Security Management

  • Uncategorized


Nameof the Student



ABCCorporation had expanded its operations since its inception 100 yearsago. Under the management of the CEO, Dr. Susan L Pickman, thecompany has managed to have a retail outlet where business is donedirectly to the final consumer of the products. However, increasedoperations have a significant impact on the security status of theorganization. The manufacturing enterprise does not have anestablished security department to oversee the current problems ofinsecurity as reported from various functional units of the business.Employees have developed a culture of unethical behavior at theworkplace they can make mistakes without any fears of a disciplinaryaction against them. The human resource department has not developedany training plan or awareness campaign where employees learn tofollow organizational rules and regulations. Furthermore, lack ofcoordination among various organizational units of the company hasled to poor management of resources. Respective supervisors andmanagers do not make a follow-up to establish whether the companyassets are present, and if they are being put to their proper use.The organization, therefore, has decided to come up with a separatedepartment whose primary duty is to provide security management tothe assets.

ProjectPurpose and Scope

Theproposal is intended to be a guide to providing an introduction andin-depth understanding of the efficient processes and procedures forallocation of resources necessary for the establishment of thesecurity department in the ABC Corporation. Furthermore, it is meantto give the management an overview of the best practices that theorganizational budget can support in securing all the resourceswithin the company premises (The Interagency Security Committee,2015).

Theproposal is also a guide to the security unit, departmental heads,and the designated officials to use in understanding an establishedcollaborative framework for physical security resource allocation.The process, therefore, includes the roles of key personnel involvedin the assessment. These officials include Chief Security Officer,Chief Information Security Officer, Chief Financial Officer,Operational Officer, Public Works, Procurement and contractingspecialist, Emergency and Disaster management personnel, and the Human Resource Manager. The team ought to come up with securitypolicies using the risk management best practices that entail anorganization-wide program of safeguarding the whole business (TheInteragency Security Committee, 2015).

Theprimary goal, therefore, is to come up with an effective plan ofadministration and performance measurement by use of concepts such asrisk management strategies, and carrying out assessment tests (TheInteragency Security Committee, 2015). Applying a centralizedstructure of the directorate is necessary for monitoring theutilization of the limited resources available in the business. Thesecurity department aims at laying down this plan basing on theinternational standards of safety management.


Theorganization needs to clarify the important business activities andthe necessary assets for the operations. The management can use thisinformation in growth analysis and cost estimates. The crucialadministrative needs, in this case, include all the assets andstrategies of giving maximum security to the organizationalresources. The size of the facility and population of employees isalso a determinant (The Interagency Security Committee, 2015).

Arisk management program is necessary for identifying threats,vulnerabilities, and assessing the consequences. The best riskmitigation plan shall be developed to address how particular assetswould be affected. The solution shall follow three steps that is,policy formulation, the physical implementation of security systems,and the hiring of technical staff for the task (Sennewald, &ampBaillie, 2015). Analyzing data will help the management to understandthe market prices of required products and its economic value to thefuture of the company. It will also provide insight on the costs ofasset acquisition and installation. The company will also be able tolearn more about the compliance of rules and international standardsfor the use of such resources (The Interagency Security Committee,2015).

Beforedeveloping a maintenance process, the organization shall identifyvarious types of aggressors and their associated tactics. With suchinformation, the security department will be able to develop the bestprotective and preventive measures against property loss. Theeffective resource management plan will be a guide to support ofsafety procedures. Such entails identifying the types of maintenanceand the technical skills for the task (Sennewald, &amp Baillie,2015).

Theorganization will require adequate labor force to achieve the desiredgoals and objectives. Therefore, assessing, planning, and managementof security operations in the organization should be under the rightteam of employees. Key steps, in this case, include a detailed plansuch as having the manpower to deter an attack through visualmeasures like creating physical barriers to prevent unauthorizedaccess, or delaying overall entry time by an assailant. The workforceincludes all the security professionals whose full responsibility isto safeguard the organizational property. In some cases, theorganization might need additional security personnel. It might,therefore, hire (through contracting) the qualified individuals whosebackground and experience meet ABC’s employment standards (TheInteragency Security Committee, 2015).

PhysicalSecurity Assets

Theaim of this equipment is to deter, detect, delay, and respondaccordingly in the case of a security breach. Managing of theseassets includes strategic planning, goal, and performance objectiveidentification. A realistic budget for a security program is also anessential aspect for the success of the company. In addition to thehiring of more staff, the company shall purchase equipment such asbiometric scanners, CCTV cameras, alarm systems and more computers(Sennewald, &amp Baillie, 2015).

Theinitial step in the acquisition is to come up with the documentationto request for physical security resources. The budget estimatesshown should cover all costs incurred to implement the security unitentirely. Other issues such as benchmarking activities should alsofollow so as the organization can learn the best practices and thecurrent trends in security management. The security department shallbe responsible for policy development to ensure the assets are put toproper use. It shall also come up with an appropriate assetmaintenance plan (The Interagency Security Committee, 2015).


Investingin training will enable a business to realize the value of a program.Therefore, ABC should focus more on equipping employees with theright skills and the new security management strategy. The trainingshould also emphasize on work ethics. The departments such asfinance, human resources and operations should come together anddevelop a plan that shows how the training is going to be done. Theyshould define the relationship between the training and organizationgoals. It is also important to describe how the process will solveparticular challenges in the business (The Interagency SecurityCommittee, 2015).



Start and End Dates

Phase One


January to March

Phase Two

Implementation stage

May to August

Phase Three

Monitoring and Evaluation

From October (A continuous process)



Estimated expenditure ($)


Planning (official’s meetings)



Market research and Procurement of resources



Training of employees



Monitoring and Evaluation (annual)



Hiring of new Employees



Overheads and Miscellaneous expenses








External Contractors



ABC Corporation Top Management representative



Security Manager



Chief Information Security Officer




Theincorporation of physical and information security aspects is thebest approach to managing and planning property safety measures inthe organization. The process enables the company to have an insighton its values since it combines two mechanisms, which were previouslyknown to be separate. The best way to achieve integration is throughrisk identification and assessment so as to manage and plan for theavailable security resources. CCTV cameras, alarm system, and otherbiometric devices should be installed in all premises and connectedto a network where it is easy to monitor them from a central point(TheInteragency Security Committee, 2015).

Monitoringand Evaluation

Theorganization shall establish a management program such as the TotalQuality Management (TQM) to ensure that there is a continuousimprovement in all aspects of operations, especially the newlyestablished Unit that still needs new ideas toachieve its goals. It will entail frequent auditing and assessmentactivities where findings will be used in identifying the weak areasand developing key strategies for improvement (Aquilani, Aquilani,Silvestri, Silvestri, Ruggieri, Ruggieri &amp Gatti, 2017).


Theestablishment of a security department in ABC Corporation is asignificant step towards securing the business assets against theftand misuse. The initial planning stage involves all the departmentalheads who are expected to carry out their respective roles inensuring that the program is working. The budget estimates,therefore, shows that the company can comfortably allocate sufficientresources for the establishment of the security unit. Various stagessuch as planning, market research, and asset acquisition arenecessary especially in allocating costs in terms of time and money.Rules and regulations governing the integrated security systemprevent illegal access of assets. In the end, monitoring andevaluation exercise enables the department and the entireorganization to improve in the weaker areas.


Aquilani,B., Aquilani, B., Silvestri, C., Silvestri, C., Ruggieri, A.,Ruggieri, A., … &amp Gatti, C. (2017). A systematic literaturereview on total quality management critical success factors and theidentification of new avenues of research.&nbspTheTQM Journal,&nbsp29(1),184-213.

Sennewald,C. A., &amp Baillie, C. (2015).&nbspEffectivesecurity management.Butterworth-Heinemann.

TheInteragency Security Committee, (2015). BestPractices for the Planning and the Managing Physical SecurityResources(1st ed., pp. 1-26). Washington, DC: Released by The InteragencySecurity Committee. Retrieved from

Security Management

  • Uncategorized





The increasing usage of computers and internetaccess has led to the emergence of a menace across the globe. Thisissue is the cyber security breaches and security failures. Therecent past has seen an increase in the number of security breachesand failings especially those among the high-profile organizationsand individuals. This is mostly due to internet and technologicaladvancements that have led to the emergence of securityvulnerabilities and allowed hackers to upgrade their techniques. Thiscontext will consider some examples of recent cybersecurity failingsand if possible highlight on how some security measures and practicescould have led to their avoidance.


A hacker attacked VTech, a Chinese, toysproducing company, thus causing a massive data breach. Theperpetrator intended to leak private information (personal details)of parents and children who were regular clients of the site[ CITATION Car15 l 1033 ].The hacker could also use this information later to hide theiridentities as they gained access to the site. The hacker used an SQLinjection to infect the database of the organization. To prevent suchan attack, the organization should have adopted measures such asconstraining and sanitizing input information, using typing safe SQLparameters for accessing information, using accounts with restricteddatabase permissions and avoiding disclosure of database error data.

Officeof Personnel Management Hacking

Chinese hackers working in affiliation with themilitary attacked information of the United States governmentemployees. The hackers leaked information such as performancereviews, job assignments and training sessions[ CITATION Waq15 l 1033 ].They could use the information to conductspear phishing whereby they could send emails to recipients and foolthem into clicking attachments’ that were supposedly infected thusgaining access to the targeted system. The hackers used SSLencryption and a fake website to hide a malware into the system thusgaining access to the website servers. Since configuration managementand authentication were the vulnerabilities exploited, theorganization should have enforced two-factor authentication mechanismto deal with the issue.

CIADirector John Brennan Email Hacking

Three teenage, high school students used somebasic social engineering skills to hack the account of a CIAdirector[ CITATION Phi15 l 1033 ].According to the hackers, they tricked AOL mail service and Verizonand into providing the director`s password via calls to the customerservice platform. After gaining access to the account, they publishedpersonal information (SSN numbers, phone numbers, and emailaddresses) of about 20 CIA agents. The hackers’ motives were tooppose the United States policies on foreign nations that wereanti-Palestinian. The inclusion of security measures such as WiActs’geofencing would have prevented anyone outside Brenna’s office fromaccessing his personal mail.

WorldTrade Organization Hacking

The Anonymous, a popular hacking group,attacked the world trade organization leading to leakage of personalinformation of many officials. The hackers manipulated simplified SQLinjection trick to breach the website[ CITATION Vie15 l 1033 ].The hacker injected malign code domain, which was vulnerable. The information leakedwas inclusive of admins login credentials, candidates` personal data,and even IP addresses of the said persons. Despite the hackersfailing to provide clear-cut motive of their actions, a postindicated that they intended to breach and destroy the said systems.The hackers could use the collected information to fuel phishingattacks against the affected WTO officials.


To sum up, it is notable of the risingprevalence of cybersecurity failings in the recent past. The abovecontext describes examples of some of these failings. However, it isnotable that most of these failings were preventable, only if therelevant stakeholders had certain input measures. It is, therefore,significant to pinpoint the importance of updating security measuresto keep up with the technological dynamism and rapid development thatwe are currently experiencing.


Carolina. (2015, November 30). Hackers Steal Parents, Kids Data in a Massive Data Breach on Toy Manufacture. Retrieved March 21, 2017, from Hack Read:

Philip Messing, J. S. (2015, October 18). Teen says he hacked CIA director’s AOL account. Retrieved March 21, 2017, from New York Post:

Viebeck, E. (2015, April 05). Anonymous hacks WTO, leaks personal info. Retrieved March 21, 2017, from The Hill:

Waqas. (2015, June 5). US Blames China for Stealing Data of 4 Millions Government Workers. Retrieved March 21, 2017, from Hack, read: