IDENTIFYING THREATS IN A GLOBAL MARKETPLACE Ira S. Somerson, BCFE, CPP Loss Management Consultants, Inc. Institute for Global Management Studies And Temple CIBER Global Security Concerns October 2 & 3, 2003 The Philadelphia Federal Reserve

“The regulatory, ethical, and legal framework that provide protections to us and individuals and to our business activities at home do not apply abroad.” Overseas Security Advisory Council LMC™

Western Europe 28% Latin America 22% Far East/Pacific Is. 14% Mid East/No Africa 11% Eastern Europe 9% South/Central Asia 9% Sub Saharan Africa 7% THREATS BY REGION 2003 to Date LMC™ Overseas Security Advisory Council

Fast Food 35% Religious17% Soft Drink 10% Oil9% Retail9% Financial8% Hotel4% Airline4% Other4% THREATS BY INDUSTRY: 2003 to Date LMC™ Overseas Security Advisory Council

THREATS TO BE CONSIDERED IN AN INTERNATIONAL ENVIRONMENT THREATS TO BE CONSIDERED IN AN INTERNATIONAL ENVIRONMENT  TERRORISM  PERSONAL SECURITY  PERSONNEL SECURITY  PHYSICAL SECURITY OF FACILITY  INFORMATION AND DATA SECURITY  COMMUNICATIONS SECURITY  INFRASTRUCTURE SECURITY LMC™ Overseas Security Advisory Council

THREATS TO BE CONSIDERED IN AN INTERNATIONAL ENVIRONMENT  DISGRUNTLED INSIDERS  CIVIL UNREST AND/OR CULTURAL CONFLICTS  CRIMINAL THREATS  ECONOMIC COMPETITION  ACTS OF INTELLIGENCE SERVICES  ACTS OF WAR LMC™ Overseas Security Advisory Council

LMC™ LESSONS FROM RECENT CYBER ATTACK CASE STUDIES  CYBER ATTACKS IMMEDIATELY ACCOMPANY PHYSICAL ATTACKS  CYBER ATTACKS ARE INCREASING IN VOLUME, SOPHISTICATION, AND COORDINATION  CYBER ATTACKERS ARE ATTRACTED TO HIGH VALUE TARGETS I INSTITUTE FOR SECURITY TECHNOLOGY STUDIES AT DARTMOUTH COLLEGE, 9/22/01

LMC™ POTENTIAL SOURCES OF CYBER ATTACKES  TERRORIST GROUPS  TERRORIST SYMPATHIZERS AND ANTI- U.S. HACKERS  TARGETED NATION-STATES  THRILL SEEKERS INSTITUTE FOR SECURITY TECHNOLOGY STUDIES AT DARTMOUTH COLLEGE, 9/22/01

LMC™ CYBER ATTACKERS HAVE RECENTLY: DEFACED ELECTRONIC INFORMATION SITES IN THE UNITED STATES AND ALLIED COUNTRIES AND SPREAD DISINFORMATION AND PROPAGANDA. INSTITUTE FOR SECURITY TECHNOLOGY STUDIES AT DARTMOUTH COLLEGE, 9/22/01

LMC™ CYBER ATTACKERS HAVE RECENTLY: INSTITUTE FOR SECURITY TECHNOLOGY STUDIES AT DARTMOUTH COLLEGE, 9/22/01 DENIED SERVICE TO LEGITIMATE COMPUTER USERS IN THE U.S. AND ABROAD BY USE OF:  WORMS  VIRUSES  OTHER COMPUTER WEAKNESSES

LMC™ CYBER ATTACKERS HAVE RECENTLY: COMMITTED UNAUTHORIZED INTRUSIONS INTO SYSTEMS AND NETWORKS BELONGING TO THE UNITED STATES AND ALLIED COUNTRIES, RESULTING IN CRITICAL INFRASTRUCCTURE OUTAGES AND CORRUPTION OF VITAL DATA. INSTITUTE FOR SECURITY TECHNOLOGY STUDIES AT DARTMOUTH COLLEGE, 9/22/01

ONLINE RESOURCES  (The Carnegie Mellon Computer Emergency Response Team)  (The Federal Computer Incident Response Center)  (community and business collaboration of victimization)  (The Institute for Security Technology Studies at Dartmouth)  (The National Infrastructure Protection Center)  (The System Administration, Networking and Security) LMC™

RISK, THREAT & VULNERABILITY CONSIDERATIONS  THREAT = INTENT + CAPABILITY  CAPABILITY = TOOLS + KNOWLEDGE  RISK = THREAT + COUNTERMEASURES  HOW OFTEN WILL THE RISK OCCUR? LMC™ Overseas Security Advisory Council

SECURITY RISK COSTS p LEGAL & DAMAGE CONTROL p EXPECTED REVENUE LOSS p SHAREHOLDER VALUE p REPUTATION (GOOD WILL) p LOSS OF PRODUCTIVITY p MARKET SHARE & TIMING p RELATIONSHIPS WITH CONTRACTORS LMC™

FINANCIAL IMPACT OF SECURITY LOSSES p IMPACT TO OTHER PRODUCT DESIGN p EMPLOYEE MORALE p COST TO SERCURE (AFTER THE FACT) p RESEARCH & DEVELOPMENT p SPECIAL EQUIPMENT CAPITALIZED p STAFF RECRUITING & TRAINING p OVERHEAD COSTS p DEBT SERVICE LMC™

COST OF PROGRAM PREDICTABILITY OF LOSS COMPUTATION OF INFORMATION LOSS NET PRESENT LOSS OR OR NET PRESENT GAIN NET PRESENT VALUE LMC™

EXAMPLE COST OF ONE INFORMATION LOSS $1,000, COST DIVIDED BY POTENTIAL FOR LOSS TO OCCUR OVER A TEN-YEAR PERIOD. IF ONLY ONCE, DIVIDE BY 10=COST/YR 100, LESS COST OF PROGRAM/YR 75, NET PRESENT VALUE $ 25, LMC™

SECURITY OBJECTIVES  DETER  DETECT  DELAY  RESPOND  RECOVER LMC™

THE MISSION OF NTERNATIONAL SECURITY MANAGEMENT RISK SECURITYATT ITUDE CHANCE LMC™

THE MISSION OF NTERNATIONAL SECURITY MANAGEMENT  PEOPLE  INFORMATION  PROPERTY  REPUTATION SECURTY OF: RISK S E C U R I T Y ATTITUDE CHANCE LMC™

RISK ASSESSMENT THE ART AND SCIENCE OF MEASURING THE FORESEEABILITY OF EVENTS AFFECTING THE SAFETY AND SECURITY OF ASSETS LMC™

EXAMPLES OF WHAT A RISK ASSESSMENT SHOULD CONSIDER  INTELLIGENCE GATHERING  OPERATIONAL ASPECTS OF THE ASSET/FACILITY  NATURE OF NEIGHBORING FACILITIES (OR TENANTS)  ACCESS ROADS TO FACILITY LMC™

EXAMPLES OF WHAT A RISK ASSESSMENT SHOULD CONSIDER LMC™  ORGANIZATION’S INCIDENT HISTORY AND ABILITY TO ANALYZE THE DATA  FACILITY MANAGEMENT EFFICIENCY  EFFICIENCY OF EXISTING SECURITY STRATEGY

HOW DO WE DETER, DETECT, DENY, RESPOND TO AND/OR RECOVER FROM ATTACKS?  TECHNOLOGY MANAGEMENT  PROCEDURAL MANAGEMENT  SECURITY AWARENESS  INTELLIGENCE GATHERING AND ANALYSIS  LAW ENFORCEMENT MANAGEMENT LMC™

STANDARD SECURITY INDUSTRY PRACTICES  PUBLISH SECURITY GUIDELINES  PREPARE SUPPORT MATERIALS  EMPLOYEE & CONTRACTOR(NEW & EXISTING) ORIENTATION  SECURITY AWARENESS TRAINING SECURITY PROJECTS LMC™

THE MISSING LINK  PAY ATTENTION TO GOVERNMENT ALERT LEVELS.  CARE ENOUGH TO REPORT SOMETHING THAT DOESN’T LOOK RIGHT TO YOU!  BE AWARE BUT NOT PARANOID LMC™

WHAT YOU CAN DO? LMC™ BECOME PART OF THE SOLUTION VS. BEING PART OF THE PROBLEM