Skip to content

Book Review: Security Risk Assessment

Risk assessments, security assessments, threat assessments, and security surveys are explored by numerous publications. Many of these focus on defining the differences between the types of assessments and surveys. Author John M. White avoids this academic approach; instead, he defines, describes, and provides practical information from a bottom-up, rather than top-down, perspective.

A longtime security consultant, White shares his expertise and years of practical experience in performing security assessments. His hands-on book practically and clearly guides the new security manager (or other professional tasked with the security function) through the stages of successfully completing a security assessment. His position as a consultant is easily recognized in the beginning chapters, as he emphasizes the advantage of using an outside expert. His argument is well-founded and persuasive. He proceeds to walk the first-time assessment provider through organizing the team, developing the scope of work, conducting the assessment, and reporting the findings. He accomplishes this at a level that allows the reader to clearly understand and appreciate the practicality of this process. Pertinent observations the author has gathered from his years of experience add depth to the writing.

White has created an excellent book with material drawn from the well of his experience. Although the first several chapters are a bit long on the advantages of using a consultant, this book is clearly a must-read for the inexperienced or nonsecurity professional who is faced with the task of conducting a security assessment. The book applies to most facilities, especially healthcare-related facilities.

Reviewer: R. William Leap, CPP, is vice president of security services for Chicago-based Titan Security Group. He is responsible for the design and implementation of manned and remote security services, including security assessments, project management, planning, and quality control. He is a member of the ASIS Security Services Council.�