100 likes | 246 Views
Application Opportunity for Internet 0 in Risk Management. Barry Wessler October 1, 2004. Opportunity area for Internet 0. Risk Management. Risk Assessment Risk Mitigation Risk Transfer Risk Recovery. Opportunity area for Internet 0. RM Application Areas. Financial Operational
E N D
Application Opportunity for Internet 0 inRisk Management Barry Wessler October 1, 2004
Opportunity area for Internet 0 Risk Management • Risk Assessment • Risk Mitigation • Risk Transfer • Risk Recovery
Opportunity area for Internet 0 RM Application Areas • Financial • Operational • Physical • Information
Opportunity area for Internet 0 Risk Assessment • Assets • Losses • Threats • Vulnerabilities • Controls/Safeguards Risk=AssetÅLossÅThreatÅVulnerabilityÅControl • Risk generally stated as annual loss expectancy
Aircraft Ammunition/Explosives Art/Paintings Business Market Share Cash Communications Equipment Computer Hardware Construction Equipment Controlled Substances Customers Electronic Equipment Evidence Facilities/Buildings Food/Water/Perishables Gold/Silver/Gems Intangibles Large Weapons Manufacturing Equipment Negotiable Instruments Nuclear Materials Office Equipment Personnel Petroleum/Oils Physical Inventory/Product Production Resources Proprietary Information Real Property Security System Small Weapons Supplies/Parts Uniform/Special Personnel Equipment Utilities Vehicles Watercraft Assets
Losses • Disruption • Direct Loss • Compromise • Intangibles • Personal Injury/Loss of Life • Indirect Loss • Theft
Accident/Fatal Accident/Injury Activist Arson Assault, Aggravated Assault, Sexual Assault, Simple Biological Contamination Blackmail/Extortion Bomb Threats Burglary/Break In Chemical Gas Cold/Frost/Snow Communications Loss Earthquakes Electromagnetic Interference Espionage Explosions Major Explosions Minor/Mail-Bomb Fire, False Alarm Fire, Major Fire, Minor Flooding/Water Damage Homicide Kidnapping Power Loss Riot/Civil Disorder Robbery Sabotage/Disgruntled Employee Sabotage/Terrorist Stalking Storms/Hurricanes/Tornadoes Theft - Company Property Theft - Personal Property Theft - Services Unauthorized Disclosure Vandalism Threats
Barriers Bomb Detection & Control Cleaning/Trash Removal Communications Communications & Utility Closets Computer Systems Security Construction/Architecture Contingency/Emergency Planning Contingency/Incidence Response Controlled Areas Data Backup/Storage Doors Electrical Power Emergency Evacuation Emergency Medical Entry Control Fire Alarms & Detection Fire Prevention Fire Suppression Illumination Information/Investigation Process Intrusion Detection Landscape/Vegetation Locks/Key Control Management/Organization Marine Access Control Observation Package Control Vulnerabilities • Parking Lot/Garage • Personnel Control • Personnel Screening • Property Management • Roofs • Safety • Security Officers • Security Procedures/Policy/Training • Security System • Shipping and Receiving • Vaults/Safes • Vehicle Control • Visitor Control • Water Drainage/Extraction • Windows
Alarm Beacon/Audible Alternate Feeds Audible Detectors Automatic Suppression Battery/Backup Berms Biometric Access Bomb Disposal Equipment Bomb Threat Procedures Brick Walls Buffer/Control Zone Bullet Proof Glass CCTV Cameras CCTV Motion Detection Chain Link Fence Combination Control Command and Control Center Concertina Wire Construction/Design Contingency Planning Contract Specifications Counter-Surveillance Equipment Detection Differential Pressure Disaster Recovery Document Destruction Equipment Drains Electric Field Detectors Emergency Generator Emergency Lighting Entry Control Escorts Exit Signs & Evacuation Routes Explosives Detection Explosives Identification Fiber-Optic Cable Flammable Storage Container Gas/Radioactive Detectors Gates Guard Accessories Guard Shack/Tower Identification - Marking Incident Notification Incident Response Information Handling Infrared Beam Infrared Motion Detectors Inquiry/Investigation Insurance/Bonding Integrated System Jersey Walls Key Card Key Control/Inventory Keys Lighting Linguist/Sign Language Locking Hardware Logs Magnetic Magnetic/Contact Switches Man-Trap Marshal/Brigade Medical Incident Response Metal Detectors Micro-Phonic Cable Microwave Beam Microwave Motion Detectors Moisture Detection Night Vision Instruments Organization/Security Package Entry & Control Safeguards • Panic Alarm/Call Stations • Patrol Vehicles • Patrol/Tour Reporting • Personnel Control • Personnel Identification - Badges • Personnel Screening • Personnel Termination • Photo Electric Detectors • Policy • Policy/Procedure • Portable Extinguishers • Posts/Pillars • Pressure Mats • Problem Resolution Process • Proximity Detectors • Public Announcement System • Pumps • Radar • Radio/Phone/Pager • Removal • Revolving Doors • Safety Inspection/Test • Safety Manual • Screening • Security Manual • Security Policy • Security Staff • Seismic • Shatter Protection of Windows • Shipping and Receiving • Simulation Exercises • Solid Core Doors • Steel Bars/Grills • Steel Mesh Walls • Surge Protectors & Filters • Tank Trap • Taut-Wire • Testing • Testing Pumps/Drains/Detection • Testing/Inspection • Training • Training/Operation • Turnstiles • Ultrasonic Motion Detectors • UPS • UPS Dedicated • Vaults/Safes • Vehicle Barriers • Vehicle Control • Vibration Detectors • Vibration Sensor • Warning Signs • Water • Water Supply • Weapons • X-Ray
Internet 0 and RM • Pick one or a set of Safeguards • Use Internet 0 principles to make the Safeguard faster, smarter, cheaper, more reliable, etc. • Better yet, invent new Safeguards possible only in a rich communications environment • The Risk Assessment will tell you what the ROI will be in a particular Asset/Threat environment