Author: Bradley Wayland
ISBN No: 9780128006214
Review date: 23/02/2024
No of pages: 257
Publisher: Butterworth-Heinemann, Elsevier
Year of publication: 03/09/2014
Security for Business Professionals How to Plan, Implement, and Manage Your Company’s Security Program Author Bradley Wayland
Plenty of good sense – perhaps even uncomfortably so – is offered in an American book on ‘Security for Business Professionals’.
Security is inconvenient, Bradley Wayland admits, ‘so it is necessary that your organisation strike the correct balance between implementation of security measures and their effects upon business operations’. An inevitable drawback for UK readers is that as an American book it covers US workplace rules and laws, such as the Occupational Safety and Health Administration (OSHA) standards. That said, much of what he says for instance under ‘considerations and staffing for security guard forces’ applies to the UK and anywhere, besides the United States.
At the risk of singling out one chapter over another, the opening one on ‘leadership and management’ offers much for the security reader, admitting that we’ve all seen bad management and leaders – but we can learn from them, Wayland suggests. Indeed it’s harder to learn from the good managers, as teams under them simply work well.
Another useful couple of pages cover metrics, which (as in any other part of a business) are needed to see how successful you are, and to see if you can improve. He is subtle enough to point out that not all measurements are automatically good or useful: ‘if there are no methods to ensure that you can adequately measure the area that you are trying to evaluate, the metric may appear to be a good measurement, but the information will fail to accurately assess the safety and security effectiveness of that particular procedure or item of equipment. An example of this would be a metric that measures the number of unauthorised entries into a company’s facility. Although the metric initially sounds good, the organisation may have no method to accurately track this number.’ That is, if you don’t know how many outsiders are coming in because staff identity badge wearing is not well enforced, or some back doors are left unlocked, who can say how many intruders there are?! To put any number on it may be dangerously misleading.
For the chapter on ‘facility security design’, the author brings in Crime Prevention through Environmental Design (CPTED). As the author writes: “The main idea behind CPTED is to integrate security into the overall design, reducing the negative visual impact that many security measures can provide; an example is readily apparent when one considers the different impacts of an attractive wooden fence versus the use of military-style concertina wire.” The chapter goes on to describe CPTED principles such as defensible space, and territoriality; and surveillance, ‘the principal weapon for protecting defensible space’. Inevitably, at times the author has to cover subjects at a gallop, but does regularly offer references for further reading, and checklists. Thus chapters cover physical, information and personnel security, such as pre-employment screening, which is meant mainly ‘to identify potential employees who are bad risk or do not fit with your organisation’s characteristics and traits’. The last two chapters cover training, in emergency response and security. As Wayland notes: “Unfortunately, training on your safety and security plan can take a back seat to other operational issues within your business.”
Whether because of his background, in US air force security, Wayland is frank about what security can and cannot do. Early on he recalls 9-11 and the Columbine school shootings, where attackers were motivated and ready to die, and accomplished what they set out to. “Columbine High School, the site of the notorious school shootings in 1999, is one example, since this location was the only target for Dylan Klebold and Eric Harris based on their intention to harm their fellow students at the same school that they attended, and no amount of security at the school would have deterred the attackers from their attempt.” Security can only mitigate. “The bottom line is that, regardless of a motivated criminal intent on acting against a specific location, it is still good practice to provide significant deterrence against any security incident. This will not only stop most, if not all, of the potential actions against your location by many random perpetrators, but it can also minimise damage or injury in the event that your company is attacked.”
While we could quibble about a lack of case studies or even anecdotes from the author’s career, to take the chapter on information security as an example, by keeping to principles – such as integrity, availability and confidentiality of information – it runs less chance of becoming outdated or looking merely self-indulgent.