REVIEW: "Effective Security Management", Charles A. Sennewald

Discussion in 'Computer Security' started by Rob Slade, doting grandpa of Ryan and Trevor, Dec 16, 2003.

  1. BKEFSCMN.RVW 20031006

    "Effective Security Management", Charles A. Sennewald, 2003,
    0-7506-7454-7, U$49.95/C$72.50
    %A Charles A. Sennewald
    %C 225 Wildwood Street, Woburn, MA 01801
    %D 2003
    %G 0-7506-7454-7
    %I Butterworth-Heinemann/CRC Press/Digital Press
    %O U$49.95/C$72.50 800-366-BOOK fax 800-446-6520 www.bh.com/bh/
    %O http://www.amazon.com/exec/obidos/ASIN/0750674547/robsladesinterne
    http://www.amazon.co.uk/exec/obidos/ASIN/0750674547/robsladesinte-21
    %O http://www.amazon.ca/exec/obidos/ASIN/0750674547/robsladesin03-20
    %P 395 p.
    %T "Effective Security Management"

    The preface makes clear that the author's major background is in the
    field of physical security. This is evident in places throughout the
    rest of the book, but much of the material is more broadly applicable.

    The introduction presents a wonderful statement about management, that
    it is "the ability to create an environment in which other individuals
    willingly participate to achieve objectives."

    Part one deals with general security management. Chapter one outlines
    some principles of organization, and provides an excellent overview of
    the basics of management. The physical security background shows in,
    for example, the assumption that demonstrating a "contribution to
    profits" is relatively straightforward and easy to quantify. The
    review questions at the end of the chapter are an adequate summary of
    the material, but provide no more than a simple reading check.
    Organizational structure, in chapter two, is based on the real world
    rather than theory. Sennewald notes the difference between formal and
    informal arrangements, as well as both the good and bad reasons that
    the two exist. Security's role in the organization emphasizes
    physical security, but chapter three also addresses non-traditional
    functions such as training, internal consulting, and executive
    protection. Chapters four, five, and six deal with the roles of,
    respectively, the security director, supervisor (emphasizing the chain
    of command), and employee (mostly stressing personal character and
    integrity).

    Part two addresses security personnel management. Chapter seven, on
    hiring, is reasonable, but fails to provide useful guidance on
    avoiding common pitfalls in reviewing resumes and interviewing
    candidates. There is, for example, a heavy reliance on open-ended
    questions, which often backfire on interviewers since the responses
    tend to be so different that it makes the difficult task of judging
    between people even harder. The creation of a job description, in
    chapter eight, provides good pointers and a helpful outline. There
    are more complaints about how training is done poorly than suggestions
    about how to fix the problem in chapter nine. The material on
    discipline, in chapter ten, is good but not great. In regard to the
    motivation of employees, Sennewald presents the classic "Theory X and
    Theory Y" model, but chapter eleven is more concerned with pointing
    out the disadvantages of punishment and control (X) than with
    suggesting how to support employees (Y). Chapter twelve, on
    promotions, repeats many of the points of chapter seven. The vague
    look at communications, in chapter thirteen, is not necessarily
    helpful. The classic debate between employment of, or contracting
    out, security personnel is presented in chapter fourteen.

    Part three considers operational management. Budgeting, in chapter
    fifteen, is a good start for those without a financial background, but
    gets bogged down in specific forms. The basics of risk management
    (albeit limited to physical security situations) is introduced in
    chapter sixteen. Some expansion is given in chapter seventeen, but
    the content is generally duplicated, and I wonder why the chapters
    were split. Review and audit, renamed the security survey, is
    important, but chapter eighteen seems to be a not-completely-recycled
    magazine article. It seems odd to cover office administration, in
    chapter nineteen, but many physical security officers may have limited
    office background, so this might be quite useful. The discussion of
    policy and procedures, in chapter twenty, primarily deals with
    procedures. Chapter twenty one, on computers and security management,
    is the longest in the book, but is only a computer literacy article
    and addresses no specific security applications. Sennewald argues
    that tatistics can be useful, but chapter twenty two does not provide
    much direction in their manipulation.

    Part four deals with public relations. A pedestrian selling job for
    security is in chapter twenty three. The relationship with law
    enforcement, in chapter twenty four, emphasizes what the police can
    provide. Chapter twenty five promotes cooperation with those in the
    same industry and the importance of trade groups, as well as community
    service. This latter topic is expanded in twenty six. Chapter twenty
    seven is a very recognizable list of thirty two "jackass traits" for
    managers, pointing out all kinds of mistakes people can make. How to
    improve your performance gets less space, and it is hard to know where
    to draw the line between opposing problems, such as "the Despot" and
    "The Popularity Kid."

    Despite specific problems, this book provides some extremely valuable
    advice for security managers of all kinds, not just the physical
    security officers at whom it is aimed.

    copyright Robert M. Slade, 2003 BKEFSCMN.RVW 20031006

    --
    ======================

    "If you do buy a computer, don't turn it on." - Richards' 2nd Law
    ============= for back issues:
    [Base URL] site http://victoria.tc.ca/techrev/
    or mirror http://sun.soci.niu.edu/~rslade/
    CISSP refs: [Base URL]mnbksccd.htm
    Security Dict.: [Base URL]secgloss.htm
    Security Educ.: [Base URL]comseced.htm
    Book reviews: [Base URL]mnbk.htm
    [Base URL]review.htm
    Partial/recent: http://groups.yahoo.com/group/techbooks/
    Security Educ.: http://groups.yahoo.com/group/comseced/
    Review mailing list: send mail to
    Rob Slade, doting grandpa of Ryan and Trevor, Dec 16, 2003
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Samia
    Replies:
    4
    Views:
    665
    mark4asp
    Dec 13, 2004
  2. anthonyberet
    Replies:
    48
    Views:
    2,087
    Boomer
    Dec 2, 2003
  3. Rob Slade, doting grandpa of Ryan and Trevor

    REVIEW: "Enterprise Directory and Security Implementation Guide", Charles Carrington et al

    Rob Slade, doting grandpa of Ryan and Trevor, Dec 1, 2003, in forum: Computer Security
    Replies:
    0
    Views:
    559
    Rob Slade, doting grandpa of Ryan and Trevor
    Dec 1, 2003
  4. Rob Slade, doting grandpa of Ryan and Trevor

    REVIEW: "Enterprise Directory and Security Implementation Guide", Charles Carrington et al

    Rob Slade, doting grandpa of Ryan and Trevor, Dec 8, 2003, in forum: Computer Security
    Replies:
    0
    Views:
    592
    Rob Slade, doting grandpa of Ryan and Trevor
    Dec 8, 2003
  5. Rob Slade, doting grandpa of Ryan and Trevor

    REVIEW: "Halting State", Charles Stross

    Rob Slade, doting grandpa of Ryan and Trevor, Jul 2, 2009, in forum: Computer Security
    Replies:
    4
    Views:
    723
Loading...

Share This Page