Security Risk Management Body of Knowledge (Wiley Series in Systems Engineering and Management) [Hardcover]

Julian Talbot (Author), Miles Jakeman (Author)

Book Description

Publication Date: August 17, 2009 | ISBN-10: 0470454628 | ISBN-13: 978-0470454626 | Edition: 2nd updated

A framework for formalizing risk management thinking in today¿s complex business environment

Security Risk Management Body of Knowledge details the security risk management process in a format that can easily be applied by executive managers and security risk management practitioners. Integrating knowledge, competencies, methodologies, and applications, it demonstrates how to document and incorporate best-practice concepts from a range of complementary disciplines.

Developed to align with International Standards for Risk Management such as ISO 31000 it enables professionals to apply security risk management (SRM) principles to specific areas of practice. Guidelines are provided for: Access Management; Business Continuity and Resilience; Command, Control, and Communications; Consequence Management and Business Continuity Management; Counter-Terrorism; Crime Prevention through Environmental Design; Crisis Management; Environmental Security; Events and Mass Gatherings; Executive Protection; Explosives and Bomb Threats; Home-Based Work; Human Rights and Security; Implementing Security Risk Management; Intellectual Property Protection; Intelligence Approach to SRM; Investigations and Root Cause Analysis; Maritime Security and Piracy; Mass Transport Security; Organizational Structure; Pandemics; Personal Protective Practices; Psych-ology of Security; Red Teaming and Scenario Modeling; Resilience and Critical Infrastructure Protection; Asset-, Function-, Project-, and Enterprise-Based Security Risk Assessment; Security Specifications and Postures; Security Training; Supply Chain Security; Transnational Security; and Travel Security.

Security Risk Management Body of Knowledge is supported by a series of training courses, DVD seminars, tools, and templates. This is an indispensable resource for risk and security professional, students, executive management, and line managers with security responsibilities.

Editorial Reviews

From the Back Cover

A framework for formalizing risk management thinking in today¿s complex business environment

Security Risk Management Body of Knowledge details the security risk management process in a format that can easily be applied by executive managers and security risk management practitioners. Integrating knowledge, competencies, methodologies, and applications, it demonstrates how to document and incorporate best-practice concepts from a range of complementary disciplines.

Developed to align with International Standards for Risk Management such as ISO 31000 it enables professionals to apply security risk management (SRM) principles to specific areas of practice. Guidelines are provided for: Access Management; Business Continuity and Resilience; Command, Control, and Communications; Consequence Management and Business Continuity Management; Counter-Terrorism; Crime Prevention through Environmental Design; Crisis Management; Environmental Security; Events and Mass Gatherings; Executive Protection; Explosives and Bomb Threats; Home-Based Work; Human Rights and Security; Implementing Security Risk Management; Intellectual Property Protection; Intelligence Approach to SRM; Investigations and Root Cause Analysis; Maritime Security and Piracy; Mass Transport Security; Organizational Structure; Pandemics; Personal Protective Practices; Psych-ology of Security; Red Teaming and Scenario Modeling; Resilience and Critical Infrastructure Protection; Asset-, Function-, Project-, and Enterprise-Based Security Risk Assessment; Security Specifications and Postures; Security Training; Supply Chain Security; Transnational Security; and Travel Security.

Security Risk Management Body of Knowledge is supported by a series of training courses, DVD seminars, tools, and templates. This is an indispensable resource for risk and security professional, students, executive management, and line managers with security responsibilities.

About the Author

Julian Talbot is the Practice Leader for Risk Management with JBS, a specialist business strategy and risk management company. Previously he held roles as manager of security for the Australian governments most extensive over-seas network (Austrade) and for Australias largest natural resources project, Woodsides $20 billion North West Shelf Venture. He has also held roles as a director with the Risk Management Institution of Australasia (RMIA), director of the Australian Institute of Professional Intelligence Officers, and a research associate with the Australian Homeland Security Research Centre.

Miles Jakeman, PhD, is the Managing Director of Citadel Group Limited. His key skills cover business strategy, program management, and security risk management. Dr. Jakeman has worked with defense, intelligence, and national security agencies, as well as multinational companies. He is a member of the Australian Institute of Company Directors and the ACT Capital Angels, a preferred risk management supplier to the Australasian Business Travelers Association and an Associate of RMIA.

Product Details

• Hardcover: 445 pages
• Publisher: Wiley; 2nd updated edition (August 17, 2009)
• Language: English
• ISBN-10: 0470454628
• ISBN-13: 978-0470454626
• Product Dimensions: 10.1 x 7.2 x 1.2 inches
• Shipping Weight: 2.9 pounds
• Average Customer Review: 4.8 out of 5 stars  See all reviews (6 customer reviews)
• Amazon Best Sellers Rank: #626,417 in Books (See Top 100 in Books)

More About the Author

What prompted me to think I knew enough to contribute to book on risk? Well, a lifetime of taking risks probably helps. Whether riding motorcycles, abseiling, flying or traveling off the beaten track, I seem to have some affinity for risk taking (and some decent scars to go with it). These days I live in Phnom Penh which is nowhere near as risky as it might sound but I make up for that by traveling to interesting places on a regular basis.

Co-authoring a book about risk with the rather immodest title of Security Risk Management Body of Knowledge (SRMBOK) also seemed like an inherently risky project for a first time author. Another venture that 'seemed like a good idea at the time'. Luckily I had lots of help along the way and in any case... so far, so good.

Along the way I've survived my own risk taking tendencies long enough to pick up a Master of Risk Management and even been lucky enough to be entrusted with assessing and managing risks for some fairly significant international organizations, some of whom even know about my risk seeking tendencies but still entrusted themselves to me. For this experience and other kindnesses, I am most grateful and endeavor always to apply their risk tolerances rather than my own when suggesting what have (usually) proven to be sound ideas.

My current risky behaviors include writing a series of books and e-books on various aspects of risk management, some of which may even find a publisher if I should be so lucky. In any case, I hope you find the first one at least, a useful contribution.

Customer Reviews

Most Helpful Customer Reviews

5 of 5 people found the following review helpful:

5.0 out of 5 stars A Valuable Manual on Security Risk Management, August 31, 2009

By 

David Paul Wagner "1902encyclopedia website" (Sydney, Australia) - See all my reviews
(REAL NAME)   

This review is from: Security Risk Management Body of Knowledge (Wiley Series in Systems Engineering and Management) (Hardcover)

Since 2001 attention has become understandably more focused on matters of security. Billions of dollars and millions of hours have been spent on devising responses to current and future threats. In this environment the discipline of security risk management (SRM) has received much more attention from business and government. However, to my knowledge the "Security Risk Management Body of Knowledge" is the first comprehensive attempt at summarizing the complex and varied elements that make up the discipline of SRM.

This book, which was originally published by the Risk Management Institution of Australasia and which draws on the contributions of almost 100 SRM specialists, provides a holistic overview of SRM, combining a broad survey of the major areas of SRM with a wealth of practical details and advice on how to use SRM tools.

It attempts to put some structure around the idea of "security risk management". For example, it postulates four strategic Knowledge Areas (Exposure, Risk, Resources, Quality) and four operational Competency Areas (Business Integration, Functional Design, Implementation, Assurance) that together contain important knowledge that any security team in any organization needs to have.

The "Security Risk Management Body of Knowledge" uses models (such as the "Swiss Cheese" and the "Bow Tie" models), checklists and templates to help practitioners develop analyses and action plans specifically related to the organizations whose security they are attempting to improve.

This book includes a comprehensive lexicon (50 pages of text and illustrations) of SRM terms and definitions. The book also incorporates a generous quantity of color diagrams which aid greatly in the understanding of complex SRM processes.

The "Security Risk Management Body of Knowledge" also contains a thoughtful discussion on the human factors in SRM and asks questions regarding the underlying root causes of security failures and regarding the roles of culture and organizational psychology in risk management. This approach broadens the whole concept of personnel security away from just employment screening and security vetting towards asking more difficult (but vital) questions such as why would well-intentioned, conscientious people deliberately put themselves at risk by doing "irrational" things such as sharing passwords or chocking a fire door open when they should know better.

In conclusion, this book can be highly recommended not only for security risk management professionals but also for all who work in any area of risk management and security. Its tools, templates and concepts are also helpful for people with responsibilities in fields such as safety, health, business continuity, intelligence, and fraud prevention.

Moreover, this book, with its logical layout, its case studies, its abundance of color diagrams, its lexicon and its bibliography, would be an ideal educational textbook in SRM for use in technical school and college courses and for use in consulting situations.

3 of 3 people found the following review helpful:

4.0 out of 5 stars Security Risk Management Body of Knowledge, September 3, 2009

By 

R. Long - See all my reviews
(REAL NAME)   

This review is from: Security Risk Management Body of Knowledge (Wiley Series in Systems Engineering and Management) (Hardcover)

A body of knowledge in this age is something which seems to expand at a frightening and sometimes unmanageable pace but a foundation needs to be put down somewhere, a place where people can launch off into that ever expanding interest. The Security Risk Management Body of Knowledge or SRMBOK does just this, it is a foundational text and reference library for professionals interested in security and risk management. For those who want to understand and develop their knowledge in security risk management, this is the place to start. The book is very well structured and provides excellent guides at the front to help navigate through the text, contingent on reading purpose. Like many text books SRMBOK is not for the faint hearted, its not the kind of test for a slow read on a sunny afternoon. SRMBOK is the kind of book to which you refer again and again, that sits beside the encyclopedia and other reference books.

SRMBOK is not, as it states, about "guns, gates and guards" or "ciphers, safety and society" but explores the dynamic concept of "providing resilience". The approach of the book is to help the reader map and navigate a way through the evolving and challenging landscape of security and risk.

SRMBOK explains the fundamentals of security and risk in clear language with excellent illustrations and graphics. The explanation of standards (eg. AZ/NZS4360:2004), legislative requirements and governance issues is articulated through plain (non-technical) language and complementary illustrations. A range of helpful tools such as the "swiss cheese", ALARP, Hierarchy of Control and "bow tie" matrix are set out and explained. Business integration, functional design and congruence with project management tools and methods are also explained. The section on auditing is practical as is the section on physical risks, and is followed by a comprehensive discussion of significant aspects of risk management, change management, ICT management, human resource management as they apply to security risk management. The book has a comprehensive lexicon and bibliography.

2 of 2 people found the following review helpful:

5.0 out of 5 stars A true repository of security knowledge, January 31, 2011

By 

Jan Husdal (Molde, Norway) - See all my reviews
(REAL NAME)   

This review is from: Security Risk Management Body of Knowledge (Wiley Series in Systems Engineering and Management) (Hardcover)

A Wiley book rarely lets you down, and this one doesn't either. With a refreshing Australian touch, distinctively unlike many American books on the same subject, this 445-page heavy-weight of a book has it all.

It is is a vast and practically all-encompassing repository of knowledge, filled with accepted best practices, innovations and research in the evolving field of security risk management. This book does not have a narrow scope, it is wide open, and it extends towards business continuity, resilience and even supply chain management. It thoroughly details the security risk management process in an easy-to-read format that can be understood by executive managers and deployed by security risk management practitioners. Indeed, no prior knowledge is required. Accompanied by rich and colorful illustrations on every other page (examples can be seen in the preview below), the message is clear: While today's business world may be complex, security risk management doesn't have to follow suit with the same complexity. Yes, risks may be complex, but managing them is not, and this book makes it look easy. Essentially this book provides a mixture of security management, resilience management and business continuity management, and it does so very well. It is a vast book and I can only review so much, but let's see what the book has to offer.

One of the best features of the book is the SRM Lexicon, a 50-page compilation of more than 250 terms and definitions related to security risk management. In fact, the SRM Lexicon can be read entirely on its own, without any reference to the book; it would still make perfect sense. It is that good. Among other things, the book also features a list of no less than twelve risk definitions, their benefits and potential drawbacks

This is a solid handbook that leaves no ground uncovered. Because it is so comprehensive, after reading the book, I do feel a bit lost...as in "Where do I go from here and where do I start?". That is where the sample templates are most helpful, as they provide a step-by-step guide, examples and check list towards achieving full security risk management. Besides this, the SRM lexicon and the illustrations make this book more than worthwhile.