and Security Management: ISO 28000

Slides:

Advertisements

Similar presentations

EMS Checklist (ISO model)

Advertisements

Environmental Management System Implementation

[Organisation’s Title] Environmental Management System

Department of Environmental Quality Environmental Management System Overview.

Environmental Management System (EMS)

EPA EMS General Awareness Training Presented by David Guest, Esq. U.S. EPA Washington, D.C.

1Comprehensive Disaster Risk Management Framework The Role of Local Actors 111 Safer Cities Session 1 World Bank Institute Fouad Bendimerad, Ph.D., P.E.

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Environmental Management Systems An Overview With Practical Applications.

Business Crisis and Continuity Management (BCCM) Class Session

Tomas Pivoras - EMS experience1 Environmental management systems – experience from Lithuania Tomas Pivoras Kaunas University of Technology.

ENVIRONMENTAL MANAGEMENT SYSTEMS. ENVIRONMENTAL ISSUES Global Warming Climate Change Ozone Layer Resource Depletion Population Growth Waste Disposal Effects.

Session 2 World Bank Institute Katalin Demeter

Environmental Management Systems Refresher

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

RESPONSIBLE CARE ® DISTRIBUTION CODE Daniel Roczniak Senior Director, Responsible Care American Chemistry Council June 2010.

Applying a Systems Approach EPA Regions 9 & 10 and The Federal Network for Sustainability.

RC14001 ® Update GPCA Responsible Care Committee September 23, 2013.

1 The Standards Based Management System Approach to Deploying the Environmental Management System at Oak Ridge National Laboratory Dr. Fay Frederick, Division.

Ship Recycling Facility Management System IMO Guideline A.962

Implementation of ISO 14001/OHSAS TMS Consultancy Ltd.

SMS Operation.  Internal safety (SMS) audits are used to ensure that the structure of an SMS is sound.  It is also a formal process to ensure continuous.

© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.

1 Hyogo Framework for Action 2005 – 2015 “Building the resilience of nations and communities to disasters” ASEAN REGIONAL FORUM The 8 th.

Association of Defense Communities June 23, 2015

Environmental Management System Braswell Foods Carolina Egg Co. Inc. Red Hill Egg, LLC.

ISO GENERAL REQUIREMENTS. ISO Environmental Management Systems 2 Lesson Learning Goals At the end of this lesson you should be able to: 

Hazards Identification and Risk Assessment

NFPA 1600 Disaster/Emergency Management and Business Continuity Programs.

Environmental Sustainability Conference Wednesday 11 th November 2015 Rivers Suite, Craiglockhart.

WHY DRR Minimizing impacts of disasters in health sector Maximizing readiness to respond 1$ vs 7 $

AUSTRALIA. A National Strategy for Enhancing the Safety and Security of our Food Supply ที่มา : We pride ourselves on our high safety and security standards.

ISO CONCEPTS Is a management standard, it is not performance or product standard. The underlying purpose of ISO 1400 is that companies will improve.

Tom Lenart & John Field CT DEMHS Region 2.  Department of Emergency Services and Public Protection (DESPP)  Commission on Fire Prevention and Control.

Florida Operational Level Hazardous Materials Training Program Florida Operational Level Hazardous Materials Training Module 1 Plans and Response Levels.

Alex Ezrakhovich Process Approach for an Integrated Management System Change driven.

CBIZ RISK & ADVISORY SERVICES BUSINESS CONTINUITY PLANNING Developing a Readiness Strategy that Mitigates Risk and is Actionable and Easy to Implement.

Overview of Environmental Management Systems Using ISO John Rupe Forest Service Rocky Mountain Region.

Environmental Management Division 1 NASA Headquarters Environmental Management System (EMS) Michael J. Green, PE NASA EMS Lead NASA Headquarters Washington,

ISO 9001: 2015 BUSINESS PROCESS IMPLEMENTATION GENERAL AWARENESS

IAEA International Atomic Energy Agency Functional and Security Domains Presented by:

SUNY Maritime Internal Control Program. New York State Internal Control Act of 1987 Establish and maintain guidelines for a system of internal controls.

Pipeline Safety Management Systems

Draft - Enterprise Risk Management Risk Universe

Principles Identified - UK DfT -

Sendai Framework for Disaster Risk Reduction

BUSINESS CONTINUITY BY HUI ZHENG.

Information Technology Sector

District Disaster Risk Reduction Managment Plan

Lisa Spanberger, MPH Emergency Manager, St. Luke’s

MERRICK & COMPANY CHARLOTTE WATER INSTITUTE

8 Building Blocks of National Cyber Strategies

Accreditation Update Regional Municipality of Durham March 15, 2018.

Environmental Health and Safety (EH&S) Supplier Awareness Training

DISCUSSION ON IMPLEMENTATION ON DCS TURNAROUND STRATEGY THEMES

Role for Electric Sector in Critical Infrastructure Protection R&D

Integrated Management System

Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.

QUALITY MATTERS - OVERVIEW OF ISO QUALITY MANAGEMENT SYSTEM

Environmental Management System Standards

EMS Checklist (ISO model)

The U.S. Department of Homeland Security

Cybersecurity ATD technical

ISO management systems

Securing Critical Chemical Assets: The Responsible Care® Security Code

Cyber Security in a Risk Management Framework

EICC/GeSI focus: Corporate Responsibility

MAZARS’ CONSULTING PRACTICE Helping your Business Venture Further

Management commitment and responsibility Safety accountability of managers Appointment of key safety personnel SMS Implementation Plan Coordination.

Presentation transcript:

and Security Management: ISO 28000 Standards for Supply Chain Risk Assessment and Security Management: ISO 28000 Assuring Safety, Security, and Sustainability using supply chain analysis, planning, and integrated Quality Management Systems 2012 Transportation Research Board Annual Meeting Washington DC January 25th, 2012 Michael J. Penders, Esq. Environmental Security International L3C www.esisecurity.com

Identifying Vulnerabilities and Reducing Risk with Integrated Management Systems: Performance Measures, Accountability, and Deterrence Integrated Security Management requires the capacity to detect, prevent, and limit consequences of deliberate or negligent acts across the supply and distribution chains. Focused on acts that would use hazardous materials, wastes, supply chain, or infrastructure as a weapon or means of delivering an attack. An All Hazards Approach to Risk Assessment

Process for Integrated Risk Assessment, Management and Systems Planning for many release and attack scenarios that pose threats to critical assets; not just worst case. Dynamic paradigms for risk assessment and planning. Benefits of Integrating Environmental, Health, Safety, Emergency Response, Disaster Recovery, Business Continuity, Information and Physical Security systems. Organizational Resiliency Enterprise Risk Management

Homeland Defense, Integrated Management Systems, and National Security Nationally, Internationally, at Ports, and at Facilities: “We don’t know what we know.” Stove piping of agencies and information Speed and synthesis: keys to comprehension and security. Integrating environmental, energy, and security monitoring into operational controls, with defenses for IT systems

Integrating Elements of Security into Operational Management Systems Access to Reliable Information by Decision Makers, Emergency Responders, Security Data Mining, Operational Controls, Remote Sensing Planning, Communications, Training Standards for Incident Command Demonstrated Performance at Military Bases

Critical Elements of Vulnerability, Risk Assessment and Systems Review Facility and Treatment Review Physical Security: Perimeter; access controls; vehicles and materials delivery management; hazardous materials management; facilities design; critical infrastructure; personnel; subcontractors SCADA, Information, and Cyber Security Critical Control Points along Supply Chain

Strategic Security Management Blue Plains D.C. Waste Water Treatment Facility Pollution Prevention and Strategic Sustainability Co-Generation, Redundancy, Defenses Management Controls and Real Time Monitoring Towards an Integrated Systems Approach Assuming worst case scenarios and that the enemy knows; design systems accordingly

New Standard and Incentives for Integrated Security Management New International Standards for Security Management System (SMS) ISO 28000; ISO 27000 Performance Measures for Integrated Systems: Speed, Synthesis, Risk Reduction E-Commerce and Supply Chain Management Insurance/Financial/Regulatory Consideration

Security Planning Model Continuous Vigilance Model Change Security Management System Incident SVA Audit

Security Management System Model Elements Leadership commitment Security vulnerability assessment Legal and other requirements Threat and hazard deterrence and mitigation Implementation and operation Resources, roles, responsibility and authority Competence, training and awareness Continuous improvement Monitoring and measurement System evaluation Nonconformity, corrective action and preventive action Control of record Internal audit Management review Communications and warning Documentation Control of documents Operations and procedure Emergency preparedness and response

SVA Methodology Step 1: Asset Characterization Step 2: Threat Assessment Step 3: Vulnerability Analysis Step 4: Risk Assessment Step 5: Countermeasures Analysis

Security Management System Value to external Stakeholders: Customers; Government; Financial Institutions, Public Integrated Security Management System Innovative Technologies Enterprise Risk Management Business Continuity Deterrence

For more information or questions: Michael Penders mpenders@esisecurity.com (703) 330-3752 www.esisecurity.com