SECURITY PRACTICE 3

Aim

The aim of the subject is to enable candidates to master security practice, methods
and techniques.

Objectives

At the end of the subject candidates will be expected to

i) develop effective security strategies

ii) develop contingency plans related to security

Course Outline

1. Security Risk Assessment

a) Crime-related assessment.
b) Crime-related risk identification.
c) Techniques of risk identification
d) Measurement analysis of crime related risk in organisation.
e) Risk control
f) Physical and organisational elimination of crime-related risks
g) Reduction of crime-related risks.
h) Insurance and other forms of risk transfer.

2. Security Contingency Planning

a) The meaning and disciplinary nature of contingency planning.

b) Typical crime-related emergencies threatening an organisation
(fraud, bribery, corruption, theft, burglary, robbery, civil unrest, bomb threats
and industrial espionage).
c) Objectives and purposes of contingency planning.
d) Procedures for implementation of a contingency plan.
3. Security Risk Management

a) Theories and principles of risk management.

b) Security policy development
c) Security charter.
d) Risk Financing
e) Security risk identification, evaluation, measurement and corrective
procedures.
f) Security systems design and audit.

4. General Issues
a) The security budget.
b) Integrating security issues into corporate culture
c) Security equipment selection and procurement.
d) Security and technology.

Recommended Textbooks

1. Dennis R. (1998) The Art of Successful Security

Management Dalton, Butterworth-
Heinemann, Boston

2. Sennewald CA (1986) Protective Security

Management, Butterworth,
Stoneham.

3. Hamilton P. & Kettle A (1980) Business Security International

Policing ,
Associated Business Press, London,
 Computer Security

Aim
The aim of the module is to provide students with a basic understanding of the
fundamental elements of computer
Broad objective
By the end of the module the students should be able to understand the types of
crimes that can be committed through a computer and how to investigate
computer related incidences.

Specific objectives

By the end of the module the student should be able to:

I. Describe various computer security terms and concepts.

II. Understand the roles and responsibilities of security practitioners in the
protection of information in the organization.
III. Prepare computer security policies, regulations and rules.
IV. Design, develop and implement a computer security management programme
V. Be able to identify, assess and evaluate computer security risks.
VI. Be able to conduct computer security audits and assurance

Course Content

What is computer security?

 History of computer crime

 What is computer security?
 What is information security?
 Why is information security important
 Secrecy, integration and denial of service
 Trusted system evaluation criteria
 Roles and duties of the Information Security Officer
Why systems are not secure

 Security is fundamentally difficult

 Security is an afterthought
 Security is an impediment
 False solution impede
 The problem is people and not computers
 Technology is oversold

Elements of computer security

 Computer security supports the mission of the organization

 The OECD’s guidelines for security information systems
 Responsibility and accountability
 Computer security requires a comprehensive and integral approach
 Computer security should be periodically reassessed
 Computer security is constrained by societal factors

Roles and responsibilities

 Roles and responsibilities

- Senior management
- Computer security management
- Program and functional managers/application owners
- What is a program/functional manager?
- Technology providers
- Supporting functions
- Users

Viruses, phishing and identity theft

 Definition of policy
 Issue-specific policy
 System specific policy
 Interdependencies
 Cost consideration
Computer security program management

 Structure of a computer security program

 Central computer security progress
 Elements of an effective central program
 System-level computer security program
 Elements of effective systems-level program
 Central system-level program interactions
 Interdependence
 Cost consideration

Computer security incident handling

 Benefits of an incident handling capacity

 Characteristics of a successful incident handling capacity
 Technical support for incident handling
 Interdependence
 Cost consideration

Computer security risk management

 Risk assessment
- Determining the assessment scope and methodology
- Collecting and analyzing data
- Interpreting risk analysis results
 Risk mitigation
- Selecting safeguards
- Accept residual risk
- Implementing controls and monitoring effectiveness
 Uncertainty analysis
 Interdependence
 Cost considerations

Audit trail

 Benefits and objectives

- Individual accountabilities
- Reconstruction of events
- Intrusion detection
- Problem analysis
 Audit trail and logs
- Keystroke monitoring
- Audit events
- System level audit trail
- Application-level audit trail
- User audit trail
 Implementation issues
- Protecting audit trail data
- Review of audit trails
- Tools for audit trail analysis
 Business Law

Aim

The aim of this subject is to provide and develop in the candidate an understanding of
legal aspects and their impact on the operations of organisations.

Objectives

The objectives of this subject is to enable the candidates to

i) equip the candidate with the knowledge of law which

affect both business operations and relationships.
ii) interpret legal issues relating to their functions.

Course Outline

1. The Law of Contract

Out of the law of contract: offer and acceptance; essentials of contract law;
misrepresentation and mistake; unenforceable and illegal contracts; effect of
death on contracts; cessions; breach and remedies for breach.

2. Lease
Formations; duration and renewal; relationship between parties; duties of
landlords and duties of tenant; relationship between parties and third parties;
termination.

3. Agency
General principles of law of agency; classes and kinds of agency; poer of attorney;
special and general power; implied authority; agency by conduct; estoppel;
ratification; negotiorum gestor; principal and agent; principal duties; agents’
duties; relationship of principal and agent to; third party; special types of agents
4. Administrative Law
Court procedures and judicial precedents; legal personality in different forms of
organisations, the law of property, the principles of the delict, hire purchase, trust
and rights of beneficiaries, the law of competition.

Recommended Textbooks

1. Christie R H (1991) Business Law in Zimbabwe, Juta and Co.,

Durban.

2. Gibson R T G (2002) The South African Mercantile Law, Juta

and Co., Durban.
 Criminal Psychology

Aim

The aim of this subject is to enable candidates to understand the impact of criminal
psychology on security management.

Objectives
On successful completion of this subject candidates should be able to
i) deal with criminals.
ii) have face-to-face contact with criminals
iii) ease the administration of the criminal prosecution
process

Course outline

1. Fundamentals of Criminal Psychology

a) The nature of criminal psychology and its scientific methods.
b) Evolution of criminal psychology
c) The impact of genetics on criminal psychology.

2. Human Learning and Emotional in Criminals

a) The development of criminal behaviour in people during adolescence,
adulthood & old age.
b) Social influences and human relations and their effect on criminology.

3. Caninalistic and Forensic Evidence

a) Criminal psychology testing.
b) Therapy for behaviour disorders in criminals.
c) Peer group influence on criminals.

4. Interrogation: Process and Methods

a) Prosecution, arrest, trial, conviction and sentence.
b) Incarceration stress management for criminals.
c) Post-incarceration rehabilitation for criminals
d) Ethics in criminals psychology.
Recommended Textbook

1. Munn N.L Psychology- (1966) The fundamentals of human

adjustments 5th Ed Houghton Muffin
Boston
2. Bandura A: (1967) Principles of behaviour
Modification, Holt Rinehart and Winston,
New York,

3. Law John K. Business Management and Practice

for the contract Security Guard Operator:
Security Management