IDENTIFYING THREATS IN A GLOBAL MARKETPLACE Ira S. Somerson, BCFE, CPP Loss Management Consultants, Inc. Institute for Global Management Studies And Temple.

Slides:



Advertisements
Similar presentations
Museum Presentation Intermuseum Conservation Association.
Advertisements

Department of Homeland Security Site Assistance Visit (SAV)
1 Protecting the Long Island Business Community A Public Safety Partnership.
Jacky Altal. T O C  Hackers Terminology  Cyber attacks in 2012 (so far…)  Nations Conflict  Cyber Motives  Characteristics of CyberCrime  DEMO –
What is Insider Threat? “Potential damage to the interests of an organization by a person(s) who is regarded, falsely, as loyally working for or on behalf.
Session 8: Modeling the Vulnerability of Targets to Threats of Terrorism 1 Session 8 Modeling the Vulnerability of Targets to Threats of Terrorism John.
City of Leesburg Electric Department City of Leesburg Electric Department CIP-001 Sabotage Reporting.
Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.
Cyberterrorism: The Bloodless War? Pat Mcgregor Chief Information Security Architect Intel Corporation 3 October 2001.
DHS, National Cyber Security Division Overview
Physical and Environmental Security Chapter 5 Part 1 Pages 427 to 456.
1 Telstra in Confidence Managing Security for our Mobile Technology.
PPA 573 – Emergency Management and Homeland Security Lecture 9b - Department of Homeland Security Strategic Plan.
Jeffery J. Gust IOWA INDUSTRIAL ENERGY GROUP FALL CONFERENCE Tuesday, October 14, 2014 MidAmerican Energy Company.
© 2003 by Carnegie Mellon University page 1 Information Security Risk Evaluation for Colleges and Universities Carol Woody Senior Technical Staff Software.
Welcome to… Planning for Emergencies – For Small Business –
Chapter 2 Modern Private Security
FSIS’ Innovative Food Security Initiatives Carol Maczka, Ph.D. Assistant Administrator USDA Food Safety and Inspection Service Office of Food Security.
Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.
Technician Module 2 Unit 8 Slide 1 MODULE 2 UNIT 8 Prevention, Intelligence & Deterrence.
Module 3 Develop the Plan Planning for Emergencies – For Small Business –
Network Security Resources from the Department of Homeland Security National Cyber Security Division.
Study Results Advanced Persistent Threat Awareness.
Travel Risk Management Today’s Challenges in a Risky Environment (C) iJET International, Inc. All rights reserved.
IAEA International Atomic Energy Agency IAEA Nuclear Security Programme Enhancing cybersecurity in nuclear infrastructure TWG-NPPIC – IAEA May 09 – A.
Risk Assessment. InfoSec and Legal Aspects Risk assessment Laws governing InfoSec Privacy.
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
Information Warfare Playgrounds to Battlegrounds.
OVERVIEW OF CYBER TERRORISM IN INDONESIA PRESENTED BY: SUPT. DRS. BOY RAFLI AMAR SPECIAL DETACHMENT 88 AT – INP ARF SEMINAR ON.
Force Protection. What is Force Protection? Force protection (FP) is a term used by the US military to describe preventive measures taken to mitigate.
Health Security and Emergencies Ebola Response 13 October 2014.
Securing Critical Chemical Assets: The Responsible Care ® Security Code Protection of Hazardous Installations from Intentional Adversary Acts European.
Lesson 7-Managing Risk. Overview Defining risk. Identifying the risk to an organization. Measuring risk.
IT Strategy for Business © Oxford University Press 2008 All rights reserved Chapter 12 IT Security Strategies.
℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.
International Telecommunication Union Geneva, 9(pm)-10 February 2009 BEST PRACTICES FOR ORGANIZING NATIONAL CYBERSECURITY EFFORTS James Ennis US Department.
Advanced attack techniques Advanced attack techniques Increased by passing techniques against the existing detection methods such as IDS and anti- virus.
Conficker Update John Crain. What is Conficker? An Internet worm  Malicious code that is self-replicating and distributed over a network A blended threat.
Scott Charney Cybercrime and Risk Management PwC.
International Recovery Forum 2014 ~ The Role of Private Sector in Disaster Recovery ~ 21 January 2014 Kobe, Japan Dr Janet L. Asherson THE LINK BETWEEN.
Information Warfare Playgrounds to Battlegrounds.
What is “national security”?  No longer defined only by threat of arms  It really is the economy  Infrastructure not controlled by the government.
Visual 1. 1 Lesson 1 Overview and and Risk Management Terminology.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
Crisis Management Crisis: any situation that has the potential to affect long-term confidence in an organisation or product and may interfere with its.
UNECE – SC2 Rail Security Analysis and economic assessment of rail transport security 1st October 2009 Andrew Cook.
Tom Lenart & John Field CT DEMHS Region 2.  Department of Emergency Services and Public Protection (DESPP)  Commission on Fire Prevention and Control.
1 AFCOM Data Center World March 15, 2016 Moderator: Donna Jacobs, MBA Panel: Greg Hartley Bill Kiss Adam Ringle, MBA ITM 9.2 The New Security Challenge:
INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.
Cyber Security – Client View Peter Gibbons | Head of Cyber Security, Group Business Services Suppliers’ Summer Conference 15/07/2015.
Cyber Security Foundations Part 1. Cyber Security defined:  Protects computer base information and equipment  Deals with confidentiality of data  Protects.
Protecting Houses of Worship Security Plan Development Considerations Glenn Moore Protective Security Advisor – Oklahoma District National Protection and.
Physical Security Market to Global Analysis and Forecasts by Application, Services No of Pages: 150 Publishing Date: Jan 2017 Single User PDF: US$
Physical Security Market to Global Analysis and Forecasts by Application, Services No of Pages: 150 Publishing Date: Feb 2017 Single User PDF: US$
Risks and Hazards to Consider Unit 3. Visual 3.1 Unit 3 Overview This unit describes:  The importance of identifying and analyzing possible hazards that.
Information Security Program
Chapter 2 Modern Private Security
BUSINESS CONTINUITY BY HUI ZHENG.
Business Continuity Plan Training
ASIAN COUNCIL ON HEALTH AND EDUCATION
Threat Trends and Protection Strategies Barbara Laswell, Ph. D
Federal Protective Service
Cybersecurity ATD technical
Securing Critical Chemical Assets: The Responsible Care® Security Code
Preparing for a Terrorist Attack Indian Point Energy Center
Prevention, Intelligence
Deborah Housen-Couriel, ADV.
Presentation transcript:

IDENTIFYING THREATS IN A GLOBAL MARKETPLACE Ira S. Somerson, BCFE, CPP Loss Management Consultants, Inc. Institute for Global Management Studies And Temple CIBER Global Security Concerns October 2 & 3, 2003 The Philadelphia Federal Reserve

“The regulatory, ethical, and legal framework that provide protections to us and individuals and to our business activities at home do not apply abroad.” Overseas Security Advisory Council LMC™

Western Europe 28% Latin America 22% Far East/Pacific Is. 14% Mid East/No Africa 11% Eastern Europe 9% South/Central Asia 9% Sub Saharan Africa 7% THREATS BY REGION 2003 to Date LMC™ Overseas Security Advisory Council

Fast Food 35% Religious17% Soft Drink 10% Oil9% Retail9% Financial8% Hotel4% Airline4% Other4% THREATS BY INDUSTRY: 2003 to Date LMC™ Overseas Security Advisory Council

THREATS TO BE CONSIDERED IN AN INTERNATIONAL ENVIRONMENT THREATS TO BE CONSIDERED IN AN INTERNATIONAL ENVIRONMENT  TERRORISM  PERSONAL SECURITY  PERSONNEL SECURITY  PHYSICAL SECURITY OF FACILITY  INFORMATION AND DATA SECURITY  COMMUNICATIONS SECURITY  INFRASTRUCTURE SECURITY LMC™ Overseas Security Advisory Council

THREATS TO BE CONSIDERED IN AN INTERNATIONAL ENVIRONMENT  DISGRUNTLED INSIDERS  CIVIL UNREST AND/OR CULTURAL CONFLICTS  CRIMINAL THREATS  ECONOMIC COMPETITION  ACTS OF INTELLIGENCE SERVICES  ACTS OF WAR LMC™ Overseas Security Advisory Council

LMC™ LESSONS FROM RECENT CYBER ATTACK CASE STUDIES  CYBER ATTACKS IMMEDIATELY ACCOMPANY PHYSICAL ATTACKS  CYBER ATTACKS ARE INCREASING IN VOLUME, SOPHISTICATION, AND COORDINATION  CYBER ATTACKERS ARE ATTRACTED TO HIGH VALUE TARGETS I INSTITUTE FOR SECURITY TECHNOLOGY STUDIES AT DARTMOUTH COLLEGE, 9/22/01

LMC™ POTENTIAL SOURCES OF CYBER ATTACKES  TERRORIST GROUPS  TERRORIST SYMPATHIZERS AND ANTI- U.S. HACKERS  TARGETED NATION-STATES  THRILL SEEKERS INSTITUTE FOR SECURITY TECHNOLOGY STUDIES AT DARTMOUTH COLLEGE, 9/22/01

LMC™ CYBER ATTACKERS HAVE RECENTLY: DEFACED ELECTRONIC INFORMATION SITES IN THE UNITED STATES AND ALLIED COUNTRIES AND SPREAD DISINFORMATION AND PROPAGANDA. INSTITUTE FOR SECURITY TECHNOLOGY STUDIES AT DARTMOUTH COLLEGE, 9/22/01

LMC™ CYBER ATTACKERS HAVE RECENTLY: INSTITUTE FOR SECURITY TECHNOLOGY STUDIES AT DARTMOUTH COLLEGE, 9/22/01 DENIED SERVICE TO LEGITIMATE COMPUTER USERS IN THE U.S. AND ABROAD BY USE OF:  WORMS  VIRUSES  OTHER COMPUTER WEAKNESSES

LMC™ CYBER ATTACKERS HAVE RECENTLY: COMMITTED UNAUTHORIZED INTRUSIONS INTO SYSTEMS AND NETWORKS BELONGING TO THE UNITED STATES AND ALLIED COUNTRIES, RESULTING IN CRITICAL INFRASTRUCCTURE OUTAGES AND CORRUPTION OF VITAL DATA. INSTITUTE FOR SECURITY TECHNOLOGY STUDIES AT DARTMOUTH COLLEGE, 9/22/01

ONLINE RESOURCES  (The Carnegie Mellon Computer Emergency Response Team)  (The Federal Computer Incident Response Center)  (community and business collaboration of victimization)  (The Institute for Security Technology Studies at Dartmouth)  (The National Infrastructure Protection Center)  (The System Administration, Networking and Security) LMC™

RISK, THREAT & VULNERABILITY CONSIDERATIONS  THREAT = INTENT + CAPABILITY  CAPABILITY = TOOLS + KNOWLEDGE  RISK = THREAT + COUNTERMEASURES  HOW OFTEN WILL THE RISK OCCUR? LMC™ Overseas Security Advisory Council

SECURITY RISK COSTS p LEGAL & DAMAGE CONTROL p EXPECTED REVENUE LOSS p SHAREHOLDER VALUE p REPUTATION (GOOD WILL) p LOSS OF PRODUCTIVITY p MARKET SHARE & TIMING p RELATIONSHIPS WITH CONTRACTORS LMC™

FINANCIAL IMPACT OF SECURITY LOSSES p IMPACT TO OTHER PRODUCT DESIGN p EMPLOYEE MORALE p COST TO SERCURE (AFTER THE FACT) p RESEARCH & DEVELOPMENT p SPECIAL EQUIPMENT CAPITALIZED p STAFF RECRUITING & TRAINING p OVERHEAD COSTS p DEBT SERVICE LMC™

COST OF PROGRAM PREDICTABILITY OF LOSS COMPUTATION OF INFORMATION LOSS NET PRESENT LOSS OR OR NET PRESENT GAIN NET PRESENT VALUE LMC™

EXAMPLE COST OF ONE INFORMATION LOSS $1,000, COST DIVIDED BY POTENTIAL FOR LOSS TO OCCUR OVER A TEN-YEAR PERIOD. IF ONLY ONCE, DIVIDE BY 10=COST/YR 100, LESS COST OF PROGRAM/YR 75, NET PRESENT VALUE $ 25, LMC™

SECURITY OBJECTIVES  DETER  DETECT  DELAY  RESPOND  RECOVER LMC™

THE MISSION OF NTERNATIONAL SECURITY MANAGEMENT RISK SECURITYATT ITUDE CHANCE LMC™

THE MISSION OF NTERNATIONAL SECURITY MANAGEMENT  PEOPLE  INFORMATION  PROPERTY  REPUTATION SECURTY OF: RISK S E C U R I T Y ATTITUDE CHANCE LMC™

RISK ASSESSMENT THE ART AND SCIENCE OF MEASURING THE FORESEEABILITY OF EVENTS AFFECTING THE SAFETY AND SECURITY OF ASSETS LMC™

EXAMPLES OF WHAT A RISK ASSESSMENT SHOULD CONSIDER  INTELLIGENCE GATHERING  OPERATIONAL ASPECTS OF THE ASSET/FACILITY  NATURE OF NEIGHBORING FACILITIES (OR TENANTS)  ACCESS ROADS TO FACILITY LMC™

EXAMPLES OF WHAT A RISK ASSESSMENT SHOULD CONSIDER LMC™  ORGANIZATION’S INCIDENT HISTORY AND ABILITY TO ANALYZE THE DATA  FACILITY MANAGEMENT EFFICIENCY  EFFICIENCY OF EXISTING SECURITY STRATEGY

HOW DO WE DETER, DETECT, DENY, RESPOND TO AND/OR RECOVER FROM ATTACKS?  TECHNOLOGY MANAGEMENT  PROCEDURAL MANAGEMENT  SECURITY AWARENESS  INTELLIGENCE GATHERING AND ANALYSIS  LAW ENFORCEMENT MANAGEMENT LMC™

STANDARD SECURITY INDUSTRY PRACTICES  PUBLISH SECURITY GUIDELINES  PREPARE SUPPORT MATERIALS  EMPLOYEE & CONTRACTOR(NEW & EXISTING) ORIENTATION  SECURITY AWARENESS TRAINING SECURITY PROJECTS LMC™

THE MISSING LINK  PAY ATTENTION TO GOVERNMENT ALERT LEVELS.  CARE ENOUGH TO REPORT SOMETHING THAT DOESN’T LOOK RIGHT TO YOU!  BE AWARE BUT NOT PARANOID LMC™

WHAT YOU CAN DO? LMC™ BECOME PART OF THE SOLUTION VS. BEING PART OF THE PROBLEM