Download
1 / 29
E N D
1. How Corporate Security Changed After 9/11
2. The Business Security Advisory Group (BSAG) specializes in a broad range of corporate security consulting services including :
Business continuity,
Risk assessment and management,
Regulatory compliance,
Strategic security planning and policy development.
Getting Ahead of the Problems
www.bsag-cso.com
1- Partners are four former CSOs representing American Express, Burlington Industries, Fidelity Investments and Texaco. Also have an attorney.
2- Clients are small and mid cap companies who do not need or cannot afford a full time CSO.
3- In addition to the stated disciplines, BSAG also does security assessments, supplies expert witnesses from its partner and Executive Consultant base, writes columns in industry magazines on the current trends in the security industry and authors books and security tools for the Security Executive Council, an association of CSOs.
4- Does security presentations for professional organizations and societies
5- Has a professional affiliation with Burrill Green, a London based security organization, which gives BSAG a global platform.1- Partners are four former CSOs representing American Express, Burlington Industries, Fidelity Investments and Texaco. Also have an attorney.
2- Clients are small and mid cap companies who do not need or cannot afford a full time CSO.
3- In addition to the stated disciplines, BSAG also does security assessments, supplies expert witnesses from its partner and Executive Consultant base, writes columns in industry magazines on the current trends in the security industry and authors books and security tools for the Security Executive Council, an association of CSOs.
4- Does security presentations for professional organizations and societies
5- Has a professional affiliation with Burrill Green, a London based security organization, which gives BSAG a global platform.
3. Corporate Security’s responsibilities prior to 9/11
Corporate Security’s responsibilities post 9-11
Laws and regulations regulating the security industry post 9/11
Corporate Security in the 21st Century Slide is self explanatory.Slide is self explanatory.
4. Investigations – violation of corporate policy and other corporate crimes
Physical security – gates, guards, guns
Executive protection – ensuring top executives and families were secure
1- Bribery, conflict of interest, trademark and copyright violations – reactive investigations
2- Physical Security – consists of risk Assessment, vulnerability studies- security assessments with emphasis on gates, guards and guns.
3- Executive Protection – domestically – ensuring the security of the “C” suite and the homes and families of top executives. Also ensure that executives and family get from point A to point B in safety and security. 1- Bribery, conflict of interest, trademark and copyright violations – reactive investigations
2- Physical Security – consists of risk Assessment, vulnerability studies- security assessments with emphasis on gates, guards and guns.
3- Executive Protection – domestically – ensuring the security of the “C” suite and the homes and families of top executives. Also ensure that executives and family get from point A to point B in safety and security.
5. Corporate Security generally a middle management responsibility
Corporate Security generally thought of as the “Corporate Cop”
Corporate Security plans and programs generally responsive or reactive to immediate incidents – no long term planning
1- Corporate Security in many cases reported too the facilities manager since the bulk of Corporate Security’s responsibilities concerned corporate assets (buildings, equipment, etc.)
2- Business Units would call on Corporate Security to scare employees – show the employees that he/she meant business and would not tolerate any type of improper conduct as he/she defined it.
3- Corporate Security plans and programs were generally non-existent. Corporate Security’s function was to respond to incidents as they happened.1- Corporate Security in many cases reported too the facilities manager since the bulk of Corporate Security’s responsibilities concerned corporate assets (buildings, equipment, etc.)
2- Business Units would call on Corporate Security to scare employees – show the employees that he/she meant business and would not tolerate any type of improper conduct as he/she defined it.
3- Corporate Security plans and programs were generally non-existent. Corporate Security’s function was to respond to incidents as they happened.
6. Mostly reactive-incident happens, security responds – fire house mentality
Stove Pipe thinking – Security programs sometimes contrary to Business Unit’s business plans and goals
Law Enforcement Driven – security goal must be attained at all costs – no priorities 1- Knee jerk reaction to perceived anti corporate conduct. Corporate Security responds – determines if there is a violation of law or corporate policy – investigates to determine the identity of the perpetrator(s) – turns him/her over to administration for disciplinary action.
2- Corporate Security executives believe that the corporate security remedies were the most important processes in the company and must be both implemented and followed no matter the cost. Theory for this thinking is that corporate employees and assets are at risk. Budget and corporate plans should not interfere with the implementation of Corporate Security processes.
3- Law enforcement experience is a paramount qualification for a security executive and this mind set dominates all security solutions.
1- Knee jerk reaction to perceived anti corporate conduct. Corporate Security responds – determines if there is a violation of law or corporate policy – investigates to determine the identity of the perpetrator(s) – turns him/her over to administration for disciplinary action.
2- Corporate Security executives believe that the corporate security remedies were the most important processes in the company and must be both implemented and followed no matter the cost. Theory for this thinking is that corporate employees and assets are at risk. Budget and corporate plans should not interfere with the implementation of Corporate Security processes.
3- Law enforcement experience is a paramount qualification for a security executive and this mind set dominates all security solutions.
7. Photo SlidePhoto Slide
8. Three thousand civilians murdered
$80 Billion dollars in losses
11 Million people in developing countries pushed into poverty.
Financial markets closed
Air transportation system grounded
Self ExplanatorySelf Explanatory
9. Mail Processing – 86%
Travel – 85%
Protection of Employees – 79%
Protection of Infrastructure – 75%
Risk Assessment – 71%
*3 Booz, Allen, Hamilton Survey – 11/01
Protection of Offices and Physical Plants – 69%
Employee Morale – 69%
Supply Chain Distribution – 51%
Customer Security – 50%
Productivity – 47%
Security issues post 9/11 – self explanatorySecurity issues post 9/11 – self explanatory
10. Corporate Security gets the attention of Executive Management
Corporate Security seen as a resource to the company not as a necessary evil
Corporate Security an advisor to Executive Management and Business Units concerning comprehensive security programs for personnel and corporate asset protection
1- Executive Management realizes that Corporate Security is a necessary resource to protect corporate employees and assets. It looks to Corporate Security to see what it is doing to protect the company. It wants to know what plans and programs are operative in the company to protect it from terrorism and other evils.
2- Corporate Security is now seen as a company resource rather that a necessary evil – it has a place at the corporate executive table.
3- Executive management and middle management see the value of Corporate Security and how important it is to keep the company and its employees safe especially in the midst of alien threats which are uncontrollable.1- Executive Management realizes that Corporate Security is a necessary resource to protect corporate employees and assets. It looks to Corporate Security to see what it is doing to protect the company. It wants to know what plans and programs are operative in the company to protect it from terrorism and other evils.
2- Corporate Security is now seen as a company resource rather that a necessary evil – it has a place at the corporate executive table.
3- Executive management and middle management see the value of Corporate Security and how important it is to keep the company and its employees safe especially in the midst of alien threats which are uncontrollable.
11. Corporate Security reports to the “C” suite in many companies and is no longer a mid-level executive responsibility
Corporate security executives become more business oriented in management style and program content
Corporate Security becomes an enterprise function of the company
1- In most cases, Corporate Security top executive (CSO) reports to the “C” suite rather that to a middle management executive.
2- Corporate Security executives have to explain their mission, values and contribution to the company’s success in words, terms and actions that business executives understand. Technical terms and other mumbo jumbo will have to be replaced with plain talk and practical logical explanation of the Corporate Security function.
3- Corporate Security becomes a part of the entire company not just a servant of the few.1- In most cases, Corporate Security top executive (CSO) reports to the “C” suite rather that to a middle management executive.
2- Corporate Security executives have to explain their mission, values and contribution to the company’s success in words, terms and actions that business executives understand. Technical terms and other mumbo jumbo will have to be replaced with plain talk and practical logical explanation of the Corporate Security function.
3- Corporate Security becomes a part of the entire company not just a servant of the few.
12. Emergency plans include crisis management, disaster recovery and business continuity developed in a proactive environment
Corporate Security executives now craft strategic and tactical security plans for business units.
Plans and programs consider business goals and budgets
All corporate security plans and programs are more proactive and include prevention of terrorist attack 1- Corporate Security is no longer centered on gates, guards and guns. Corporate Security must develop strategic and tactical plans just like the other business units and craft metrics to show progression to goals and value to the company.
1- Corporate Security is no longer centered on gates, guards and guns. Corporate Security must develop strategic and tactical plans just like the other business units and craft metrics to show progression to goals and value to the company.
13. The Public Sector recognizes its greater responsibility to protect its citizens and assets
Corporate Security deals more with federal, state and local officials as security regulations exponentially increase
Public and private partnerships flourish as both attempt to craft meaningful emergency proactive plans, protective processes, security laws and regulations 1- Public sector realizes that they have a non-delegable duty to protect the public but realizes that 85% of the infrastructure is owned privately.
2- The only way for both the public and private sectors to fulfill their responsibilities is through a partnership.
3- DSAC, CIP, OSAC are examples of public and private partnerships.
4- From these partnerships come what is hoped common sense practical regulations and statutes to establish a baseline for good security policies.1- Public sector realizes that they have a non-delegable duty to protect the public but realizes that 85% of the infrastructure is owned privately.
2- The only way for both the public and private sectors to fulfill their responsibilities is through a partnership.
3- DSAC, CIP, OSAC are examples of public and private partnerships.
4- From these partnerships come what is hoped common sense practical regulations and statutes to establish a baseline for good security policies.
14. Corporate security plans and programs develop a legal compliance component as corporations comply with the new mandated legislation
Corporate Security’s programs are more restrictive and costly as both terrorism and legislative compliance are emphasized 1- Public sector codifies its responsibilities and attaches criminal and civil penalties for non-compliance.
2- Corporate security must work closely with Corporate Counsel and the heads of the business units to ensure that the company has a credible compliance program.
3- Compliance costs are extremely high and cumbersome and in some cases changes the way the corporation does business. Some of the compliance costs are so extreme that they have forced domestic corporations to either move from a particular state or out of the United States. The financial industry is an example – several companies handling initial public offerings (ipo) have moved to London where the tax and regulation environment is more friendly.1- Public sector codifies its responsibilities and attaches criminal and civil penalties for non-compliance.
2- Corporate security must work closely with Corporate Counsel and the heads of the business units to ensure that the company has a credible compliance program.
3- Compliance costs are extremely high and cumbersome and in some cases changes the way the corporation does business. Some of the compliance costs are so extreme that they have forced domestic corporations to either move from a particular state or out of the United States. The financial industry is an example – several companies handling initial public offerings (ipo) have moved to London where the tax and regulation environment is more friendly.
15. Legislation*
Access to Information Act
Arming Pilots Against Terrorism Act
Aviation and Transportation Security Act
Bank Protection Act of 1968
Canadas Bill C-6
Childrens Online Privacy Protection Act (COPPA)
Corporate Manslaughter and Corporate Homicide Act 2007(UK)
Customs Modernization Act
Cyber Security Enhancement Act of 2002
CyberCrime TreatyE-Signature Act
European Union Data Protection Directive
Executive Order 12958 –
Information SharingExecutive Order 13224 –
Doing Business w/ Terrorists
Executive Order 13231 –
Infrastructure Protection
Executive Order 13234 – Slides 14 to 21 are a list of statutes, etc.Slides 14 to 21 are a list of statutes, etc.
16. Legislation (Continued)
Citizen Preparedness
Family Educational Rights and Privacy Act
Federal Anti-Tampering Act
Federal Computer Security Bill –
H.R. 1259Federal Hazardous Materials Law
Foreign Corrupt Practices Act
Homeland Security Act
International Emergency Economic Powers Act
Maritime Transportation Security Act of 2002
National Information Infrastructure Protection Act
Notification and Federal Employee Anti-Discrimination and Retaliation Act
Patriots Act
Personal Information Protection and Electronic Documents Act
17. Legislation (Continued)
Presidential Directive 2
Presidential Directive 3
Presidential Directive 7
Presidential Directive 8
Public Health Security and Bioterrorism Preparedness & Response Act
Robinson-Patman Anti-Trust Act
Safe Explosives Act
Safe Harbor Act
The Occupational Safety and Health Act
The Currency and Foreign Transactions Reporting Act
Title 18 - Federal Sentencing Guidelines
Trade Act of 2002
US Global Anti-Corruption Policy
US The Currency and Foreign Transactions Reporting Act
USA PATRIOT Act
Voluntary Private Sector Preparedness Accreditation and Certification Program
*Above information furnished by Security Executive Council
23. Vicarious corporate executive liability for violation of some of the criminal and environmental laws
Civil liability in money damages for tort law violations
Criminal liability for companies and employees in foreign venues for violations of international laws and regulations
Overarching federal statutes either mandate or furnish guidelines for fines and/or punishment for violation of statutes and regulations 1- Criminal and civil penalties attach to security regulations and statutes promulgated by federal, state and local authorities for non-compliance.
2- The corporation and the individual who failed to comply with the law or committed an act in violation of the law will be held accountable.
3- Some statutes (environmental, etc.) will also hold the CEO responsible for a act or failure to act regarding a particular law even though they were not personally involved in the activity. This is called vicarious liability.
4- An example of vicarious liability is found in the New York State Motor Vehicle Law. 1- Criminal and civil penalties attach to security regulations and statutes promulgated by federal, state and local authorities for non-compliance.
2- The corporation and the individual who failed to comply with the law or committed an act in violation of the law will be held accountable.
3- Some statutes (environmental, etc.) will also hold the CEO responsible for a act or failure to act regarding a particular law even though they were not personally involved in the activity. This is called vicarious liability.
4- An example of vicarious liability is found in the New York State Motor Vehicle Law.
