSP/CSC

CRC Press

484 pages | 76 B/W Illus.

Purchasing Options:$ = USD
Hardback: 9781482244199
pub: 2015-07-01
SAVE ~$15.19
$75.95
$60.76
x
eBook (VitalSource) : 9780429256516
pub: 2015-07-01
from $37.98


FREE Standard Shipping!

Description

This new edition of Risk Analysis and Security Countermeasure Selection presents updated case studies and introduces existing and new methodologies and technologies for addressing existing and future threats. It covers risk analysis methodologies approved by the U.S. Department of Homeland Security and shows how to apply them to other organizations, public and private. It also helps the reader understand which methodologies are best to use for a particular facility and demonstrates how to develop an efficient security system.

Drawing on over 35 years of experience in the security industry, Thomas L. Norman provides a single, comprehensive reference manual for risk analysis, countermeasure selection, and security program development. The security industry has a number of practitioners and consultants who lack appropriate training in risk analysis and whose services sometimes suffer from conflicts of interest that waste organizations’ money and time. Norman seeks to fill the void in risk analysis training for those security consultants, thereby reducing organizations’ wasting of resources and potential vulnerability. This book helps you find ways to minimize cost and time spent in analyzing and countering security threats.

Risk Analysis and Security Countermeasure Selection, Second Edition gives invaluable insight into the risk analysis process while showing how to use analyses to identify and create the most cost efficient countermeasures. It leads you from a basic to an advanced level of understanding of the risk analysis process. The case studies illustrate how to put each theory into practice, including how to choose and implement countermeasures and how to create budgets that allow you to prioritize assets according to their relative risk and select appropriate countermeasures according to their cost effectiveness.

Reviews

"This book, like its predecessor, will become a desk reference used by security professionals everywhere. Like any great reference work, it will be dog-eared, feathered with Post-It Notes, with handwriting scrawled in the margins."

—Ross Johnson

Praise for the First Edition:

"Thomas L. Norman’s Risk Analysis and Security Countermeasure Selection is a relentlessly practical book intended to aid security consultants"

—Jim Harper, The CATO Institute, US Counter-Terrorism Strategy and al-Qaeda, 2010

"… by following the guidance laid out in this detailed book, security managers can do it themselves with software that’s probably already on their office computers… There is no doubt that Norman himself spent considerable time devising the process, which he presents in the book. He provides step-by-step lists for building various matrices … definitely a book for the advanced security practitioner. … it outlines an excellent methodology and is well worth the effort required to read it and work through the process outlined by the author."

— Glen Kitteringham, CPP, President of Kitteringham Security Group Inc., in Security Management, January 2011

Table of Contents

Preface

Acknowledgments

Author

Risk Analysis: The Basis for Appropriate and Economical Countermeasures

For Students Using This Book in an Academic Environment

Introduction

Critical Thinking

Qualitative versus Quantitative Analysis

Theory, Practice, and Tools

Organization

Summary

References

Q&A

Risk Analysis Basics and DHS-Approved Risk Analysis Methods

Introduction

U.S. Department of Homeland Security Concerns

Risk Analysis for Facilities and Structures

Many Interested Stakeholders and Agendas

Commercially Available Software Tools

Risk Analysis Basics

Risk Assessment Steps

Which Methodology to Use?

Summary

References

Q&A

Risk Analysis Skills and Tools

Introduction

Security Risk Analysis Skills

Security Risk Analysis Tools

Summary

References

Q&A

Critical Thinking and the Risk Analysis Process

Introduction

Overview of Critical Thinking

Importance of Critical Thinking

Analysis Requires Critical Thinking

The Eight Elements That Make Up the Thinking Process

The Concepts, Goals, Principles, and Elements of Critical Thinking

Summary

References

Q&A

Asset Characterization and Identification

Introduction

Theory

Practice

Tools

Summary

Reference

Q&A

Criticality and Consequence Analysis

Introduction

Twofold Approach

Criticality versus Consequence

Criticality

Visualization

Consequence Analysis

Building Your Own Criticality/Consequences Matrix

Criticality/Consequence Matrix Instructions

Summary

Q&A

Threat Analysis

Introduction

Theory

Practice

Tools

Predictive Threat Assessment

Inductive versus Deductive Reasoning

Predictive Risk Example

Summary

References

Q&A

Assessing Vulnerability

Introduction

Review of Vulnerability Assessment Model

Define Scenarios and Evaluate Specific Consequences

Evaluate Vulnerability

Summary

References

Q&A

Estimating Probability

Introduction

Resources for Likelihood

Criminal versus Terrorism Likelihood Resources

Criminal Incident Likelihood Estimates

Summary

References

Q&A

Risk Analysis Process

Introduction

Objective

Complete Risk Analysis Process

Risk Analysis Process

Diagram Analysis

Asset Target Value Matrixes

Probability Summary Matrix

Vulnerability Components

Summary

Q&A

Prioritizing Risk

Introduction

Prioritization Criteria

Natural Prioritization (Prioritizing by Formula)

Prioritization of Risk

Communicating Priorities Effectively

Best Practices: Ranking Risk Results

Summary

Q&A

Security Policy Introduction

Introduction

Hierarchy of Security Program Development

What are Policies, Standards, Guidelines, and Procedures?

Summary

Q&A

Security Policy and Countermeasure Goals

Introduction

Theory

Role of Policies in the Security Program

Role of Countermeasures in the Security Program

Why Should Policies Precede Countermeasures?

Security Policy Goals

Security Countermeasure Goals

Policy Support for Countermeasures

Key Policies

Summary

Q&A

Developing Effective Security Policies

Introduction

Process for Developing and Introducing Security Policies

Policy Requirements

Basic Security Policies

Security Policy Implementation Guidelines

Regulation-Driven Policies

Non-Regulation-Driven Policies

Summary

Q&A

Countermeasure Goals and Strategies

Introduction

Countermeasure Objectives, Goals, and Strategies

Access Control

Deterrence

Detection

Assessment

Response

Evidence Gathering

Comply With The Business Culture of the Organization

Minimize Impediments to Normal Business Operations

Safe and Secure Environment

Design Programs to Mitigate Possible Harm from Hazards and Threat Actors

Summary

Reference

Q&A

Types of Countermeasures

Introduction

Baseline Security Program

Specific Countermeasures

Countermeasure Selection Basics

Summary

References

Q&A

Countermeasure Selection and Budgeting Tools

Introduction

The Challenge

Countermeasure Effectiveness

Functions of Countermeasures

Countermeasure Effectiveness Metrics

Helping Decision Makers Reach Consensus on Countermeasure Alternatives

Summary

Q&A

Security Effectiveness Metrics

Introduction

Theory

Sandia Model

A Useful Commercial Model

What King of Information Do We Need to Evaluate to Determine Security Program Effectiveness?

What Kind of Metrics Can Help Us Analyze Security Program Effectiveness?

Summary

References

Q&A

Cost Effectiveness Metrics

Introduction

What are the Limitations of Cost-Effectiveness Metrics?

What Metrics Can Be Used to Determine Cost Effectiveness?

Communicating Priorities Effectively

Complete Cost Effectiveness Matrix

Complete Cost Effectiveness Matrix Elements

Summary

Q&A

Writing Effective Reports

Introduction

Comprehensive Risk Analysis Report

Summary

Q&A

About the Author

Thomas L. Norman, CPP/PSP/CSC, is an internationally acclaimed security risk management consultant with more than 35 years of experience working in the United States, the Middle East, Europe, Africa, and Asia. He is the author of the industry reference manual on integrated security system design. He has developed formulas and processes that are used by the entire security industry to calculate the effectiveness of security programs and overall security program cost-effectiveness. His published works have been quoted and referenced by organizations such as the Cato Institute, the National Broadcasting Company, and Security Management.

Subject Categories

BISAC Subject Codes/Headings:
COM053000
COMPUTERS / Security / General
HIS027000
HISTORY / Military / General
LAW041000
LAW / Forensic Science
POL037000
POLITICAL SCIENCE / Political Freedom & Security / Terrorism