A crucial reference for the practicing or aspiring design consultant, Security Design Consulting brings you step by step through the process of becoming a security consultant, describing how to start the business, market services, write proposals, determine fees, and write a report. Specific elements of assessment, design and project management services as well as acquiring product and industry knowledge are all covered in detail. Concentrating on client-focused marketing and sales strategies as well as the crucial elements of preparing, running, and succeeding at the security consulting business, Security Design Consulting gives the reader a working knowledge of all the steps necessary to be a successful security design consultant and a smarter business owner. Security directors, architects and security management consultants will also find this reference invaluable in understanding the security design consultant's important and growing role in an overall security program.* Focuses on consulting in security design, not security management* Provides sample service agreements, specifications, and reports to use as models* Emphasizes the highest technical and ethical standards for this increasingly crucial profession

The demand for security consulting services is at an all-time high. Organizations of all types face unprecedented challenges in dealing with workplace violence, internal and external theft, robbery and crimes of all varieties. These organizations need help in dealing with these challenges, and are reaching out to independent security consultants to assist them. Operating an independent security consulting practice can be a profitable and rewarding business for those with the right skills. Many people retiring from law enforcement, military, or security careers would like to enter the security consulting profession, but don't know how. These people have extensive skills in security and loss prevention, but don't know how to translate these skills into a successful security consulting practice. While they have some idea about the type of services that they would like to provide, they have no idea of how to go about selling these services, what to charge for them, or how to run a profitable security consulting business. It is for these people that this book was written. Within this book, Michael A. Silva, an independent security consultant with over thirty years of experience, provides practical "how-to" advice on how to start and run a successful security consulting practice. Pulling no punches, Michael tells what it takes to be a successful security consultant, and explains why so many new security consultants fail within the first eighteen months. Chapters in this book include: Chapter 1 - What is an Independent Security Consultant? Chapter 2 - A Week in the Life of a Security Consultant Chapter 3 - The Skills needed to be Successful Chapter 4 - Planning Your Consulting Practice Chapter 5 - Determining What and How to Charge Chapter 6 - Selling Security Consulting Services Chapter 7 - Proposal Writing for the Security Consultant Chapter 8 - Selling to Government Agencies Chapter 9 - Selling to Architects and Engineers Chapter 10 - Security Consulting Services That Sell Chapter 11 - Creating a Business Plan Chapter 12 - Taking the Plunge Chapter 13 - Taking Your Practice to the Next Level Chapter 14 - Continuing Education Chapter 15 - Avoiding Pitfalls and Common Mistakes This book is crammed with practical tips based on the actual day-to-day experiences of a working security consultant. Within this book, Michael tells you what works - and more importantly, what doesn't work. This book is specifically written for the person starting a one-person security consulting practice, and answers questions such as: - What types of skills do I need to be successful? - What types of licenses and certifications do I need? - What should I name my business? - Do I need a website? - What types of insurance do I need? - Should I rent an office, or work out of my home? - How much should I charge? - How do I sell my services and get consulting jobs? - How do I write a proposal? - What consulting services should I offer? - How much money do I need to get started? - What steps should I take before I quit my present job? - Can I start my consulting practice part-time while I'm still working? - How do I grow my practice and take it to the next level? - What are some common mistakes made by new consultants and how can I avoid them? About The Author Michael A. Silva is an independent security consultant that has over forty years of security industry experience. Michael founded Silva Consultants, his independent security consulting and design firm, in 1985. In late 2001, Michael suspended the operations of Silva Consultants to accept a position with Kroll, the world's largest security and risk consulting company. From 2001 to 2006, he managed Kroll's security consulting and engineering practice in Seattle, and was responsible for projects throughout Washington, Oregon, California, and Nevada. In 2007, Michael resigned his position with Kroll and resumed the operations of Silva Consultants.

Since 9/11, business and industry has paid close attention to security within their own organizations. In fact, at no other time in modern history has business and industry been more concerned with security issues. A new concern for security measures to combat potential terrorism, sabotage, theft and disruption -- which could bring any business to it's knees -- has swept the nation. This has opened up a huge opportunity for private investigators and security professionals as consultants. Many retiring law enforcement and security management professionals look to enter the private security consulting market. Security consulting often involves conducting in-depth security surveys so businesses will know exactly where security holes are present and where they need improvement to limit their exposure to various threats. The fourth edition of Security Consulting introduces security and law enforcement professionals to the career and business of security consulting. It provides new and potential consultants with the practical guidelines needed to start up and maintain a successful independent practice. Updated and expanded information is included on marketing, fees and expenses, forensic consulting, the use of computers, and the need for professional growth. Useful sample forms have been updated in addition to new promotion opportunities and keys to conducting research on the Web. - The only book of its kind dedicated to beginning a security consulting practice from the ground-up - Proven, practical methods to establish and run a security consulting business - New chapters dedicated to advice for new consultants, information secutiry consulting, and utilizing the power of the Internet - The most up-to-date best practices from the IAPSC

Use the guidance in this comprehensive field guide to gain the support of your top executives for aligning a rational cybersecurity plan with your business. You will learn how to improve working relationships with stakeholders in complex digital businesses, IT, and development environments. You will know how to prioritize your security program, and motivate and retain your team. Misalignment between security and your business can start at the top at the C-suite or happen at the line of business, IT, development, or user level. It has a corrosive effect on any security project it touches. But it does not have to be like this. Author Dan Blum presents valuable lessons learned from interviews with over 70 security and business leaders. You will discover how to successfully solve issues related to: risk management, operational security, privacy protection, hybrid cloud management, security culture and user awareness, and communication challenges. This book presents six priority areas to focus on to maximize the effectiveness of your cybersecurity program: risk management, control baseline, security culture, IT rationalization, access control, and cyber-resilience. Common challenges and good practices are provided for businesses of different types and sizes. And more than 50 specific keys to alignment are included. What You Will Learn Improve your security culture: clarify security-related roles, communicate effectively to businesspeople, and hire, motivate, or retain outstanding security staff by creating a sense of efficacy Develop a consistent accountability model, information risk taxonomy, and risk management framework Adopt a security and risk governance model consistent with your business structure or culture, manage policy, and optimize security budgeting within the larger business unit and CIO organization IT spend Tailor a control baseline to your organization’s maturity level, regulatory requirements, scale, circumstances, and critical assets Help CIOs, Chief Digital Officers, and other executives to develop an IT strategy for curating cloud solutions and reducing shadow IT, building up DevSecOps and Disciplined Agile, and more Balance access control and accountability approaches, leverage modern digital identity standards to improve digital relationships, and provide data governance and privacy-enhancing capabilities Plan for cyber-resilience: work with the SOC, IT, business groups, and external sources to coordinate incident response and to recover from outages and come back stronger Integrate your learnings from this book into a quick-hitting rational cybersecurity success plan Who This Book Is For Chief Information Security Officers (CISOs) and other heads of security, security directors and managers, security architects and project leads, and other team members providing security leadership to your business

Security technology convergence, which refers to the incorporation of computing, networking, and communications technologies into electronic physical security systems, was first introduced in the 1970s with the advent of computer-based access control and alarm systems. As the pace of information technology (IT) advances continued to accelerate, the physical security industry continued to lag behind IT advances by at least two to three years. Security Technology Convergence Insights explores this sometimes problematic convergence of physical security technology and information technology and its impact on security departments, IT departments, vendors, and management. - Includes material culled directly from author's column in Security Technology Executive - Easy-to-read question and answer format - Includes real-world examples to enhance key lessons learned

In November 1999, GSA and the U.S. Department of State convened a symposium to discuss the apparently conflicting objectives of security from terrorist attack and the design of public buildings in an open society. The symposium sponsors rejected the notion of rigid, prescriptive design approaches. The symposium concluded with a challenge to the design and security professions to craft aesthetically appealing architectural solutions that achieve balanced, performance-based approaches to both openness and security. In response to a request from the Office of the Chief Architect of the Public Buildings Service, the National Research Council (NRC) assembled a panel of independent experts, the Committee to Review the Security Design Criteria of the Interagency Security Committee. This committee was tasked to evaluate the ISC Security Design Criteria to determine whether particular provisions might be too prescriptive to allow a design professional "reasonable flexibility" in achieving desired security and physical protection objectives.

The only security book to be chosen as a Dr. Dobbs Jolt Award Finalist since Bruce Schneier's Secrets and Lies and Applied Cryptography! Adam Shostack is responsible for security development lifecycle threat modeling at Microsoft and is one of a handful of threat modeling experts in the world. Now, he is sharing his considerable expertise into this unique book. With pages of specific actionable advice, he details how to build better security into the design of systems, software, or services from the outset. You'll explore various threat modeling approaches, find out how to test your designs against threats, and learn effective ways to address threats that have been validated at Microsoft and other top companies. Systems security managers, you'll find tools and a framework for structured thinking about what can go wrong. Software developers, you'll appreciate the jargon-free and accessible introduction to this essential skill. Security professionals, you'll learn to discern changing threats and discover the easiest ways to adopt a structured approach to threat modeling. Provides a unique how-to for security and software developers who need to design secure products and systems and test their designs Explains how to threat model and explores various threat modeling approaches, such as asset-centric, attacker-centric and software-centric Provides effective approaches and techniques that have been proven at Microsoft and elsewhere Offers actionable how-to advice not tied to any specific software, operating system, or programming language Authored by a Microsoft professional who is one of the most prominent threat modeling experts in the world As more software is delivered on the Internet or operates on Internet-connected devices, the design of secure software is absolutely critical. Make sure you're ready with Threat Modeling: Designing for Security.

Protecting systems within an enterprise has proven as important to overall security as securing the enterprise perimeter. Over the past few years, the number of vulnerabilities stemming from weaknesses in applications and operating systems has grown dramatically. In direct correlation with the number of weaknesses discovered, the number of viruses, worms, and security attacks has also exploded across the Internet. To add to the typical virus issues that businesses have had to confront, there are also malicious programs infiltrating organizations today in the form of spyware and adware. Prevent day-zero attacks Enforce acceptable-use policies Develop host-IPS project implementation plans Evaluate management hierarchy installation options, including single-server, multiserver, and built-in database usage Learn about CSA agents and manual and scripted installation options Understand policy components and custom policy creation Use and filter information from CSA event logs Troubleshoot CSA deployments with agent and management server logs and built-in troubleshooting tools Protecting systems where the private data and intellectual property resides is no longer considered a function of perimeter defense systems but has instead become the domain of endpoint protection software, such as host Intrusion Prevention Systems (IPS). Cisco® Security Agent (CSA) is the Cisco Systems® host-IPS solution. CSA provides the security controls that corporations need to deal with threats to host and desktop computing resources. Advanced Host Intrusion Prevention with CSA is a practical guide to getting the most out of CSA deployments. Through methodical explanation of advanced CSA features and concepts, this book helps ease the fears of security administrators seeking to install and configure a host IPS. This book explains in detail such topics as installation of the management servers, installation of the agents for mass deployment, granular agent policy creation, advanced policy creation, real-world troubleshooting techniques, and best practices in implementation methodology. This guide also provides a practical installation framework taken from the actual installation and support experience of the authors. This book helps you implement host IPS appropriately, giving your organization better protection from the various threats that are impacting your business while at the same time enabling you to comply with various legal requirements put forth in such legislation as HIPAA, SOX, SB1386, and VISA PCI.

Protecting Apartments, Condominiums, and Gated Communities is a guide for homeowners and property managers who have responsibility for managing security at a multifamily property. This book offers comprehensive advice on assessing the security risks at your property and in the planning and implementation of an effective security program.Chapters within the book explain the basic concepts for good security, the types of physical and electronic security systems that can be used to protect a property, and the strategies that can be used to successfully secure areas both inside and outside of the property.Protecting Apartments, Condominiums, and Gated Communities also discusses the operational aspects of managing a security program including the development of security policies and procedures, providing security training for residents and staff, using security officers, and procuring various types of security products and services.This book provides an unbiased source of advice to people who have responsibility for managing security at a multifamily property. This can range from a private owner who manages a small apartment building, to a regional property manager who has a portfolio of hundreds of properties throughout the country. This book is especially useful to Homeowner's Association (HOA) Board Members who have little or no previous security experience, but must make decisions on how security problems at their property can be solved.

Written for the design professional, this book offers basic concepts for site security design and risk/threat assessment, and their relationship and integration into the overall design/streetscape projects. * This book is the only reference to offer coverage of security design for the site, rather than for the building * It provides landscape architects and other design professionals with the fundamental knowledge they need in order to work with clients and security consultants * It includes guidelines for conducting security/risk assessments as well as case studies that offer a variety of site designs that successfully integrate security