In Strategic Security Management: A Risk Assessment Guide for Decision Makers, author and security expert witness Karim H. Vellani provides a “definitive text on security best practices, introduces the concept of analysis for security decision making, and discusses advanced threat, vulnerability, and risk assessment techniques that you can apply to your organization’s security program.” The first two chapters include:
Chapter 1, Data Driven Security, sets the tone for the rest of the book with its discussion of a relatively new security concept, using data to drive the security program. Security professionals, only recently, have started using quantitative data to determine appropriate security levels. This chapter provides some of that food for thought mentioned above as well as a “howto” for developing security metrics.
Chapter 2, Asset Identification and Security Inventory, discusses the first two steps of the risk assessment process, the identification and categorization of organizational assets and the itemization of existing security measures. Critical assets, those that are integral to the organization’s mission, are the focal point of the first half of this chapter, while three types of security measures are discussed in the latter half. Also included in this chapter is a list of definitions so we’re all speaking the same language as we progress through the book.
Vellani is President of Threat Analysis Group, LLC.