A framework for formalizing risk management thinking in today s complex business environment Security Risk Management Body of Knowledge details the security risk management process in a format that can easily be applied by executive managers and security risk management practitioners. Integrating knowledge, competencies, methodologies, and applications, it demonstrates how to document and incorporate best-practice concepts from a range of complementary disciplines. Developed to align with International Standards for Risk Management such as ISO 31000 it enables professionals to apply security risk management (SRM) principles to specific areas of practice. Guidelines are provided for: Access Management; Business Continuity and Resilience; Command, Control, and Communications; Consequence Management and Business Continuity Management; Counter-Terrorism; Crime Prevention through Environmental Design; Crisis Management; Environmental Security; Events and Mass Gatherings; Executive Protection; Explosives and Bomb Threats; Home-Based Work; Human Rights and Security; Implementing Security Risk Management; Intellectual Property Protection; Intelligence Approach to SRM; Investigations and Root Cause Analysis; Maritime Security and Piracy; Mass Transport Security; Organizational Structure; Pandemics; Personal Protective Practices; Psych-ology of Security; Red Teaming and Scenario Modeling; Resilience and Critical Infrastructure Protection; Asset-, Function-, Project-, and Enterprise-Based Security Risk Assessment; Security Specifications and Postures; Security Training; Supply Chain Security; Transnational Security; and Travel Security.

A framework for formalizing risk management thinking in today¿s complex business environmentSecurity Risk Management Body of Knowledge details the security risk management process in a format that can easily be applied by executive managers and security risk management practitioners. Integrating knowledge, competencies, methodologies, and applications, it demonstrates how to document and incorporate best-practice concepts from a range of complementary disciplines.Developed to align with International Standards for Risk Management such as ISO 31000 it enables professionals to apply security risk management (SRM) principles to specific areas of practice. Guidelines are provided for: Access Management; Business Continuity and Resilience; Command, Control, and Communications; Consequence Management and Business Continuity Management; Counter-Terrorism; Crime Prevention through Environmental Design; Crisis Management; Environmental Security; Events and Mass Gatherings; Executive Protection; Explosives and Bomb Threats; Home-Based Work; Human Rights and Security; Implementing Security Risk Management; Intellectual Property Protection; Intelligence Approach to SRM; Investigations and Root Cause Analysis; Maritime Security and Piracy; Mass Transport Security; Organizational Structure; Pandemics; Personal Protective Practices; Psych-ology of Security; Red Teaming and Scenario Modeling; Resilience and Critical Infrastructure Protection; Asset-, Function-, Project-, and Enterprise-Based Security Risk Assessment; Security Specifications and Postures; Security Training; Supply Chain Security; Transnational Security; and Travel Security.

PREFACE xiiiACKNOWLEDGMENTS xvABOUT SRMBOK xvii1 INTRODUCTION AND OVERVIEW 11.1 Why SRMBOK? 11.2 Where Do We Go from Here? 31.3 What is Security Risk Management? 41.4 How does SRM Relate to Risk Management? 111.5 Conclusion, 142 SECURITY RISK MANAGEMENT CONTEXT 152.1 The Changing Security Environment, 152.2 Changing Concepts in Security Risk Management, 162.3 Origins of Security and Risk Management, 182.4 Trends and Future Directions, 182.5 Globalization, Opportunity, and Volatility, 192.6 Transnational and Extrajurisdictional Risks, 202.7 Law, Regulatory Framework, and Ramifications for Management212.8 Diversification or Concentration? 222.9 Political Awareness, 232.10 Risk versus Reward, 242.11 Summary of Key Points, 243 SECURITY GOVERNANCE 273.1 Introduction, 273.2 What Is Security Governance? 283.3 Duty of Care, 283.4 Resilience, 303.5 Security Culture, 373.6 Governance Frameworks, 383.7 Incident Management and Reporting, 413.8 Summary of Key Points, 424 SRMBOK FRAMEWORK 434.1 SRMBOK Guiding Principles, 465 PRACTICE AREAS 535.1 Introduction, 535.2 Security Management, 565.3 Physical Security, 595.4 People Security, 635.5 ICT Security, 775.6 Information Security, 816 STRATEGIC KNOWLEDGE AREAS 976.1 Introduction, 976.2 Exposure, 1056.3 Risk, 1306.4 Resources, 1666.5 Quality, 1727 OPERATIONAL COMPETENCY AREAS 1957.1 Business Integration, 1957.2 Functional Design, 2027.3 Implementation Management, 2047.4 Assurance and Audit, 2118 ACTIVITY AREAS 2198.1 Introduction, 2198.2 Intelligence, 2248.3 Protective Security, 2308.4 Response, 2318.5 Recovery and Continuity, 2428.6 Summary of Key Points, 2539 SECURITY RISK MANAGEMENT ENABLERS 2559.1 Introduction, 2559.2 Summary of Key Points, 25910 ASSET AREAS 26110.1 What Is an Asset? 26110.2 Key Asset Groups, 26411 SRM INTEGRATION 26911.1 SRM Integration with Enterprise Risk Management, 27311.2 ERM Frameworks, 27411.3 Implementing an Integrated ERM Program, 27611.4 Summary of Key Points, 28212 SRM LEXICON 28512.1 Introduction, 28512.2 Illustrations, 28612.3 Notes to Readers, 28912.4 Definitions, 29013 SAMPLE TEMPLATES 33913.1 Security Risk Register form (Example 1), 34013.2 Security Risk Register form (Example 2), 34013.3 Risk Treatment Schedule (Example 1), 34113.4 Risk Treatment Schedule (Example 2), 34113.5 Outline Security Plan, 34213.6 Day-to-Day Operational Governance Registers, 34313.7 Property Selection and Security Planning Checklist, 34913.8 Sample Commitment Statement to Security and RiskManagement, 36113.9 Sample Bomb Threat Checklist, 36213.10 Sample Bomb Threat Room Search Checklist, 36413.11 Evaluation Criteria for Business Continuity andOrganizational Resilience, 36514 ABOUT THE LEAD AUTHORS 41714.1 Julian Talbot, CPP, 41714.2 Dr Miles Jakeman, 418BIBLIOGRAPHY AND OTHER REFERENCES 419INDEX 427