Security is the mother of danger and the grandmother of destruction.
Security Management (sometimes also Corporate Security) is a management field that focuses on the safety of assets (resources) in the organization, i.e. both physical safety and digital security. Security management is closely related to risk management and it is aimed at creating through various methods, procedures, guidelines and standards a permanent secure solution to such conditions, which will help prevent or reduce identified risks in particular.
Security management is a systematic, repetitive set of interconnected activities to ensure safe operation and thus reduce the likelihood of risks. The purpose of security management is similar to risk management, to avoid problems or negative phenomena (security risks and threats), avoid crisis management, and to avoid creating problems.
Security management in organizations is largely about ensuring authorized access to the assets (especially finance, information, real estate, ICT). Security management is therefore closely related to authorization management.
Key areas of physical and digital security management in organizations are:
- Physical security
- Property security (including cash and valuables), buildings security, security guards
- Personal Security, including human resources management
- Information Security - in terms of protection of the law or contractually protected or valuable information
- Occupational Safety and Health, Fire Protection
- Fraud management, Forensic Auditing
Security manager (CSO) is responsible for managing security in large and medium organizations. The owner, statutory authority and top management have naturally the highest responsibility, like in risk management.
In many large organizations, there is a profession of information security manager (CISO) focused exclusively on information and IT security. The title of Vice President or Director of Corporate Security is intended for security solution at corporate level. Large organizations and organizations operating in a hazardous environment (such as banks, insurance companies) may have more specialists for security management.
Most popular methods in security management are:
- CLA (Checklist analysis)
- CCA (Cause-Consequence Analysis) - combination of FTA and ETA
- CRAMM (CCTA Risk Analysis and Management Method)
- ETA (Event tree analysis)
- FMEA (Failure Modes and Effects Analysis)
- FMECA (Failure Mode, Effects and Critically Analysis)
- FTA (Fault Tree Analysis)
- HAZOP (Hazard and Operability Study)
- HAZID (Hazard Identification Study)
- HRA (Human Reliability Analysis)
- PHA (Preliminary Hazard Analysis)
- Probability methods
- RR (Relative ranking)
- SA (Safety Audit)
- SR (Safety Review)
- What-If Sensitivity Analysis
- Winterling Crisis Matrix
Analyticial techniques used to identify security risks are: