Author: John White
ISBN No: 9780128002216
Review date: 13/06/2026
No of pages: 230
Publisher: Butterworth-Heinemann, Elsevier
Publisher URL:
http://store.elsevier.com
Year of publication: 03/09/2014
Brief:
Security Risk Assessment: Managing Physical and Operational Security
price
£23.24
Much of security work is about risk assessment. How though to go about assessing those risks?
John White takes you through a security risk assessment, from who will do it, how often it needs doing, and how long it takes. He goes through the planning, the schedule and budget, and that wonderful word โdeliverablesโ, how to gather information on risk, whether from staff surveys or interviews. The comes the physical security assessment, whether a meeting, more interviews, or a look around the inside or outside of a building. As for which order you cover the ground, White says it doesnโt matter, and may depend on the weather, but note that โyou cannot conduct an exterior lighting assessment during the daylight hoursโ. As for interviews, you may ask random staff for a few minutes of their time; an independent security consultant may find it easier to get staff to talk candidly, he points out. He advises that such a consultant begins such a conversation by saying that whatโs said is confidential. The consultant can, White argues, โtake all the emotions out of the equationโ. That applies more to the later part of the book, covering operations. While no-one might get worked up about whether lighting of the car park is adequate, they might feel more defensive about plans, patrolling, record-keeping and โsecurity cultureโ, or lack of them. Though White does say that itโs โalways better to identify your findings before someone else does, as it gives you a better opportunity to resolve concerns and develop yourself and your department into a more professional operationโ.
As for security department policies, White recalls that a โpolicy is often an expression of the corporate culture, rules and expectations of staff, yet in many cases those documents can be vagueโ. As a rule, policies should be reviewed at least every three years, he advises (and note the date of each policy review). As standard, security records should be maintained for five to seven years, he says. If you are not sure, ask. Past incidents and statistics arising are, as he points out, an important part of a security risk assessment. How else can you measure success or outcomes?
Workplace violence, whether verbal threats or the extreme of an โactive shooterโ gets a chapter to itself. As he sets out, workplace violence reduction takes in training, incident reporting and prevention – responding to warning signs, a โconfidential tip line-hotlineโ, and screening of staff before hiring. White goes on to financial risk assessment – such as cash handling, โlost and foundโ and transporting money. A couple of chapters cover security technology notably access control; and โcontracted servicesโ get a chapter, from background investigators to parking management and document shredder contractors.
Having done the assessment, you then have to make a written report of your findings from your notes. He runs through what to cover, offering some samples, and not forgetting โnext stepsโ: โFor whatever reason, many reports identify the problems and recommendations, but there is no mention of what an organisation needs to do in response.โ In other words, you the security assessor or manager have to get non-security managers to buy into, or literally buy, what you recommend. That is the subject for the final, conclusion chapter, going through procurement, managing the vendor, selecting the product and testing the installed system; though more could usefully have been written about how to get the company to sanction the recommendations and agree to the spending. The book closes by suggesting that an assessment reportโs findings will be used for several years, and as part of your next assessment, though an assessment every three years is recommended. Again, I would have liked more on the real-world question of what to do if as so often people move on or have to leave because of cost-cutting, and newcomers have to pick up the threads.
Security Risk Assessment: Managing Physical and Operational Security, by John White. Published 2014 by Butterworth-Heinemann, Elsevier. ISBN 9780128002216, 230 pages, online price ยฃ23.24. Visit www.bh.com.
