Front Cover -- Risk Analysis and the Security Survey -- Copyright Page -- Dedication -- Contents -- About the Authors -- Acknowledgments -- Introduction -- 1. The Treatment and Analysis of Risk -- 1. Risk -- What Is Risk? -- What Is Risk Analysis? -- Risk Assessment -- What Can Risk Analysis Do for Management? -- Role of Management in Risk Analysis -- Risk Exposure Assessment -- 2. Vulnerability and Threat Identification -- Risk Identification -- Examples of the Problems of Identification -- Security Checklist -- I. Policy and Program -- II. Organization -- III. Control of Entry and Movement -- IV. Barriers (Fences, Gates, Walls, etc.) -- V. Lighting -- VI. Locks and Keys -- VII. Alarms -- VIII. Communications -- IX. Property Control (Equipment, Material, Tools, Personal Property) -- X. Emergency Planning -- XI. Personnel Screening -- XII. Comments -- 3. Risk Measurement -- Cost Valuation and Frequency of Occurrence -- Principles of Probability -- Probability, Risk, and Security -- Estimating Frequency of Occurrence -- 4. Quantifying and Prioritizing Loss Potential -- Assessing Criticality or Severity -- The Decision Matrix -- 5. Cost/Benefit Analysis -- System Design Engineering -- Cost -- Reliability -- Delay -- Building Redundancy into the System -- A Security Countermeasure -- 6. Other Risk Analysis Methodologies -- National Infrastructure Protection Plan -- Set Goals and Objectives -- Identify Assets, Systems, Networks, and Functions -- Assess Risk Based on Consequences, Vulnerabilities, and Threats -- Core Criteria -- Consequence -- Vulnerability -- Threat -- Establish Priorities Based on Risk Assessments -- Implement Protection Programs and Resiliency Strategies -- Measure Effectiveness -- Review -- 7. The Security Survey: An Overview -- Why Are Security Surveys Needed? -- Who Needs Security Surveys? -- Attitude of Business Toward Security.

What Can a Security Survey Accomplish? -- Why the Need for a Security Professional? -- How Do You Sell Security? -- 8. Management Audit Techniques and the Preliminary Survey -- Audit Guide and Procedures -- Audit: Aids to Surveys -- Fieldwork -- Observing -- Questioning -- Analyzing -- Verifying -- Investigating -- Evaluating -- The Preliminary Survey -- Definition and Purpose -- The Initial Interview -- Obtaining Information -- What Information to Obtain -- Sources of Information -- Physical Observation -- Flowcharting -- Summary -- 9. The Survey Report -- "I Must Write, Therefore I Shall" -- Five Criteria of Good Reporting -- Accuracy -- Clarity -- Conciseness -- Timeliness -- Slant or Pitch -- Format -- Cover Letter -- Body of the Report -- Title -- Introduction or Foreword -- Purpose -- Scope -- Findings -- Statement of Opinion (Conclusions) -- Summary -- 10. Crime Prediction -- Analysis of Internal Crime -- Analysis of External Crime -- Inadequate Security -- How to Establish Notice -- Review -- 11. Determining Insurance Requirements -- Risk Management Defined -- Risk Control -- Crime Insurance -- K & R (Kidnap and Ransom) Coverage -- 2. Emergency Management and Business Continuity Planning -- 12. Emergency Management - A Brief Introduction -- Comprehensive Emergency Management -- Standards -- Private Sector Preparedness Accreditation and Certification Program -- National Incident Management System (NIMS) -- The Incident Command System (ICS) -- Incident Commander -- Information Officer -- Safety Officer -- Liaison Officer -- Operations -- Planning and Intelligence -- Logistics -- Finance and Administration -- Example -- ASIS and NFPA 1600 -- British Incident Management System -- Unified Command -- Multi-Agency Coordination System -- Emergency Operations Center -- Summary -- 13. Mitigation and Preparedness -- Mitigation -- Hazard Identification.

History -- Inspections -- Checklists -- HAZUS -- Process Analysis -- Experts -- Cause and Effect -- Methodology -- Mitigation Strategies -- Risk Management -- Engineering Controls -- Regulatory Controls -- Administrative Controls -- Service Agreements -- Redundancies/Divergence -- Separation of Hazards -- Specific Mitigation -- Alternate Power Sources -- Alternate Communications -- Policies and Procedures -- Data Backup -- Records Management -- Facilities Salvage and Restoration -- Cost-Effectiveness -- Preparedness -- Home and Personal Preparedness -- Emergency Supplies -- Public-Private Partnerships -- Vendor Relations -- Justification -- Summary -- 14. Response Planning -- Emergency Response Planning and Response Plans -- Emergency Response Team -- Management Acceptance and Support -- Duties and Responsibilities -- Planning -- Determine Equipment and Resource Needs -- Recruit Team Members -- Develop Training Programs -- Conduct Regular Drills -- Advertise -- Emergency Procedures -- Arrested Fall Emergencies -- Prevention and Mitigation -- Preparedness -- Response -- Recovery -- Bomb Incident Management -- Threat Evaluation -- Evacuation -- Searches -- Suspicious Object -- Package Bombs -- Suicide Bombs -- Dirty Bombs -- Prevention and Mitigation -- Preparedness -- Response -- Recovery -- Chemical or Biological Attack -- Prevention and Mitigation -- Preparedness -- Response -- Recovery -- Civil Disturbance -- Prevention and Mitigation -- Preparedness -- Response -- Recovery -- Confined Space Emergency -- Prevention and Mitigation -- Preparedness -- Response -- Recovery -- Earthquake -- Prevention and Mitigation -- Preparedness -- Response -- Recovery -- Evacuation Planning -- Prevention and Mitigation -- Preparedness -- Response -- Recovery -- Excavation or Trench Collapse -- Prevention and Mitigation -- Preparedness -- Response -- Recovery.

Fires -- Prevention and Mitigation -- Preparedness -- Response -- Recovery -- Floods and Heavy Rain -- Prevention and Mitigation -- Preparedness -- Response -- Recovery -- Hazardous Materials Incidents -- Prevention and Mitigation -- Preparedness -- Response -- Recovery -- Hurricanes -- Prevention and Mitigation -- Preparedness -- Response -- Recovery -- Lightning -- Prevention and Mitigation -- Preparedness -- Response -- Recovery -- Serious Injury or Illness -- Prevention and Mitigation -- Preparedness -- Response -- Recovery -- Structural Collapse -- Prevention and Mitigation -- Preparedness -- Response -- Recovery -- Tornados -- Prevention and Mitigation -- Preparedness -- Response -- Recovery -- Workplace Violence -- Prevention and Mitigation -- Preparedness -- Response -- Type I (Robbery) -- Type III - IV (Active Shooter) -- Recovery -- Summary -- 15. Business Impact Analysis -- Risk Analysis versus Business Impact Analysis -- Business Impact Analysis Methodology -- Project Planning -- Data Collection -- Other Questions for the Impact Analysis -- Resource Questionnaires and Forms -- Employees and Consultants -- Internal and External Contacts -- Customers -- Software and Applications -- Equipment -- Forms and Supplies -- Vital Records -- Data Analysis -- Presentation of the Data -- Reanalysis -- Summary -- 16. Business Continuity Planning -- Why Plan? -- The Planning Process -- Project Management -- 1. Identify the Planning Coordinator -- 2. Obtain Management Support and Resources -- 3. Define the Scope and Planning Methodology -- 4. Conduct Risk Identification and Mitigation Inspections -- 5. Conduct a Business Impact Analysis (BIA) -- 6. Identify Critical Functions -- 7. Develop Recovery Strategies -- Hot, Cold, and Warm Sites -- Relocation -- Work at Home -- Telecommunications -- Third-Party Manufacturing.

Purchase of Materials from Competitors -- Data Systems -- Revert to Manual Methods -- Virtual Manufacturing -- Workforce Management -- Reciprocal Agreements -- Equipment Rental -- Rescheduling Production -- Reallocation of Resources -- Service-Level or Quick-Ship Agreements -- 8. Set Up Recovery Teams -- Steps 9 to 11 -- 12. Train Recovery Teams -- 13. Exercise the Plan -- 14. Maintain the Plan -- Summary -- 17. Plan Documentation -- Required Elements of the Plan -- Multihazard Functional Planning -- Plan Organization and Structure -- Table of Contents -- Policy -- Scope -- Objectives -- Assumptions -- Activation Procedures and Authority -- Emergency Telephone Numbers -- Alternate Locations and Allocations -- Recovery Priorities or Recovery Time Objectives -- Pertinent Information -- Plan Distribution -- Training -- Exercising -- Plan Maintenance -- Confidentiality -- Appendix -- Team Recovery Plans -- Information from the Basic Plan -- Overview of the Team Plan -- Team Member Contact List -- Scripted Continuity Instructions -- Resource Listings -- Blank Forms -- Summary -- 18. Crisis Management Planning for Kidnap, Ransom, and Extortion -- Threat Identification -- Plan Documentation -- Plan Activation -- Crisis Management Team -- Handling the Initial Contact -- Ransom Considerations -- Preventive Security -- Suggestions for Kidnapped Individuals -- Media Control -- Summary -- Bibliography -- 19. Monitoring Safeguards -- Monitoring or Testing the Existing System -- The Scientific Method -- Five Basic Types of Testing -- Avoid Predictable Failure -- Some Audit Guidelines -- Develop a Plan of Action -- 20. The Security Consultant -- In-House versus Outside Advice -- Why Use Outside Security Consultants? -- Why Do I Need Outside Advice? -- How Can I Justify the Cost of a Consultant on a Limited Budget?.

Will an Outside Consultant Provide Assistance in Setting Up the Recommended Program?.