A coincise introduction to the standard methodology based on ISO/IEC 31000:2018 for Security Management can be found here:
Security Management as a methodological approach to the management of the security processes of an Organization (understood as a complex interconnected system of tangible and intangible assets, human resources and procedures aimed at the production of services to the community) and the Security Manager as a Security Professional in charge of conducting these processes and being responsible for the corresponding results are the tools, currently available to Organizations to counter the constant multiplication of the fronts towards which organizations are forced to commit themselves in order to maintain competitiveness and maintain the ability to obtain satisfactory economic results. In fact, factors of both an economic-competitive and socio-political nature determine ever-increasing dynamisms and complexities fueled by the convergence and intertwining of phenomena such as social instability, political and economic changes, the rapid and constant technological development, the continuous restructuring processes, the progressive dematerialisation of the Organization's activities, the growing geographical opening to competitiveness, the intensification of international relations and the continuous proliferation of rules and laws at local, national and international level.
In this complex and changeable ecosystem it is also necessary that the Organization remains protected from the point of view of "accountability" with respect to the services provided by the Professional in charge, and therefore a training and certification process is envisaged as well as periodic monitoring of the Professional by part of bodies accredited and supervised by the Ministry of Economic Development as a guarantee, both formal and substantial, of the adequate maintenance of the professional profile in terms of knowledge, skills and competences. The UNI 10459:2017 standard is the reference standard for the Security Professional for which it explains the subjective requirements that must characterize recognition and action. It frames the "subjective context" of the Professional on three levels, also differentiating them for their work in medium, medium/high and maximum security companies with a crescendo of requirements such as training, experience, competence, aptitude and complexity, outlining figures with tasks not purely executive, with increasing role and complexity up to the managerial apex of a complex company which is the Senior Security Manager.