2.5.4.5 Local and Central Alarms -- 2.5.4.6 Emergency Planning and Disaster Recovery -- 2.5.4.7 Reputation Management -- 2.5.5 Retention -- 2.5.6 Transfer -- Table 2-1 Top 10 Most Costly Terrorist Acts by Insured Property Losses -- Table 2-2 Deadly Terrorist Act Examples by Number of Fatalities (Johnston, 2015 -- Standberry, 2012) -- Case Studies, Chapter 2 -- Discussion Questions, Chapter 2 -- References, Chapter 2 -- Appendix A: Insurance Policies Related to Terrorism Risk Management -- A.1 The Terrorism Risk Reinsurance Act and Its Successors -- A.1.1 The Nature of TRIA -- A.1.2 Coverages Provided by TRIA -- A.1.3 What TRIA Does Not Include -- A.1.4 TRIA Endorsements -- A.1.5 The Debate and the Problems with TRIA -- A.1.6 Other Options to TRIA -- A.2 Kidnap, Ransom, and Extortion (K & R) Insurance Policies -- A.2.1 Types of Insurance Companies that Provide K & R Policies -- A.2.2 The Coverages Available from K & R Contracts -- A.2.3 Contractors Owned by or Employed by K & R Companies -- A.3 Cyber Insurance and Cyber Liability Insurance -- A.3.1 Cyber Insurance Categories -- A.3.2 Current Underwriting Philosophy for Cyber Exposures -- A.3.3 Cyber Insurance Limits, Cost, and Content Examples -- References, Appendix A -- About the Authors -- Credits -- More from the Publisher

As a manager, you’re aware of terrorist acts, are considering the risks, but sense that you need more background. How might terrorism occur? How is it part of risk and threat planning? What insurance strategies might protect your company from financial loss? In a few short chapters, The Manager’s Guide to Terrorism, Risk, and Insurance: Essentials for Today’s Business fills in the blanks for you. What does it take to weigh the likelihood of a terrorism exposure and protect all the assets of your company? The answer to this question involves understanding the nature of terrorists and their behavior, evaluating the risk of potential damage and business interruption, and exploring ways to use insurance – such as programs covered by the US Terrorism Risk Insurance Act – to protect against severe financial harm. Authors of this book, David J. Smith and Mark D. Silinsky, give you the benefit of their decades of professional experience in risk management, insurance, physical and cyber security, and anti-terrorism. Topics covered will help you to better understand: Characteristics that could make your company the target of terrorism. The most costly terrorist acts that have brought about fatalities and insured property loss. . How to anticipate the probability of maximum loss and foreseeable loss from terrorism. . The psychological picture of the typical terrorist – the warning signs and pre-attack indicators. . Tactics used by terrorists, such as bombings, assassination, and kidnapping. . Safety measures to be used by employees in the office and as they travel. . Practical steps for loss reduction from a variety of terrorist-related threats. . Insurance options to protect against financial loss from destructive terrorist acts, kidnap and ransom, and cyber attack and exposure. Case studies and discussion questions are provided to speed your understanding of the material. Importantly, since the book has been extensively researched, the authors provide a wealth of resources that you can consult as you dig deeper into this complex topic.

As a responsible manager, you need to consider threats to your organization's resilience. In this guide, Douglas M. Henderson will help you follow a clearly explained, step-by-step process to conduct a risk assessment. --

Is security management changing so fast that you can’t keep up? Perhaps it seems like those traditional “best practices” in security no longer work? One answer might be that you need better best practices! In their new book, The Manager’s Guide to Enterprise Security Risk Management: Essentials of Risk-Based Security, two experienced professionals introduce ESRM. Their practical, organization-wide, integrated approach redefines the securing of an organization’s people and assets from being task-based to being risk-based. In their careers, the authors, Brian Allen and Rachelle Loyear, have been instrumental in successfully reorganizing the way security is handled in major corporations. In this ground-breaking book, the authors begin by defining Enterprise Security Risk Management (ESRM): “Enterprise security risk management is the application of fundamental risk principles to manage all security risks − whether information, cyber, physical security, asset management, or business continuity − in a comprehensive, holistic, all-encompassing approach.” In the face of a continually evolving and increasingly risky global security landscape, this book takes you through the steps of putting ESRM into practice enterprise-wide, and helps you to: Differentiate between traditional, task-based management and strategic, risk-based management. See how adopting ESRM can lead to a more successful security program overall and enhance your own career. . Prepare your security organization to adopt an ESRM methodology. . Analyze and communicate risks and their root causes to all appropriate parties. . Identify what elements are necessary for long-term success of your ESRM program. . Ensure the proper governance of the security function in your enterprise. . Explain the value of security and ESRM to executives using useful metrics and reports. . Throughout the book, the authors provide a wealth of real-world case studies from a wide range of businesses and industries to help you overcome any blocks to acceptance as you design and roll out a new ESRM-based security program for your own workplace.

In today’s litigious business world, cyber-related matters could land you in court. As a computer security professional, you are protecting your data, but are you protecting your company? While you know industry standards and regulations, you may not be a legal expert. Fortunately, in a few hours of reading, rather than months of classroom study, Tari Schreider’s The Manager’s Guide to Cybersecurity Law: Essentials for Today’s Business, lets you integrate legal issues into your security program. Tari Schreider, a board-certified information security practitioner with a criminal justice administration background, has written a much-needed book that bridges the gap between cybersecurity programs and cybersecurity law. He says, “My nearly 40 years in the fields of cybersecurity, risk management, and disaster recovery have taught me some immutable truths. One of these truths is that failure to consider the law when developing a cybersecurity program results in a protective façade or false sense of security.” In a friendly style, offering real-world business examples from his own experience supported by a wealth of court cases, Schreider covers the range of practical information you will need as you explore – and prepare to apply – cybersecurity law. His practical, easy-to-understand explanations help you to: Understand your legal duty to act reasonably and responsibly to protect assets and information. Identify which cybersecurity laws have the potential to impact your cybersecurity program. Upgrade cybersecurity policies to comply with state, federal, and regulatory statutes. Communicate effectively about cybersecurity law with corporate legal department and counsel. Understand the implications of emerging legislation for your cybersecurity program. Know how to avoid losing a cybersecurity court case on procedure – and develop strategies to handle a dispute out of court. Develop an international view of cybersecurity and data privacy – and international legal frameworks. Schreider takes you beyond security standards and regulatory controls to ensure that your current or future cybersecurity program complies with all laws and legal jurisdictions. Hundreds of citations and references allow you to dig deeper as you explore specific topics relevant to your organization or your studies. This book needs to be required reading before your next discussion with your corporate legal department.

You have the knowledge and skill to create a workable Business Continuity Management (BCM) program – but too often, your projects are stalled while you attempt to get the right information from the right person. Rachelle Loyear experienced these struggles for years before she successfully revamped and reinvented her company’s BCM program. In The Manager’s Guide to Simple, Strategic, Service-Oriented Business Continuity, she takes you through the practical steps to get your program back on track. Rachelle Loyear understands your situation well. Her challenge was to manage BCM in a large enterprise that required hundreds of BC plans to be created and updated. The frustrating reality she faced was that subject matter experts in various departments held the critical information she needed, but few were willing to write their parts of the plan. She tried and failed using all the usual methods to educate and motivate – and even threaten – departments to meet her deadlines. Finally, she decided there had to be a better way. The result was an incredibly successful BCM program that was adopted by BCM managers in other companies. She calls it “The Three S’s of BCM Success,” which can be summarized as: Simple – Strategic – Service-Oriented. Loyear’s approach is easy and intuitive, considering the BCM discipline from the point of view of the people in your organization who are tasked to work with you on building the plans and program. She found that most people prefer: Simple solutions when they are faced with something new and different. Strategic use of their time, making their efforts pay off. Service to be provided, lightening their part of the load while still meeting all the basic requirements. These tactics explain why the 3S program works. It helps you, it helps your program, and it helps your program partners. Loyear says, “If you follow the ‘Three S’ philosophy, the number of plans you need to document will be fewer, and the plans will be simpler and easier to produce. I’ve seen this method succeed repeatedly when the traditional method of handing a business leader a form to fill out or a piece of software to use has failed to produce quality plans in a timely manner.” In The Manager’s Guide to Simple, Strategic, Sevice-Oriented Business Continuity, Loyear shows you how to: Completely change your approach to the problems of “BCM buy-in.” Find new ways to engage and support your BCM program partners and subject matter experts. Develop easier-to-use policies, procedures, and plans. Improve your overall relationships with everyone involved in your BCM program. Craft a program that works around the roadblocks rather than running headlong into them.