Corporate Security Intelligence and Strategic Decision MakingvCONTENTSIntroduction and Acknowledgments xv About the Author xixSECTION I Rationale1 What Is Corporate Security Intelligence? 3Chapter Objectives 3 Introduction 3 Intelligence Defined 4 Introducing Decision Advantage 7 The Corporate Security Environment 8 The History of Corporate Intelligence 9 A Typical Corporate Security Department 12 Challenges to Effective Corporate Security 14 Overcoming These Challenges: The “Business of Resilience” 15 The Role of Intelligence in Enterprise Risk Management 18 Conclusion: Toward Truly Intelligent Security and Businesses? 222 The Corporate Security Operating Environment 23Chapter Objectives 23 Introduction 24 Geopolitical Risk 24 Unknown Unknowns 26 Terrorism 28 Cyber Issues 36 State-Level Threats 38 Cyber Crime 38 Cyber Activism 39 A New Paradigm 39 Conventional Espionage and the “Insider Threat” 40CONTENTSviSingle-Issue Activism and Political Violence 42 The Move toward All Liberation Struggles Being “As One” 43 Secondary Targeting of Customers, Suppliers, and Shareholders 44 Internationalization of Single-Issue Campaigns 44 Political Extremism 45 Use of Social Media in Single-Issue Protest and Political Activism 46 Organized Crime 46 The Wide Reach of Serious Organized Crime 47 Threats to Corporate Security 48 Emerging ThreatsWhats Next? 49 Conclusion: A Complex and Multifaceted World 523 Legal Drivers for Corporate Security Intelligence 53Chapter Objectives 53 Introduction 53 Protecting the Heath, Safety, and Security of Employees: An Employers Duty of Care 55 Relevant Laws in the United States 56 Relevant Laws in the United Kingdom 60 Relevant Laws in the European Union 63 Developing Causes of Action: Negligent Failure to Plan 63 Duty of Care: Summary 64 Corporate Responsibility, Compliance, and Business Ethics Concerns 65 US Law: The Foreign Corrupt Practices Act 65 United Kingdom Law: The UK Bribery Act 67 Sanctions Regimes in the United States and United Kingdom 71 Corruption, Compliance, and SanctionsSummary 72 Conclusion: The Legal Imperative 724 Operational Drivers for Corporate Security Intelligence 75Chapter Objectives 75 Introduction 75 General Corporate Security Intelligence Operating Framework 77 Risk-Management Standards 79 How Corporate Security Intelligence Saves Money 80 How Corporate Security Intelligence Makes Money 82 Conclusion: Intelligence and the Four Ps 84CONTENTSviiSECTION II Theory5 The Fundamentals of Intelligence 89Chapter Objectives 89 Introduction 89 The Information Hierarchy 90 The Intelligence Cycle 92 Criticism of the Intelligence Cycle 96 A Suggested Model for the Corporate Security Intelligence Cycle 97 Principles of Intelligence: CROSSCAT 99 Dramatis Persona: Roles and Responsibilities 101 Intelligence Manager 101 Collectors 102 Collators 103 Analysts 103 Administrators 103 Consumers 104 Types of Intelligence 105 The Systems Approach 106 Predicting, Forecasting, and Probability 107 Conclusion: All Parts in a Harmonious Whole 1086 Management and Direction 111Chapter Objectives 111 Introduction 111 Intelligence Requirements and Product Definition 113 Managing People and Processes 116 Managing Clients and Promoting the Role of Intelligence in the Business 123 Knowledge Management 124 Conclusion: An Essential Juggling Act 1257 Intelligence Collection 127Chapter Objectives 127 Introduction 127 Sources 128 OSINT: The Open World 131 The Internet and Security: An Intelligence Perspective 132CONTENTSviiiSocial Media: Networks within a Network 134 News Media: A Similar Perspective 136 HUMINT: The Human Element 137 Company Sources 138 The Collection Management Process 139 Planning 139 Execution 140 Source Gathering Techniques: OSINT 141 Source Gathering Techniques: HUMINT 142 Source Gathering Techniques: Company 144 Information Archiving 144 Verification 146 The Review Process 146 Conclusion: Better Equipped than Ever? 1478 Collation 149Chapter Objectives 149 Introduction 149 Key Principles 150 Structured versus Unstructured Data 152 Databases and Automated Collation 153 Big Data 155 GIS 156 Conclusion: Getting the Ducks in a Row 1569 Analysis 159Chapter Objectives 159 Introduction 159 Three Models of Corporate Intelligence Processing 160 Decomposing the Task 162 Assessing Sources 163 Collation 164 Intelligence Analysis in the Corporate Sector 165 The Role of the Analyst 165 Ensuring Credibility and Access 166 Analytical Techniques and Thought Processes 166 Analytical Fallacies and Psychological Traps 172 Avoiding the Pitfalls 177 Articulation and Testing of Assumptions 178CONTENTSixAsserting Conclusions and Forecasting 180 Conclusion 18110 Dissemination 183Chapter Objectives 183 Introduction 183 Why Do We Disseminate Material? 184 Balancing Operational Security 185 Report Formats 188 Writing Guidance 188 Presentation Guidance 193 Quality Assurance 195 Showing Return on Investment 197 Conclusion 199SECTION III Practice11 Operational Models 203Chapter Objectives 203 Introducti