CHAPTER 1

INTRODUCTION TO SECURITY

There is no such thing as perfect security, only varying levels of insecurity.

-Salman Rushdie-
ETYMOLOGY OF THE WORD 'SECURITY'
The word entered the English language in the 16th century. It is derived from Latin word "securus”,
meaning freedom from anxiety: se (without) + cura (care, anxiety). The term also derives from the Latin
"Securitas", feeling no care or apprehension, the safeguarding of (the interests of a state, organization, or
persons; safe.
From this point, there are four interlinking factors that evolved to make individuals, enterprises,
institutions, and society as a whole secure:
1. Physical Security Measures;
2. Public Protection Forces;
3. Private Security Personnel; and
4. Individual Efforts for Protection and (Her Maintenance.

Physical Security Measures

Due to the dynamic relationship between human population and resources, security became necessary for
human survival. The fear of attacks led to the evolution of defensive means to protect the community. A
fundamental strategy was to use physical security measures. And often, geographic location could be
significant for protection such as being situated on high locations or surrounded by or alongside bodies of
water.

Wall or physical barriers for protection often surrounded the community. Posts, thick enclosures, heavy
doors with stout closures, animals, and traps all served to protect communities from attack from outside forces.
Today, walls expressed the power and promise of urban life. A walled community evoked psychological,
economic, military, and political impediment for attackers.

Animals probably preceded defensive structures to protect people. Dogs are particularly suitable for
security purposes. Dogs were valuable also as canine alarms, to attack intruders, for hunting, and for
companionship. In modern times canine patrols serve law enforcement around the world. They are used to
detect illegal contraband, the smuggling of people, and the presence of prohibited foods, plants, narcotics, and
explosives.

Other animals besides dogs have played roles in protecting people and property. Birds capable of making
loud noise when disturbed have been put to use to protect prisons from escapees and military facilities from
unauthorized presence of people.

Security is needed within as well as without a walled community or structure. To protect precious
objects, including vital documents; hidden places within walls or furniture or under floors were frequently
created.

Public Protection Forces

Considering that the first duty of the community is to protect through government and personal
initiative, hierarchical stratification in early society occurred partially to provide leadership for defensive
purposes.
The military is primarily respinsible3 for macro risks generally occurring outside of the nation, the
police are responsible for internal micro risks within the community. To manage the peace, sworn officers
always have possessed a special power: to deprive people temporarily of their liberty for reasonable cause.
But at times when policing is inadequate for whatever reason, the private sector provides protection for itself.
Eventually this will foster the rise of private security services and systems.
Private Security Personnel
1|Page Introduction to Industrial Security Concepts
 Today, private security personnel offer their clients flexibility, specialized skills, insurance covering job-
related liabilities, and cost-effective services making the choice attractive for clients. Private security firms
sometimes operate for profit correctional facilities and provide services in government offices, educational and
research institutions, and within military compounds.
Individual Efforts for Protection and Order Maintenance

From the earliest evidence of human experience, individuals have taken responsibility for their own
security. This involved physical measures as well as protective procedures taken individually and collectively.
While the military, civilian police, private security, and indeed numerous other organizations
provided by the state offer protection, individual efforts are the oldest, most prevalent, and most difficult
activity to assess quantitatively and qualitatively. Programs provided by the state and not- for- profit
organizations have been developed to mitigate risks in modern times.
SECURITY IN GENERAL

SECURITY, in a collective sense, is the same as protection and safety; the state of being safe and the
condition of being protected against social, spiritual, financial political, emotional, occupational,
psychological or other types or consequences of failure, damage, error, accidents, ham or any other event
which could be considered not desirable." SECURITY is also freedom from fear, harm, danger, loss,
destruction or damages. A state of the mind by which a person sees or feel absence of danger and presence of
comfort.

FIELDS OF SECURITY

The following are the fields of security classified according to each sphere or subject:

A. Information Technology (IT) Fields

1. Computing Security - is a branch of information security applied to both theoretical and actual
computer systems.
2. Computer Security - is a branch of computer science that addresses enforcement of 'secure' behavior on
the operation of computers. The definition of 'secure' varies by application, and is typically defined implicitly
or explicitly by a security policy that addresses confidentiality, integrity and availability of electronic
information that is processed by or stored on computer systems.

3. Data Security - is the means of ensuring that data is kept safe from corruption and that access to it is
suitably controlled. 'Thus, data security helps to ensure privacy. It also helps in protecting personal data.

4. Application Security - encompasses measures taken to prevent exceptions in the security policy of an
application or the underlying system (vulnerabilities) through flaws in the design, development, or
deployment of the application.
5. Information Security - means protecting information and information systems from unauthorized
access- use, disclosure, disruption, modification, or destruction. The terms information security, computer
security and information assurance are frequently used interchangeably. These fields are interrelated and
share the common goals of protecting the confidentiality, integrity and availability of information; however,
there are some subtle differences between them. These differences lie primarily in the approach to the subject,
the methodologies used, and the areas of concentration. Information security is concerned with the
confidentiality, integrity and availability of data regardless of the form the data may take: electronic, print, or
other forms.
6.Network Security - consists of the provisions made in an underlying computer network infrastructure,
policies adopted by the network administrator to protect the network and the network-accessible resources
from unauthorized access and the effectiveness (or lack) of these measures combined together.

2|Page Introduction to Industrial Security Concepts

B. Physical Security Field
1.Physical Security- describes measures that prevent or deter attackers from accessing a facility, resource,
or information stored on physical media. It can be as simple as a locked door or as elaborate as multiple
layers of armed guard posts.

2. Shopping Center Security (Mallor Supermarket) - a type of security which is concern with the
protection of the stores, warehouses, storage, its immediate premises and properties as well as the
supermarket personnel and customers. Security personnel are trained to detect "shoplifter", robbery, and
bomb detection and customer relation.

3. Airport/Seaport Security - refers to the techniques and methods used in protecting airports and
seaport and by extension aircraft or sea craft, from crime and terrorism.
4.Home Security - are those methods use of protecting residential homes or town sites which include the
interior protection of houses against property losses or damages.

5. Industrial Security- a type of security applied to business groups engaged in industries like
manufacturing, assembling„ research and development, processing, warehousing and even agriculture.

6. Hotel Security - a type of security applied to hotels where its properties are protected from
pilferage, loss, damage and the function in the hotel restaurants are not disturbed and troubled by
outsiders or the guest themselves. This type of security employs house detectives, uniforms guard and
supervisor and ensures that hotel guests and their personal effects are safeguarded.
7. Bank Security - this type of security is concerned with bank operations. Its main objective is the
protection of bank cash and assets, its personnel and clientele. Security personnel are trained to safeguard
bank and assets while in storage, in transit and during transactions.
8. School/Campus Security - a type of security that is concerned with the protection of students, faculty
members, and school properties. Security personnel are trained to protect the school property from theft,
vandals, handling campus riots and detecting the use of intoxicated drugs and alcohol by the students.

C. Political Field
1. International Security- consists of the measures taken by nations and international organizations, such
as the United Nations, to ensure mutual survival and safety. These measures include military action and
diplomatic agreements such as treaties and conventions. International and national securities are invariably
linked.
2. National Security - refers to the requirement to maintain the survival of the nation-state through the use
of economic, military and political power and the exercise of diplomacy.
3. Human Security- refers to an emerging paradigm for understanding global vulnerabilities whose
proponents challenge the traditional notion of security by arguing that the proper referent for security
should be the individual rather than the state. Human security holds that a people-centered view of security
is necessary for national, regional and global stability.
D. Monetary Field
I. Financial Security- refers to the methods applied for the protection of fungible, negotiable
instrument representing financial' value. It broadly categorized into debt securities, such as banknotes,
bonds and debentures, and equity securities, etc.
E. Other Security Fields
1. VIP Security - a type of security applied for the protection of top-ranking officials of the government or
private entity, visiting persons of illustrious standing and foreign dignitaries. Maybe used to
interchangeably mean the same with Close Protection Operation.

2. Homeland Security - similar to national security but this is more focused on the protection of vital
entities such as critical utilities, critical facilities, and critical infrastructures.

3|Page Introduction to Industrial Security Concepts

TYPES OF SECURITY THREATS
The type of security threats in any enterprise is dependent on the kind of asset subject for protection and
the type of security operation of an installation. But generally, the security design almost considers the
following security threats:

1. Threats against and Properties- includes possibility of physical harm or injury among people such as
shooting, knife attack or other means of active attack. Generally, these threats are categorized under
crimes against persons and properties
2. Threats to Identity - specifically, are threats among cyber users or electronic device-based attack or
intrusion. For instance, an attacker ca impersonates a user and fraudulently make calls and conduct data
sessions through the user's device.

3. Threats to Confidentiality - these are threats against confidentiality in wireless communications roads
systems and classified documents or materials.
4. Threats to integrity - integrity is closely related to confidentiality, as there maybe be breaches
company's trade secrets. As such, it has direct on company business reputation. may involve a wide range of
criminal and fraudulent activities.

5. Threats from Intrusion - the unauthorized access to the installation, data or devices, whether by a
human attacker or by malware intrusion.
6. Threat to Business Continuity - can be in many forms of natural sources or human induced for
business sabotage, subversive activities, espionage, pilferage.

CURRENT THREATS TO SECURITY

A. Terrorism
Terrorism is the use of force violence against persons or property for purposes of intimidation,
coercion, or ransom. The threat of terrorism has become one of the most disturbing aspects of modem life.
Acts of terrorism include bomb threats, bombings, assasinations kidnappings, hijackings, cyber-attacks
(computer-based), and the threat/use of chemical, biological and radiological attacks. Targets for acts of
terrorism have included airports, aircraft, military and police facilities, high-profile landmarks, large public
gatherings, water and food supplies, and utilities.

As well as the threat from terrorists, there are also threats to civil aviation from criminals, the
mentally ill, bogus refugees, and even people with revenge motives such as disgruntled ex-employees.
Even totally innocent people can be a threat by inadvertently carrying a potentially dangerous item in
their luggage aboard an aircraft. There are huge numbers of potentially dangerous items, including firearms,
IEDs, bladed items, toxic chemicals, highly inflammable substances and other threat items.

B. Improvised Explosive Devices

The military bomb, as we generally recognize it, is a ballistic shaped object filled with large quantities
of explosive and dropped from aircraft from the air. It is designed to explode on impact when it reaches its
target. But terrorists, criminals, extortionists and anti-social elements extensively use their own types of
homemade bombs, called "Improvised Explosive or "IEDs" Modern terrorists who use IEDs as their weapons
of choice are often extremely creative in designing and placing their weapons. Hundreds of everyday articles
have in the past modified and used to conceal an explosive or incendiary device. They are also capable of
producing sophisticated IEIX remotely detonated, with highly technical movement devices and
countermeasures with booby-traps built into the design.
C. Firearms
Firearm, generally refers to any lethal barreled weapon from which any shot, bullet or missile can be
discharged. Under the laws of many countries the term "firearm" also includes any article having the
appearance of being a firearm, whether it is actually capable of being discharged or not.

4|Page Introduction to Industrial Security Concepts

 Terrorists use both manufactured and improvised firearms. Criminals will sometimes saw-off the
barrel and butt of a firearm, to help make it shorter and more concealable; and therefore, less recognizable.
Terrorists frequently use "handguns" in their attacks, they are easily obtainable and often small enough to be
easily concealed amongst other items in a packed bag or case.
D. Bladed Items
There are many bladed and sharp items that. could be used as weapons in the hands of malicious
individuals. These include knives, including kitchen knives, cutlery knives, automatic knives, switchblades
and ceremonial knives, axes and hatchets, arrows and darts, crampons, harpoons and javelins, pickaxes and
ice axes, cleavers, machetes, open razors and blades, swords, billiard cues, scalpels, scissors with blades, ski
poles and walking sticks, throwing stars, tools that can be used as a stabbing or cutting weapon and other of
bladed and pointed items.

E. Postal Devices
Postal devices are now one of the common means of criminal attack upon organizations and
individuals worldwide. Historically, the motives for mail bombs have included revenge, extortion and
terrorism. The ease with which postal devices can be sent and the anonymity afforded the sender makes them
extremely attractive and deadly tools for vicious and calculating individuals. Postal device senders never
need to come face to face with the people they maim or kill. Hazardous items that have been sent by post
include explosives, incendiary devices, hazardous chemicals, biological agents like Anthrax, razor blades,
needles and broken glass.
F. CBRN Threats
Chemical Threats- Chemical weapons are chemical compounds that have a strong, deleterious effect
on the human body, even when encountered in small doses. The different types of chemical include
vesicants, which blister and burn on contact; choking agents, which cause lung damage; and nerve agents,
which interfere with the nervous system and may lead to death. The effects from chemical weapons may
occur very quickly after exposure, on the order of minutes to hours.
a. Biological Threats - Biological weapons are pathogens that cause disease and illness in infected
humans. Because the pathogens multiply within the victim, a small initial amount of pathogen is sufficient to
cause infection. As a consequence, biological weapons require much less material than chemical weapons to
produce equivalent casualties and generally take longer to produce effects. Biological weapons include
diseases that are primarily incapacitating, such as Q fever, as well as those that are lethal, such as smallpox.
Some biological weapons are contagious pathogens, such as smallpox, and have the potential to spread the
effects of an attack by traveling from victim to victim. The symptoms from a biological weapon attack would
require some time to develop, so a covert biological attack might not be recognized for several days-

b. Radiological and Nuclear Threats - The radiological terrorist device is unlikely to be nuclear
devices as we generally know them, such as those that make up the nuclear arsenals of countries including
the U.S., Britain, Russia and France. Manufacturing nuclear weapons is difficult even for countries with
money, infrastructure, and scientific resources. Nuclear weapons involve a complex nuclear-fission reaction,
and" the expertise and materials necessary would be extremely difficult for any terrorist organization to
acquire. Terrorists could, however, build cruder, radiation weapons; which are commonly called "dirty
bombs." A dirty bomb, or radiological dispersion device, is a bomb that combines conventional explosives,
such as dynamite, with radioactive materials in the form of powder or pellets. Many types of radioactive
materials with military, industrial, or medical applications could be used in a dirty bomb. Medical supplies
such as radium or certain cesium isotopes, used in cancer treatments could be used.

J. Improvised Incendiary Device (Ill))

An IID is a device designed to destroy, incapacitate, harass, or distract by creating intense heat and
fire, rather than by exploding. Terrorists have often used IIDs to attack economic targets. IIDs are generally
hand carried devices, often deployed against targets such as retail outlets and transportation.

5|Page Introduction to Industrial Security Concepts

 H. Grenades
A hand grenade is a small hand-held anti-personnel weapon designed explode after a short time. Hand grenades
may appear in several shapes, sizes contain explosives, while others may be incendiary and filled with white
phosphorus; smoke or gas. The most common grenade associated with terrorist attacks is the anti-personnel
hand grenade. These grenades, which played a major role in World Vietnam and many other conflicts, are
designed to be durable and simple to thrown by hand. Several types are fired from rifles or purpose-designed
grenade tear gas grenades used in riot control are fired from riot guns; and the M203 is a be fitted to several
types of rifles such as the M4 Carbine and M16 rifle.
GENERAL SECURITY PRINCIPLES

There is no business without security problems and assets protection risks. These risks and problems
take many forms. Mitigating them effectively is a primordial consideration.

Risk mitigation require planning and understanding of the security needs, conditions, threats, and
vulnerabilities. Assessing security conditions and planning, for appropriate levels of assets protection begins
with the basics - risk management.
Security in physical layers should be introduced and should address external barriers such as fences,
walls, gates, buildings, and lobbies and internal barriers such as, access control systems. Internal controls
and intrusion detection systems should also be addressed, as is the use of current technology, such as
biometrics.

Physical security is the most fundamental aspect of protection. It is the use of physical controls to
protect the premises, site, facility, building, or other physical assets. The application of physical security is
the process of using layers of physical protective measures to prevent unauthorized access, harm, or
destruction of property.
Physical security protects a property, plant, facility, building, office, and any or all of their contents
from loss or harm. Physical security contributes to protection of people and information.
Physical security is the baseline security measure, or foundation, on which all other security
measures and functions are built. They are used to ensure that only authorized persons have access to
facilities and property. The measures employed must be appropriate for each separate operating environment.
In any event, physical security measures are the baseline of protection. All other measures will be
integrated with physical security measures, developing a protection profile of assets protection within layers.
It is the responsibility of management to determine what physical security controls are necessary to provide
adequate level of protection.
COMMON SECURITY CONCEPTS
From the different security field presented earlier, these are the common recurring concepts in security:
1. Risk - a risk is a possible event which could cause a loss; the exposure to the chance of injury or loss.
2. Threat - an event, action or method that triggers a risk which is either natural cause or human
3. Vulnerability - it is the state of being open to injury or loss; a weakness in a target that can potentially
be exploited by a threat.
4. Assessment - is the process of evaluating the probabilities and consequences of risk events if they are
realized; it includes the processes of identifying„ qualifying, and prioritizing security systems and
counter measures.
5. Defense in Depth - is an approach to security in which a series of defensive mechanisms are layered in
order to protect the asset. The concept is that, if one defense mechanism fails, other steps up to
immediately impede an attack or unauthorized intrusion.
6. Target Hardening - is comparable to defense in depth but more focused on strengthening the security
of a building or installation in order to protect it in the event of attack or reduce the risk.

7. Countermeasure - is a way to stop a threat from triggering a risk event.

6|Page Introduction to Industrial Security Concepts

 8. Mitigation - is the means of reducing risk of loss from the occurrence of any undesirable event. A
mitigation action is a specific action, project, activity, or process taken to reduce or eliminate long-term risk
to people and property from hazards and their impacts.
FUNDAMENTALS OF SECURITY MANAGEMENT
The bottom line is that; it is better to run a work force on security than insecurity
-Jared Bernstein-
SECURITY MANAGEMENT defined
Security Management is the proper utilization of resources in a security organization in order to meet
organizational goals and of objectives and to ensure their achievements. In another sense, it is a broad field of
management related to asset management, physical security and human resource safety functions. It entails the
identification of an organization's information assets and the development, documentation and implementation
of policies, standards, procedures and guidelines. Management tools such as information classification, risk
assessment and risk analysis are used to identify threats, classify assets and to rate system vulnerabilities so
that effective control can be implemented.
As a field in management, security management deals primarily on asset protection, both from
physical safety and digital security. It is closely related to risk management aimed at creating through various
methods, procedures, guidelines and standards of security solutions which help reduce identified risks in an
organization.
Security management is a systematic, repetitive set of interconnected activities to ensure safe
operation and thus reduce the likelihood of risks. The key purposes are avoidance of problems or negative
phenomena such as threats and risks; and avoidance of crisis or other problems which may cause delay, harm
or loss of assets.
The areas of physical and digital security management in organizations are for security
management are:
1. Physical security
2. Property security including cash and valuables, buildings security, security guards
3. Personal Security including human resources management
4. Information security, in terms of protection of the law or contractually protected or valuable
information
5. Computer security, in terms of use and set of hardware and software, including special tools (e.g.
protection, and deployment, tracking and interception)
6. Occupational safety and health, including fire protection
7. Fraud management and forensic auditing

BASIC MANAGEMENT FUNCTIONS

According to Henri Fayol, there are five functions of management relevant to security organizations.
They focus on the relationship between personnel and its management and they provide points of reference so
that problems can be easily solved.
1. Planning - is looking ahead, drawing up a good plan of action. This requires active participation of the
entire organization. With respect to time and implementation, planning must be linked to and
coordinated on different levels. Planning must take the organization's available resources and flexibility
of personnel into consideration as this will guarantee continuity.

2. Organizing - An organization can only function well if it is well-organized. Sufficient capital, staff and
raw materials are in placed so to build a good working structure. The organizational structure with a
good division of functions and tasks is of crucial importance. When the number of functions increases,
the organization will expand both horizontally and vertically. This requires a different type of
leadership.

3. Commanding — giving of orders and clear working instructions to employees so they would know
exactly what is required of them. Return from all employees will be optimized if they are given concrete
instructions with respect to activities that are carried out by them. Commanding reflects effective
communication which gives integrity to decision making.

4. Coordinating — harmonization of activities in an organization that leads to efficient function. It aims

at stimulating motivation and discipline within the different units in the organization.

5. Controlling - verifying whether the activities are carried out in conformity with the plan. This requires
establishment of performance standards based on organizational objectives, measuring and reporting on
actual performance, comparing results with performance and standards, a taking corrective or
preventive measures as needed.

7|Page Introduction to Industrial Security Concepts

PRINCIPLES OF SECURITY MANAGEMENT
Security management is anchored on the principles of management by Henri Fayol who, after
years of study, was able to synthesize 14 principles of management that serve as a guideline for decision-
making and management actions. They are drawn up by means of observations and analyses of events that
managers encounter in practice.
These principles can be used to manage organizations and are useful tools for forecasting, planning,
process management, organization management, decision-making, coordination and control.

1. Division of Work - specialization of the workforce increases their accuracy and speed. In practice,
employees are specialized in different areas and they have different skills. Different levels of expertise
can be distinguished within the knowledge areas (from generalist to specialist). According to Henri
Fayol, specialization promotes efficiency of the workforce and increases productivity.

2. Authority and Responsibility - accompanying power or authority gives the management the right to
give orders to the subordinates. This means that in order to get things done in an organization,
management has the authority to give orders to the employees. But of course, with this authority comes
responsibility.

3. Discipline - is about obedience. It is often a part of the core values of a mission and vision, in the form
of good conduct and respectful interactions.

4. Unity of Command - an individual employee should receive orders from one manager and that the
employee is answerable to that manager. If tasks and related responsibilities are given to the employee
by more than one manager, this may lead to confusion which lead to possible conflicts for employees.

5. Unity of Direction - is about focus and unity. All employees deliver the same activities that can be
linked to the same objectives. All activities must be carried out by one group that forms a team. These
activities mast be described in a plan of action. Focus areas are the efforts n-lade by the employees and
coordination.

6. Subordination of Individual Interest — is about ethics. Personal Interests are subordinate to the
interests of the organization. The man primary focus is on the organizational objectives and not on
those of the individual. This applies to all levels of the entire organization, including the
7. Remuneration — the compensation of employees must be sufficient to keep employees motivated
and effective. Motivation and productivity are close to one another as far as the smooth running of an
organization. Remuneration could be non-monetary, such as a compliment, more responsibilities,
credits or in the form of monetary consideration such as compensation, bonus or other financial
rewards.

8. Degree of Centralization - Management and authority for decision-making process must be properly
balanced in an organization. This depends on the volume and size of an organization including its
hierarchy. Centralization implies the concentration of decision-making authority at the top management.
Sharing of authorities for the decision-making process with middle and lower management is
decentralization and that an organization should strive for a good balance in this.

9. Scalar Chain- Hierarchy presents itself in any given organization. This varies from top management to
the lowest levels in the organization. This principle states that there should be a clear line in the area of
authority from top to bottom and all managers at all levels.

10. Order - employees in an organization must have the right resources at their disposal so that they can
function properly in an organization. There must be social order where the work environment must be
safe, clean and tidy.

11. Equity - Employees must be treated kindly and equally. Employees must be in the right place in the
organization to do things right. Managers should supervise and monitor this process and they should
treat employees fairly and impartially.
12. Stability of Personnel Tenure — the deployment and managing of personnel should be in balance with
the service that is provided from the organization. Management strives to minimize employee turnover
and to have the right staff in the right place.

13. Initiative - employees should be allowed to express new ideas. This encourages interest and
involvement and creates added value for the company. Employee initiatives are a source of strength for
the organization.

8|Page Introduction to Industrial Security Concepts

 14. Esprit de Corps - management should strive for the involvement and unity of the employees. Managers
are responsible for the development of morale in the workplace; individually and in the area of
communication. Esprit de corps contributes to the development of the culture and creates an atmosphere
of mutual trust and understanding.

LEVELS OF MANAGEMENT
The process of management is becoming complicated with the growing complexities of business.
This calls for a higher degree of skills and abilities. In view of the technological features influencing the
size and the scale of modern enterprise, management cannot be a simple task that can be performed by an
individual or a few persons interested therein as proprietors. Hence, managerial functions are assigned to
different personnel all along the organization.
The levels of hierarchy of management with authority and responsibility are categorized
according to functions arranged as follows: Top Management, Middle Management, and Lower
Management
Top Level Management
Top level management is usually made up of Board of Directors. However, in practice the
Directors do not take part in the day-to-day affairs of the organization. But the task is generally entrusted to
the Managing Directors or General Managers. They are called as Chief Executives and they are responsible to
carry out the broad policies formulated by the Board. However, the ultimate control rests with Directors. Top
level management is the policy making body responsible for the overall direction and success of all the
activities of the company.
The principal functions of the top management are:
1. Determination of Objectives
2. Formulation of Policies
3. Long Range Planning and Strate
4. Organizing for Action
5. Developing of Major Resources
6. Selecting Key Personnel
7. Coordination and Controlling

Middle Level Management

This level of management is concerned with the execution of the policies and plans designed by the top
management. Therefore, the middle level management comprises of departmental heads and other executives.
Though the top management forms the head and brain of the organization, the personnel in the middle
management actually take part in the execution of the plans and experience the difficulties involved in it.
The principal functions of the middle level management are:
1. Interprets the policies of the company
2. Prepare organizational set up in their department
3. Issue orders to the subordinates and others in their department
4. Motivate the personnel for higher productivity
5. Collect reports and other information about the work turned out in their respective departments
6. Provide information and assist top management in revising the plans to secure better performance.
Lower Level Management
This level of management refers to subordinate departmental heads, foremen, office superintendents,
supervisors, etc. They come in direct contact with the employees or workers. They actually carry out the
operations as per schedule. They are designated as the "Leg work". They provide the essential link between the
worker and the management. The important functions of the personnel in lower management can be summed up
as follows:
1. Executing of the work entrusted to them,
2. Maintaining of the standard, quality and workmanship of the product,
3. Eliminating wastage of material, time, etc.,
4. Maintaining strict discipline among the workers,
5. Preserving the morale of the workers
6. Providing instructions and other information to the workers and guiding them while in action.
ELEMENTS OF SECURITY MANAGEMENT
Concerns and issues related to security are intertwined in all areas of the life of an organization.
Many of them are considered and documented organizational and provided within the respective area of the

9|Page Introduction to Industrial Security Concepts

 management system of the organization. It is necessary to reach the ultimate goal of improving security of the
organizations by developing integrated management systems for business security.
A Security Management System may be considered as that part of the overall management system,
based mainly on the quality management system, that provides the structure to enable identification of
potential threats to an organization and which establishes, implements, operates, monitors, reviews and
maintains all appropriate measures to provide assurance of the effective management of the associated security
risks.
The following elements of security management are inherent in the management system:
1. Establish Security Management Framework
 Specify process purpose, scope, goals, and capabilities
 Define process policies, standards, and conceptual models
 Determine and Identify process requirements, roles and responsibilities
 Assign process responsibilities to organizations
 Determine process procedures and relationships to other processes
 Define measurements and controls
 Create project proposals
 Communicate and deploy framework
2. Produce and Maintain Security Policy
 Analyze findings
 Assemble and communicate security policy
 Assess business policies and plans
 Assess new technology
 Assess regulations and standards
 Define overall security objectives
3. Analyze Security Threats, Vulnerabilities and Risks
 Communicate results and recommendations
 Develop security recommendations
 Identify security threats
 Perform detailed risk assessment of threats and vulnerabilities
 Project potential future IT threats
4. Classify Information Asset Security
 Create asset security classification scheme
 Identify security policy requirements on asset security
 Review asset inventory
5. Plan and Implement Security Practices
 Communicate security directives
 Complete security plan
 Initiate change request
 Review details of plan with stakeholders
 Define security infrastructure
 Define security plan procedures
 Define security plan schedule
 Monitor Change
6. Operate Security Protection Mechanisms
 Deny request
 Document security violation
 Initiate incident
 Monitor and detect for security violation
 Validate security request
 Provide access to authorized user
 Perform protection request
7. Monitor, Assess, Audit and Report Security
 Analyze request for information
 Define and build report
 Generate and communicate report
 Review active security controls
 Summarize Inconsistencies
8. Evaluate Security Management Performance
 Collect feedback
 Produce process measurements
 Research trends and best practices

10 | P a g e I n t r o d u c t i o n t o I n d u s t r i a l S e c u r i t y C o n c e p t s
  Review existing documentation
 Assess Process Execution
 Audit Process
 Assess process framework
 Collect evaluation results
 Produce gap analysis
 Recommend initiatives
 Complete evaluation
 Communicate to stakeholders

QUALITY MANAGEMENT SYSTEM

Organizations found a way to offer something that people want, at a price they are willing pay, in a
way that will make money in the transactions. Successful companies offer quality products and services in this
exchange, and keep quality high for customer satisfaction. Quality is the totality of features and characteristics
of a product or service that bear on its ability to satisfy stated or implied needs. Thus, security is a component of
quality. Quality is the responsibility of the whole organization and security is a part of the totality of quality of a
system, implicit in customers- expectations. Security, as a component of quality, must be addressed throughout
an organization, in the definition of strategy the development of policy and the implementation and monitoring.

MANAGEMENT SYSTEM COMPONENTS

1. Credibility and Integration of Personnel corporate security personnel, regardless of
background, should be able to demonstrate competence not only in all aspects of the security discipline, but
also have an awareness of the contribution they can make to other aspects of the business, such as
governance, compliance, assurance, new ventures, and other essential business-related issues.

2. Policies, Objectives and Tasks - there should exist a single security policy which outlines the
security architecture, and protocols which should address security management objectives; statement of the
attitude of the organization to security; description of the security environment; statement of the security risk
appetite; security organization procedures for security risk assessment; responsibilities; list of security
standing operating procedures; security priorities and calendar for corning year.

3. Threat, Vulnerability and Security Risk Assessment - security risk assessments should take into
consideration a wide range of elements beyond physical security threats. Such elements should Include the
operating environment and groups/ events by which it is characterized; the profile of the organization, the
footprint and the social impact; the strategic, long term objectives of the organization; voluntary principles of
security and human rights; legislation and local expectations; capability and Intent of local crin-1inaT/
terrorist elements; vulnerability and attractiveness of assets to criminal/terrorist elements; and availability of
resources.

4. Controls- examples of security controls may include fences, CCTV physical protection measures
(lights, barriers, etc.); introduction of security procedures (ID checking, access control, mail screening
(local social/ networking providers, etc.); electronic security (encryption, password protection, etc.);
resourcing (security personnel, equipment, etc.); and local Integration or corporate social responsibility
programs.

5. Security Risk Register- a security risk register should facilitate ownership and management of
security risks; provide an overview of the significant security risks that arc faced by an organization; record
the results of threat/ vulnerability security risk assessment; form an agreed record of those security risks that
have been identified; record additional proposed actions to improve the security profile; and facilitate the
prioritization of security risks.

6. Planning and Resourcing- effective planning consider to address targets; time frame in
achieving them, and the manner they be achieved.

7. Execution and Control Activities- the execution of plan is predicated on all of the previous
components in the management system such that the plan has identified all the security risks to the operation;
all control mechanisms a-reestablished; the plan has been accordingly and appropriately resourced;
procedures are documented, approved and validated; the plan has been effectively communicated to those
with responsibility for Its execu1tion; assurance that those responsibility for carrying out the plan have the
correct competencies; all correct back up and reinforcement strategies are established and tested.
11 | P a g e I n t r o d u c t i o n t o I n d u s t r i a l S e c u r i t y C o n c e p t s
 8. Monitor and Security Reporting — monitoring is based, upon effective two-way
communication. Where appropriate, traditional methods are often effective and should be considered
inspections; review meetings; auditing; interview; and workshops.

9. Review- the purpose of the review be any combination of the following: to critically de brief the
plan in order to determine strengths weaknesses and areas that could be improved; to obtain feedback from
those involved in the execution of the plan/ project regarding the manageability of the plan; to highlight any
competency Issues arising from exposure to next challenges; to exam-nine much contribution the
operation/task/ project brings to the achievement or the organization's objectives; assurance to top
management that security is being managed effectively; enables security management to assess whether
established protocols are be in effective, and to take action accordingly; an highlight examples of good
practice.

10. Learning- effective processes for learning lessons will enable an organization to introduce
improvements to procedures, improvements in organizational structure; update documentation •
implementation of next training courses; increase awareness of new threats/ update on existing threats; and
introduce next equipment/ technology.

11. Reporting to Top Management - providing such feedback to top management offers
reassurance that security is being effectively managed and the reassurance that security understands its role in
the achievement of the business objectives. It also gives confidence in decision-making that all security issues
have been given appropriate consideration.

SECURITY AND QUALITY MANAGEMENT

A security management system, as with other management systems is based upon the model defined
in ISO 9001 Quality Management Systems Requirements. In a security risk-based, process-driven approach to
security, the achievement of security objectives should start with a threat/ security risk assessment. Having
identified the security risks and planned mitigation measures, a security risk register may be established. The
mitigation measures detailed in the security risk register are realized through resource management and
security planning, thus arriving at a security solution (product), whether that is hard security measures,
procedural requirements or a higher-level security solution that supports strategic objectives, such as a crisis
management strategy or establishment of an intelligence gathering network. In order to help in the
achievement of organizational objectives, the management system needs to be supported by approved
standards and procedures. The security management principles include customer focus, leadership,
involvement of people, process approach, systems approach to management, continual improvement, factual
approach to decision making, and mutually beneficial supplier relationships.

RESOURCES FOR SECURITY MANAGEMENT

For any organization to succeed of achieving its goals or objectives, it requires the utilization of
available resources. The 1OMs of management are essential resources for security management they are as
follows:
1. Manpower - refers to people as resources. It is the important of all resources. It pertains to the
workforces in the all levels of management, without them, all other resources are n usable. They are
categorized as the managers and the employees.

2. Money — refers to financial resources. It is the driving force of any business for the compensation or
reward of the work force. Any business enterprise of any nature and size needs a capital.

3. Machineries — refers to devices or tools needed in order to aid the work force do their activities with
ease and simplification. These includes modern technologies and automations.

4. Materials — refers to raw materials as inputs to business production. They are processed into finished
form and become products".

5. Methods — refers to standards and procedures used as techniques of production. It can be systems that
are put together for the transformation of raw materials into usable products, goods or services.
Machines do not operate by themselves without a system or procedure.

12 | P a g e I n t r o d u c t i o n t o I n d u s t r i a l S e c u r i t y C o n c e p t s
 6. Market — are interactions, social relations, and institutions for trading of goods and services, which
form part of the economy. It refers to "transactions in motion, categorized as consumer market or
industrial market.

7. Minute — refers to the management of time, the optimum time that a worker needs to produce the
highest quality of product or service. It is called efficiency at work.

8. Morale— refers to motivation of people, the moving power to act or exert effort to achieve desired
goals or objectives. It is the 'secret weapon' of management of controlling and getting the job

9. Matter- refers to data and information management. Data refers to information are translated into a
form that is efficient for movement or processing. They are used for organizational program that
manages the people, processes and technology that provide control over the structure, processing, and
delivery. Information are also required for management and business intelligence purposes.

10. Measurement — are internal control systems, such as preventive controls, detective and reactive
controls, use to gauge effectiveness. It encompasses the assessment of performance and results achieved
by employees and the entire organization.
SECURITY MANAGERS
Security managers are persons in the organization who are responsible for monitoring the security
operations for any organization or company. They implement security policies, regulations, rules, and norms
and make sure that the environment in their organization is safe for employers and visitors. These managers
are required to hire new members for the staff and delegate tasks and duties to them. One of their main duties
is to check and monitor the access control of the people who are visiting the company. They perform many of
the following tasks:

1. Keeping track of different events.

2. Implementing security protocols
3. Creating emergency response procedures
4. Conducting security evaluations.
5. Supervising security staff members.

TYPES OF SECURITY MANAGERS

1. Functional Manager — one who is responsible for just one organizational activity such as
accounting, human resources, sales, finance, marketing, or production. Focus on technical areas
of expertise, use communication, planning and administration, teamwork and sell-management
competencies to get work done.
2. Operations General Manager—one who is responsible for the operations of more complex
units for example, a company or division. Oversee work of functional managers. Responsible for
all the activities of the unit and the need to acquire strategic and multicultural competencies to
guide organization

ESSENTIAL SKILLS FOR SECURITY MANAGERS

1. Communication skills
2. Physical fitness
3. Knowledge of security environments and hazards
4. Excellent attitude
5. Interpersonal skills
6. Analytical skills
7. Leadership skills
8. Initiative and being proactive
9. Good negotiation skills
10. Being able to work with a team

13 | P a g e I n t r o d u c t i o n t o I n d u s t r i a l S e c u r i t y C o n c e p t s
VARIOUS STYLES OF SECURITY MANAGERS
The work force and other resources are managed by multiple types of managers, with each
having their own unique management and leadership style, as follows:

1. The Visionary — one who listens to ideas and take note of what they're trying to achieve. They jump
right. in and help brainstorm ideas with a team. They provide practical advice and options for how their
ideas can be turned into a reality.

2. The Coach — one who is like a sports coach, who bring high levels of energy and discipline. He aims
to bring nigh performance into the workplace. He is highly people-focused and view the success of the
team as his own personal success. He usually set clear, realistic goals for performance and discuss
practical strategies on how the team can achieve those goals.

3. The Sensitive Boss- bosses are genuinely concerned with the emotional well-being of their workers and
are determined to create a workplace that is as harmonious and responsive to individual needs as
possible. They an-n to create close connections shared team between activities, individual while
minimizing workers stressful through or confronting situations.

4. The Democratic Boss - one of the easiest types of managers to work with, democratic bosses are
focused on open collaboration within their teams and are underpinned by a strong belief that the best
outcomes are achieved by all parties bringing their ideas to the table in pursuit of a common goal. He
contributes actively to team discussions and give opinion on new ideas.

5. The Commander- one just wants the job to be done on time and to the highest standards possible.
Accordingly, one of the n-lost difficult management styles to under, commander bosses know exactly
what outcomes they want from their team and ensures that everybody knows about it. Commanders
expect strong discipline and speed from their team and may often shout commands in very clear terms.

6. The Pacesetter- one who is highly energetic and will often do their best to bring motivation to the team
in the fast-paced nature of modern economy. He is focused on winning the race and winning it with
pride. Similar in personality to commanders, pacesetters can also be quite direct and demanding,
expecting the best from their team members and impatient if tasks fall behind schedule.

14 | P a g e I n t r o d u c t i o n t o I n d u s t r i a l S e c u r i t y C o n c e p t s