Security modeling

  • Category:
    Other
  • Document type:
    Assignment
  • Level:
    Undergraduate
  • Page:
    5
  • Words:
    3100

13SECURITY MODELLING

Security modeling

Introduction

For a corporation to be successful, it needs to ensure that it has covered all aspects of security within the organization because a small loophole could mean the undoing of the corporation. Therefore, although a corporation can operate without a security manager the role of this professional is an integral part in the running of a corporation, and it is imperative especially for organizations that can easily be targeted such as banks or organizations that are custodians of sensitive information. Security issues that concern corporations can range from the security of information to the physical security of the premise where the corporation conducts its business. Therefore, the personnel in charge of security need to have a wide array of competencies
depending on the specifications of the job. Below is an analysis of the role of a security manager and the rationale surrounding each requirement of the job. The paper will analyze the requisites of the position of security manager and link them to relevant themes in corporate security.

Analysis of Job Description

Job Description One: Security Manager

The employer requires the security manager to have in-depth knowledge on how to comply with the frameworks that govern the running of organization, the procedures used to make decisions and the measures that the organization needs to create airtight defense for the organization. The security manager should also be capable of performing a leadership role in the organization so he or she should have some level of independence. The security manager will be involved in policy review and review of security procedures so he or she should have problem-solving skills and management skills. He or she will be required to develop team building capabilities within the organization. He will also be responsible for managing stakeholder relationships by identifying their expectations and coming up with ways of meeting them (Dhillon & Backhouse, 2000; Belanger, Hiller & Smit, 2002; Awischus, 1997; Sandhu, Coyne, Feinstein & Youman, 1996).

Job Description Two: Physical Security Specialist

He is responsible for the formulation of security procedures and policies. He is also expected to manage the company’s budget on security measures so that it aligns with the company’s allocation for this department. He is also responsible for the physical security of the company’s premises and the management of fire system projects. He is responsible for overseeing security system contracts and security investigations within the company. The position is also assigned the responsibility to conduct security program education and training of new employees. Security systems need to be dynamic, and this position is responsible for continued development of this department to increase its longevity and efficiency (Denning,

1999; Tipton & Krause, 2003; Koopman, 2004).

Job Description Three: Senior Vice-President, Head of Security Management

This position is responsible for the daily running of the company’s security function. It is actively involved in the formulation of policies that cushion the company from operational and security risks. The position is responsible for updating the company on current best practices in security management and ensuring that the company’s employees are always up to date with the latest security management issues. The position is also mandated with the supervision of the Security Management department to ensure that employees comply with the company’s requirements and that they act within the provisions of the company’s operational policies. It is also responsible for coaching employees to ensure that their development is reflective of the company’s business strategy and that they are aware of the latest IT and security management development that are bound to affect the company (Salvendy, 2012; Höne & Eloff, 2002).

Content and Thematic Analysis

To have a clear understanding of the job descriptions of the positions mentioned above, there are some key words that one needs to have an understanding of including knowledge, skill, attribute and theme. Knowledge can be defined as information that is necessary for an individual to perform to successfully perform a function. It is the theoretical understanding of a subject, and it can be gained through education or experience.

The three job descriptions outlined above require that the individual holding that position have at least a bachelor’s degree in the following areas; management, human resource, business administration, finance criminal justice, programming, architecture and computer science. One can also take up programs such as homeland and corporate security management or corporate security. These programs groom an individual to have organizational and emergency management skills because embedded in them are areas of knowledge such as physical property security, information security, crisis management and protection technology.

In general,
three major areas of knowledge are requisite for the three job descriptions outlined above, and they include law, computer technology, and management,. The necessity for knowledge of law is because federal laws affect security management either directly or indirectly. It is, for example, important that security manager have knowledge of civil and criminal liability. The security manager also needs to have an understanding of the legal rights of the company’s stakeholders and the expected legal ramifications if these rights are violated. Also, since the Physical Security Specialistis responsible for overseeing security system contracts he or she needs to have knowledge of contractual law, the job performance standards expected of parties involved in the contract and legal liabilities that applies to all parties in the contract (Easterbrook, & Fischel, 1996).

As regards computers, advancement in technology has necessitated knowledge in operation of computer technology in all fields and security management is no exception. Therefore, the security manager needs to have knowledge of computer languages and operations, techniques used in telecommunication and networking, programming, data processing and computer and internet security. With the rise of cyber crimes, it is important that the security manager should be knowledgeable about how to deal with such threats (Stallings & Brown, 2008).

Besides technical knowledge, the security manager also needs comprehensive knowledge in management to be in a position to steer the corporation towards long-term success. The department of security cannot operate in isolation from the rest of the departments in the company, so the security manager needs to know how to spearhead collaboration between different departments. The employer needs proof that the security manager is capable of efficient leadership and has proficient communication skills to communicate the company’s strategy to other employees and before one can develop these skills they need to have the necessary theoretical knowledge gained through management theory.

Skill refers explicit and observable competence in
performance of a task. It refers to an individual’s ability to complete a task and perform it well. The employer will need the security manager to go beyond just theoretical knowledge and show practical application of what he or she claims to know. For example, beyond having computer technology knowledge the security manager needs to show skill in implementing security measures that are befitting of the company’s specific context. This means that the security manager should be in a position to tailor security measures so that they are unique to a company so that the chances of launching a successful security can be minimized significantly.

Besides the hard skills associated with technical knowledge, there are some soft skills that the personnel in the job descriptions outlined above need to have. The security manager needs to have analytical skills that will allow him to assess the level of risk and formulate appropriate strategies to ensure the company’s safety (Peltier, 2005). The security manager is viewed as a leader in the organization so if other employees observe that a situation causes him stress the organization might enter a panic mode. The security manager also needs to be competent in interpersonal skills because he needs to work with people from other departments to steer the company towards success. Also, his communication skills need to be top notch because he is expected to communicate the company’s strategies so that other employees can get onboard (Katz, 2009).

An attribute is an individual’s characteristic that is inherent so that it forms part of their personality. An attribute is not something that one chooses when to portray but it becomes manifest whenever need be. For example, a security manager needs to have a high threshold for stress. He should be someone who can tolerate high levels of stress and have the ability to remain calm under stressful conditions. The security manager needs to be someone who questions conventionality and the way this are usually done. Corporate security is not a field where professional can afford to build routine because this makes it easy for unscrupulous persons to exploit this flaw and commit dubious acts. Also, a security manager needs to be creative so that he can come up with new ways of approaching security threats because the field is a dynamic one.

There are some themes throughout the job descriptions outlined above. Themes are aspects the jobs that are transcendent across the different job descriptions and positions. The need to remain up to date with changing trends in corporate security is a recurrent theme in the three job descriptions. Corporate security requires the professional to always be in contact with changing trends in order to afford the company sufficient protection. Another theme in the three job descriptions is the involvement of the three professionals in the formulation and implementation of security policies in the company. The three professionals are expected to have in-depth knowledge of
security
procedures, so they are expected to take charge of the general security measures in the company.

Besides these similarities, there are some differences between the three job positions. The first job description requires more technical knowledge than the other two job descriptions. Knowledge of computer technology is more important for this job description than it is for the other two job descriptions. The second job description is inclined towards the security of the physical premise of the company. Technical knowledge that is most essential for this job description is architecture because it also helps with the professional’s role in securing the premise from fire. The third job description is most concerned with the supervision of the security management department. The position is a sensitive one, and the security manager is required to report to the person in this position because he is in the top position and is less likely to be compromised in case there is an incidence in the company. sometimes there is need to maintain a closed loop in the cause of an ongoing investigation, so the third job description requires that the person in this position be kept in the loop, and he should also not be required to report to the manager of the company because the manager may be a person of interest in a case that is under investigation.

Discussion

Corporate security has shifted from a defensive stance to more proactive one that seeks to actively counter security threats. The head of security is now considered more than a guard as was the case in the past. Previously, the functions of the head of security
is now designed to help people in other departments function with greater efficiency. In the past people considered for the position of head of security came from a narrow talent pool such as the police force, intelligence or the armed forces but this has changed in recent years because of the dynamics of the field (Benn, Dunphy & Griffiths, 2014). The reason companies considered people of this talent pool is because their professions provide them training in the practice of security and protection, and they have experience in security procedures that cannot be found elsewhere. However, recent developments show that the field of corporate security requires greater diversity than what was previously necessary, and there are several reasons that warrant this shift as discussed below.

To begin with, companies have recognized the increased importance of corporate security, and this has led to the need for security departments to operate at senior levels. Security managers, for example, are expected to report to the head of security management in the company. When there an issue is under investigation there is need to maintain a tight loop of the people to whom information is disclosed to because no one is beyond reproach. There is a preference for security managers to only report to the highest authority in the corporation because this way there is greater assurance of security of information as opposed to having security managers report to mid-level
managers (Gerber & Von Solms, 2001; Liddle & Gelsthorpe, 1994).

In the corporate world today the role of corporate security in convincing different departments and specialists to work in collaboration is an integral role in steering a company towards the achievement of its goals. This means that it was necessary for corporate security to stop playing an inhibitory role and promote cooperation in organizations. Therefore, it is necessary that security specialists regularly get into dealings with non-specialists and the personnel in charge of security in the an organization needs to have the skill to facilitate this cooperation. This means that beyond having the knowledge and skill
needed to ensure the security of the organization’s security managers need to have attributes that facilitate relationships in the organization. Also, the security managers need to have good communication skills for the communication of the company’s strategies and for facilitating collaboration in the organization.

Corporate security today cannot afford to be conservative, and security personnel who refuse to change with the dynamism of the system are bound to fail in their role as security officers in an organization. Security managers in organizations need to be people who are not averse to breaking rules of convention and who are ready to sway out of the conventional way of thinking. Corporate security advocates for innovation rather than experience in the field. Security personnel need to be active in research so that they come up with new ways of dealing with security risks and preventing security breaches (Ashenden, 2008). Therefore, there are some attributes that are essential for ensuring that security manager or a head of security successfully carry out their role in the organization and these attributes include independence in thinking and the willingness to pose a challenge to the assumption that have guided operations in an organization. Security personnel need
to always challenge what works because the more seamless a system seems, the easier it might be to find a loophole and exploit it.

The need for knowledge in management can be linked to the added value in the human element in corporate security. Security personnel need to have knowledge of human behavior and the way people react to issues of security. Training of security personnel needs to factor in the perception of people on security and emotional impact that it has on them. Having emotional intelligence can prove to be an invaluable aspect in helping security personnel carry out their duties in an organization. Although technical skill in implementing security measures in an organization is important, it is equally important to have insight on how the organization’s employees will react to the measure put in place. If the security measures put in place to secure the physical premise of the company causes anxiety to the employees, the security manager should come up with ways of mitigating such effects. Also, if the technical measures of the company’s programming are frustrating to employees, the security personnel should come up with innovative ways of solving such issues.

Conclusion and Recommendation

Analysis of corporate security shows that it is an integral part of the success of an organization. As employers seek people to fill various job positions they expect that the people that will come to fill in these positions will fulfill the job descriptions of these positions. Job descriptions differ in the knowledge, skill and attributes required for an individual to fill the position successfully. The job titles of interest discussed had themes that highlighted the most important aspects of the job positions. The need to always be up to date with current trends in corporate security and the involvement of security personnel in the formulation and implementation of security policies are especially salient themes. The growing importance of technical knowledge in the role of security managers has been highlighted. The paper shows the growing importance of incorporating the human element in corporate security. It also highlights the importance of establishing dynamism in the field and how it can be beneficial in increasing the general security of the organization. I would recommend that employers increase their consideration of the psychological aspects of their employers, for example, how their personality fits the job description of the position that they are expected to fill. Additionally, the future of corporate security is set towards greater dynamism, and there is likely to be more security personnel each mandated with a specific
task, and this will help increase the security of organizations.

Reference List

Ashenden, D. (2008). Information Security management: A human
challenge?.
Information security technical report, 13(4), 195-201.

Awischus, R. (1997). Role based access control with the security administration manager (SAM). In Proceedings of the second ACM workshop on Role-based access control (pp. 61-68). ACM.

Belanger, F., Hiller, J. S., & Smith, W. J. (2002). Trustworthiness in electronic commerce: the role of privacy, security, and site attributes.
The journal of strategic Information Systems, 11(3), 245-270.

Benn, S., Dunphy, D., & Griffiths, A. (2014). Organizational change for corporate sustainability. Routledge.

Denning, D. E. R. (1999). Information warfare and security (Vol. 4). Reading: Addison-Wesley.

Dhillon, G., & Backhouse, J. (2000). Technical opinion: Information system security management in the new millennium.
Communications of the ACM, 43(7), 125-128.

Easterbrook, F. H., & Fischel, D. R. (1996). The economic structure of corporate law. Cambridge: Harvard University Press.

Gerber, M., & Von Solms, R. (2001). From risk analysis to security requirements. Computers & Security, 20(7), 577-584.

Höne, K., & Eloff, J. H. P. (2002). What makes an effective information security policy?.
Network Security, 2002(6), 14-16.

Katz, R. L. (2009). Skills of an effective administrator. Harvard Business Review Press.

Koopman, P. (2004). Embedded system security. Computer, 37(7), 95-97.

Liddle, A. M., & Gelsthorpe, L. R. (1994). Crime prevention and inter-agency co-operation. Great Britain, Crime Prevention Unit.

Peltier, T. R. (2005). Information security risk analysis. Boca Raton: CRC press.

Salvendy, G. (2012). Handbook of human factors and ergonomics. New Jersey: John Wiley & Sons.

Sandhu, R. S., Coyne, E. J., Feinstein, H. L., & Youman, C. E. (1996). Role-based access control models. Computer, (2), 38-47.

Stallings, W., & Brown, L. (2008). Computer security. Principles and Practice.

Tipton, H. F., & Krause, M. (2003). Information security management handbook. Boca Raton: CRC Press.