Tuesday, May 19, 2009

Books that should be in a security manager's library

There are several books that a security manager or facility security officer should have in their possession. No professional library is complete without these valuable resources. The books provide wonderful instruction on security systems, performing risk management, structuring a security department for success and managing classified information. I’ve read each of the books and will provide reviews as follows.

Managing the Security of Classified Information and Contracts, By: Jeffrey W. Bennett ISP I’m pleased to announce the upcoming release of Managing the Security of Classified Information and Contracts from CRC Press. This book is the only one of its kind written with defense contractors in mind. The facility security officer, contracts manager, senior officers, and cleared employee roles are defined. The reader will understand how to operate in a cleared contractor environment. This is a great overview of the National Industrial Security Program Operating Manual (NISPOM) and the acquisitions process. It is also a great resource for preparing for the Industrial Security Professional (ISP) certification exam and a great companion for ISP Certification-The Industrial Security Professional Exam Manual.

Security and Loss Prevention, By Philip Purpura Excellent resource! As a Facility Security Officer for a DoD contractor company, I find it to provide multiple layers of security or "security in-depth". This book offers insight from a retail environment that is very applicable to government and contractor security. Add this to your library.

The Security Clearance Manual: How to Reduce the Time it Takes to get your Government Clearance, By; William H. Henderson This book is timely and a gem. As an FSO, I find the information very helpful for answering security clearance related questions. Mr. Henderson's experience and know how give great insight in how the investigations work and what the subjects should expect. The persons undergoing background checks now have a clearer picture of what they can do to help get faster results. I highly recommend this book both to security specialists and to those obtaining security clearances.

Physical Security Systems Handbook: The Design and Implementation of Electronic Security Systems, by Michael Khairallah This book goes into great detail about security systems without being too simplified. My security background until recently had been in safeguarding information on a team of 22 security professionals. Recently I took a new job as the head of corporate security and had to develop new security systems. Of course I hired professionals to bid on the job, but I lacked experience to really understand what I needed. I consulted some colleagues and of course went to ASIS international for recommendations.
In the process, I was pleased to have discovered Physical Security Systems Handbook. It really helped me to work with the vendors to help them understand what I needed and better understand what they recommended. This book does an excellent job of breaking down the components of the security system (ie. strike plates, crash bars, cameras, alarms and etc). It also goes into great detail to show you how to survey existing systems and improve them. In my case, we had to start from scratch and this book helped me through the process.
If you have had similar experiences or are looking for study material for the CPP, ISP or other certifications, get this book.

Effective Security Management, Fourth Edition, by Charles A. Sennewald CPP Frankly this is an excellent book that teaches the tremendous role security plays. Contrary to some corporate environments, this book teaches that security should not be run from the background. Mr. Sennewald does an excellent job of demonstrating how security should be conducted in a corporate environment. For most, the lessons taught here will involve a change in culture that is desperately needed to allow the security function at an executive level position and allow the security executive to function at all levels.
The first chapters consider the security professional and the roles, structure and environment of the security organization at all levels of a corporate structure. The rest of the book shows how to conduct security surveys and perform risk analysis. It also spends considerable time teaching security as a profession and is heavy into how leaders should lead and conduct themselves professionally. Quality work!
After many years of working in the government, I had been looking for the ultimate "how to" book of how security should be structured. This book gets it and teaches it well.

The New School of Information Security, By: Adam Shostack This book commands attention! The authors bring to light current security practices, methods and decision analysis and their many shortcomings. The authors' thesis; to provide sound argument toward a more modern and effective way of implementing security practices. The ideas are easy to apply, but contrary to what is taught by security seminars and vendors selling security products.
While security seminars and education efforts teach cataclysmic results of security breaches, "New School" demonstrates the need for collecting data to assess the threat in a scientific manner. Shostack and Stewart champion going back to raw data to identify the threats and then develop programs to address those threats.
Aside from evidence related to loss, espionage or other threats, risk managers cannot effectively apply security measures. The authors indicate that breech data exists, but the holders are reluctant to share. However, the authors do a good job of proving that companies who publically admitted failure recovered quickly from any scandal or fallout from information or data breeches.
The authors know down the traditional walls of security training institutions. They preach good solid evidence behind decision making; otherwise security managers can not effectively determine whether or not the lack of threat is a result of new security measures or just plain luck.
The book is easy to read implement in all areas of security. The physical security, loss prevention, DoD contractor, and many others in and out of the security profession can adapt the principles to their business units.

Body of Secrets, By: James Bamford This book is well written and an easy read of one of the most fascinating agencies of all time. Mr. Bamford has performed exhaustive research into the workings of the super-secret NSA. Personally, I have a long history as an intelligence analyst during the Cold War and reading this book brings back a lot of memories of the history and working of the world at the time.

ISP Certification-The Industrial Security Professional Exam Manual, By: Jeffrey W. Bennett ISP If you are serious about advancing in your field, get this book. Learn the secrets to becoming influential, earning credibility and studying for the ISP Certification. Secret number one, you are a technical expert and know the business of protecting classified information. Let us help you prepare for the test. Our book helps you prepare for both your career and the ISP Certification Exam.

Jeffrey W. Bennett
Author of ISP Certification-The Industrial Security Professional Exam Manual
Join our newsletter
Follow me on twitter
Linkedin Profile
Join the Linkedin Industrial Security Professional Group

No comments: