Contemporary Security Management, Fourth Edition
By John J. Fay and David Patterson. Butterworth-Heinemann; Elsevier.com; 558 pages; $99.95.
The fourth edition of Contemporary Security Management is an essential resource for anyone who is or will be in the security management field. As an instructor, I have used earlier editions as required textbooks. This new edition follows the same outline as previous ones, but has an expanded table of contents, which makes finding the content easier for both instructor and student.
What makes this edition even better is that it contains examples of security management assessment analyses and tools useful to any security manager, regardless of experience. The addition of Web resources is an improvement over the previous edition, as is the new section on self-assessment of IT security within the “Managing Risk” section. This is now a required element of any security program. The “No Intent and No Framework Means No Governance” legal concept under the section on IT governance is something instructors should emphasize to their students, including the associated costs of exposure if a cyber breach occurs.
The chapter “Critical Infrastructures and Key Resources” has been replaced with “The Importance of Policies and Procedures,” which is an improvement. Every security manager will face this, whether assessing and upgrading an existing security program or starting from scratch (a scary proposition). This essential addition explains how to write security policies and procedures, one of the most difficult tasks for a security manager. Another excellent feature is the framework tool in the appendices. I highly recommend this new edition of Contemporary Security Management and will be referring to it often. It will also be an invaluable study aid for those preparing to earn their CPP certification.
Reviewer: Terry V. Culver, CPP, CMAS (Certified Master Anti-Terrorism Specialist), is a security program specialist for Georgia Tech Research Institute. She has more than 25 years of experience in defense and industry security management.