What is "total security management?" Simply put: Secure all aspects of your operation, ensure your suppliers do the same, and plan for problems.
***** Securing Global Transportation Networks: A Total Security Management Approach. By Luke Ritter, J. Michael Barrett, and Rosalyn Wilson; published by McGraw-Hill; available from ASIS, item #1718, 703/519-6200 (phone), www.asisonline.org (Web); 276 pages; $50 (ASIS members), $55 (nonmembers).
As its title indicates, this book touts the emerging concept of “total security management” (TSM) in supply chains: a holistic, soup-to-nuts method in which security is a guiding business principle, not an afterthought. Simply put: Secure all aspects of your operation, ensure your suppliers do the same, and plan for problems.
The authors are experts in their respective fields, and the book is well-written and well-organized. The foreword is written by Tom Ridge, the first secretary of the Department of Homeland Security. Many readers, however, might find the book’s approach unrealistic.
In addition, the book contains far more trendy businessspeak than necessary; for example, terms like “change agent” and “value chain,” the latter meaning supply chain. Which brings us to the authors’ definition of TSM: “The business practice of developing and implementing comprehensive risk management and security practices for a firm’s entire value chain.”
The difficulty of TSM is that it relies on a level of commitment and coordination that may be difficult to achieve. Many companies see security as their protective armor, not a sturdy skeleton upon which they anchor all other business functions. Spending too much on security will leave them unable to compete with companies that spend less, especially if the lesser solution proves adequate. And dire warnings of catastrophic loss will not sway an executive who thinks it’s not likely to occur.
Reluctance to adopt TSM is not capitulation to mediocrity but rather an acceptance that the role that security plays within a company should not be any more than is needed. There are some useful ideas in the book, but the overall program may be too ambitious for many corporations to realistically consider.
Reviewer: Ross Johnson, CPP, is corporate security manager for EPCOR in Edmonton, Alberta. He is a member of ASIS International and serves on its Oil, Gas, and Chemical Industry Security Council.