By Julian Talbot and Miles Jakeman; Reviewed by Robert A. Young, CPP, CBRM
Talbot and Jakeman's text on enterprise security risk management correctly emphasizes that security must transistion from a cost center to a profit center.
* Security Risk Management Body of Knowledge. By Julian Talbot and Miles Jakeman; published by John Wiley & Sons, Inc., www.wiley.com; 445 pages, $89.95.
Establishment of a collectively recognized body of knowledge in security risk management, also referred to as enterprise security risk management (ESRM), is overdue. The initiative was first launched by the Risk Management Institute of Australasia Limited. It is outlined in the Security Risk Management Body of Knowledge, which provides both a written and illustrative framework for formalizing the ESRM process.
The authors hit the mark by emphasizing its value in transitioning security from a cost center to a profit center. To that end, one of the text’s important points is that security must expand its role to include organizational resilience and operational sustainability. Whether the issue is safe drinking water, functioning communication systems, or the production of any particular electronic component in a supply chain, the key is to continue operations, not just lock them down and wait for the hazard to pass.
The authors provide a path forward detailing the perception of resilience, which is accomplished through ESRM principles applied at the individual, organizational, and community levels. There is no shortage of graphic depictions and illustrations to assist the reader in understanding the integration of the ESRM framework into the other elements of more traditional security.
The main body of the text covers security management, physical security, personnel security, and information security. The experienced security practitioner may find much of the material fundamental, but the authors include worthwhile nuance, such as a description of the information security lifecycle and a detailed discussion on the human factors in ESRM.
Overall, Security Risk Management Body of Knowledge gives readers a thorough understanding of the security risk management framework and how it can be integrated into more traditional security and protection programs. It serves well as a baseline repository of collective knowledge relevant to all security practitioners.
Reviewer: Robert A. Young, CPP, CBRM (Certified Business Resilience Manager), is director of mission assurance for the U.S. Capitol Police. Previously he served as chief emergency management officer for NASA. He is a member of ASIS International and has served on the Crisis Management and Business Continuity and Commercial Real Estate councils.