Security management can be defined as the identification and, thereafter, protection of an organization’s assets and allied risks. Security management is ultimately about the protection of an organisation – all and everything in it. For this to be achieved there needs to be the development and implementation of security-focused policies and procedures that are able to protect said assets. Only then can there be the effective and strategic application of adequate and appropriate resources and needed measures to monitor, minimize and control the probability or possible impact of identified security risks.
Security management is often lumped together with, or as part of, safety management. The word ‘lumped’ is used here both purposefully and advisedly. Although security is undoubtedly integral to the overall safety of an organization or a given site, the two are not mutually inclusive. For one thing, whilst both safety and security are obviously applicable to all, a safety ethos has a focus on the individual, whilst a security ethos focuses on the collective. For another, safety is primarily proactive (i.e. preventative in its aims), whilst security is necessarily both proactive and reactive (i.e. wanting to prevent security breaches, but equally needing to react when breaches occur). The safety professional would do well to remember these subtle differences between the two should security management be part of their portfolio.