Active Loss Prevention initiative Ian Lloyd Director of the Active Loss Prevention initiative.

Slides:



Advertisements
Similar presentations
Financing a Sustainable Low Carbon Indian Economy
Advertisements

Session No. 4 Implementing the State’s Safety Programme Implementing Service Providers SMS
ITU Regional Seminar on E-commerce Bucharest, Romania May 2002 National E-commerce Strategies for Development Dr. Susanne Teltscher United Nations.
Shared Services Vision
Facilitating a Dialog between the NSDI and Utility Companies J. Peter Gomez Manager, Information Requirements, Xcel Energy.
Peter Brudenall & Caroline Evans- Simmons & Simmons Marsh Technology Conference 2005 Zurich, Switzerland. Managing the Security Landscape – Legal and Risk.
Security Controls – What Works
Increasing customer value through effective security risk management
Information Security Policies and Standards
The State of Security Management By Jim Reavis January 2003.
Operational risk management Margaret Guerquin, FSA, FCIA Canadian Institute of Actuaries 2006 General Meeting Chicago Confidential © 2006 Swiss Re All.
© 2012 McGladrey LLP. All Rights Reserved.© 2014 McGladrey LLP. All Rights Reserved. © 2012 McGladrey LLP. All Rights Reserved. © 2013 McGladrey LLP. All.
Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.
Digital Campus Initiative Professor Tony Stevenson PVC Planning and Resources 15 February 2012.
Electronic Banking BY Bahaa Abas Noor abo han. Definition * e-banking is defined as: …the automated delivery of new and traditional banking products and.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
National Smartcard Project Work Package 8 – Security Issues Report.
Consultancy.
IAIS Standards Setting Activities and the Insurance Core Principles Washington – 4 May 2004 Luc Cardinal – Member of Secretariat International Association.
Information Security Governance 25 th June 2007 Gordon Micallef Vice President – ISACA MALTA CHAPTER.
Financial Advisory & Litigation Consulting Services Risk Management 2006 September 14-15, 2006 The Metropolitan Club, New York, NY Workshop B: Information.
No one questions that Microsoft can write great software. Customers want to know if we can be innovative, scalable, reliable in the cloud. (1996) 450M+
11 – E-Commerce 1. What is Electronic Commerce? 2. What is a contract? 3. Elements of an enforceable contract 4. Standard terms of a contract 5. Form and.
Prof. Yuan-Shyi Peter Chiu
Audits & Assessments: What are the Differences and How Do We Learn from the Results? Brown Bag March 12, 2009 Sal Rubano – Director, Office of the Vice.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Copyright © 2006 CyberRAVE LLC. All rights reserved. 1 Virtual Private Network Service Grid A Fixed-to-Mobile Secure Communications Framework Managed Security.
SMS Operation.  Internal safety (SMS) audits are used to ensure that the structure of an SMS is sound.  It is also a formal process to ensure continuous.
BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
1 International Forum on Trade Facilitation May 2003 Trade Facilitation, Security Concerns and the Postal Industry Thomas E. Leavey Director General, UPU.
ICT business statistics and ICT sector: Uzbekistan’s experience Prepared by Mukhsina Khusanova.
CDS Operational Risk Management - October 28, 2005 Existing Methodologies for Operational Risk Mitigation - CDS’s ERM Program ACSDA Seminar - October 26.
1 Web Commerce Definition Benefits Impacts Other Types of Electronic Commerce.
CERTIFICATION In the Electronics Recycling Industry © 2007 IAER Web Site - -
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
Conducting Compliance Assessments and Building Internal Controls In Pharmaceutical R&D Third Annual Medical Research Summit – Session 2.01 Michael Swiatocha.
Jerry Cochran Principal Security Strategist Trustworthy Computing Group Microsoft Corporation.
Internet Banking Key Issues Internet Banking Working Group May 14, 1998.
CIA Annual Meeting LOOKING BACK…focused on the future.
℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.
DIRECT WORKS FORUM 10 June 2008 Andy Ballard. COMMON LAW MANSLAUGHTER Effectively – Death by gross negligence Test – (a) was a (common law) duty of care.
Risk Management & Corporate Governance 1. What is Risk?  Risk arises from uncertainty; but all uncertainties do not carry risk.  Possibility of an unfavorable.
RISK MANAGEMENT : JOURNEY OR DESTINATION ?. What is Risk? “ Any uncertain event that could significantly enhance or impede a Company’s ability to achieve.
NEACS: CRO Perspective William Feher Vice President, Internal Audit and Chief Risk Officer October 27, 2015.
Privacy of Customer Energy Usage Data: Protecting Consumers and Giving Them the Tools with which to Protect Themselves Aryeh B. Fishman Director, Regulatory.
HIPAA Security John Parmigiani Director HIPAA Compliance Services CTG HealthCare Solutions, Inc.
© 2012 IBM Corporation IBM Security Systems 1 © 2012 IBM Corporation Cloud Security: Who do you trust? Martin Borrett Director of the IBM Institute for.
Erman Taşkın. Information security aspects of business continuity management Objective: To counteract interruptions to business activities and to protect.
Swedish Risk Management System Internal management and control Aiming to Transport Administration with reasonable certainty to.
The Value of Creating the Identity Ecosystem. The Identity Ecosystem Steering Group (IDESG) is the source of expertise, guidance, best practices and tools.
Gdansk International Air & Space Law Conference November 2013 Authority and Organisation Requirements “effective management systems for authorities and.
Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.
Business Continuity Awareness Steve Lambert Biscon Planning Ltd.
Cyber Security – Client View Peter Gibbons | Head of Cyber Security, Group Business Services Suppliers’ Summer Conference 15/07/2015.
Breakout Session 3 QHSE Strategic Risk Management.
Royal Scientific Society Eng. Nael Almulki. Royal Scientific Society FunctionsAbout RSS RSS was established in 1970 as an independent, not-for- profit.
Business Continuity Planning 101
LESSON 12 Business Internet. Electronic business, or e-business, is the application of information and communication technologies (ICT) in support of.
Introduction to Enterprise Risk Management (“ERM”)
The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.
Draft - Enterprise Risk Management Risk Universe
MGMT 452 Corporate Social Responsibility
Chris Lintern Co-operative Financial Services
I have many checklists: how do I get started with cyber security?
CONFIDENTIALITY, INTEGRITY, LEGAL INTERCEPTION
GRC - A Strategic Approach
Deborah Housen-Couriel, ADV.
Jeremy Grant Coordinator Better Identity Coalition
Presentation transcript:

Active Loss Prevention initiative Ian Lloyd Director of the Active Loss Prevention initiative

Active Loss Prevention initiative Situation  New technologies bring new opportunities  They also bring new risks from old threats  Accidents  Crime  War / terrorism  The difference is often the speed with which things happen

Active Loss Prevention initiative Learning from history  Just like all new technology waves  Mercantile shipping  Telegraph / telephone  Automobile (safety)  Aviation  Petrochemicals  Buildings  In all these, the gains far outweighed the losses, until …..

Active Loss Prevention initiative Losses happen  Losses begin to happen  Lives are lost  Social pressure for change  Financial risk becomes to great  Fortunes wrecked  Reputations ruined (Anderson!)

Active Loss Prevention initiative Problem  Disparate technologies  Missing links – sensors, design, code, tests etc.  No commercial frameworks  Legal, insurance, risk, audit, regulation etc.  Governance gaps  Prevention and risk management is not institutionalised at any level  Boardroom  staff  What happened next …

Active Loss Prevention initiative What happened next?  Shipping  Lloyd’s coffee house  Technical change and standards  Legislation  Insurance  Drew in the ship owners and entrepreneurs  There was unsustainable loss – both financial and reputation

Active Loss Prevention initiative What happened next?  Buildings  Woolworths  Discos  Structural collapses  Earthquakes!  Change was reactive to socially, politically or financially unacceptable losses  Occurred over time  Development of new technology, standards, laws and commercial instruments  Spurred on by the opportunity to make money  Innovators and early adopters get involved

Active Loss Prevention initiative IT and the Internet  History is repeating itself  Dependencies and risks are huge  Impact can be national or international  Speed of adoption is increasing  Need to act before the disaster  Digital Pearl Harbour  Continent wide Brown out  Collapse of a currency  Destruction of an IT enabled business

Active Loss Prevention initiative Technology driven Governance RegulationsLaw InsuranceAudit LegalRisks TechnologyBusiness

Active Loss Prevention initiative Bad publicity  Free Kevin!  DDOS  War Games  Viruses and Worms  Corporate Data Collection  Spam  Carnivore  Web Defacements

Active Loss Prevention initiative Perceived Inaction  Media  Surveys  Increased Public Fear and Concern  Experience within government

Active Loss Prevention initiative Here Come the Governments (and the Lawyers! )  Data Protection Laws  Legal Barriers to Enforcing Rights  Liability for Negligence

Active Loss Prevention initiative Why legislation?  Problems of form  Electronic “signature”  Electronic “writing”  Introduction as evidence  Liability apportionment  Particularly CA (third party) liability

Active Loss Prevention initiative Self regulation  Agree standards to work to  Certification to those standards  Global acceptance and usage

Government Operations Gas & Oil Storage and Delivery Water Supply Systems Banking and Finance Transportation Electrical Energy Information Systems & Telecommunications Information Systems & Telecommunications Emergency Services Critical Infrastructures

Active Loss Prevention initiative Don’t forget the old stuff “Electronic Commerce will modify some of the traditional models for the conduct of business. However, it is important that many of the long- standing elements of commerce be replicated in the electronic world” (NIST,

Active Loss Prevention initiative “trust is essential to business - security just gets in the way” “trust is essential to business - security just gets in the way”

Active Loss Prevention initiative Vision Certified components processes and construction Business driven (not just eBusiness) Governance RegulationsLaw InsuranceAudit LegalRisks TechnologyBusiness eBusiness Involves all parties (solving the business Issues) Technology Governance Commercial Trust services Risk terms

Active Loss Prevention initiative Roadmap Governance RegulationsLaw InsuranceAudit LegalRisks TechnologyBusiness Involves all parties (solving the business issues) Enable the transition from where we are now to where we need to be Involves all parties (solving the business issues) Governance RegulationsLaw InsuranceAudit LegalRisks TechnologyBusiness

Active Loss Prevention initiative A quote… “It is good to trust… Acting as if you don’t trust the other party forces you to find ways to trust the transaction. …it is better not to” -Sholom Bryski, quoting one of his mentors

Active Loss Prevention initiative Delivering the traffic light IDS Virus F/W Policy Profiles Patches Security ID Role Authent Policy Rules Application ID management Storage Authentication Notary Trust services Operating system ID Role Authent Policy Patches

Active Loss Prevention initiative Services that may be needed Notary Restoration Services Access Control Evidential Analysis Identity tracking Storage -contracts -keys -evidential -documents Monitoring real time Reliable Messaging Underwriter Credential Management Policy

Active Loss Prevention initiative Customer requirements ‘Commercial’  Vocabulary of risk terms  Liability  Actuarial data  Steering group  Digital Chain of Trust  Risk mitigation  Risk management methods  Insurance response to business needs  Propagation of liability  Education and promotion  Standards of due care ‘Technical’  Trust services  Technology liaison group  Standards of due care  Risk management tools

Active Loss Prevention initiative How topics fit together Policy Guidance Mitigation Effectiveness Actuarial Data Risk Vocabulary Standards of Due Care Insurance ‘packaged products’ Liability (standards, contract terms, model laws, model regulations) Risk Management Methods Mitigation improvement

Active Loss Prevention initiative Interfaces Notary Restoration Services Access Control Evidential Analysis Identity tracking Storage Monitoring real time Reliable Messaging Underwriter Credential Management Policy

Active Loss Prevention initiative Trust Services Recommendation Verification Messaging Notary Credentials Notary Secret Keeping Identity Archiving Identity Tracking Trusted Storage Service Storage Technology Identity Credentials Roles Responsibilities Authorisation

Active Loss Prevention initiative To regulate or not  Some regulation is needed  Industry self regulation can do the rest  Governments must make sure self regulation works well  Industry must behave responsibly

Active Loss Prevention initiative  Trust Services  Liability  Actuarial Data  Vocabulary of risk terms  Trust Services  Technical services that will be needed to deliver the requirements of other groups  Initial support from technology providers  Liability  Scope requirements for a set of projects for this area  Examples: Standard contract terms, model law, model regulation, standard terms of business etc  Vocabulary of risk terms  A set of terms that can be used to accurately communicate risk information  Initial support from legal, audit and insurance  Actuarial Data  Enable the insurance industry to assess risk, cost, frequency of events, severity etc  Initial interest from insurance institutions Customer top 4

Active Loss Prevention initiative Governance & Policy Infrastructure Operations Business Process Audit Finance Insurance Legal PeopleTechnology ArchitectureRequirementsDesignSpecProcureManage Parts & Pieces ‘AIC’‘Verifier‘Watchdog’‘Interrogator’‘Identifier’ Board & Advisors Risk Management AssessmentPrioritiesStrategyOrganisationPlanTrack ALP VP & Specialists Executive VP & Specialists CIO & Operations Procurement Suppliers Active Loss Prevention Open Group Core Active Loss Prevention Initiative Renew Strategic, Enterprise-wide Proactive, live risk management Involves professions & services standards, verification, legislation Active Loss Prevention Core values Education & Training Management & Information

Active Loss Prevention initiative How topics fit together Risk Quantification Mitigation Effectiveness Actuarial Data Risk Vocabulary Liability (Third parties, propagation, jurisdiction)

Active Loss Prevention initiative How topics fit together Due Care Guidance Mitigation Effectiveness Actuarial Data Risk Vocabulary Standards of Due Care Risk Management Methods Liability (Third parties, propagation, jurisdiction)

Active Loss Prevention initiative How topics fit together Due Care and Liability Mitigation Effectiveness Actuarial Data Risk Vocabulary Standards of Due Care Risk Management Methods Liability (Third parties, propagation, jurisdiction)

Active Loss Prevention initiative How topics fit together Policy Guidance Mitigation Effectiveness Actuarial Data Risk Vocabulary Standards of Due Care Insurance ‘packaged products’ Liability (standards, contract terms, model laws, model regulations) Risk Management Methods Mitigation improvement Certified components or services

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.