Style: APA

Cited page

Citations are available only to our active members. Sign up now to cite pages or passages in MLA, APA and Chicago citation styles.

X X

Cited page

Display options
Reset

Global Corporate Intelligence: Opportunities, Technologies, and Threats in the 1990s

By: George S. Roukis; Hugh Conway et al. | Book details

Contents
Look up
Saved work (0)

matching results for page

Page 174
Why can't I print more than one page at a time?
While we understand printed pages are helpful to our users, this limitation is necessary to help protect our publishers' copyrighted material and prevent its unlawful distribution. We are sorry for any inconvenience.
sionals who specialize in this area (there are many reputable ones). If the review is conducted in house, there are two basic potential problem areas that must be factored into the review output. These are a lack of experience in identifying the actual security threat and a lack of technical knowledge in the hardware and software of security systems.The normal employee usually does not think in terms of security. The problem is further compounded because few of the actual cases of theft or misuse of company technology are publicized by the media. This lack of publicity is no accident. Most corporations are very reluctant to discuss these incidents in public, first because it is an embarrassment to the organization, and second because the company concerned does not want to give anyone else the idea that the theft of company technology can be profitable. A more professional approach to the conduct of a physical security review is to bring in a qualified consultant or a security firm.Regardless of who conducts the physical security review, there is a methodology that should be followed. The basic methodology was developed for the Department of Justice's Bureau of Justice Statistics by SRI International. 23 This model has been modified to meet the needs of a security review. The methodology is as follows:
1. Organize the project: project design and scope, funding estimates, schedules, and company support requirements (work routine disruptions and employee time requirements).
2. Identify assets subject to loss; determine dollar value, the consequences of loss, and replacement cost.
3. Identify the security controls now in place.
4. Define the potential threat to each asset.
5. Identify the lack of controls that would facilitate the potential threats to the assets.
6. Combine the threat, assets subject to loss, and the lack of mitigating controls. Each triplicate constitutes a vulnerability.
7. Identify the security controls that would reduce the losses to an acceptable level.
8. Develop a plan to reduce the risk.
9. Evaluate the risk reduction plan in terms of cost to benefits.
10. Fund and manage the physical security project.

Senior management reaction to this structured approach to company security is often initially negative until the cost/benefit analysis demonstrates improvement in the company's position.


NOTES
1.
"Keeping the Nation's Secrets," A Report to the Secretary of Defense by the Commission to Review DOD Security Policies and Practices, Washington, D.C.: Government Printing Office, November 19, 1985.

-174-

Select text to:

Select text to:

  • Highlight
  • Cite a passage
  • Look up a word
Learn more Close
Loading One moment ...
of 340
Highlight
Select color
Change color
Delete highlight
Cite this passage
Cite this highlight
View citation

Are you sure you want to delete this highlight?

Questia is operated by Cengage Learning. Copyright © 2013. All rights reserved.

The Questia advertising network includes: