Security Management Implementation - Essay Example

Assertion that security managers should be managers first and security specialists second Security programs differ in scope, complexity, and purpose. The security is needed for material, equipment, machinery tools, people, money, documents, technical and nuclear information, weapons, fuels, medical supplies, Research and development property, intellectual property, concepts, ideas etc., All these elements need to be protected under the security management program. The protection program can be executed against intrusion, trespass, acts of violence, theft, or fire. The principal purpose of the security management is the development and implementation of procedures, policies, standards, training, and methods for identifying and protecting information, personnel, facilities, property, operations, or material from unauthorized misuse, disclosure, assault, theft, espionage, vandalism, sabotage, or loss. Security programs are executed in various levels and forms like, Planning, installing, organizing physical detection, alarm, response, and control systems; for many federal and private occasions and on regular basis. According to Mullins, a central part of the study of organization and management is the development of management thinking and what might be termed management theory. The application of theory brings about change in actual behavior. So when a security specialist starts applying the management theory, he can change the entire behavior of the organization towards security. And some of the key activity areas include monitoring, document marking, control, and access procedures like reviewing, background investigations to limit the levels of criminals. The Security manager's primary duty involves managing and supervising the security employees. The security programs like personnel, physical, information, or industrial security does need experts in their area of specialization. A security expert in Information system may not handle all the physical security threats. This makes the necessity of security expert in that particular field to operate the security operations in the organization. Just like, risk management, security is also to be managed with reference to its plan, standards and practices. The security mangers who are authoritative to execute this security managers are the ones who are experts in the special fields. In order to avoid, line and staff conflict, many organizations directly hand the responsibility of security management to the person who is expert and specialist in handling the particular security tasks. But the entire security management on its own is a process and needs to be managed by people. Here comes the need for the role of a security manager, to manage the activity of security. Management in its true sense is, a process of getting activities completed efficiently and effectively with and through other people. In criminology, it is very important to study the organizational behavior along with the individual human behavior. Just like as organizational behavior gives an integrated and contingency approach to management, it also gives an edge to perform the security activity to the security specialists. The understanding of organizational behavior will enhance the chances of successful implantation of the security project. The organizational and group behavior dynamics will highlight the areas of concentration basing on scientific foundations. Organization behavior coordinates the diversified range of disciplines. Management in other terms is doing the job in a well-organized, efficient manner, making good use of all resources like, time, money, human resources and the efforts. Also the basic functions of Management are named as Planning, Organizing, Staffing, Directing, Coordinating, Reporting and Budgeting, (Gulick & Urwick 1937) The roles of the manager involve, Interpersonal roles like, Figurehead, Leader, Liaison 2) Informational roles such as Monitor, Disseminator, Spokesperson, 3) Decisional roles Entrepreneur, Disturbance handler, Resource allocating person and a Negotiator So when a security expert or specialist ahs to manage a group of people or has to work with the people in an organization, he or she has to understand the organizational behavior and need to learn the tactics of the management to the things done in his way; A security team is also "not a collection of people. It is an organization with its own dynamics, qualities and conventions" (Templar). A security specialist, without knowing these will fail. A security specialist in most of the instances cannot implement the security practices individually on his own; If we consider the activities of the information security specialist, though he can configure the security practices, the various department like, HR, logistics finance etc, has to be involved in the execution. When a security specialist suggests a security system to be in place to avoid theft of data from the internal desktops, there is a chain of process to be integrated like- physical security at the gates of entrance of the organization through human check and machinery validations like - employee ID card, biometrics etc., Then comes the phase of Network administrators to implement the desktop level security to avoid the unauthorized access of the systems. Then comes the employee ethics and policy guideline to avoid the risk of mismanagement of information in their hands. Then comes the need of Human resource department for coordination and conducting the training session to generate awareness of security aspects in the system. And for all these to happen the finance department has to approve the budget. This way it has the security specialist needs to manage many other things to implement the security plan. The security expert does need to have the practical knowledge of specific security program to formulate objectives, sub programs, methods, procedures, and skills in carrying out support tasks related to security administration. In personnel security programs, the security specialist has to indicate to the assistants or next level security executives to perform tasks such as reviewing clearance request forms background investigations to detect obvious errors or omissions in the information and reports. The manger has to specify the guidelines on follow-ups and measures to fill gaps in needed information, like requesting clarification of criminal charges etc., to dispose the cases. Some works like clearance adjudication require security specialization for the employee dealing with the case. But a clear cut policy and procedure that constitutes derogatory information and the kinds of supporting data required to complete adjudication determinations will help the employees much better in dealing the cases. And in some other instances like Vehicle control units requires specialization of the installation procedures like authorizing the access through badges, vehicle permits, authorization documents etc., For such process, a well documented guidelines is compulsory to avoid individual judgment in handling unexpected circumstances. This procedural establishment again points towards the management over the specialization. Many security organizations employ security clerks and assistants to perform or monitor standardized aspects of established security program operations. The security specialist has to establish a security administration system that defines the levels of maintenance of security records that should be understandable to the support employees, who are expected to recognize, locate, and insert certain kinds of data. The duties of the security manager involve administration, supervision, control or monitoring of the security workers by, (1) Developing, maintaining and evaluating systems, policies, devices, procedures, and methods to safeguard information, property, personnel, operations, and materials; (2) Implementing policies and procedures for analyzing and evaluating the character, background, and history of employees, candidates for employment that are to be granted access to the sensitive information, materials, or work sites. Security administration has to deal with the functional areas like, personnel, physical, information, and industrial security. The security expert while appointing the personnel in sensitive positions should evaluate them carefully to ensure the security of information, assets, and material. This is another aspect that a security specialist should consider as a management aspect. L Mullins suggests that job analysis is the central to a planned and systematic approach. Job analysis includes a variety of research such as the job descriptions and performance objectives. It is a very useful method of evaluating job functions and is often used to measure the levels of skill necessary to do a job. A security specialist must possess the skills of job analysis in recruiting the positions on assignments, in other terms playing a role of HR Manager. Security specialist is similar to project manager in the following instances; (1) Identifying the need for protection and security like a project manager; (2) Installing and maintaining the physical means which are used for protection and security, (3) Developing, implementing, and maintaining procedural and technical methods to enhance physical protection, (4) Evaluating and assessing the personal capabilities like suitability, loyalty, reliability, loyalty, and trustworthiness of those persons who have access to sensitive resources, information and material. Templar says that "Everyone deep down wants to be valued and to be useful". When a security specialist takes care of the feelings, concern, responsibility and involvement of the people, success will automatically follow him. So it is very important to take the concern of the people in coordinating the events. Security specialists involve in the recruiting, project planning to recommend resources, methods, equipment, procedures, and systems. And they also perform reviews on the intelligence and counterintelligence reports to assess security vulnerabilities to design new security systems. And many a times the security specialists interpret the general policy direction of the organization and practices them within the organization as a strategic manager. Templar stresses that the real thing that needs to bring the people on to the job board is management- strategy. In other instances, the security specialists should also work on financials to fit the entire security program into the budget taking the role of financial manager. Also some times the security manager involves in purchasing the security equipment, tools and services assuming the role of logistics and purchasing manager. In certain instances the reviews and analysis will be reused to design highly sensitive security projects, such as those containing nuclear weapons and other national security projects. Some security specialists may get involved in training the teams with military assault tactics to participate in emergency reaction teams, during the wars and terrorist attacks. Many security specialists perform instructional duties as part of their program responsibilities. Instruction may be provided to other security personnel, subject matter or contractor employees, or others. Sometimes the nature and difficulty of the work are affected by the environment in which it is performed. Some security specialists, for example, perform their work in foreign countries where threats of terrorism, the reliability of the local police and military forces, electrical power, water supply, and other factors must be evaluated as a function of developing and implementing security plans. Some specialists work in outdoor environments, sometimes in rough terrain, where the facilities or materials requiring protection are exposed to the elements and/or acts of vandalism, and are so isolated that personal observation and detection is often impossible. Terrain and other geographic factors are often of concern to security specialists in determining appropriate levels for guard forces, the number and placement of detection devices, developing response times for guard and police forces, and similar considerations. The nature of the materials under protection must also be considered in security planning, along with balancing the costs or security systems between the ideal and what can be realistically accomplished. Some security specialists at the local installation level set up and monitor internal security programs that are administered by subject-matter employees. Such programs include instructions and procedures for controlling and storing documents, office closing procedures, and locking and unlocking procedures for safes, doors, vaults, and desks. Frequently, the performance of such security practices is left in the hands of personnel working in a subject-matter area. The security specialists monitors the operating effectiveness of such programs by administering a system for reporting violations and recommending corrective actions in prescribed security procedures. Some security specialists are involved in planning for and administering law enforcement and related protective programs (guard services) for Federal agencies and installations. This function is typically part of a physical security program where the protective force is another part of a broader system of security responsibilities. Security specialists plan and advise on staff levels, operational policy and plans, budget and related administrative and doctrinal guidance for protective forces. Direct day-to-day administration and supervision over such work is usually the responsibility of police or guard supervisors. The nature of work of the security specialists differ from even to event. It spans across multifunctional, geographical and cross cultural activities. Some times a specific activity may require more than one level of security activity. The kind of activities is as given below: Personnel security management: This requires the careful recruitment of security personnel who are suitable, reliable, loyal and trustworthy to protect the sensitive aspects of personal security. Physical security management: This involves the careful design, installation and implementation of security equipment and to safeguard personnel and facilities to prevent unauthorized access to equipment, information and resources. Physical security also needs the criteria to be laid down for the levels and types of armed security forces required for response and control. Information Security Management: This management is starts with identifying the key sensitive information, types of information risks within the organization and the security vulnerabilities within the network. The security specialists not only designs a risk mitigation and security plan but also develops the procedures and system guides to be followed by the employees in the organization. This area requires a high coordination between security experts and the employees to implement the procedures in the organization. Industrial security Management: This management tries to integrate technology, expertise, skills, personnel, physical, and information security, that are different from industry to industry. The industry security management requires security experts to implement specially tailored security requirements and processes. Such types of equipment include weapons, development laboratories, fuels, reactors etc., Also these include automatic data processing, cryptographic materials, sensitive intelligence information, agency operations, electronic emanations. In many organizations the security specialist and the security mangers perform the same functions, like Organization preparedness and Incident Prevention. Organization Preparedness: The security specialist plans for the Organizational preparedness for the possible risks like physical attacks, natural or catastrophic events. This will involve development and administration of training plans, programs, and exercises. A process of regular periodic review and evaluation of organizational readiness in the event of attack or events prompt for the managerial activity for the security specialist. Incident Prevention: Another key responsibility of the security specialist is analysis of information and the coordination of activities with persons inside and outside the organization to install security equipment and process and prevent attacks. The security mangers or experts define security rules executes the security practices by developing, implementing, and training the internal work force. They centrally manage physical access, access to systems, educate users of individual responsibilities, and minimize the possibility of unauthorized access and risk. They provide guidelines to different departments and gives directives to personnel in the form of policies and procedures. Though the security specialists are supposed to be the technically expertise people in their area of expertise like types of risks, preventive measures, methods, installation of technology, servers, networks and the intrusion prevention techniques etc., but on the human side the security specialist should act as a manager in implementing all the above. Risk assessment, risk mitigation are the prime responsibilities of the security specialist which are also the responsibilities of the security manager. Security compliance and policy management are the prime motto of the security specialist in establishing the security protocols. And it is also his/her responsibility to see that these protocols should comply with organizational policies, regulatory acts and industry standards. The front-line accountability of protecting the organization through risk assessment, policy making, and supporting infrastructure, all lies in the hands of the security specialist. In order to mitigate the unexpected security threats or risks, the specialist should perform the activities of a dynamic manger, who gathers the resources to mitigate the risk within a short time. So it becomes necessary to the security specialist to make the staff understand the purpose and mission of the project. Templar suggests that people should get involved emotionally into the job. When people have been given a social responsibility, which is an emotional bondage, they feel satisfied of their job. Like wise even in Security jobs, when the security staff are touched on the human side and are given the awareness of social responsibilities, the security specialist can expect a good amount of loyalty, reliability and trustworthiness. The security specialist from time to time gathers the information on the functioning of the security activities to asses the risk and vulnerabilities. He makes prepares estimates of the efforts required in terms of benefits and losses, to prioritize risks and to develop appropriate preventive strategies across the organization. High analytical skills and the attitude of dynamic response to the situations is required The security specialist has to build sustainable competitive advantages through pragmatic, innovative security solutions. The security specialist, while implementing the security activity should also ensure that the security incidents are aligning with the ethical issues of the organization. Organizational culture and behavior unless understood clearly by the security professional may lead to unnecessary agitations, in the instances like failing to allot women protection force during the agitation where both the genders are participating. The security specialist should exhibit the skills and abilities like, administrative skills, leadership skills, personal skills, communication skills etc. The security specialist should develop a consensus within the organizational climate of diverse operational activities to maintain the security and peace. So the security specialist has to adopt the special ability to effectively communicate within different levels of the organization. In this process, the security specialist must also identify and understand the nature of security risks in the business environment and the application of appropriate financial and managerial controls to mitigate those risks. These are the instances where the security specialist should observe himself as manager performing risk management, internal audit, controllers, outside resources, legal, human resources, and other staff functions in mitigating various types of risks. While summarizing the instances where the security specialist should assume himself as a manager before considering him self as a security specialist, the following are the highlighted ones: However, while giving security on the contract basis, just like the sales or project manager, the security specialist will strive to offer the following in the security event: The delivery of quality service is important for the success of the project The attitude of positive interaction with the customers and with the team members is necessary to mange the project at optimum levels. A clear indication of job description and job analysis is necessary for the identification of job roles for the specific tasks. The periodic review of the progress of the events through the defined measures is necessary for the timely and successful completion of the security projects. The continuous training and awareness programs are necessary as a part of the capacitating the community or the employees Issue oriented and skill level trainings are also the responsibilities of the security specialist. Development and maintenance of security policies, conducting the audits and reviews, compliance check, vulnerability assessments are the activities as risk managers and quality manger that are to be performed by the security specialists. The security specialists should develop and maintain a compatible system that agrees and coordinates with the existing system and does not conflict with technology, people and procedures limiting the disturbance of new procedure. In other sense, the security specialist should develop a security system for the system it self and not above the system. In coordinating the activities of the security activities, the security specialist should consider the characteristics and organizational behavior of the implementing organization. The security specialist should be able to communicate the purpose and vision of the security programs with all the stakeholders to get their commitment and concern. References: 1. Chief Security Officer, http://www.ejobdescription.com/JobCSO.htm (accessed 11 March, 2008) 2. Crisis Management Method, http://www.valuebasedmanagement.net/methods_crisis_management_advice.html, (accessed 11 March, 2008) 3. Don Philpott and Shuki Einstein, Homeland Defense Journal, http://www.physicalsecurityhandbook.org/ (accessed 11 March, 2008) 4. Investigating How Training Contributes to the Achievement of Business Objectives. http://www.123HelpMe.com/view.aspid=148265 (accessed 11 March, 2008) 5. Job Title-Security Manager:Job Description, http://www.unm.edu/dave/jobs/JobDescrip_SecurityMngr.htm, (accessed 11 March, 2008) 6. Physical security Specialist (Access Control), http://www.gpo.gov/careers/jobs/07-635.pdf (accessed 11 March, 2008) 7. Manager: Vulnerability Management Specialist, http://jobview.monster.com/GetJob.aspxJobID=70113734&JobTitle=Manager%3a++Vulnerability+Management+Specialist&fn=6&lid=453&pg=2&vw=d&AVSDM=2008-03-25+19%3a23%3a00&seq=19 (accessed 11 March, 2008) 8. Mullins, (2007) Management and Organizational Behavior, FT 9. Position Clasification standard for Security Administration Series, GS-0080, http://www.opm.gov/fedclass/gs0080.pdf, (accessed 11 March, 2008) 10. Position classification standard for security administration series, GS-0080 http://www.opm.gov/fedclass/gs0086.pdf, (accessed 11 March, 2008) 11. Richard V. Ericson, TEN UNCERTAINTIES OF RISK-MANAGEMENT APPROACHES TO SECURITY, http://www.ccja-acjp.ca/en/cjc/cjc48a3.html, (accessed 11 March, 2008) 12. Security Compliance and Policy Management Solutions, http://www.cdw.com/content/solutions/security-management/compliance-policy-management.aspxprintable=1, (accessed 11 March, 2008) 13. Templar Richard, (2005) The rules of management, Templar Richard, Pearson Publications Read More