Security Risk Management

Sovereign debt is financial (dis)advantage with several implications for economy and defense, in general. It affects directly military capabilities transformation and supports defense policy development taking into account defense costs made by virtue of lending facilities. Based on it, researching sovereign debt security is a very important tool in managing and minimizing security risks in the public sector and strengthening dynamic security environment. The aim of this paper is to mark the main theoretical and practical aspects of sovereign debt security influence for security environment and its public perception.

The workplace poster has been designed by the security team at a retail company to raise awareness and increased attention after some electronic equipment being noticed missing from the company stores. The poster will be used as staff theft awareness campaign.
This risk communications initiative will be directed to all staff employed in the company’s stores and will be part of the loss prevention strategy that the company is recently developing. With this strategy company aims to make employees aware of the growing staff theft problem and in the meantime discourage potential thieves.

In order to be effective, the poster is designed to attract attention, by being easily read from a distance and convey a clear and concise message. Also has shown the determination of the organization in prosecuting the offenders.

Risk management is becoming a well established discipline, with its own body of knowledge and domain practitioners. States worldwide now have their own risk management standards and in many, it is the company director’s responsibility to ensure risk management compliance. A subset of risk management is security risk management; however, security risk management is unique from other forms of risk management and many of the more generic risk models lack key concepts necessary for effective design, application and mitigation of security risks.

This book defines the key concepts of security risk management and forms these into a conceptual map, based on an interpretative four-phase scientific study. The security risk management map demonstrates the inclusive and spatial locality of the more significant security risk concepts, domain complexity and the central aspect of such concepts as threat, criticality, etc. In addition, the book presents 14 core organisational security knowledge categories, arranged within a framework. Such an approach allows in-depth understanding, improved teaching and learning, system design and application of these areas of security and security risk management.

This study determines various threat vectors of cyber-attacks on smart grid of the United States. The smart grid relatively a new initiative by the Department of Energy. It started in 2007 (DOE 2007). In December 2007, Congress passed, and the President approved, Title XIII of the Energy Independence and Security Act of 2007 (EISA, Congress, 2007). This initiative received full support from almost all agencies across the United States. Most recent examples of attacks on smart grid are Ukraine and Iran's power plants that are connected to the internet. They were attacked using basic viruses that were delivered via employees. As the security becomes tighter, the attackers also become more aggressive, and therefore it requires an analysis of threat vectors. A smart grid includes any power plant or power generating facility.  The smart grid is an electricity supply network that uses digital communications technology to detect and react to local changes in usage. An electricity supply network that uses digital communications technology to identify and respond to local changes in usage (DOE, 2007). The electric grid is more than just generation and transmission infrastructure.  The smart grid is an ecosystem of asset owners, manufacturers, service providers, and government officials at Federal, state, and local levels, all working together to run one of the most reliable electrical grids in the world. The study will be focused on various scenarios similar to those used previously and those that an attacker can use.

Security is a function of Risk Management that requires intentional planning, strategy and design. This is in contrast to fairly common thinking that security is about a collection of things — anti-malware, data encryption, security cameras, locks on doors, etc. — that, once addressed, do not need much attention at any sort of program level. Focusing on individual program elements, however, is tantamount to incomplete security. An intentional and holistic design will result in a security program that enables security risk owners throughout the organization; prevents overhead associated with unnecessary, siloed, and out-of-focus program elements; and helps ensure the development of a culture in which all employees more thoroughly understand and embrace their part in reducing and managing security risk.

The global security guard industry has experienced tremendous growth in the past five decades and there is every indication it will continue. Many government and private sector bodies have created mandatory and recommended training programmes and syllabi to equip guards for their complex duties.  However, there has been little research into the effectiveness of these programmes.  Poor or non-existent training can lead to poor job performance, low salaries, unethical or criminal behaviours, high staff turnover, increased risk of harm to guards and the public, exposure to liability for both employees and employers, reputational harm, and outright abuse of rights by employees and the public.

This research sought to examine the relevance of the Alberta Basic Security Training (ABST) programme introduced by the Alberta Government, Canada in 2011, and practitioners’ perspectives of its effectiveness, with a view to making recommendations to enhance the programme.  Through documentary analysis, the ABST was first compared and contrasted globally with 35 government and industry training programmes. Guard duties were then examined from the research community, government and security industry to enable comparison between their findings and guards’ actual duties. This examination further explored guard, trainer, manager, and contract management perspectives of ABST effectiveness. 24 semi-structured interviews were conducted to obtain direct feedback on both the delivery and effectiveness of the training programme. 

While the ABST content is as good or better than many of its global counterparts and is in alignment with general guard duties it is not meeting the practical needs of the Alberta guard industry.  Programme improvements include increasing delivery time, reducing duplicated material, enhancing trainer qualifications, improving student language requirements, increasing active learning tactics, reducing licensing wait times and involving security management expertise in enhancing overall programme effectiveness.

[co-editor] The articles contained in this publication are dispatches from a new frontline in humanitarian action: the digital frontier. The publication brings together 17 authors who analyse in 11 articles how communications technology is changing the operational environment, the ways in which communications technology is creating new opportunities for humanitarian agencies to respond to emergencies, and the impact that new programmes have on how we manage security. All articles are written by those observing, experiencing and attempting to respond to the challenges created by the digital revolution and the very real threats it is creating for humanitarian operations. Our aim is to explore the potential of new tools to create a safer, more responsive operational environment for aid workers. Check out the project website: http://commstech-hub.eisf.eu

In today's global and complex business environment, security is a major issue for any organization. All organizations should have the capability to plan and respond to incidents and business disruptions. Business continuity management is part of information security management and the process of Business continuity management (BCM) can meet these needs. Indeed, Business Continuity refers to the ability of a business to continue its operations even if some sort of failure or disaster occurs. Business continuity management (BCM) requires a holistic approach that considers technological and organizational aspects. Besides, Enterprise architecture (EA) is a comprehensive view of organizational architecture, business, and technology architecture and their relationships. EA is also considered by several studies as a foundation for BC and security management. Our research aims at studying how BCM aspect can be embedded into the enterprise architecture. In this sense, this paper proposes a metamodel and an implementation method that considers BC in the design and implementation of EA.

This essay will discuss workplace crime of ‘Staff Dishonesty’, as one of the important workplace offences. It will outline the extent of the problem and the causes which possibly lead to staff dishonesty. An attempt would be made to explain this crime in the light of ‘deterministic’ as well as ‘neo-Classical perspective’ in criminology. After discussing explanations offered by various criminological theories, the prevention strategies would be highlighted. This would include situational techniques including opportunity reduction as well as social crime prevention measures.

[co-author] Security risk management strategies aim to ensure safer access to communities in need of humanitarian aid. In Iraq, the link between humanitarian access and security risk management is even stronger. This article explores developments in Iraq and their impact on the security of humanitarian workers operating in the country. It also takes a critical look at the role acceptance plays as a security measure, and what impact changes in context have had on the ability of aid agencies to gain humanitarian access and implement programmes.

The security industry operates within a diverse and multi-disciplined knowledge base, with risk management as a fundamental knowledge domain within security to mitigate its risks. Nevertheless, there has been limited research in understanding and mapping security expert knowledge structures within security risk management to consider if parts of security risk management are unique from more general risk management. This interpretive study applied a technique of multidimensional scaling (MDS) to develop and present a psychometric map within the knowledge domain of security risk management, validated with expert interviews. The psychometric MDS security risk management concept map presented the expert knowledge structure of security risk management, demonstrating the inclusive and spatial locality of significant security risk concepts, conceptual complexity, uniqueness of the domain and the importance of the concept threat. Understanding security experts ' consensual knowledge of security risk may allow improved understanding of threat-based risk, the issue with applying probabilistic risk analysis against antagonist events, and improved teaching and learning within this knowledge domain.

Terrorism threat increased globally in the recent years and Bangladesh is no difference to that. Many research and publications shows significant increase in terrorism in the last 18-24 months. Many of the lone wolf attackers are increasing number of incidents and often taking patterns of terrorism; the patterns lone wolf attacks are often difficult to differentiate from terrorism acts.
Question is why? And answer will definitely be the most important to plan for preparedness.

According to Kaspersky Lab research, APT –
Advanced Persistent Threats – are one of the biggest threats in
IT as of 2016. Organised groups, keeping contact in various
languages, have attacked the IT systems of financial
institutions, government, military and diplomatic agencies,
telecom and power supply companies, politicians and activists,
and private companies, and these attacks were global in scope.
APT should be seen as a complex phenomenon, an existing
danger to companies, organisations and public entities. This
article showcases the problem of APT, the biggest threats
related to them, and chosen methods and tools that can be
effectively used to counter APT attacks. An effective, multilayered
defence model is outlined in the article as well.

Service Oriented Architecture is an architectural paradigm and discipline that may be used to build infrastructures enabling those with needs (consumers) and those with capabilities (providers) to interact via services across disparate domains of technology and ownership. Besides SOAP and UDDI, which make the foundation of SOA, WSDL also plays an important role in this architecture. So far, in most of the security solutions that have been offered for SOA, providing security of SOAP messages has been the main objective. But in this article, the security view has been changed to WSDL files. So a new framework has been proposed which aims to protect Web services against WSDL attacks. Additionally to the best of our knowledge at the time of the writing of this article no other practical solution has been suggested in order to secure Web services WSDL files in SOA environment. Also, in order to provide security requirements, a new extension of WSDL file in the suggested framework has been offered.

The research project seeks to explore how corporate social responsibility can be used as a strategic tool to mitigate risk within increasingly dynamic and turbulent business environments. As such, this research hopes to create a conceptual framework that shows how Corporate Social Responsibility (CSR) can be used to develop a sustainable competitive advantage for security risk management initiatives. Drawing upon a purposive sampling focused on the results of interviews conducted and questionnaires distributed, this Dissertation identifies the modes in which CSR practices enhance the effectiveness of security risk management processes. Moreover, based upon the empirical findings, it develops a provisional framework to promote the adoption of CSR as a strategic tool for stability and the improvement of business environments within dynamic, conflict-affected countries.

Internet of Things (IoT) refers to heterogeneous systems and devices (often referred to as smart objects) that connect to the internet, and is an emerging and active area of research with tremendous technological, social, and economical value for a hyper-connected world. In this paper, we will discuss how billions of these internet connected devices and machines will change the future in which we shall live, communicate and do the business. The devices, which would be connected to the internet, could vary from simple systems on chip (SOC) without any Operating System (OS) to highly powerful processor with intelligent OS with widely varying processing capability and diverse protocol support. Many of these devices can also communicate with each other directly in a dynamic manner. A key challenge is: how to manage such a diverse set of devices of such massive scale in a secured and effective manner without breaching privacy. In this paper, we will discuss various management issues and challenges related to different communication protocol support and models, device management, security, privacy, scalability, availability and analytic
support, etc., in managing IoT. The key contribution of this paper is proposal of a reference management system architecture based on cloud technology in addressing various issues related to management of IoThaving billions of smart objects.

When risk assessments are conducted by project managers, information technology professionals, or engineers, often efforts are put into calculating a definite conclusion about the likelihood of disruptions that prevent completion of a project. However, some of the factors assessed are calculatable naturalistically determined events, while others are rooted in human decisions, perhaps as part of an agile project development process or another development process that emphasizes an iterative prototyping approach. The sun will rise tomorrow is dependent wholly on the laws of physics. However, some future events seem contingent due to their origin in human deliberation. Aristotle, through a thought experiment of a sea battle, in chapter nine of De Interpretatione, seems to accept the law of the excluded middle, while wanting to express a third truth-value of indeterminateness for future events. In this paper, we map out what a polyvalent system of logic may look like that is consistent with Aristotle’s writings and go on to argue that adopting a modal framework with regard to future contingent talk is rationaland discuss implications for understanding project risk assessment. Because of this dichotomy in types of events that are being assessed, managers and executives need to understand the underlying logic of future contingents in order to better appreciate risk assessment conclusions. In this paper, we lay out Aristotle’s mapping of what we argue assigns an indeterminacy truth-value to certain future events, which are a robust metaphysical claim and not merely a comment on our epistemic condition with regard to future events.

Does current data protection legislation achieve a satisfactory balance between the interests of the security manager and the individual? 3978 Word Security and individual privacy provide an important perspective for analyzing the Data protection act, because the two concepts help define the interests and University of Leicester

Organisations that allow employees to Bring Your Own Device (BYOD) in the workplace trade off the convenience of allowing employees to use their own device against higher risks to the confidentiality, integrity, and availability of organisational information assets. While BYOD is a well-defined and accepted trend in some organisations, there is little research on how policies can address the information security risks posed by BYOD. This paper reviews the extant literature and develops a comprehensive list of information security risks that are associated with allowing BYOD in organisations. This list is then used to evaluate five BYOD policy documents to determine how comprehensively BYOD information security risks are addressed. The outcome of this research shows that of the 13 identified BYOD risks, only 8 were adequately addressed by most of the organisations.

Our paper aims to question the limits of scientific knowledge and its use in the protection of employees exposed to chemical risks. In doing so, it will also question safety management in the light of real work situations studied during a CHSCT assessment on an oil terminal. It aims to show from these two points how a debated and managed security makes it possible to transform work situations.

Modeling real-world social situations has proven to be one of the most daunting challenges in computational social science. With the exception of simplistic, single-domain scenarios, most computational models are quickly overwhelmed with the complexity and diversity of real-world scenarios. In this paper, we apply intent-driven modeling to a complex, real-world scenario. By mapping actors' intentions to their beliefs and goals, we are able to explain their actions and propose predictions of future actions. Specifically, we look at ways to help understand and explain complex group behaviors during epidemics in relation to national borders. Using an intent-driven socio-cultural behavioral model implemented with the help of Bayesian Knowledge Bases (BKBs), we explore the actions and reactions of actors in an epidemic setting, providing insight into behaviors affecting border security. Using these tools, we are able to employ dynamic, multi-domain modeling to explain the decisions and actions taken by actors in the scenario. We validate our methodology by modeling and analyzing migration behaviors during the 2009 H1N1 pandemic in Mexico.

This study explores the impact of openness on contemporary Danish intelligence agencies. While ‘the openness of intelligence agencies’ may strike many readers as an apparent oxymoron, this study argues that openness has become a defining norm to the organization of modern Danish intelligence. The argument is constructed on the basis of an empirical discourse analysis of the two Danish intelligence agencies Politiets Efterretningstjeneste (PET) and Forsvarets Efterretningstjeneste (FE), followed by and juxtaposed with contemporary debates within the emerging academic field of intelligence studies. This study thus asks the following research question:

How does an increased openness of Danish intelligence agencies redefine these agencies and their relationship with the public?

First, I account for the contextual and motivational background of the thesis, as well as the academic debates concerning contemporary intelligence in general, and the openness of intelligence in particular. In doing so, I construct two hypotheses that aid the answering of the research question: (1) openness is perceived as a sine qua non condition to maintaining public support in intelligence, and (2) openness causes for a sharing of responsibility concerning security. I then proceed to an account for the philosophical backdrop of the study and the methods involved in the production of this study’s discourse analysis, before moving on to the analysis itself.

In the analysis, I explore how openness is signified in the discourses of the two Danish intelligence agencies, and reveal that openness is perceived as an instrument to achieve greater public trust, legitimacy, societal resilience and organizational effectiveness. Consecutively, I examine how the two agencies articulate their identity and relationship with the public, and find that the two agencies differ substantially on these accounts. PET, the domestic security and intelligence agency, defines itself as a ‘facilitator’ or ‘coordinator’ that depends on the involvement of the public in preventive efforts and resilience-building, while FE, the foreign and military intelligence service, articulates itself as a more secretive and autonomous organization. Consecutively, I discuss these notions in juxtaposition with the academic literature on secrecy, trust, expertise and shared responsibility. In conclusion, I argue that the openness of the agencies constitutes a strategy of disclosing and disguising, in which the agencies become more open about much of their existence, while effectively maintaining a rigid political and epistemic hierarchy between security authorities and lay people. The central argument of this study is therefore that the present case resembles a paradox, in which openness simultaneously includes and segregates; unifies and divides.

This paper proposes a study corroborated by preliminary experiments on the inference of social relations based on the analysis of interpersonal distances, measured with on obtrusive computer vision techniques. The experiments have been performed over 13 individuals involved in casual standing conversations and the results show that people tend to get closer when their relation is more intimate. In other words, social and physical distances tend to match one another. In this respect, the results match the findings of proxemics, the discipline studying the social and affective meaning of space use and organization in social gatherings. The match between results and expectations of proxemics is observed also when changing one of the most important contextual factors in this type of scenarios, namely the amount of space available to the interactants.

... This relatively simplistic, but nonetheless central equation in the criminological vocabulary conceals a ... management methodologies, which seen in a societal context of disaster equate risk ... overarching state-centric governmental body, such as the US Department of Homeland ...

The Asia Pacific (APAC) region encompasses a heterogeneous group of nation-states. Like the APAC region, the security industry operates within a diverse and multi-disciplined knowledge base, with risk management being a fundamental knowledge domain within security. Nevertheless, there has been limited understanding of what security professionals use when applying security risk management. The study was designed to gain a better

This paper examines the reciprocal obligations between employers and employees that are framed as psychological contracts in security-risk environments. A total of 30 interviews based on psychological contract frameworks, duty-of-care strategies in terms of human resource management (HRM) systems and the impacts of narcoterrorism on firms were conducted with human resources (HR) personnel, line managers and subordinates at eight national and multinational corporations (MNCs) with subsidiaries in Colombia and Mexico. Our findings generally support the existence of a relational psychological contract in our sample. Duty-of-care strategies based on both HRM systems and the sensitivities of HR personnel and line managers to the narcoterrorism context, in combination with both explicit and implicit security policies, tend to be the sources of the content of psychological contracts. We propose a psychological contract model based on HRM systems and security and control policy in a narcoterrorism context for the further study of firms' duty-of-care strategies.

This chapter explores the trend of bunkerized international aid interventions in conflict-torn spaces. In response to insecurity, aid agencies and other organizations that operate in conflict-torn spaces increasingly attempt to protect their staff though ‘hard’ security measures. However, this trend of bunkerization and fortification is at odds with basic values and goals of statebuilding, peacebuilding and the delivery of humanitarian aid. In particular, the trend draws new ‘hard’ borders between ‘locals’ and ‘expatriate’ staff, isolates foreign staff and creates new security risks, particularly for local staff. In order to illustrate these dynamics, the chapter draws on interviews conducted with people in Afghanistan and on a survey conducted with aid workers in various conflict zones around the world.

Public and private sector have the need to be as much as possible entrepreneurial and innovative-minded, even more than many commercial enterprises. The thing management needs to pay special attention to is the security of the existing business, then to play an important role in crisis management, and before that, to implement all the necessary preventive measures to avoid any risk.