identifying threats in a global marketplace ira s. somerson, bcfe, cpp loss management consultants,...
TRANSCRIPT
IDENTIFYING THREATS IN A GLOBAL MARKETPLACEIDENTIFYING THREATS IN A GLOBAL MARKETPLACEIra S. Somerson, BCFE, CPPIra S. Somerson, BCFE, CPP
Loss Management Consultants, Inc.Loss Management Consultants, Inc.
Institute for Global Management StudiesInstitute for Global Management StudiesAnd Temple CIBERAnd Temple CIBER
Global Security ConcernsGlobal Security ConcernsOctober 2 & 3, 2003October 2 & 3, 2003
The Philadelphia Federal ReserveThe Philadelphia Federal Reserve
““The regulatory, ethical, and legalThe regulatory, ethical, and legalframework that provide protectionsframework that provide protections
to us and individuals and to ourto us and individuals and to ourbusiness activities at home do notbusiness activities at home do not
apply abroad.” apply abroad.”
Overseas Security Advisory CouncilOverseas Security Advisory Council
LMCLMC™™
Western EuropeWestern Europe 28%28%
Latin AmericaLatin America 22%22%
Far East/Pacific Is.Far East/Pacific Is. 14%14%
Mid East/No AfricaMid East/No Africa 11%11%
Eastern EuropeEastern Europe 9%9%
South/Central AsiaSouth/Central Asia 9%9%
Sub Saharan AfricaSub Saharan Africa 7%7%
THREATS BY REGIONTHREATS BY REGION2003 to Date2003 to Date
LMCLMC™™Overseas Security Advisory Council - 2003Overseas Security Advisory Council - 2003
Fast FoodFast Food 35%35%
ReligiousReligious 17%17%
Soft DrinkSoft Drink 10%10%
OilOil 9%9%
RetailRetail 9%9%
FinancialFinancial 8%8%
HotelHotel 4%4%
AirlineAirline 4%4%
OtherOther 4%4%
THREATS BY INDUSTRY: 2003 to DateTHREATS BY INDUSTRY: 2003 to Date
LMCLMC™™Overseas Security Advisory Council - 2003Overseas Security Advisory Council - 2003
THREATS TO BE CONSIDERED IN ANTHREATS TO BE CONSIDERED IN AN INTERNATIONAL ENVIRONMENT INTERNATIONAL ENVIRONMENT
TERRORISMTERRORISM PERSONAL SECURITYPERSONAL SECURITY PERSONNEL SECURITYPERSONNEL SECURITY PHYSICAL SECURITY OF FACILITYPHYSICAL SECURITY OF FACILITY INFORMATION AND DATA SECURITYINFORMATION AND DATA SECURITY COMMUNICATIONS SECURITYCOMMUNICATIONS SECURITY INFRASTRUCTURE SECURITYINFRASTRUCTURE SECURITY
LMCLMC™™Overseas Security Advisory Council - 2003Overseas Security Advisory Council - 2003
THREATS TO BE CONSIDERED IN ANTHREATS TO BE CONSIDERED IN AN INTERNATIONAL ENVIRONMENT INTERNATIONAL ENVIRONMENT
DISGRUNTLED INSIDERSDISGRUNTLED INSIDERS CIVIL UNREST AND/OR CULTURAL CIVIL UNREST AND/OR CULTURAL
CONFLICTSCONFLICTS CRIMINAL THREATSCRIMINAL THREATS ECONOMIC COMPETITIONECONOMIC COMPETITION ACTS OF INTELLIGENCE SERVICES ACTS OF INTELLIGENCE SERVICES ACTS OF WARACTS OF WAR
LMCLMC™™Overseas Security Advisory Council - 2003Overseas Security Advisory Council - 2003
LMCLMC™™
LESSONS FROM RECENTLESSONS FROM RECENTCYBER ATTACK CASE STUDIESCYBER ATTACK CASE STUDIES
CYBER ATTACKS IMMEDIATELY CYBER ATTACKS IMMEDIATELY ACCOMPANY PHYSICAL ATTACKSACCOMPANY PHYSICAL ATTACKS
CYBER ATTACKS ARE INCREASING IN CYBER ATTACKS ARE INCREASING IN VOLUME, SOPHISTICATION, AND VOLUME, SOPHISTICATION, AND COORDINATIONCOORDINATION
CYBER ATTACKERS ARE ATTRACTED TO CYBER ATTACKERS ARE ATTRACTED TO HIGH VALUE TARGETSHIGH VALUE TARGETS
II
INSTITUTE FOR SECURITY TECHNOLOGY STUDIESINSTITUTE FOR SECURITY TECHNOLOGY STUDIESAT DARTMOUTH COLLEGE, 9/22/01AT DARTMOUTH COLLEGE, 9/22/01
LMCLMC™™
POTENTIAL SOURCES OFPOTENTIAL SOURCES OFCYBER ATTACKESCYBER ATTACKES
TERRORIST GROUPSTERRORIST GROUPS TERRORIST SYMPATHIZERS AND ANTI-TERRORIST SYMPATHIZERS AND ANTI-
U.S. HACKERSU.S. HACKERS TARGETED NATION-STATESTARGETED NATION-STATES THRILL SEEKERSTHRILL SEEKERS
INSTITUTE FOR SECURITY TECHNOLOGY STUDIESINSTITUTE FOR SECURITY TECHNOLOGY STUDIESAT DARTMOUTH COLLEGE, 9/22/01AT DARTMOUTH COLLEGE, 9/22/01
LMCLMC™™
CYBER ATTACKERS HAVE RECENTLY:CYBER ATTACKERS HAVE RECENTLY:
DEFACED ELECTRONIC INFORMATION DEFACED ELECTRONIC INFORMATION SITES IN THE UNITED STATES AND SITES IN THE UNITED STATES AND ALLIED COUNTRIES AND SPREAD ALLIED COUNTRIES AND SPREAD DISINFORMATION AND PROPAGANDA.DISINFORMATION AND PROPAGANDA.
INSTITUTE FOR SECURITY TECHNOLOGY STUDIESINSTITUTE FOR SECURITY TECHNOLOGY STUDIESAT DARTMOUTH COLLEGE, 9/22/01AT DARTMOUTH COLLEGE, 9/22/01
LMCLMC™™
CYBER ATTACKERS HAVE RECENTLY:CYBER ATTACKERS HAVE RECENTLY:
INSTITUTE FOR SECURITY TECHNOLOGY STUDIESINSTITUTE FOR SECURITY TECHNOLOGY STUDIESAT DARTMOUTH COLLEGE, 9/22/01AT DARTMOUTH COLLEGE, 9/22/01
DENIED SERVICE TO LEGITIMATE DENIED SERVICE TO LEGITIMATE COMPUTER USERS IN THE U.S. AND COMPUTER USERS IN THE U.S. AND ABROAD BY USE OF:ABROAD BY USE OF: WORMSWORMS VIRUSESVIRUSES OTHER COMPUTER WEAKNESSESOTHER COMPUTER WEAKNESSES
LMCLMC™™
CYBER ATTACKERS HAVE RECENTLY:CYBER ATTACKERS HAVE RECENTLY:
COMMITTED UNAUTHORIZED COMMITTED UNAUTHORIZED INTRUSIONS INTO SYSTEMS AND INTRUSIONS INTO SYSTEMS AND NETWORKS BELONGING TO THE NETWORKS BELONGING TO THE UNITED STATES AND ALLIED UNITED STATES AND ALLIED COUNTRIES, RESULTING IN CRITICAL COUNTRIES, RESULTING IN CRITICAL INFRASTRUCCTURE OUTAGES AND INFRASTRUCCTURE OUTAGES AND CORRUPTION OF VITAL DATA.CORRUPTION OF VITAL DATA.
INSTITUTE FOR SECURITY TECHNOLOGY STUDIESINSTITUTE FOR SECURITY TECHNOLOGY STUDIESAT DARTMOUTH COLLEGE, 9/22/01AT DARTMOUTH COLLEGE, 9/22/01
ONLINE RESOURCESONLINE RESOURCES www.cert.org (The Carnegie Mellon Computer
Emergency Response Team) www.fedcirc.gov (The Federal Computer Incident
Response Center) www.incidents.org (community and business
collaboration of victimization) www.ists.dartmouth.edu (The Institute for Security
Technology Studies at Dartmouth) www.nipe.gov (The National Infrastructure Protection
Center) www.sans.org (The System Administration,
Networking and Security)LMCLMC™™
RISK, THREAT & VULNERABILITY RISK, THREAT & VULNERABILITY CONSIDERATIONSCONSIDERATIONS
THREAT = INTENT + CAPABILITYTHREAT = INTENT + CAPABILITY CAPABILITY = TOOLS + KNOWLEDGECAPABILITY = TOOLS + KNOWLEDGE RISK = THREAT + RISK = THREAT +
COUNTERMEASURESCOUNTERMEASURES HOW HOW OFTENOFTEN WILL THE RISK OCCUR? WILL THE RISK OCCUR?
LMCLMC™™Overseas Security Advisory Council - 2003Overseas Security Advisory Council - 2003
SECURITY RISK COSTSSECURITY RISK COSTS LEGAL & DAMAGE CONTROLLEGAL & DAMAGE CONTROL EXPECTED REVENUE LOSSEXPECTED REVENUE LOSS
SHAREHOLDER VALUESHAREHOLDER VALUE REPUTATION (GOOD WILL)REPUTATION (GOOD WILL)
LOSS OF PRODUCTIVITYLOSS OF PRODUCTIVITY MARKET SHARE & TIMINGMARKET SHARE & TIMING
RELATIONSHIPS WITH CONTRACTORSRELATIONSHIPS WITH CONTRACTORS
LMCLMC™™
FINANCIAL IMPACT FINANCIAL IMPACT OF SECURITY LOSSESOF SECURITY LOSSES
IMPACT TO OTHER PRODUCT DESIGNIMPACT TO OTHER PRODUCT DESIGN EMPLOYEE MORALEEMPLOYEE MORALE
COST TO SERCURE (AFTER THE FACT)COST TO SERCURE (AFTER THE FACT) RESEARCH & DEVELOPMENT RESEARCH & DEVELOPMENT
SPECIAL EQUIPMENT CAPITALIZEDSPECIAL EQUIPMENT CAPITALIZED STAFF RECRUITING & TRAININGSTAFF RECRUITING & TRAINING
OVERHEAD COSTSOVERHEAD COSTS DEBT SERVICEDEBT SERVICE
LMCLMC™™
COST OF PROGRAMCOST OF PROGRAM
PREDICTABILITY OFPREDICTABILITY OFLOSSLOSS
COMPUTATION OFCOMPUTATION OFINFORMATION LOSSINFORMATION LOSS
NET PRESENT LOSSNET PRESENT LOSS ORORNET PRESENT GAINNET PRESENT GAIN
NET PRESENT VALUENET PRESENT VALUE
LMCLMC™™
EXAMPLEEXAMPLECOST OF ONECOST OF ONE
INFORMATION LOSSINFORMATION LOSS $1,000,000.00 $1,000,000.00
COST DIVIDED BY POTENTIALCOST DIVIDED BY POTENTIAL
FOR LOSS TO OCCUR OVER AFOR LOSS TO OCCUR OVER A
TEN-YEAR PERIOD. IF ONLYTEN-YEAR PERIOD. IF ONLY
ONCE, DIVIDE BY 10=COST/YRONCE, DIVIDE BY 10=COST/YR 100,000.00 100,000.00
LESS COST OF PROGRAM/YR LESS COST OF PROGRAM/YR 75,000.00 75,000.00
NET PRESENT VALUE -------------------- $ 25,000.00NET PRESENT VALUE -------------------- $ 25,000.00
LMCLMC™™
SECURITY OBJECTIVESSECURITY OBJECTIVES DETERDETER DETECTDETECT DELAYDELAY RESPONDRESPOND RECOVERRECOVER
LMCLMC™™
THE MISSION OF NTERNATIONAL THE MISSION OF NTERNATIONAL SECURITY MANAGEMENTSECURITY MANAGEMENT
RRIISSKK
SSEECCUURRIITTYY
AATTTT IITTUUDDEE
CCHHAANNCCEE
LMCLMC™™
THE MISSION OF NTERNATIONAL THE MISSION OF NTERNATIONAL SECURITY MANAGEMENTSECURITY MANAGEMENT
PEOPLEPEOPLE INFORMATIONINFORMATION PROPERTYPROPERTY REPUTATIONREPUTATION
SECURTY OF:SECURTY OF:
RRIISSKK
SS EE CC UU RR II TT YY ATTITUDEATTITUDE
CHANCECHANCE
LMCLMC™™
RISK ASSESSMENTRISK ASSESSMENTTHE ART AND THE ART AND
SCIENCE OF SCIENCE OF MEASURING THE MEASURING THE
FORESEEABILITY FORESEEABILITY OF EVENTS OF EVENTS
AFFECTING THE AFFECTING THE SAFETY AND SAFETY AND SECURITY OF SECURITY OF
ASSETS ASSETS
LMCLMC™™
EXAMPLES OF WHAT A RISK EXAMPLES OF WHAT A RISK ASSESSMENT SHOULD CONSIDERASSESSMENT SHOULD CONSIDER
INTELLIGENCE GATHERINGINTELLIGENCE GATHERING OPERATIONAL ASPECTS OF THE OPERATIONAL ASPECTS OF THE
ASSET/FACILITY ASSET/FACILITY NATURE OF NEIGHBORING FACILITIES NATURE OF NEIGHBORING FACILITIES
(OR TENANTS)(OR TENANTS) ACCESS ROADS TO FACILITYACCESS ROADS TO FACILITY
LMCLMC™™
EXAMPLES OF WHAT A RISK EXAMPLES OF WHAT A RISK ASSESSMENT SHOULD CONSIDERASSESSMENT SHOULD CONSIDER
LMCLMC™™
ORGANIZATION’S INCIDENT HISTORY ORGANIZATION’S INCIDENT HISTORY AND ABILITY TO ANALYZE THE DATAAND ABILITY TO ANALYZE THE DATA
FACILITY MANAGEMENT EFFICIENCYFACILITY MANAGEMENT EFFICIENCY EFFICIENCY OF EXISTING SECURITY EFFICIENCY OF EXISTING SECURITY
STRATEGYSTRATEGY
HOW DO WE DETER, DETECT, DENY, HOW DO WE DETER, DETECT, DENY, RESPOND TO AND/OR RECOVER RESPOND TO AND/OR RECOVER
FROM ATTACKS?FROM ATTACKS? TECHNOLOGY MANAGEMENTTECHNOLOGY MANAGEMENT PROCEDURAL MANAGEMENTPROCEDURAL MANAGEMENT SECURITY AWARENESSSECURITY AWARENESS INTELLIGENCE GATHERING AND INTELLIGENCE GATHERING AND
ANALYSISANALYSIS LAW ENFORCEMENT MANAGEMENTLAW ENFORCEMENT MANAGEMENT
LMCLMC™™
STANDARD SECURITY STANDARD SECURITY INDUSTRY PRACTICESINDUSTRY PRACTICES
PUBLISH SECURITY GUIDELINESPUBLISH SECURITY GUIDELINES PREPARE SUPPORT MATERIALSPREPARE SUPPORT MATERIALS
EMPLOYEE & CONTRACTOR(NEW & EMPLOYEE & CONTRACTOR(NEW & EXISTING) ORIENTATIONEXISTING) ORIENTATION
SECURITY AWARENESS TRAININGSECURITY AWARENESS TRAINING
SECURITY PROJECTSSECURITY PROJECTS
LMCLMC™™
THE MISSING LINKTHE MISSING LINK PAY ATTENTION TO PAY ATTENTION TO
GOVERNMENT ALERT GOVERNMENT ALERT LEVELS.LEVELS.
CARE ENOUGH TO CARE ENOUGH TO REPORTREPORT SOMETHING THAT SOMETHING THAT DOESN’T LOOK RIGHT TO DOESN’T LOOK RIGHT TO YOU!YOU!
BE AWARE BUT NOT BE AWARE BUT NOT PARANOIDPARANOID
LMCLMC™™
WHAT WHAT YOUYOU CAN DO? CAN DO?
LMCLMC™™
BECOME PART OF THE BECOME PART OF THE SOLUTIONSOLUTION
VS.VS.
BEING PART OF BEING PART OF
THE PROBLEMTHE PROBLEM