Metrics and methods for security risk management [electronic book] / Carl S. Young.

By:

Young, Carl S

Contributor(s):

ScienceDirect (Online service)

Material type: Text

TextPublication details: Amsterdam ; Boston : Syngress/Elsevier, c2010.Description: xx, 272 p. : ill. ; 24 cmISBN:

1856179788
9781856179782

Subject(s):

Genre/Form:

Electronic books.

Additional physical formats: No titleOnline resources:

ScienceDirect eBook

Contents:

Part I - The Structure and Function of Security Risk -- Chapter 1 - Security Threats and Risk -- Chapter 2 - The Fundamentals of Security Risk Measurements -- Chapter 3 - Risk Measurements and Security Programs -- Part II - Measuring and Mitigating Security Risk -- Chapter 4 - Measuring the Likelihood Component of Security Risk -- Chapter 5 - Measuring the Vulnerability Component of Security Risk -- Chapter 6 - Mitigating Security Risk: Reducing Vulnerability.

Summary: Metrics and Methods for Security Risk Management offers powerful analytic tools that have been absent from traditional security texts. This easy-to-read text provides a handy compendium of scientific principles that affect security threats, and establishes quantitative security metrics that facilitate the development of effective security solutions. Most importantly, this book applies these foundational concepts to information protection, electromagnetic pulse, biological, chemical and radiological weapons, theft, and explosive threats. In addition, this book offers a practical framework for assessing security threats as well as a step-by-step prescription for a systematic risk mitigation process that naturally leads to a flexible model for security standards and audits. This process helps ensure consistency and coherence in mitigating risk as well as in managing complex and/or global security programs. This book promises to be the standard reference in the field and should be in the library of every serious security professional. * Offers an integrated approach to assessing security risk * Addresses homeland security as well as IT and physical security issues * Describes vital safeguards for ensuring true business continuity.

No physical items for this record

Enhanced descriptions from Syndetics:

Security problems have evolved in the corporate world because of technological changes, such as using the Internet as a means of communication. With this, the creation, transmission, and storage of information may represent security problem.

Metrics and Methods for Security Risk Management is of interest, especially since the 9/11 terror attacks, because it addresses the ways to manage risk security in the corporate world. The book aims to provide information about the fundamentals of security risks and the corresponding components, an analytical approach to risk assessments and mitigation, and quantitative methods to assess the risk components. In addition, it also discusses the physical models, principles, and quantitative methods needed to assess the risk components. The by-products of the methodology used include security standards, audits, risk metrics, and program frameworks. Security professionals, as well as scientists and engineers who are working on technical issues related to security problems will find this book relevant and useful.

Includes bibliographical references and index.

Metrics and Methods for Security Risk Management offers powerful analytic tools that have been absent from traditional security texts. This easy-to-read text provides a handy compendium of scientific principles that affect security threats, and establishes quantitative security metrics that facilitate the development of effective security solutions. Most importantly, this book applies these foundational concepts to information protection, electromagnetic pulse, biological, chemical and radiological weapons, theft, and explosive threats. In addition, this book offers a practical framework for assessing security threats as well as a step-by-step prescription for a systematic risk mitigation process that naturally leads to a flexible model for security standards and audits. This process helps ensure consistency and coherence in mitigating risk as well as in managing complex and/or global security programs. This book promises to be the standard reference in the field and should be in the library of every serious security professional. * Offers an integrated approach to assessing security risk * Addresses homeland security as well as IT and physical security issues * Describes vital safeguards for ensuring true business continuity.

Electronic reproduction. Amsterdam : Elsevier Science & Technology, 2010. Mode of access: World Wide Web. System requirements: Web browser. Title from title screen (viewed on Aug. 4, 2010). Access may be restricted to users at subscribing institutions.

Table of contents provided by Syndetics

About the Author (p. xi)
Foreword (p. xiii)
Preface (p. xv)
Acknowledgments (p. xix)
Part I The Structure of Security Risk
Chapter 1 Security Threats and Risk (p. 3)
1.1 Introduction to Security Risk or Tales of the Psychotic Squirrel and the Sociable Shark (p. 3)
1.2 The Fundamental Expression of Security Risk (p. 9)
1.3 Introduction to Security Risk Models and Security Risk Mitigation (p. 14)
1.4 Summary (p. 17)
Chapter 2 The Fundamentals of Security Risk Measurements (p. 19)
2.1 Introduction (p. 19)
2.2 Linearity and Non-linearity (p. 19)
2.3 Exponents, Logarithms and Sensitivity to Change (p. 25)
2.4 The Exponential Function e x (p. 27)
2.5 The Decibel (dB) (p. 28)
2.6 Security Risk and the Concept of Scale (p. 31)
2.7 Some Common Physical Models in Security Risk (p. 33)
2.8 Visualizing Security Risk (p. 37)
2.9 An Example: Guarding Costs (p. 42)
2.10 Summary (p. 43)
Chapter 3 Risk Measurements and Security Programs (p. 45)
3.1 Introduction (p. 45)
3.2 The Security Risk Assessment Process (p. 47)
3.2.1 Unique Threats (p. 47)
3.2.2 Motivating Security Risk Mitigation: The Five Commandments of Corporate Security (p. 48)
3.2.3 Security Risk Models (p. 49)
3.3 Managing Security Risk (p. 54)
3.3.1 The Security Risk Mitigation Process (p. 54)
3.3.2 Security Risk Standards (p. 58)
3.4 Security Risk Audits (p. 70)
3.5 Security Risk Program Frameworks (p. 73)
3.6 Summary (p. 73)
Part II Measuring and Mitigating Security Risk
Chapter 4 Measuring the Likelihood Component of Security Risk (p. 81)
4.1 Introduction (p. 81)
4.2 Likelihood or Potential for Risk? (p. 82)
4.3 Estimating the Likelihood of Randomly Occurring Security Incidents (p. 85)
4.4 Estimating The Potential for Biased Security Incidents (p. 88)
4.5 Averages and Deviations (p. 91)
4.6 Actuarial Approaches to Security Risk (p. 97)
4.7 Randomness, Loss, and Expectation Value (p. 99)
4.8 Financial Risk (p. 106)
4.9 Summary (p. 107)
Chapter 5 Measuring the Vulnerability Component of Security Risk (p. 109)
5.1 Introduction (p. 109)
5.2 Vulnerability to Information Loss through Unauthorized Signal Detection (p. 110)
5.2.1 Energy, Waves and Information (p. 111)
5.2.2 Introduction to Acoustic Energy and Audible Information (p. 115)
5.2.3 Transmission of Audible Information and Vulnerability to Conversation-Level Overhears (p. 117)
5.2.4 Audible Information and the Effects of Intervening Structures (p. 120)
5.2.5 Introduction to Electromagnetic Energy and Vulnerability to Signal Detection (p. 126)
5.2.6 Electromagnetic Energy and the Effects of Intervening Structures (p. 132)
5.2.7 Vulnerability to Information Loss through Unauthorized Signal Detection: A Checklist (p. 135)
5.3 Vulnerability to Explosive Threats (p. 136)
5.3.1 Explosive Parameters (p. 136)
5.3.2 Confidence Limits and Explosive Vulnerability (p. 142)
5.4 A Theory of Vulnerability to Computer Network Infections (p. 146)
5.5 Biological, Chemical and Radiological Weapons (p. 151)
5.5.1 Introduction (p. 151)
5.5.2 Vulnerability to Radiological Dispersion Devices (p. 152)
5.5.3 Vulnerability to Biological Threats (p. 162)
5.5.4 Vulnerability to External Contaminants; Bypassing Building Filtration (p. 168)
5.5.5 Vulnerability to Chemical Threats (p. 172)
5.6 The Visual Compromise of Information (p. 173)
5.7 Summary (p. 175)
Chapter 6 Mitigating Security Risk: Reducing Vulnerability (p. 179)
6.1 Introduction (p. 179)
6.2 Audible Signals (p. 180)
6.2.1 Acoustic Barriers (p. 182)
6.2.2 Sound Reflection (p. 184)
6.2.3 Sound Absorption (p. 185)
6.3 Electromagnetic Signals (p. 187)
6.3.1 Electromagnetic Shielding (p. 187)
6.3.2 Intra-Building Electromagnetic Signal Propagation (p. 191)
6.3.3 Intra-Building Electromagnetic Signal Propagation (p. 194)
6.3.4 Non-Point Source Electromagnetic Radiation (p. 195)
6.4 Vehicle-borne Explosive Threats: Barriers and Bollards (p. 198)
6.5 Explosive Threats (p. 203)
6.6 Radiological Threats (p. 206)
6.7 Biological Threats (p. 210)
6.7.1 Particulate Filtering (p. 210)
6.7.2 Ultraviolet Germicidal Irradiation (UVGI) (p. 212)
6.7.3 Combining UVGI with Particulate Filtering (p. 214)
6.7.4 More Risk Mitigation for Biological Threats (p. 216)
6.7.5 Relative Effectiveness of Influenza Mitigation (p. 217)
6.8 Mitigating the Risk of Chemical Threats (briefly noted) (p. 222)
6.9 Guidelines on Reducing the Vulnerability to Non-Traditional Threats in Commercial Facilities (p. 224)
6.10 Commercial Technical Surveillance Countermeasures (TSCM) (p. 225)
6.11 Electromagnetic Pulse (EMP) Weapons (p. 234)
6.12 Summary (p. 238)
Epilogue (p. 243)
Appendix A (p. 245)
Appendix B (p. 247)
Appendix C (p. 249)
Appendix D (p. 251)
Appendix E (p. 253)
Appendix F (p. 255)
Appendix G (p. 257)
Appendix H (p. 259)
Index (p. 261)

Author notes provided by Syndetics

Carl S. Young is a security professional with a leading investment bank.