CHAPTER TWO: Fundamentals of Security Management

Security Management – Is the proper use of resources in a security organization in

order to meet organizational goals and objectives and to ensure their achievements. In
other word, It is a broad field of management related to asset management, physical
security and human resources safety functions.

Management tools such as information classification, assessment and risk analysis are
used to identify threats, classify assets and to rate system vulnerabilities so that
effective control can be implemented.

Management deals primarily on the asset protection. Both from physical safety and
digital security it is closely related to risk management aimed at creating through
various method, procedures, guidelines, and standards of security solution which help
reduces identified risks in an organization.

BASIC MANAGEMENT FUNCTIONS

According to Henri Fayol, there are five functions of management relevant to security
organizations:

1. Planning - is the first function of management. Planning is an attempt to predict

the future of the organization and to determine the measures needed to
transition to this new state. At the heart of the planning process is the
development of a formal action plan. This plan should be based on the resources
available to the organization and on possible trends that may occur in the future.
2. Organizing - is the second function of management. Organizing is the activity by
which the company receives everything it needs for its operation - raw materials,
tools, capital, and personnel. Fayol pays serious attention to the so-called
"Organizational structure" and assumes that the form of the organization
depends mainly on the number of staff. As the number of people increases, so do
the various functions that are performed in the organization, respectively the
need for control over the work of people increases.
3. Commanding - is the third function of management. The order aims to achieve
the optimal effect of the efforts of workers, in the interest of the whole
organization.
4. Coordinating - Coordination is the fourth function of management. Coordination
aims to ensure optimal harmony between the various activities of the
 organization. Good coordination facilitates the work and makes the functioning of
the organization more successful. This function is designed to balance the
different aspects of the work, for example, to observe proportional spending in
terms of available financial resources, production needs, stocks, and market
demand.
5. Controlling - is the fifth function of management. Control is designed to ensure
compliance with everything that happens in the organization with pre-defined
plans, principles, and standards of work. In such a context, control aims to detect
errors and weaknesses in the work to neutralize them and prevent them from
recurring in the future.

PRINCIPLES OF SECURITY MANAGEMENT

1. Division of Work - specialization of the workforce increases their accuracy and
speed. In practice, employees are specialized in different areas and they have
different skills. Different levels of expertise can be distinguished within the
knowledge areas (from generalist to specialist). According to Henri Fayol,
specialization promotes efficiency of productivity.
2. Authority and Responsibility - accompanying power or authority gives the
management the right to give orders to the subordinates. This means that, in
order to get things done in an organization, management has the authority to give
orders to the employees. But of course, with this authority comes responsibility.
3. Discipline - is about obedience. It is often a part of the core values of a mission
and vision, in the form of good conduct and respectful interactions.
4. Unity of Command - an individual employee should receive orders from one
manager and that the employee is answerable to that manager. If tasks and
related responsibilities are given to the we employee by more than one manager,
this may lead to confusion which may lead to possible conflicts for employees.
5. Unity of Direction - is about focus and unity. All employees deliver the same
activities that can be linked to the same objectives. All activities must be carried
out by one group that forms a team. These activities must be described in a plan
of action. Focus areas are the efforts made by the employees and coordination.
6. Subordination of Individual Interest - is about ethics Personal interests are
subordinate to the interests of the organization. The primary focus is on the
organizational objectives and not on those of the individual. This applies to all
levels of the entire organization, including the managers.
7. Remuneration - the compensation of employees must be sufficient to keep
employees motivated and effective. Motivation and productivity are close to one
another as far as the smooth running of an organization.
8. Degree of Centralization - Management and authority for decision-making
process must be properly balanced in an organization. This depends on the
volume and size of an organization including its hierarchy. Centralization implies
the concentration of decision-making authority at the top management. Sharing
of authorities for the decision-making process with middle and lower
management is decentralization and that an organization should strive for a good
balance in.
9. Scalar Chain - Hierarchy presents itself in any given organization. This varies from
top management to the lowest levels in the organization. This principle states that
there should be a clear line in the area of authority from top to bottom and all
managers at all levels.
10. Order- employees in an organization must have the right resources at their
disposal so that they can function properly in an organization. There must be
social order where the work environment must be safe, clean and tidy.
11. Equity - employees must be treated kindly and equally. Employees must be in the
right place in the organization to do things right. Managers ol should supervise
and monitor this process and they should treat employees fairly and impartially.
12. Stability of Personnel Tenure - the deployment and managing of personnel
should be in balance with the service that is provided from the organization.
Management strives to minimize employee turnover and to have the right staff in
the right place.
13. Initiative - employees should be allowed to express new ideas. This encourages
interest and involvement and creates added value for the company. Employee
initiatives are a source of strength for the organization.
14. Esprit de Corps - management should strive for the involvement and unity of the
employees. Managers are responsible for the development of morale in the
workplace; individually and in the area of communication. Esprit de corps
contributes to the development of the culture and creates an atmosphere of
mutual trust and understanding.
LEVELS OF MANAGEMENT
The levels of hierarchy of management with and responsibility are categorized
according to functions arranged as follows: Top Management, Middle
Management, and Lower Management.

(BASAHIN NALANG DEFINITION SA BINIGAY NI SIR PARA LESS

WORDS)
QUALITY MANAGEMENT SYSTEM
Organizations found a way to offer something that people want, at a price they
are willing pay in a way that will make money in the transactions. Successful
companies offer quality products and services in this exchange, and keep quality
high for customer satisfaction. Quality is the totality of features and
characteristics of a product or service that bear on its ability to satisfy stated or
implied needs. Thus, security is a component of quality. Quality is the
responsibility of the whole organization and security is a part of the totality of
quality of a system, implicit in customers expectations. Security, as a component
of quality, must be addressed throughout an organization, in the definition of
strategy, the development of policy and the implementation and monitoring.

MANAGEMENT SYSTEM COMPONENTS

1. Credibility and Integration of Personnel - corporate security personnel,
regardless of background, should be able to demonstrate competence not only
in all aspects of the security discipline, but also have an awareness of the
 contribution they can make to other aspects of the business, such as
governance, strategy, compliance, assurance, new ventures, and other
essential business-related issues.
2. Policies, Objectives and Tasks - there should exist a single security policy
which outlines the security architecture, strategy and protocols which should
address security management objectives; statement of the attitude of the
organization to security; description of the security environment; and
statement of the security risk appetite; security organization, roles
responsibilities; procedures for security risk assessment; list of security
standing operating procedures; security priorities and calendar for coming
year.
3. Threat, Vulnerability and Security Risk Assessment security risk -assessments
should take into consideration a wide range of elements beyond physical
security threats. Such elements It should include the operating environment
and groups/events by which it is characterized; the profile of the organization,
the footprint and the head social impact; the strategic, long term objectives of
the organization; voluntary principles of security and human rights; legislation
and and local expectations; capability and intent of local criminal/terrorist
elements; vulnerability and attractiveness of assets to criminal/terrorist
elements; and availability of resources.
4. Controls - examples of security controls may include physical protection
measures (lights, fences, CCTV, barriers, etc.); introduction of security
procedures (ID checking, access control, mail screening, etc.); intelligence
networking (local social/political leaders/intelligence providers, etc.);
electronic security (encryption, password protection, etc.); resourcing (security
personnel, equipment, etc.); and local integration or corporate social
responsibility programs.
5. Security Risk Register - a security risk register should facilitate ownership and
management of security risks; provide an overview of the significant security
risks that arc faced by an organization; record the results of
threat/vulnerability security risk assessment; form an agreed record of those
security risks that have been identified; record additional proposed actions to
improve the security profile; and facilitate the prioritization of you security
risks.
6. Planning and Resourcing - effective planning consider to address targets; time
frame achieving them, and the manner how they be in achieving them, the
manner how they be achieved.
7. Execution and Control Activities – The execution of plan is predicted on all of
the previous components in the management system such that the plan has
identified all the security risk operation.
8. Monitor and Security Reporting - monitoring is based, upon effective two-way
communication Where appropriate, traditional methods are often effective
and should be considered inspections: review meetings; auditing; interviews;
and workshops.
9. Review – The purpose of the review may any combination of the following: to
critically debrief the plan in order to determine strengths weaknesses and
areas that could be improved; to obtain feedback from those involved in the
execution of the plan/ project regarding the manageability of the plan.
10. Learning - Effective processes for learning lessons will enable an organization
to introduce improvements to procedures, improvements in organizational
structure; update documentation; implementation of new training courses;
increase awareness of new threats/update on existing threats; and introduce
new equipment/ technology.
11. Reporting to Top Management - Providing such feedback to top management
offers reassurance that security is being effectively managed and the
reassurance that security understands its role in the achievement of the
business objectives. It also gives confidence in decision-making that all security
issues have been given appropriate consideration.

SECURITY AND QUALITY MANAGEMENT

A security management system, as with other management systems is based

upon the model defined in ISO 9001 Quality Management Systems
Requirements. In order to help in the achievement of organizational
objectives, the management system needs to be supported by approved
standards and procedures. The security management principles include
customer focus, leadership, involvement of people, process approach, systems
approach to management, continual improvement, factual approach to
decision making, and mutually beneficial supplier relationships.

RESOURCES FOR SECURITY MANAGEMENT

The 10Ms of management are essential resources for security management
they are as follows:
1. Manpower - refers to people as resources. It is the most important of all
resources. It pertains to the workforces in the all levels of management,
without them, all other resources are unusable. They are categorized as the
managers and the employees.
2. Money - refers to financial resources. It is the driving force of any business
for the compensation or reward of the work force. Any business enterprise
of any nature and size needs a capital.
3. Machineries - refers to devices or tools needed in order to aid the work
force do their activities with ease and simplification. These include modern
technologies and automations.
4. Materials - business production. They are processed into refers to raw
materials as inputs to finished form and become "products".
5. Methods - refers to standards and procedures used as techniques of
production. It can be systems that are put together for the transformation
of raw materials into usable products, goods or services. Machines do not
operate by themselves without a system or procedure.
6. Market - are interactions, social relations, and institutions for trading of
goods and services, which form part of the economy. It refers to
"transactions" in motion, categorized as consumer market or industrial
market.
7. Minute - refers to the management of time, the optimum time that a
worker needs to produce the highest quality of product or service. It is
called efficiency at work.
8. Morale - refers to motivation of people, the moving power to act or exert
effort to achieve desired goals or objectives. It is the 'secret weapon' of
management of controlling and getting the job done.
9. Matter - refers to data and information management. Data refers to
information are translated into a form that is efficient for movement or
processing. They are used for organizational program that manages the
people, processes and technology that provide control over the structure,
processing, and delivery. Information o are also required for management
and business intelligence purposes.
10. Measurement - are internal control systems, such preventive controls,
detective and as reactive controls, use to gauge effectiveness. It
encompasses the assessment of performance and results achieved by
employees and the entire organization.
 SECURITY MANAGERS

Security managers are persons in the organization who are responsible for
monitoring the security operations for any organization or company. They
implement security policies, regulations, rules, and norms and make sure
that the environment in their organization is safe for employers and
visitors. These managers are required to hire new members for the staff
and delegate tasks and duties to them. One of their main duties is to check
and monitor the access control of the people who are visiting the company.
They perform many of the following tasks:

1. Keeping track of different events.

2. Implementing security protocols
3. Creating emergency response procedures
4. Conducting security evaluations.
5. Supervising security staff members.

TYPES OF SECURITY MANAGERS

1. Functional Manager – one who is responsible for just one organizational
activity such as accounting, human resources, sales, finance, marketing,
or production Focus on technical areas of expertise, use communication,
planning and administration, teamwork and self-management.
2. General Manager - one who is responsible for the operations of more
complex units for example, a company or division. Oversee work of
functional managers. Responsible for all the activities of the unit and the
need to acquire strategic and 503. multicultural competencies to guide
organization.

ESSENTIAL SKILLS FOR SECURITY MANAGERS

1. Communication skills
2. Physical fitness
3. Knowledge of security environments and hazards
4. Excellent attitude
5. Interpersonal skills
6. Analytical skills
7. Leadership skills
8. Initiative and being proactive
9. Good negotiation skills
10. Being able to work with a team

VARIOUS STYLES OF SECURITY MANAGERS

1. The Visionary - take note of what they're trying to achieve. They
one who listen to ideas and jump right in and help brainstorm
ideas with a team. They provide practical advice and options for
how their ideas can be turned into a reality.
2. The Coach - one who is like a sports coach, who 49. bring high
levels of energy and discipline. He aims to bring high performance
into the workplace. He is highly people-focused and view the
success of the team as his own personal success. He usually set
clear, realistic goals for performance and discuss practical
strategies on how the team can achieve those goals.
3. The Sensitive Boss - bosses are genuinely concerned with the
emotional wellbeing of their workers and are determined to
create a workplace that is as harmonious and responsive to
individual needs as possible. They aim to create close connections
between individual workers through shared team activities, while
minimizing stressful or confronting situations.
4. The Democratic Boss - one of the easiest types of managers to
work with, democratic bosses are focused on open collaboration
within their teams and are underpinned by a strong belief that the
best outcomes are achieved by all parties bringing their ideas to
the table in pursuit of a common goal. He contributes actively to
team discussions and gives opinion on new ideas.
5. The Commander- one who just want the job to be done on time
and to the highest standards possible. Accordingly, one of the
most difficult management styles to work under, commander
bosses know exactly what outcomes they want from their team
and ensures that everybody knows about it. Commanders expect
strong discipline and speed from their team and may often shout
commands in very clear terms.
6. The Pacesetter - one who is highly energetic and will often do
their best to bring motivation to the team in the fast-paced nature
of modern economy. He is focused on winning the race and
winning it with pride. Similar in personality to commanders,
pacesetters can also be quite direct and demanding, expecting the
best from their team members and impatient if tasks fall behind
schedule.