CJ 405 Security Management Best Practices
docx
keyboard_arrow_up
School
Midlands Technical College *
*We aren’t endorsed by this school
Course
102
Subject
Information Systems
Date
Dec 6, 2023
Type
docx
Pages
4
Uploaded by sylviacraven
CJ 405
Security Management Best Practices
Overview
Security management best practices can look different across industries or from organization to
organization within an industry. However, there are fundamental practices that are universal to all
industries and organizations. Many organizations, including ASIS International, the U.S. Department of
Homeland Security (DHS), and the International Association of Professional Security Consultants, help to
curate best practices for their members as well. For the purposes of this course, we have categorized the
fundamental best practices below into five key areas:
1.
Policies and procedures
2.
Assets and physical protection
3.
Management
4.
Hiring
5.
Training
These key areas are explained below. You will use these throughout your course.
Policies and Procedures
One of the key responsibilities of a security manager is to help prepare the organization for situations
that can disrupt the flow of business operations. These situations can encompass security breaches
involving white collar crime, focused criminal attacks (cyber or physical), or natural disasters. Having
response plans and guidance for employees laid out in policies and procedures gives the organization a
baseline to respond to such events. Failing to plan ahead and provide a baseline of policies and
procedures related to security and safety can open the organization to scrutiny and potential liability.
Additionally, security management should ensure that these policies are understood and followed at
every level. An organization can often be held to be negligent when policies and procedures either are
not followed or are ignored (ASIS chief security officer standard and LPM article). Policies and
procedures may not be comprehensive, but it is the security manager’s responsibility to ensure that the
organization is ready to deal with situations that can impact the health and safety of customers and
employees.
Helpful tools from the security management toolkit include Emergency Operations Procedures.
Assets and Physical Protection
The protection of an organization’s assets and the prevention of security-related liability and risk require
that security management take a comprehensive look at any related risks and ways to address them. The
goal is to look beyond the customers, employees, and physical structures that need protecting. Both
tangible (e.g., physical, human) and intangible (e.g., information, reputation, intellectual property) assets
need to be protected. Once a security manager knows what needs to be protected, he or she can
develop a security plan to help protect the organization and its people as a whole across the
organization. Understanding and using the various methods and mitigation tools at a security manager’s
disposal are critical elements of the protection of organizational assets.
Establishing a framework that meets the goals of the organization, facilitates change management
practices, and looks for opportunities for improvement is important in the protection of an organization’s
assets. Assuming that the assets have been identified and the framework is in place to support a security
plan/program, security managers can use a variety of tools to help with using threat and vulnerability
assessments through the overarching security risk assessment process. Once threats and vulnerabilities
are identified, measures can be implemented to protect the organization in areas identified.
There are several tools and methods that can be used to layer protection across the organization to
direct, deter, delay, detect, and deny a disruption or attack:
Crime prevention through environmental design (“CPTED”)
Site hardening/physical barriers
Entry and access control
Security lighting
Alarms and intrusion detection
Cameras and video monitoring
Electronic and network controls
Personnel (e.g., employees, visitors, vendors, security professionals)
Policies and procedures
Helpful tools from the security management toolkit include Risk Assessment, Threat Assessment, and
Vulnerability Assessment. A key tool is the use of the Security Survey to help identify vulnerabilities.
Management
Although security managers and other key organizational leaders are responsible for more strategic focus
and day-to-day oversight of an enterprise, they also must stand ready to respond to critical events and
incidents that could impact operations and assets. Management is a critical part of any incident
response; organizational leaders are often referred to as the “most knowledgeable” in civil litigation.
Security staff, as well as other employees, depend on management to give them direction and support
when security events or other crises arise in terms of policy, procedures, and organizational response. It
is important to provide managers at all levels with the tools they need to respond to a variety of
situations, as well as to groom them to be supportive as leaders in order to help employees in any given
situation.
Management should be knowledgeable and have a keen understanding of all of the tools in the
toolkit, particularly the organization’s key assets and emergency operations plans to deal with
emergencies.
Hiring
One of the more critical decisions senior leaders and managers within an organization can make is whom
to hire to help provide safety and security services within their organization. People are an organization’s
greatest assets, particularly those who provide security. Proper screening and vetting of a new employee
can be both challenging and rewarding for the organization. Hiring the right members for the security
and safety staff is critical for an organization; improper hiring can lead to an organization’s biggest risk
and greatest liability. Improper hiring can take the form of inadequate screening or background checks of
employees or not hiring enough security to protect customers and employees to meet perceived risks or
potential criminal actions (Groussman & Nickas, 2019).
The following are important considerations and questions related to hiring:
Do we have an effective employee screening process? Is it documented?
Do we conduct detailed background checks?
Personal history verification (credit history, state motor vehicle department records, and criminal
history)
Employment and certification verification (e.g., employment references, work history)
Drug screening
Are we consistent in our hiring practices?
Do new hires understand the rules, plans, policies, and procedures?
Do new hires’ skills and competencies match their security roles and responsibilities?
It is important when screening potential employees that they are familiar with all of the tools in the
security management toolkit.
Training
Many of the best practices in training security teams have been developed by organizations such as DHS,
ASIS International, the International Foundation for Protection Officers, or other private training
organizations. However, training standards are often set by state statute (law) or local/city ordinances.
The law sets the standard by requiring a certain number of hours and other certification requirements to
become a security officer or investigator. Regardless of the standard or best practice, training is a critical
part of a public safety professional’s understanding of how to do their job and operate effectively.
Training should be ongoing. Training should also be reevaluated and constantly monitored to ensure that
security officers are being given the tools they need to do their job more safely and smarter in their
specific role.
It is critical that organizations identify specific training criteria for job-specific positions and consider the
following points:
1.
State laws/city ordinances requiring training for security
2.
Organizational policies and procedures
3.
Site- and job-specific responsibilities and skills required
4.
Risks associated with the specific duty assignment (specific crimes, hazards, and mitigation
strategies)
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Training requires knowledge transfer relating to the organization’s assets and emergency operations
plans. New employees (inside and outside of security) should be familiar with each tool in order to
identify vulnerabilities and risks in order to protect assets.
References
ASIS International Commission on Guidelines. (2003).
General security risk assessment guideline
.
Alexandria, VA: ASIS International.
ASIS International. (2009b).
Preemployment Background Screening Guideline
. Alexandria, VA: ASIS
International.
ASIS International. (2012).
ANSI/ASIS PAP.1-2012 – Security Management Standard: Physical Asset
Protection
. Alexandria, VA: ASIS International.
ASIS International. (2015a).
ANSI/ASIS RIMS CSO.1-2013 – Chief Security Officer - An Organizational
Model
. Alexandria, VA: ASIS International.
ASIS International. (2015b).
ANSI/ASIS RIMS RA.1-2015 – Risk Assessment
. Alexandria, VA: ASIS
International.
ASIS International. (2019).
Private Security Officer Selection and Training
. Alexandria, VA: ASIS
International.
Groussman, J. D., & Nickas, C. D. (2019, May 6). Premises security liability: Here’s why reasoned behavior
trumps perfection.
Loss Prevention Magazine
. https://losspreventionmedia.com/premises-security-
liability-reasoned-behavior-trumps-perfection/
Interagency Security Committee. (2015).
Best Practices for Planning and Managing Security Resources:
An Interagency Security Committee Guide
. Retrieved from:
https://www.cisa.gov/sites/default/files/publications/isc-planning-managing-physical-security-resources-
dec-2015-508.pdf
International Association of Professional Security Consultants. (2008).
Forensic methodology (best
practice #2)
. Des Moines, IA: International Association of Professional Security Consultants.
U.S. Department of Homeland Security. (2019).
Emergency response plan
.
https://www.ready.gov/business/implementation/emergency