By Jerry D. Loghry
Security and risk management are explained and tied together elegantly.
***** Risk Analysis and the Security Survey, Third Edition. By James F. Broder, CPP; published by Elsevier Butterworth-Heinemann; available from ASIS International, Item #1684, 703/519-6200 (phone), www.asisonline.org (Web); $60 (ASIS members), $66 (nonmembers).
Security is an element of risk management, asserts James F. Broder in the third edition of his classic Risk Analysis and the Security Survey. And he ably backs up that statement in this wonderfully written book, which should be required reading for all current and future security professionals.
If anything, Broder undersells the book with the title; the book’s scope is actually much broader. It could easily comprise two books: one on risk in the security profession and the other on emergency management and business continuity.
Even at over 300 pages, the book is a quick read due to its sequence of concise chapters. This edition thoughtfully updates the book to include contemporary resources and post-9-11 and post-Katrina scenarios.
Security and risk management are explained and tied together elegantly in the first 100 pages of the book. To Broder’s credit, his definitions of terms such as risks, perils (threats), hazards, and exposures closely align with those used in the academic model of risk management.
The next 150 pages are basically a retread of information available from the Federal Emergency Management Agency. While the section isn’t as impressive as the first 100 pages, it provides good information on crisis planning for kidnap, ransom, and extortion, as well as useful advice for evaluating and hiring security consultants. It also provides the building blocks of disaster management.
Appendices cover the final 100 pages or so, offering excellent resources such as sample plans, letters, and memoranda for business impact analysis. If there’s a security thinker out there whose philosophy should be studied and adopted, it’s James Broder.
Reviewer: Jerry D. Loghry, CPP, CSP, is the loss prevention information manager and security consultant for EMC Insurance Companies of Des Moines, Iowa. He has 20 years of experience in security, safety, and risk management, and is a member of ASIS.