MINISTRY OF SOCIAL AFFAIRS AND HEALTH 1 Introduction to corporate security Teemupekka Virtanen Helsinki University of Technology Telecommunication Software and Multimedia Laboratory

MINISTRY OF SOCIAL AFFAIRS AND HEALTH 2 Security in organizations Working conditions Environmental protection Product safety Information security Fraud prevention Crime prevention Fire protection Public safety Continuity Bookkeeping Traffic security Risk management

MINISTRY OF SOCIAL AFFAIRS AND HEALTH 3 Security as a brandmaker Many customers want to have secure products and services and they are also willing to pay for that Many customers want to transfer part of their risks to a partners and thus require higher security level and continuity There is a market for security products and services The price is often not the main criteria in these market

MINISTRY OF SOCIAL AFFAIRS AND HEALTH 4 Security and efficiency The main function of security is to prevent failures in the main business The less incidents the more efficient production If too much time is spent in cleaning work the production can’t be efficient

MINISTRY OF SOCIAL AFFAIRS AND HEALTH 5 Security means conflicts The security needs of different parties conflicts each other I am secure if I have a gun and you don’t have I must be able to read your One part of security management is to understand these different needs and take them into account Often one participant just takes its own needs into account Other tries to arrange their needs by breaking the rules

MINISTRY OF SOCIAL AFFAIRS AND HEALTH 6

7 Security management using the normal command chain Security is a part of normal operations When defining goal some restrictions are defined in the same time The lower level can set its own security level higher if needed

MINISTRY OF SOCIAL AFFAIRS AND HEALTH 8 Risk Threat Vulnerability Loss Risk Remove risk Decrease risk Accept risk

MINISTRY OF SOCIAL AFFAIRS AND HEALTH 9 A Risk cycle Finding and analysing risks Risk management - Avoiding risk - Decreasing risk - Transferring risk - Accepting risk Security incident Corrective actions - Corrections - Cleaning - Learning - Modifications Monitoring

MINISTRY OF SOCIAL AFFAIRS AND HEALTH 10 Insurance Insurance is a way to reduce risk by transfering it to an insurance company Insurance is based on statistics If the probability for a car accident is 0,01%, a person can’t know to whom it happens Insurance company can estimate that 100 out of its customers face an accident Company don’t have to know who exactly will face an accident It just calcolate how much 100 accidents costs and share the amount to its customers

MINISTRY OF SOCIAL AFFAIRS AND HEALTH 11 The properties of information CIA model Confidentiality Integrity Availability Other properties attached often to information Non repudiation Authentication

MINISTRY OF SOCIAL AFFAIRS AND HEALTH 12 The quality of information The most important meta information is the main quality aspect of information If a user can trust that information is correct no option is needed to consider Managing the quality of information is a way to maintain information security

MINISTRY OF SOCIAL AFFAIRS AND HEALTH 13 Security domains

MINISTRY OF SOCIAL AFFAIRS AND HEALTH 14 The goals of physical security People in a domain can work without disturbance from outside There are only trusted people inside People don’t have to watch each others Security does not prevent or disturb legal access Optimization of security work Few routes to monitor Automation and special staff

MINISTRY OF SOCIAL AFFAIRS AND HEALTH 15 A passive prevention gives time for reaction

MINISTRY OF SOCIAL AFFAIRS AND HEALTH 16 The goal of personnel security People want to behave in the right way Selecting staff Motivation People can behave in the right way Education Training

MINISTRY OF SOCIAL AFFAIRS AND HEALTH 17 How to affect on personnel security Avoiding “bad” people Finding and keeping “good” people Developing staff and organization itself

MINISTRY OF SOCIAL AFFAIRS AND HEALTH 18 Security domains

MINISTRY OF SOCIAL AFFAIRS AND HEALTH 19 Fire prevention The risk of fire occurring or spreading must be small Help carrying out rescue operations in the event of a fire Buildings must prevent and slow spreading of fire It must be possible for people to escape safely in a case of fire Is mandatory according the legislation

MINISTRY OF SOCIAL AFFAIRS AND HEALTH 20 The requirements for a fire Burning material Oxygen Required for a chemical reaction The air consists enough oxygen to keep fire Pure oxygen is very dangerous Temperature High enough temperature is required Fire itself produces heat

MINISTRY OF SOCIAL AFFAIRS AND HEALTH 21 Bureaucracy A method for a good administration Decisions do not depend on a person or time Finds the best practices and makes them as a company policy Decreases the value of a person Anybody can make a right decision by following the book Documentation is important

MINISTRY OF SOCIAL AFFAIRS AND HEALTH 22 Labour and occupational safety Protecting the safety, health and welfare of people engaged in work or employment May also protect other people who are impacted by the workplace environment Co-workers, family members, employers, customers, suppliers, nearby communities Maintaned by legislation Mandatory

MINISTRY OF SOCIAL AFFAIRS AND HEALTH 23 Ergonomics Ergonomics is Designing environment to fit people Designing tools, methods and environment Increasing efficiency by improving work conditions Decresing the possibility of accidents and illnesses Replacing a person with a machine to avoind a hazard Ergonomics is not Selection of the staff Design of social environment Training employees to stand stress better Increasing efficienfy in general Replacing a person with a machine because of efficiency

MINISTRY OF SOCIAL AFFAIRS AND HEALTH 24 Environment and reputation Often an organization must have acceptance from authorities for its operations Failures in environmental protection can prevent operation in future Accidents points out weaknesses and problems in processes Decreses the trust towards an organization Decreses the value of an organization Accidents can cause costs difficult to calculate

MINISTRY OF SOCIAL AFFAIRS AND HEALTH 25 Business continuity NormaalCatastrophyCrise Security plan Recovery plan Prepareness plan

MINISTRY OF SOCIAL AFFAIRS AND HEALTH 26 Security in the military Information secrecy Plans must be kept secret for decades Protection of property Handguns are valuable in criminal markets Operational safety Avoiding all kind of accidents Fire protection Ammunition, bunkers

MINISTRY OF SOCIAL AFFAIRS AND HEALTH 27 Security in a media company Rapid deliveries A news is rottening fast A reputation as a trustworthy agent The quality of news Sabotage and terrorism A high profile target Staff safety There are always people who don’t like certain news

MINISTRY OF SOCIAL AFFAIRS AND HEALTH 28 Security in healthcare Privacy protection Health information is very sensitive The quality of treatment High availability of all resources The quality of information All kinds of customers Kids (parents) Elder (kids) Prevention of thiefs and blackmailing Narcotics