Metrics and Methods for Security Risk Management

Paperback (Print)
Used and New from Other Sellers
Used and New from Other Sellers
from $22.24
Usually ships in 1-2 business days
(Save 55%)
Other sellers (Paperback)
  • All (3) from $22.24   
  • New (2) from $27.34   
  • Used (1) from $22.24   


Metrics and Methods for Security Risk Management offers powerful analytic tools that have been absent from traditional security texts. This easy-to-read text provides a handy compendium of scientific principles that affect security threats, and establishes quantitative security metrics that facilitate the development of effective security solutions. Most importantly, this book applies these foundational concepts to information protection, electromagnetic pulse, biological, chemical and radiological weapons, theft, and explosive threats. In addition, this book offers a practical framework for assessing security threats as well as a step-by-step prescription for a systematic risk mitigation process that naturally leads to a flexible model for security standards and audits. This process helps ensure consistency and coherence in mitigating risk as well as in managing complex and/or global security programs. This book promises to be the standard reference in the field and should be in the library of every serious security professional.

Offers an integrated approach to assessing security risk

Addresses homeland security as well as IT and physical security issues

Describes vital safeguards for ensuring true business continuity

Read More Show Less

Editorial Reviews

From the Publisher
"Carl S. Young, VP [and senior risk strategist at a major international corporation], has delivered a volume to make the technology bedrock of security more comprehensible. To justify any security measure, Young shows how risk management can be understood quantitatively. That’s important because so many workplace decisions on vulnerability are made after calculating risk metrics."—Security Letter, Vol. XL, No. 9 (September 2010)

"…This author has a unique and useful perspective on an important and timely topic."— Jon A. Schmidt, PE, BSCP, Director of Antiterrorism Services, Burns & McDonnell, Kansas City, MO. "Dealing with security risks requires not only the wisdom and experience to assess threats, but also the scientific and technical knowledge to mitigate their risk. Carl Young's wide-ranging expertise in both these areas has been recognized and honored during his distinguished career in government and in the private sector, and informs this fascinating book…[T]his book will be valuable to security professionals as well as concerned citizens."—Prof Emeritus Sidney Drell, Deputy Director,Stanford Linear Accelerator Center (1969-1998). "In the post 9/11 world we had to find cost effective, practical, risk-based, resilient solutions to immensely challenging issues. Carl Young was, and is, central to that work. He combines academic brilliance with practical, hands-on experience of delivering security solutions. This book is a synthesis of that work."—James A. King, CBE, Senior UK government security and counterterrorism advisor (1978-2008). Head of Security and Fraud, Lloyds Banking Group, UK. "There is nobody in the field of security who surpasses Carl Young's experience and expertise. And now, for the benefit of us all, he has written Metrics and Methods for Security Risk Management. From the thoughtful layout of the chapters, to the clarity of his language and examples, Carl has given the gift of his experience as a scientist and hands-on professional with a talent for writing. This book provides direction and disciplined analysis essential for risk managers and security professionals serious about their work and their careers."—Ed Stroz, Co-president, Stroz Friedberg LLC, leading IT security and digital forensics consulting firm.

Read More Show Less

Product Details

  • ISBN-13: 9781856179782
  • Publisher: Elsevier Science
  • Publication date: 7/15/2010
  • Pages: 256
  • Product dimensions: 7.50 (w) x 9.10 (h) x 0.80 (d)

Meet the Author

Carl S. Young is a recognized expert in developing strategic security solutions and applying quantitative methods to security risk management. He was a Supervisory Special Agent and Senior Executive in the FBI as well as Global Head of physical security technology at Goldman Sachs & Co. in New York, and Goldman Sachs International in London. He is currently the head of the Security Science consulting practice and Chief Security Officer at Stroz Friedberg, LLC in New York City. He is also an adjunct professor in the Protection Management Department of the John Jay College of Criminal Justice, City University of New York (CUNY).

Mr. Young was a consultant to the JASON defense advisory group and was selected by the Director of Central Intelligence to advise the intelligence community on technology as part of a blue ribbon panel. In 1997 he was awarded the James R. Killian Medal by the White House for individual contributions to national security. He is the author of Metrics and Methods for Security Risk Management (Syngress, 2010) as well as numerous technical papers related to security risk management. Mr. Young received undergraduate and graduate degrees in mathematics and physics respectively from the Massachusetts Institute of Technology (MIT), Cambridge, MA.

Read More Show Less

Table of Contents

About the Author xi

Foreword xiii

Preface xv

Acknowledgments xix

Part I The Structure of Security Risk

Chapter 1 Security Threats and Risk 3

1.1 Introduction to Security Risk or Tales of the Psychotic Squirrel and the Sociable Shark 3

1.2 The Fundamental Expression of Security Risk 9

1.3 Introduction to Security Risk Models and Security Risk Mitigation 14

1.4 Summary 17

Chapter 2 The Fundamentals of Security Risk Measurements 19

2.1 Introduction 19

2.2 Linearity and Non-linearity 19

2.3 Exponents, Logarithms and Sensitivity to Change 25

2.4 The Exponential Function ex 27

2.5 The Decibel (dB) 28

2.6 Security Risk and the Concept of Scale 31

2.7 Some Common Physical Models in Security Risk 33

2.8 Visualizing Security Risk 37

2.9 An Example: Guarding Costs 42

2.10 Summary 43

Chapter 3 Risk Measurements and Security Programs 45

3.1 Introduction 45

3.2 The Security Risk Assessment Process 47

3.2.1 Unique Threats 47

3.2.2 Motivating Security Risk Mitigation: The Five Commandments of Corporate Security 48

3.2.3 Security Risk Models 49

3.3 Managing Security Risk 54

3.3.1 The Security Risk Mitigation Process 54

3.3.2 Security Risk Standards 58

3.4 Security Risk Audits 70

3.5 Security Risk Program Frameworks 73

3.6 Summary 73

Part II Measuring and Mitigating Security Risk

Chapter 4 Measuring the Likelihood Component of Security Risk 81

4.1 Introduction 81

4.2 Likelihood or Potential for Risk? 82

4.3 Estimating the Likelihood of Randomly Occurring Security Incidents 85

4.4 Estimating The Potential for Biased Security Incidents 88

4.5 Averages and Deviations 91

4.6 Actuarial Approaches to Security Risk 97

4.7 Randomness, Loss, and Expectation Value 99

4.8 Financial Risk 106

4.9 Summary 107

Chapter 5 Measuring the Vulnerability Component of Security Risk 109

5.1 Introduction 109

5.2 Vulnerability to Information Loss through Unauthorized Signal Detection 110

5.2.1 Energy, Waves and Information 111

5.2.2 Introduction to Acoustic Energy and Audible Information 115

5.2.3 Transmission of Audible Information and Vulnerability to Conversation-Level Overhears 117

5.2.4 Audible Information and the Effects of Intervening Structures 120

5.2.5 Introduction to Electromagnetic Energy and Vulnerability to Signal Detection 126

5.2.6 Electromagnetic Energy and the Effects of Intervening Structures 132

5.2.7 Vulnerability to Information Loss through Unauthorized Signal Detection: A Checklist 135

5.3 Vulnerability to Explosive Threats 136

5.3.1 Explosive Parameters 136

5.3.2 Confidence Limits and Explosive Vulnerability 142

5.4 A Theory of Vulnerability to Computer Network Infections 146

5.5 Biological, Chemical and Radiological Weapons 151

5.5.1 Introduction 151

5.5.2 Vulnerability to Radiological Dispersion Devices 152

5.5.3 Vulnerability to Biological Threats 162

5.5.4 Vulnerability to External Contaminants; Bypassing Building Filtration 168

5.5.5 Vulnerability to Chemical Threats 172

5.6 The Visual Compromise of Information 173

5.7 Summary 175

Chapter 6 Mitigating Security Risk: Reducing Vulnerability 179

6.1 Introduction 179

6.2 Audible Signals 180

6.2.1 Acoustic Barriers 182

6.2.2 Sound Reflection 184

6.2.3 Sound Absorption 185

6.3 Electromagnetic Signals 187

6.3.1 Electromagnetic Shielding 187

6.3.2 Intra-Building Electromagnetic Signal Propagation 191

6.3.3 Intra-Building Electromagnetic Signal Propagation 194

6.3.4 Non-Point Source Electromagnetic Radiation 195

6.4 Vehicle-borne Explosive Threats: Barriers and Bollards 198

6.5 Explosive Threats 203

6.6 Radiological Threats 206

6.7 Biological Threats 210

6.7.1 Particulate Filtering 210

6.7.2 Ultraviolet Germicidal Irradiation (UVGI) 212

6.7.3 Combining UVGI with Particulate Filtering 214

6.7.4 More Risk Mitigation for Biological Threats 216

6.7.5 Relative Effectiveness of Influenza Mitigation 217

6.8 Mitigating the Risk of Chemical Threats (briefly noted) 222

6.9 Guidelines on Reducing the Vulnerability to Non-Traditional Threats in Commercial Facilities 224

6.10 Commercial Technical Surveillance Countermeasures (TSCM) 225

6.11 Electromagnetic Pulse (EMP) Weapons 234

6.12 Summary 238

Epilogue 243

Appendix A 245

Appendix B 247

Appendix C 249

Appendix D 251

Appendix E 253

Appendix F 255

Appendix G 257

Appendix H 259

Index 261

Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star


4 Star


3 Star


2 Star


1 Star


Your Rating:

Your Name: Create a Pen Name or

Barnes & Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation


  • - By submitting a review, you grant to Barnes & and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Terms of Use.
  • - Barnes & reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)