1st Edition

How to Develop and Implement a Security Master Plan

By Timothy Giles Copyright 2008
    374 Pages 45 B/W Illustrations
    by Auerbach Publications

    Engage Stakeholders with a Long-Term Solution

    The goal: Convince executive management to "buy in" to your security program, support it, and provide the largest possible amount of funding.

    The solution: Develop a meticulously detailed long-term plan that sells decision-makers on the dire need for your program, and then maps out its direction and required budget.

    Assess and Outline Security Risks to Map Out Mitigation Strategies
    This practical guide details how to construct a customized, comprehensive five-year corporate security plan that synchronizes with the strategies of any business or institution. The author explains how to develop a plan and implementation strategy that aligns with an organization’s particular philosophies, strategies, goals, programs, and processes. Readers learn how to outline risks and then formulate appropriate mitigation strategies. This guide provides tested, real-world solutions on how to:

    • Conduct an effective, efficient assessment of the site and security personnel, meticulously addressing the particular needs of many different environments
    • Make decisions about security philosophies, strategies, contract relationships, technology, and equipment replacement
    • Interview executive and security management to determine their concerns, educate them, and ensure that they buy in to your plan
    • Use all gathered data to construct and finalize the Security Master Plan and then implement it into the management of the business

    Apply Insights from an Expert with Global Experience at the Highest Level
    Author Tim Giles worked at IBM for 31 years serving as Director of Security for the company’s operations in the United States and Canada, as well as Latin America and Asia-Pacific. His immeasurable experience and insight provide readers with an extraordinarily comprehensive understanding that they can use to design and execute a highly effective, tailored security program.

    The Business of Security

    Why Should You Develop a Security Master Plan?

    Engaging the Stakeholders

    What Should Your Security Philosophies Be?

    Contract Security Relationship

    What Should Your Security Strategies Be?

    Technology Migration Strategy

    Equipment Replacement Schedules

     

    Evaluate the Business’s Risks

    Potential Risks to the Business

    Defining What Your Risks Are

    Information Gathering

    The Workplace Violence Risk and Beyond

    Domestic Violence in the Workplace

    Other Risk Factors

    Risks of Fraud and Corruption

    Theft Risks

    Overseas-Related Risks

    Acts of Nature

    Information Sources

    Human Resources and the Security Plan

    Reacting to a Defined Risk

    Placing a Value on the Impact of Risk

     

    Conducting a Site Security Assessment — Part 1

    Assessing Aspects of Security Administration

    Documenting Post Orders and Procedures

    Security Personnel Selection and Staffing Considerations

    Employee Selection and Staffing Considerations

    Application Form

    Security Manual Documentation

    Security Education Awareness

    Contract Management and Audit

     

    Conducting a Site Security Assessment — Part 2

    Assessing Aspects of Physical Security

    Exterior Security Assessment — Vehicle Access Controls

    Parking Lot Security

    Proper Use of Signage

    Security Processing Operations — Visitor and Contractor Controls

    Proper Use of Lighting

    Barriers, Doors, and Building Perimeters

    Mechanical Locking Systems — Locks and Keys

    Submaster System

    Key Administration

    Security Officer Patrols

    Security Officer Review

    Crime Prevention Through Environmental Design

    Security Staffing

    Monitoring and Administering Physical Protection Systems

    Stationary and High-Visibility Posts

    Emergency Response Capabilities

    Training

     

    Conducting a Site Security Assessment — Part 3

    Assessing the Electronic systems

    Event Driven

    Fully Integrated

    Closed Circuit Television

    Access Control Systems

    Access Control System Policy

    Alarm Sensors and Reporting

    Radio Systems

    Technology Status — Current and Future

     

    Conducting a Site Security Assessment — Part 4

    Assessing Information Protection

    Information Security Protection Programs

    Computer and Network Security Ownership

    Security and Computer Use Standards for Employees

    Security Requirements

    Implementing a Classification System

    Investigation Requirements

    Processing Departing Employees

    Information Asset Security

    System Misuse

    Summary — Information Protection

    Government Regulations

     

    Conducting an Assessment of the Security Organization

    Reporting Structure

    The Security Organization’s Structure

    Mixed Security Forces

    Separation of Duties

    Other Issues

    Security Skills

    Evaluating the Security Officers

    Evaluating the Shift Supervisors

    Evaluating the CSO or Director of Security

    Evaluating the Other Security Positions

    Staffing Levels

    Armed versus Unarmed Officers

     

    Determining What Prevention, Crisis Management, and Recovery Programs Exist

    Prevention and Recovery Programs

    Business Intelligence Information

    Crisis Management Planning

    Corporate Reputation Crisis Plan

    Corporate Investigations: Fraud, Financial, Criminal, Computer, and Network

    Due Diligence Processes

    Emergency Response Planning and Testing

    Business Continuity and Disaster Recovery

    Executive Protection Program

    Internal Audit and Business Controls, Monitoring Programs, and Fraud and

    Pre-employment Screening and Drug Testing

    Risk Assessment Process (Annually)

    Security Systems and Procedures

    Terrorism, Bioterrorism, and the DHS: Threat Advisory System Response

    Workplace Violence Prevention Program

    References

     

    Interviewing Executive and Security Management

    Interview Executive Management to Understand Their Concerns and Issues

    The Approach

    Interpreting the Interview Answers

    The Importance of Listening

    Where to Start the Process

    Beginning the Interview

    Educating the Executives and Ensuring Their Buy-In

    Interview Security Management to Understand Their Concerns and Issues

     

    Review and Evaluate All Security-Related Contracts and the Information Protection Program

    Security Business Contracts

    Contractual Right to Audit

    Contract Bid Process

    Auditing Security-Related Contracts

    Reviewing the Information Protection Programs

    After-Hours Checks

    IT Information Protection

    Disaster Recovery Program Review

    Information Security Awareness Training

    Investigation Requirements

    Review of Exit Interview Process

    Information Asset Security Review

     

    Constructing the Security Master Plan Document

    Compiling, Organizing, and Evaluating the Information Gathered

    Developing Your Recommendations

    Initial Draft Review with Security Management

    Recommendation with Solutions

    Developing and Refining Security Philosophies, Strategies, and Goals

    Involving the Stakeholders

    Documenting the Master Plan

    Developing the Recommendations Presentation

    Estimating Cost Impacts

    Project Management Skills

     

    Typical Contents of a Security Master Plan

    Content Listing and Organization

    Structural Focus

    Budgeting Focus

    Establishing an ROI

     

    Finalizing the Security Master Plan Process

    The Recommendations Presentation

    Where to Begin

    Setting Your Goals

    Asking the Tough Questions

    Submitting the Finalized Security Master Plan

     

    Utilizing Your Plan in Managing Your Business

    Utilizing Your Plan for Periodic Quality Checks

    It Is All about Timing

    Keeping the Plan in Sync with the Business

    Testing Your Plan Against the Latest Technology

    Benchmarking and Business Process (Matrix) Management

    Best of Breed

    Business Process (Matrix) Management

     

    Appendices

    Biography

    Timothy Giles

    This practical guide details how to construct a customized, comprehensive, five-year corporate security plan that synchronizes with the strategies of any business or institution.
    – In ASIS Dynamics, May/June 2009

    In this well-written, well-organized book, author Timothy D. Giles, CPP, PSP, provides a thorough overview of how to develop a five-year security master plan that aligns with both an organization’s security philosophy and its overall business plan. … In addition to explanation of data collection and analysis procedures, the text features an outline of a plan document including guidelines for how to address the budget and establishing a return on investment, as well as a discussion on how to approach the final recommendations’ presentation. … A valuable appendix includes guidelines for dealing with workplace violence issues, material on executive protection, self-assessment templates, and an example of a format for a consulting proposal. … It is an excellent road map for security professionals to use as a benchmark relative to their own practices and would also be an excellent text for students assigned to evaluate a security program.
    —George Okaty, Director of Safety & Security, Tidewater Community College, Virginia, in Security Magazine, September 2010