Presentation is loading. Please wait.

Presentation is loading. Please wait.

Active Loss Prevention initiative Ian Lloyd Director of the Active Loss Prevention initiative.

Published byHerbert Yell Modified over 9 years ago

Similar presentations

Presentation on theme: "Active Loss Prevention initiative Ian Lloyd Director of the Active Loss Prevention initiative."— Presentation transcript:

1 Active Loss Prevention initiative Ian Lloyd Director of the Active Loss Prevention initiative

2 Active Loss Prevention initiative Situation  New technologies bring new opportunities  They also bring new risks from old threats  Accidents  Crime  War / terrorism  The difference is often the speed with which things happen

3 Active Loss Prevention initiative Learning from history  Just like all new technology waves  Mercantile shipping  Telegraph / telephone  Automobile (safety)  Aviation  Petrochemicals  Buildings  In all these, the gains far outweighed the losses, until …..

4 Active Loss Prevention initiative Losses happen  Losses begin to happen  Lives are lost  Social pressure for change  Financial risk becomes to great  Fortunes wrecked  Reputations ruined (Anderson!)

5 Active Loss Prevention initiative Problem  Disparate technologies  Missing links – sensors, design, code, tests etc.  No commercial frameworks  Legal, insurance, risk, audit, regulation etc.  Governance gaps  Prevention and risk management is not institutionalised at any level  Boardroom  staff  What happened next …

6 Active Loss Prevention initiative What happened next?  Shipping  Lloyd’s coffee house  Technical change and standards  Legislation  Insurance  Drew in the ship owners and entrepreneurs  There was unsustainable loss – both financial and reputation

7 Active Loss Prevention initiative What happened next?  Buildings  Woolworths  Discos  Structural collapses  Earthquakes!  Change was reactive to socially, politically or financially unacceptable losses  Occurred over time  Development of new technology, standards, laws and commercial instruments  Spurred on by the opportunity to make money  Innovators and early adopters get involved

8 Active Loss Prevention initiative IT and the Internet  History is repeating itself  Dependencies and risks are huge  Impact can be national or international  Speed of adoption is increasing  Need to act before the disaster  Digital Pearl Harbour  Continent wide Brown out  Collapse of a currency  Destruction of an IT enabled business

9 Active Loss Prevention initiative Technology driven Governance RegulationsLaw InsuranceAudit LegalRisks TechnologyBusiness

10 Active Loss Prevention initiative Bad publicity  Free Kevin!  DDOS  War Games  Viruses and Worms  Corporate Data Collection  Spam  Carnivore  Web Defacements

11 Active Loss Prevention initiative Perceived Inaction  Media  Surveys  Increased Public Fear and Concern  Experience within government

12 Active Loss Prevention initiative Here Come the Governments (and the Lawyers! )  Data Protection Laws  Legal Barriers to Enforcing Rights  Liability for Negligence

13 Active Loss Prevention initiative Why legislation?  Problems of form  Electronic “signature”  Electronic “writing”  Introduction as evidence  Liability apportionment  Particularly CA (third party) liability

14 Active Loss Prevention initiative Self regulation  Agree standards to work to  Certification to those standards  Global acceptance and usage

15 Government Operations Gas & Oil Storage and Delivery Water Supply Systems Banking and Finance Transportation Electrical Energy Information Systems & Telecommunications Information Systems & Telecommunications Emergency Services Critical Infrastructures

16 Active Loss Prevention initiative Don’t forget the old stuff “Electronic Commerce will modify some of the traditional models for the conduct of business. However, it is important that many of the long- standing elements of commerce be replicated in the electronic world” (NIST, http://nii.nist.gov/pubs/trust-1.html)

17 Active Loss Prevention initiative “trust is essential to business - security just gets in the way” “trust is essential to business - security just gets in the way”

18 Active Loss Prevention initiative Vision Certified components processes and construction Business driven (not just eBusiness) Governance RegulationsLaw InsuranceAudit LegalRisks TechnologyBusiness eBusiness Involves all parties (solving the business Issues) Technology Governance Commercial Trust services Risk terms

19 Active Loss Prevention initiative Roadmap Governance RegulationsLaw InsuranceAudit LegalRisks TechnologyBusiness Involves all parties (solving the business issues) Enable the transition from where we are now to where we need to be Involves all parties (solving the business issues) Governance RegulationsLaw InsuranceAudit LegalRisks TechnologyBusiness

20 Active Loss Prevention initiative A quote… “It is good to trust… Acting as if you don’t trust the other party forces you to find ways to trust the transaction. …it is better not to” -Sholom Bryski, quoting one of his mentors

21 Active Loss Prevention initiative Delivering the traffic light IDS Virus F/W Policy Profiles Patches Security ID Role Authent Policy Rules Application ID management Storage Authentication Notary Trust services Operating system ID Role Authent Policy Patches

22 Active Loss Prevention initiative Services that may be needed Notary Restoration Services Access Control Evidential Analysis Identity tracking Storage -contracts -keys -evidential -documents Monitoring real time Reliable Messaging Underwriter Credential Management Policy

23 Active Loss Prevention initiative Customer requirements ‘Commercial’  Vocabulary of risk terms  Liability  Actuarial data  Steering group  Digital Chain of Trust  Risk mitigation  Risk management methods  Insurance response to business needs  Propagation of liability  Education and promotion  Standards of due care ‘Technical’  Trust services  Technology liaison group  Standards of due care  Risk management tools

24 Active Loss Prevention initiative How topics fit together Policy Guidance Mitigation Effectiveness Actuarial Data Risk Vocabulary Standards of Due Care Insurance ‘packaged products’ Liability (standards, contract terms, model laws, model regulations) Risk Management Methods Mitigation improvement

25 Active Loss Prevention initiative Interfaces Notary Restoration Services Access Control Evidential Analysis Identity tracking Storage Monitoring real time Reliable Messaging Underwriter Credential Management Policy

26 Active Loss Prevention initiative Trust Services Recommendation Verification Messaging Notary Credentials Notary Secret Keeping Identity Archiving Identity Tracking Trusted Storage Service Storage Technology Identity Credentials Roles Responsibilities Authorisation

27 Active Loss Prevention initiative To regulate or not  Some regulation is needed  Industry self regulation can do the rest  Governments must make sure self regulation works well  Industry must behave responsibly

28 Active Loss Prevention initiative  Trust Services  Liability  Actuarial Data  Vocabulary of risk terms  Trust Services  Technical services that will be needed to deliver the requirements of other groups  Initial support from technology providers  Liability  Scope requirements for a set of projects for this area  Examples: Standard contract terms, model law, model regulation, standard terms of business etc  Vocabulary of risk terms  A set of terms that can be used to accurately communicate risk information  Initial support from legal, audit and insurance  Actuarial Data  Enable the insurance industry to assess risk, cost, frequency of events, severity etc  Initial interest from insurance institutions Customer top 4

29 Active Loss Prevention initiative Governance & Policy Infrastructure Operations Business Process Audit Finance Insurance Legal PeopleTechnology ArchitectureRequirementsDesignSpecProcureManage Parts & Pieces ‘AIC’‘Verifier‘Watchdog’‘Interrogator’‘Identifier’ Board & Advisors Risk Management AssessmentPrioritiesStrategyOrganisationPlanTrack ALP VP & Specialists Executive VP & Specialists CIO & Operations Procurement Suppliers Active Loss Prevention Open Group Core Active Loss Prevention Initiative Renew Strategic, Enterprise-wide Proactive, live risk management Involves professions & services standards, verification, legislation Active Loss Prevention Core values Education & Training Management & Information

30 Active Loss Prevention initiative How topics fit together Risk Quantification Mitigation Effectiveness Actuarial Data Risk Vocabulary Liability (Third parties, propagation, jurisdiction)

31 Active Loss Prevention initiative How topics fit together Due Care Guidance Mitigation Effectiveness Actuarial Data Risk Vocabulary Standards of Due Care Risk Management Methods Liability (Third parties, propagation, jurisdiction)

32 Active Loss Prevention initiative How topics fit together Due Care and Liability Mitigation Effectiveness Actuarial Data Risk Vocabulary Standards of Due Care Risk Management Methods Liability (Third parties, propagation, jurisdiction)

33 Active Loss Prevention initiative How topics fit together Policy Guidance Mitigation Effectiveness Actuarial Data Risk Vocabulary Standards of Due Care Insurance ‘packaged products’ Liability (standards, contract terms, model laws, model regulations) Risk Management Methods Mitigation improvement Certified components or services

Download ppt "Active Loss Prevention initiative Ian Lloyd Director of the Active Loss Prevention initiative."

Similar presentations

Financing a Sustainable Low Carbon Indian Economy

Financing a Sustainable Low Carbon Indian Economy
Session No. 4 Implementing the State’s Safety Programme Implementing Service Providers SMS 1 1 1.

Session No. 4 Implementing the State’s Safety Programme Implementing Service Providers SMS
ITU Regional Seminar on E-commerce Bucharest, Romania 14-17 May 2002 National E-commerce Strategies for Development Dr. Susanne Teltscher United Nations.

ITU Regional Seminar on E-commerce Bucharest, Romania May 2002 National E-commerce Strategies for Development Dr. Susanne Teltscher United Nations.
Shared Services Vision

Shared Services Vision
Facilitating a Dialog between the NSDI and Utility Companies J. Peter Gomez Manager, Information Requirements, Xcel Energy.

Facilitating a Dialog between the NSDI and Utility Companies J. Peter Gomez Manager, Information Requirements, Xcel Energy.
Peter Brudenall & Caroline Evans- Simmons & Simmons Marsh Technology Conference 2005 Zurich, Switzerland. Managing the Security Landscape – Legal and Risk.

Peter Brudenall & Caroline Evans- Simmons & Simmons Marsh Technology Conference 2005 Zurich, Switzerland. Managing the Security Landscape – Legal and Risk.
Security Controls – What Works

Security Controls – What Works
Increasing customer value through effective security risk management

Increasing customer value through effective security risk management
Information Security Policies and Standards

Information Security Policies and Standards
The State of Security Management By Jim Reavis January 2003.

The State of Security Management By Jim Reavis January 2003.
Operational risk management Margaret Guerquin, FSA, FCIA Canadian Institute of Actuaries 2006 General Meeting Chicago Confidential © 2006 Swiss Re All.

Operational risk management Margaret Guerquin, FSA, FCIA Canadian Institute of Actuaries 2006 General Meeting Chicago Confidential © 2006 Swiss Re All.
© 2012 McGladrey LLP. All Rights Reserved.© 2014 McGladrey LLP. All Rights Reserved. © 2012 McGladrey LLP. All Rights Reserved. © 2013 McGladrey LLP. All.

© 2012 McGladrey LLP. All Rights Reserved.© 2014 McGladrey LLP. All Rights Reserved. © 2012 McGladrey LLP. All Rights Reserved. © 2013 McGladrey LLP. All.
Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.

Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.
Digital Campus Initiative Professor Tony Stevenson PVC Planning and Resources 15 February 2012.

Digital Campus Initiative Professor Tony Stevenson PVC Planning and Resources 15 February 2012.
Electronic Banking BY Bahaa Abas Noor abo han. Definition * e-banking is defined as: …the automated delivery of new and traditional banking products and.

Electronic Banking BY Bahaa Abas Noor abo han. Definition * e-banking is defined as: …the automated delivery of new and traditional banking products and.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
Www.nationalsmartcardproject.org.uk www.scnf.org.uk National Smartcard Project Work Package 8 – Security Issues Report.

National Smartcard Project Work Package 8 – Security Issues Report.
Consultancy.

Consultancy.
IAIS Standards Setting Activities and the Insurance Core Principles Washington – 4 May 2004 Luc Cardinal – Member of Secretariat International Association.

IAIS Standards Setting Activities and the Insurance Core Principles Washington – 4 May 2004 Luc Cardinal – Member of Secretariat International Association.

Similar presentations

Ads by Google