Application Opportunity for Internet 0 in Risk Management Barry Wessler October 1, 2004

Risk Management  Risk Assessment  Risk Mitigation  Risk Transfer  Risk Recovery Opportunity area for Internet 0

RM Application Areas  Financial  Operational  Physical  Information Opportunity area for Internet 0

Risk Assessment  Assets  Losses  Threats  Vulnerabilities  Controls/Safeguards Risk=Asset  Loss  Threat  Vulnerability  Control  Risk generally stated as annual loss expectancy Opportunity area for Internet 0

Assets  Aircraft  Ammunition/Explosives  Art/Paintings  Business Market Share  Cash  Communications Equipment  Computer Hardware  Construction Equipment  Controlled Substances  Customers  Electronic Equipment  Evidence  Facilities/Buildings  Food/Water/Perishables  Gold/Silver/Gems  Intangibles  Large Weapons  Manufacturing Equipment  Negotiable Instruments  Nuclear Materials  Office Equipment  Personnel  Petroleum/Oils  Physical Inventory/Product  Production Resources  Proprietary Information  Real Property  Security System  Small Weapons  Supplies/Parts  Uniform/Special Personnel Equipment  Utilities  Vehicles  Watercraft

Losses  Disruption  Direct Loss  Compromise  Intangibles  Personal Injury/Loss of Life  Indirect Loss  Theft

Threats  Accident/Fatal  Accident/Injury  Activist  Arson  Assault, Aggravated  Assault, Sexual  Assault, Simple  Biological Contamination  Blackmail/Extortion  Bomb Threats  Burglary/Break In  Chemical Gas  Cold/Frost/Snow  Communications Loss  Earthquakes  Electromagnetic Interference  Espionage  Explosions Major  Explosions Minor/Mail-Bomb  Fire, False Alarm  Fire, Major  Fire, Minor  Flooding/Water Damage  Homicide  Kidnapping  Power Loss  Riot/Civil Disorder  Robbery  Sabotage/Disgruntled Employee  Sabotage/Terrorist  Stalking  Storms/Hurricanes/Tornadoes  Theft - Company Property  Theft - Personal Property  Theft - Services  Unauthorized Disclosure  Vandalism

Vulnerabilities  Barriers  Bomb Detection & Control  Cleaning/Trash Removal  Communications  Communications & Utility Closets  Computer Systems Security  Construction/Architecture  Contingency/Emergency Planning  Contingency/Incidence Response  Controlled Areas  Data Backup/Storage  Doors  Electrical Power  Emergency Evacuation  Emergency Medical  Entry Control  Fire Alarms & Detection  Fire Prevention  Fire Suppression  Illumination  Information/Investigation Process  Intrusion Detection  Landscape/Vegetation  Locks/Key Control  Management/Organization  Marine Access Control  Observation  Package Control  Parking Lot/Garage  Personnel Control  Personnel Screening  Property Management  Roofs  Safety  Security Officers  Security Procedures/Policy/Training  Security System  Shipping and Receiving  Vaults/Safes  Vehicle Control  Visitor Control  Water Drainage/Extraction  Windows

Safeguards  Alarm Beacon/Audible  Alternate Feeds  Audible Detectors  Automatic Suppression  Battery/Backup  Berms  Biometric Access  Bomb Disposal Equipment  Bomb Threat Procedures  Brick Walls  Buffer/Control Zone  Bullet Proof Glass  CCTV Cameras  CCTV Motion Detection  Chain Link Fence  Combination Control  Command and Control Center  Concertina Wire  Construction/Design  Contingency Planning  Contract Specifications  Counter-Surveillance Equipment  Detection  Differential Pressure  Disaster Recovery  Document Destruction Equipment  Drains  Electric Field Detectors  Emergency Generator  Emergency Lighting  Entry Control  Escorts  Exit Signs & Evacuation Routes  Explosives Detection  Explosives Identification  Fiber-Optic Cable  Flammable Storage Container  Gas/Radioactive Detectors  Gates  Guard Accessories  Guard Shack/Tower  Identification - Marking  Incident Notification  Incident Response  Information Handling  Infrared Beam  Infrared Motion Detectors  Inquiry/Investigation  Insurance/Bonding  Integrated System  Jersey Walls  Key Card  Key Control/Inventory  Keys  Lighting  Linguist/Sign Language  Locking Hardware  Logs  Magnetic  Magnetic/Contact Switches  Man-Trap  Marshal/Brigade  Medical Incident Response  Metal Detectors  Micro-Phonic Cable  Microwave Beam  Microwave Motion Detectors  Moisture Detection  Night Vision Instruments  Organization/Security  Package Entry & Control  Panic Alarm/Call Stations  Patrol Vehicles  Patrol/Tour Reporting  Personnel Control  Personnel Identification - Badges  Personnel Screening  Personnel Termination  Photo Electric Detectors  Policy  Policy/Procedure  Portable Extinguishers  Posts/Pillars  Pressure Mats  Problem Resolution Process  Proximity Detectors  Public Announcement System  Pumps  Radar  Radio/Phone/Pager  Removal  Revolving Doors  Safety Inspection/Test  Safety Manual  Screening  Security Manual  Security Policy  Security Staff  Seismic  Shatter Protection of Windows  Shipping and Receiving  Simulation Exercises  Solid Core Doors  Steel Bars/Grills  Steel Mesh Walls  Surge Protectors & Filters  Tank Trap  Taut-Wire  Testing  Testing Pumps/Drains/Detection  Testing/Inspection  Training  Training/Operation  Turnstiles  Ultrasonic Motion Detectors  UPS  UPS Dedicated  Vaults/Safes  Vehicle Barriers  Vehicle Control  Vibration Detectors  Vibration Sensor  Warning Signs  Water  Water Supply  Weapons  X-Ray

Internet 0 and RM  Pick one or a set of Safeguards  Use Internet 0 principles to make the Safeguard faster, smarter, cheaper, more reliable, etc.  Better yet, invent new Safeguards possible only in a rich communications environment  The Risk Assessment will tell you what the ROI will be in a particular Asset/Threat environment