Bruce Oliver Newsome - A Practical Introduction to Security and Risk Management

Copyright 2014 by SAGE Publications, Inc.

All rights reserved. No part of this book may be reproduced or utilizedin any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without permission in writing from the publisher.

Printed in the United States of America

Library of Congress Cataloging-in-Publication Data

Newsome, Bruce.

A practical introduction to security and risk management : from the global to the personal / Bruce Newsome.

pages cm
Includes bibliographical references and index.

ISBN 978-1-4522-9027-0 (pbk. : alk. paper)
ISBN 978-1-4833-1340-5 (web pdf : alk. paper)
ISBN 978-1-4833-2485-2 (epub : alk. paper)

1. Risk management. 2. Risk assessment. 3. Security systems. I. Title.

HD61.N52 2013
658.47dc23 2013031584

This book is printed on acid-free paper.

13 14 15 16 17 10 9 8 7 6 5 4 3 2 1

FOR INFORMATION:

SAGE Publications, Inc.
2455 Teller Road
Thousand Oaks, California 91320
E-mail:

SAGE Publications Ltd.
1 Olivers Yard
55 City Road
London EC1Y 1SP
United Kingdom

SAGE Publications India Pvt. Ltd.
B 1/I 1 Mohan Cooperative Industrial Area
Mathura Road, New Delhi 110 044
India

SAGE Publications Asia-Pacific Pte. Ltd.
3 Church Street
#10-04 Samsung Hub
Singapore 049483

Acquisitions Editor: Jerry Westby
Editorial Assistant: MaryAnn Vail
Production Editor: Brittany Bauhaus
Copy Editor: Lana Arndt
Typesetter: C&M Digitals (P) Ltd.
Proofreader: Theresa Kay
Indexer: Diggs Publication Services, Inc.
Cover Designer: Michael Dubowe
Marketing Manager: Terra Schultz

Brief Contents

Detailed Contents

About the Author

Bruce Newsome, PhD, is Lecturer in International Relations at the University of California, Berkeley. Previously he consulted to governments on security and risk while employed by the RAND Corporation in Santa Monica, California. He earned his undergraduate degree with honors in War Studies from Kings College London, a masters degree in Political Science from the University of Pennsylvania, and a PhD in Strategic Studies from the University of Reading.

PART

I

Analyzing and Assessing Security and Risks

T he chapters in this part of the book will help you understand, analyze, and assess security and capacity ().

In the process, readers will learn how different advocates and authorities contest the definitions, analysis, and assessments, how different activities, operations, and missions face imperfect trade-offs that are exacerbated by poor analysis and assessment, and how some simple rules and practical techniques dramatically improve understanding and functionality.

C H A P T E R

Introduction: Why Security and Risk Management Matters

What is this book about?

In this book, readers will learn how to understand, analyze, assess, control, and generally manage security and risks from the personal to the operational.

Security, as described in , are the potential returns (consequences, effects, etc.) of an event. Risks are inherently uncertain, and many people are uncomfortable with uncertainty, but security and risk management is a practical skill set that anyone can access. Readers of this book do not need to learn theory or many facts but will be introduced to the processes by which security and risks can be managed and to the contexts of many real risks. Readers will be left informed enough to start managing security and risks for themselves or to further investigate the subject.

We all should care about better security and risk management because, if done well, we would live in a more secure and less risky world. Awareness of risk is entirely healthy, because everything we do is literally risky; by simply interacting socially or undertaking any enterprise, everyone willingly takes risks (Adams, 1995, p. 16).

Unfortunately, not all security and risk management is conscious or sensible. People tend to obsess about certain risks and ignore others or manage risks in distorted ways that discredit the whole practice of management. Unfortunately, in the past, security management and risk management were routinely separated, with all sorts of disciplinary and professional incompatibilities, but security and risk management are complementary and properly tackled together.

Public expectations for security continue to grow, but sensitivity to certain risks and dissatisfaction with their management also continue to grow. In the last two decades or so, official and privateauthoritiesinternational institutions, governments, trade associations, general managers, employers, contractors, and employeeshave formally required better management and specified how it should be delivered, stimulating more disputes about proper definitions and practices.

This book provides a new practical guide to the proper synthesis of security and risk management.

Private Requirements for Security and Risk Management

Outside of government, private citizens and managers of commercial activities want or are expected to take more responsibility for their own security. For instance, public authorities urge private citizens to prepare for emergencies at home, to consult official advisories before they travel, and to rely less on public protections. Commercial organizations reserve more internal resources or acquire their own protections after finding public protections or private insurers less reliable. Managers of projects, operations, information, acquisitions, and human resources now routinely include security or risk management within their responsibilities. According to Gary Heerkens, Risk and uncertainty are unavoidable in project life and its dangerous to ignore or deny their impact... Risk management is not just aprocessits a mindset (2002, pp. 142, 151).

Public Attention to Risk

Security is a primary responsibility of government, which acquires militaries, police forces, coast guards, border protections, health authorities, and various regulators to ensure the security of their territory and citizens. By the 1970s, public authorities managed security and risks mostly in the sense that they managed public safety and controlled crime. For instance, in 1974 the British legislated in favor of a Health and Safety Executive, passed new legislation protecting employees, and increased public entitlements. However, these actions failed to control other risks, such as terrorism, and encouraged inflated views of some risks, such as workplace risks (which have declined), while neglecting other risks, such as sexual risks (which have increased). Even where risks have not increased in any real sense, societies have developed into risk societies that show increased sensitivity to risk in general, though they neglect or activate certain hazards, such as environmental hazards, due to misplaced attention to some risks over others (Beck, 1995; Beck, Ritter, & Lash, 1992; Wisner, Blaikie, Cannon, & Davis, 2004, pp. 1618).

Requirements for Better Management

The increased salience of both security and risk is indicated by the shift in United Nations (UN) operational management from an official objective of safety and security to security risk management