By Clifton L. Smith and David J. Brooks; Reviewed by David O. Best, CPP
This text lays that theoretical foundation for understanding the application of security disciplines and its impact on the future development of the discipline.
***** Security Science: The Theory and Practice of Security. By Clifton L. Smith and David J. Brooks. Butterworth-Heinemann; elsevier.com; 280 pages; $69.95; also available as e-book.
Security practitioners who have wanted a text that links security management principles with the proven concepts of the scientific method need look no further. The authors make the case that application of the standard scientific theories and system methodologies in use by other fields of study can be used to enhance the understanding of the emerging field of security science. This text lays that theoretical foundation for understanding the application of security disciplines and its impact on the future development of the discipline.
The authors use an academic approach that takes the reader through the notional aspects and theoretical underpinnings of the scientific method, ultimately defining the concept of security management based on proven scientific thought. Noting its multidimensional aspects, the authors recognize that the scope and context of security evolve based on social concern and nation-state impacts. The concepts proffered by the authors can be expanded into an integrated framework that includes business continuity, security technology, physical and personnel security, and industrial security implications. The authors stress that systems theory should be the basis for a developing a comprehensive security management plan that integrates security functions into an organization as a whole. They emphasize that a security manager must be first a business manager, working to support the organization’s goals, and a security manager second.
The authors provide an effective and insightful linkage of the standard ISO risk management methodologies and processes. They cite security risk management as a unique subdomain of risk management that integrates threat and vulnerability assessments. They also detail the concept of the “built environment” that encompasses the human-constructed surroundings that provide and support the organization’s human activities, and note that security should have some degree of input into decisions concerning design, development, and operation of the organization.
The application of scientific theory, principles, and utility is explained for each security technology used in hardening the built environment. The authors detail the myriad of physical security approaches, such as CPTED and defense-in-depth, that can contribute to a successful protection strategy. Several chapters detail the hardening of protection assets through the use of detection systems using alarms, barriers, and integrated identification technology, biometrics, and CCTV systems. Chapters on knowledge management and business continuity management address the specific role of the security manager in using intelligence products to address threats to the organization, as well as their critical role in ensuring that critical business objectives continue during and after a disruptive risk.
In a discussion on the future of security, the authors note that the development of security standards and a greater focus on security education will enhance the role of the security practitioner in the organization. They successfully show how security management principles can be examined using systems theory and scientific methodologies to increase security’s role in business. This text is critical to security managers at any level who wish to enhance their role in their organization.
David O. Best, CPP, ISP (Industrial Security Professional), CBM (Certified Business Manager), is a senior program analyst with the Information Security Oversight Office in Washington, D.C. He is a member of ASIS.