SlideShare une entreprise Scribd logo

Adequate securitynew1404.019

Télécharger en tant que PPTX, PDF
Wivenhoe Management Group
Wivenhoe Management Group
TechnologieBusiness
1  sur  25
WHAT IS AN ADEQUATE LEVEL OF SECURITY? Wivenhoe Management Group
What is an Adequate Level of Security? There is clearly a substantial difference in protecting a facility from persons intent on destroying the infrastructure to those intent on defacing it. Defining that difference is critical Wivenhoe Management Group
Factors That Determine An Adequate Level of Security 1. Type of Facility 2. Cost 3. Risk Acceptance 4. Insurance Requirements 5. SVA Recommendations 6. Liability Wivenhoe Management Group
Factors That Determine An Adequate Level of Security 1. Basis of Security Understanding 2. Threat Level 3. Accepted Security Industry Standards & Practice 4. Legal Compliance 5. Environment 6. Incident History 7. Other Wivenhoe Management Group
Basis of Security Understanding Sandia - Detect, Delay, Respond DHS - Deter, Detect, Delay, Respond Security Industry Experience Keep the Problem Out Deter the Problem Elsewhere Wivenhoe Management Group
Threat Level Crime Rate Statistics • Homicide • Rape • Robbery • Aggravated Assault • Crimes Against Persons • Burglary • Larceny • Motor Vehicle Theft • Crimes Against Property Wivenhoe Management Group
Accepted Security Industry Standards & Practices Design Criteria Properly Maintained Equipment Training Manufacturer Authorized Installers Proper Lighting Accepted System Design Current Software & Firmware Wivenhoe Management Group
Accepted Security Industry Standards & Practices As Built Drawings Response Time to System Failure Back-Up Power Systems Meeting Federal & Local Codes Minimum Video Recording Time Schedules Identifying Types & Quantities of Security Panels Wivenhoe Management Group
Accepted Security Industry Standards & Practices Due Diligence Related to Contractors Clear Definition of Performance Requirements Required Installation Permits Electric Surge Protection Wivenhoe Management Group
Legal Compliance • Specific Industry Security Requirements • Data Security Requirements • Physical Security Requirements Wivenhoe Management Group
Incident History • Five (5) Year History • Type of Incident • Actions Taken • Incident/Serious Breach Wivenhoe Management Group
Liability • Standard Law Suit • Negligence • Gross Negligence • Repercussions Wivenhoe Management Group
Environment • Crime Rates • Type of Crime Category • Transportation Hub • Nearby Targets • Sensitive Border • Target Vantage Point Wivenhoe Management Group
Type of Facility • Hazardous • Strategic Value • Age & Condition • Key Infrastructure • Research Facility • Communication Hub Wivenhoe Management Group
Cost • Cost, the Leading Factor • Cost, a Double-Edged Sword • Cost, Lowest Bidder • Cost, Technology Changes Wivenhoe Management Group
Risk Acceptance Higher Risk = Less Cost Lower Risk Safe Choice Difference is Liability Wivenhoe Management Group
Insurance Concerns Escalating Medical Costs Increasing Value of Assets Ever Present Terrorism Wivenhoe Management Group
Insurance Requirements UL Certified Alarm System Data Security Compliance Safety Compliance Cyber Crime Prevention Active Shooter Containment Wivenhoe Management Group
SVA Requirements What is an SVA? Security Vulnerability Assessment Wivenhoe Management Group
Why Perform An SVA? • Threat Level • Critical Assets • Findings & Recommendations • Federal Grant Funding • Customer Confidence Wivenhoe Management Group
Why Perform An SVA? • Counter Liability • Phased Solution • Emergency Planning & Response – Active Shooter – Bomb Threat • Measured Response Wivenhoe Management Group
SUMMARY Basis of Security • Deter Detect Delay Respond • Detect Delay Respond Wivenhoe Management Group
SUMMARY Many Factors Threat Level Legal Compliance Accepted Standards Environment Incident History Liability Facility Type Risk Acceptance Insurance Cost Security Vulnerability Assessment Wivenhoe Management Group
SUMMARY More Important Factors Threat Level Liability Facility Type Legal Compliance Wivenhoe Management Group
QUESTIONS Questions can be sent to: David McCann Principal Consultant Wivenhoe Management Group dmccann@wivenhoegroup.com www.wivenhoegroup.com Wivenhoe Management Group

Recommandé

Wivenhoe Management Group[2]
Wivenhoe Management Group[2]Wivenhoe Management Group[2]
Wivenhoe Management Group[2]Wivenhoe Management Group
 
A W W A Presentation Regional Paper David Mc Cann
A W W A Presentation Regional Paper David Mc CannA W W A Presentation Regional Paper David Mc Cann
A W W A Presentation Regional Paper David Mc CannWivenhoe Management Group
 
Security vulnerability assessment & liability(li)
Security vulnerability assessment & liability(li)Security vulnerability assessment & liability(li)
Security vulnerability assessment & liability(li)Wivenhoe Management Group
 
Pa awwa2006 presentationrev1fin_feb
Pa awwa2006 presentationrev1fin_febPa awwa2006 presentationrev1fin_feb
Pa awwa2006 presentationrev1fin_febWivenhoe Management Group
 
Tripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale PetersonTripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale PetersonTripwire
 
Security vulnerability assessment & liability dsm linkedin
Security vulnerability assessment & liability dsm linkedinSecurity vulnerability assessment & liability dsm linkedin
Security vulnerability assessment & liability dsm linkedinWivenhoe Management Group
 
AWWAWCEnv1102.009
AWWAWCEnv1102.009AWWAWCEnv1102.009
AWWAWCEnv1102.009Wivenhoe Management Group
 
Data Driven Risk Assessment
Data Driven Risk AssessmentData Driven Risk Assessment
Data Driven Risk AssessmentResolver Inc.
 

Recommandé

Wivenhoe Management Group[2]
Wivenhoe Management Group[2]Wivenhoe Management Group[2]
Wivenhoe Management Group[2]Wivenhoe Management Group
 
A W W A Presentation Regional Paper David Mc Cann
A W W A Presentation Regional Paper David Mc CannA W W A Presentation Regional Paper David Mc Cann
A W W A Presentation Regional Paper David Mc CannWivenhoe Management Group
 
Security vulnerability assessment & liability(li)
Security vulnerability assessment & liability(li)Security vulnerability assessment & liability(li)
Security vulnerability assessment & liability(li)Wivenhoe Management Group
 
Pa awwa2006 presentationrev1fin_feb
Pa awwa2006 presentationrev1fin_febPa awwa2006 presentationrev1fin_feb
Pa awwa2006 presentationrev1fin_febWivenhoe Management Group
 
Tripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale PetersonTripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale PetersonTripwire
 
Security vulnerability assessment & liability dsm linkedin
Security vulnerability assessment & liability dsm linkedinSecurity vulnerability assessment & liability dsm linkedin
Security vulnerability assessment & liability dsm linkedinWivenhoe Management Group
 
AWWAWCEnv1102.009
AWWAWCEnv1102.009AWWAWCEnv1102.009
AWWAWCEnv1102.009Wivenhoe Management Group
 
Data Driven Risk Assessment
Data Driven Risk AssessmentData Driven Risk Assessment
Data Driven Risk AssessmentResolver Inc.
 
Risk Management Methodology - Copy
Risk Management Methodology - CopyRisk Management Methodology - Copy
Risk Management Methodology - CopyRabah Odeh ITIL 5.0-OCP-CISA-PMP-OCP..etc
 
Wastewater Workshop Presentation 2007[2 R]
Wastewater Workshop Presentation 2007[2 R]Wastewater Workshop Presentation 2007[2 R]
Wastewater Workshop Presentation 2007[2 R]Wivenhoe Management Group
 
Cyber Resilience: Managing Cyber Shocks
Cyber Resilience: Managing Cyber ShocksCyber Resilience: Managing Cyber Shocks
Cyber Resilience: Managing Cyber ShocksPhil Huggins FBCS CITP
 
An Intro to Resolver's InfoSec Application (RiskVision)
An Intro to Resolver's InfoSec Application (RiskVision)An Intro to Resolver's InfoSec Application (RiskVision)
An Intro to Resolver's InfoSec Application (RiskVision)Resolver Inc.
 
ComResource - NW Agent Cybersecurity
ComResource - NW Agent CybersecurityComResource - NW Agent Cybersecurity
ComResource - NW Agent CybersecurityAnthony Dials
 
Risk Assessment And Management
Risk Assessment And ManagementRisk Assessment And Management
Risk Assessment And Managementvikasraina
 
Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...
Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...
Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...Citrin Cooperman
 
Integrating Cybersecurity into Supply Chain Risk Management
Integrating Cybersecurity into Supply Chain Risk ManagementIntegrating Cybersecurity into Supply Chain Risk Management
Integrating Cybersecurity into Supply Chain Risk ManagementPriyanka Aash
 
Risk Assessments
Risk AssessmentsRisk Assessments
Risk AssessmentsJoAnna Cheshire
 
Pitfalls of Cyber Data
Pitfalls of Cyber DataPitfalls of Cyber Data
Pitfalls of Cyber DataPhil Huggins FBCS CITP
 
Resilience is the new cyber security
Resilience is the new cyber securityResilience is the new cyber security
Resilience is the new cyber securityPhil Huggins FBCS CITP
 
Bay Dynamics
Bay DynamicsBay Dynamics
Bay DynamicsMeg Vorland
 
Vendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the riskVendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the riskSarah Clarke
 
The Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryThe Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryPriyanka Aash
 
Proactive incident response
Proactive incident responseProactive incident response
Proactive incident responseBrian Honan
 
Managing Insider Risk
Managing Insider RiskManaging Insider Risk
Managing Insider RiskPhil Huggins FBCS CITP
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessmentCAS
 
OWASP based Threat Modeling Framework
OWASP based Threat Modeling FrameworkOWASP based Threat Modeling Framework
OWASP based Threat Modeling FrameworkChaitanya Bhatt
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber ResiliencePhil Huggins FBCS CITP
 
Countering Cyber Threats
Countering Cyber ThreatsCountering Cyber Threats
Countering Cyber ThreatsPhil Huggins FBCS CITP
 
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015Joe Bartolo
 
Wasn't expecting that! Now what?
Wasn't expecting that! Now what?Wasn't expecting that! Now what?
Wasn't expecting that! Now what?Jisc
 

Contenu connexe

Tendances

Cyber Resilience: Managing Cyber Shocks
Cyber Resilience: Managing Cyber ShocksCyber Resilience: Managing Cyber Shocks
Cyber Resilience: Managing Cyber ShocksPhil Huggins FBCS CITP
 
An Intro to Resolver's InfoSec Application (RiskVision)
An Intro to Resolver's InfoSec Application (RiskVision)An Intro to Resolver's InfoSec Application (RiskVision)
An Intro to Resolver's InfoSec Application (RiskVision)Resolver Inc.
 
ComResource - NW Agent Cybersecurity
ComResource - NW Agent CybersecurityComResource - NW Agent Cybersecurity
ComResource - NW Agent CybersecurityAnthony Dials
 
Risk Assessment And Management
Risk Assessment And ManagementRisk Assessment And Management
Risk Assessment And Managementvikasraina
 
Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...
Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...
Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...Citrin Cooperman
 
Integrating Cybersecurity into Supply Chain Risk Management
Integrating Cybersecurity into Supply Chain Risk ManagementIntegrating Cybersecurity into Supply Chain Risk Management
Integrating Cybersecurity into Supply Chain Risk ManagementPriyanka Aash
 
Vendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the riskVendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the riskSarah Clarke
 
The Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryThe Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryPriyanka Aash
 
Proactive incident response
Proactive incident responseProactive incident response
Proactive incident responseBrian Honan
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessmentCAS
 
OWASP based Threat Modeling Framework
OWASP based Threat Modeling FrameworkOWASP based Threat Modeling Framework
OWASP based Threat Modeling FrameworkChaitanya Bhatt
 

Tendances (20)

Risk Management Methodology - Copy
Risk Management Methodology - CopyRisk Management Methodology - Copy
Risk Management Methodology - Copy
 
Wastewater Workshop Presentation 2007[2 R]
Wastewater Workshop Presentation 2007[2 R]Wastewater Workshop Presentation 2007[2 R]
Wastewater Workshop Presentation 2007[2 R]
 
Cyber Resilience: Managing Cyber Shocks
Cyber Resilience: Managing Cyber ShocksCyber Resilience: Managing Cyber Shocks
Cyber Resilience: Managing Cyber Shocks
 
An Intro to Resolver's InfoSec Application (RiskVision)
An Intro to Resolver's InfoSec Application (RiskVision)An Intro to Resolver's InfoSec Application (RiskVision)
An Intro to Resolver's InfoSec Application (RiskVision)
 
ComResource - NW Agent Cybersecurity
ComResource - NW Agent CybersecurityComResource - NW Agent Cybersecurity
ComResource - NW Agent Cybersecurity
 
Risk Assessment And Management
Risk Assessment And ManagementRisk Assessment And Management
Risk Assessment And Management
 
Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...
Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...
Cybersecurity Disrupters and Cybersecurity Insurance in the COVID-19 Era – Is...
 
Integrating Cybersecurity into Supply Chain Risk Management
Integrating Cybersecurity into Supply Chain Risk ManagementIntegrating Cybersecurity into Supply Chain Risk Management
Integrating Cybersecurity into Supply Chain Risk Management
 
Risk Assessments
Risk AssessmentsRisk Assessments
Risk Assessments
 
Pitfalls of Cyber Data
Pitfalls of Cyber DataPitfalls of Cyber Data
Pitfalls of Cyber Data
 
Resilience is the new cyber security
Resilience is the new cyber securityResilience is the new cyber security
Resilience is the new cyber security
 
Bay Dynamics
Bay DynamicsBay Dynamics
Bay Dynamics
 
Vendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the riskVendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the risk
 
The Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryThe Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your Story
 
Proactive incident response
Proactive incident responseProactive incident response
Proactive incident response
 
Managing Insider Risk
Managing Insider RiskManaging Insider Risk
Managing Insider Risk
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessment
 
OWASP based Threat Modeling Framework
OWASP based Threat Modeling FrameworkOWASP based Threat Modeling Framework
OWASP based Threat Modeling Framework
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber Resilience
 
Countering Cyber Threats
Countering Cyber ThreatsCountering Cyber Threats
Countering Cyber Threats
 

Similaire à Adequate securitynew1404.019

Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015Joe Bartolo
 
Wasn't expecting that! Now what?
Wasn't expecting that! Now what?Wasn't expecting that! Now what?
Wasn't expecting that! Now what?Jisc
 
Security architecture frameworks
Security architecture frameworksSecurity architecture frameworks
Security architecture frameworksJohn Arnold
 
Stay Ahead of Threats with Advanced Security Protection - Fortinet
Stay Ahead of Threats with Advanced Security Protection - FortinetStay Ahead of Threats with Advanced Security Protection - Fortinet
Stay Ahead of Threats with Advanced Security Protection - FortinetMarcoTechnologies
 
Luncheon 2015-06-18 Security Industry 2.0: Survival in the Boardroom by David...
Luncheon 2015-06-18 Security Industry 2.0: Survival in the Boardroom by David...Luncheon 2015-06-18 Security Industry 2.0: Survival in the Boardroom by David...
Luncheon 2015-06-18 Security Industry 2.0: Survival in the Boardroom by David...North Texas Chapter of the ISSA
 
Enterprise under attack dealing with security threats and compliance
Enterprise under attack dealing with security threats and complianceEnterprise under attack dealing with security threats and compliance
Enterprise under attack dealing with security threats and complianceSPAN Infotech (India) Pvt Ltd
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditorsmdagrossa
 
Undertake the Risk Analysis Policy
Undertake the Risk Analysis PolicyUndertake the Risk Analysis Policy
Undertake the Risk Analysis PolicyKomal Zahra
 
Cyber Attacks aren't going away - including Cyber Security in your risk strategy
Cyber Attacks aren't going away - including Cyber Security in your risk strategyCyber Attacks aren't going away - including Cyber Security in your risk strategy
Cyber Attacks aren't going away - including Cyber Security in your risk strategyJames Mulhern
 
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtThe Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtJohn D. Johnson
 
Threat Based Risk Assessment
Threat Based Risk AssessmentThreat Based Risk Assessment
Threat Based Risk AssessmentMichael Lines
 
Cyber Security 2016 Cade Zvavanjanja1
Cyber Security 2016 Cade Zvavanjanja1Cyber Security 2016 Cade Zvavanjanja1
Cyber Security 2016 Cade Zvavanjanja1Cade Zvavanjanja
 
Risk Management (1) (1).ppt
Risk Management (1) (1).pptRisk Management (1) (1).ppt
Risk Management (1) (1).pptAjjuSingh2
 
Focusing on the Threats to the Detriment of the Vulnerabilities
Focusing on the Threats to the Detriment of the VulnerabilitiesFocusing on the Threats to the Detriment of the Vulnerabilities
Focusing on the Threats to the Detriment of the VulnerabilitiesRoger Johnston
 
Rapid Risk Assessment: A New Approach to Risk Management
Rapid Risk Assessment: A New Approach to Risk ManagementRapid Risk Assessment: A New Approach to Risk Management
Rapid Risk Assessment: A New Approach to Risk ManagementEnergySec
 
How to Simplify Audit Compliance with Unified Security Management
How to Simplify Audit Compliance with Unified Security ManagementHow to Simplify Audit Compliance with Unified Security Management
How to Simplify Audit Compliance with Unified Security ManagementAlienVault
 
2015 Global Threat Intelligence Report - an analysis of global security trends
2015 Global Threat Intelligence Report - an analysis of global security trends2015 Global Threat Intelligence Report - an analysis of global security trends
2015 Global Threat Intelligence Report - an analysis of global security trendsDImension Data
 
Assuring Reliable and Secure IT Services
Assuring Reliable and Secure IT ServicesAssuring Reliable and Secure IT Services
Assuring Reliable and Secure IT Servicestsaiblake
 
My_notes_part1.pdf
My_notes_part1.pdfMy_notes_part1.pdf
My_notes_part1.pdfPhilLopez4
 

Similaire à Adequate securitynew1404.019 (20)

Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
 
Wasn't expecting that! Now what?
Wasn't expecting that! Now what?Wasn't expecting that! Now what?
Wasn't expecting that! Now what?
 
Security architecture frameworks
Security architecture frameworksSecurity architecture frameworks
Security architecture frameworks
 
Stay Ahead of Threats with Advanced Security Protection - Fortinet
Stay Ahead of Threats with Advanced Security Protection - FortinetStay Ahead of Threats with Advanced Security Protection - Fortinet
Stay Ahead of Threats with Advanced Security Protection - Fortinet
 
Luncheon 2015-06-18 Security Industry 2.0: Survival in the Boardroom by David...
Luncheon 2015-06-18 Security Industry 2.0: Survival in the Boardroom by David...Luncheon 2015-06-18 Security Industry 2.0: Survival in the Boardroom by David...
Luncheon 2015-06-18 Security Industry 2.0: Survival in the Boardroom by David...
 
Enterprise under attack dealing with security threats and compliance
Enterprise under attack dealing with security threats and complianceEnterprise under attack dealing with security threats and compliance
Enterprise under attack dealing with security threats and compliance
 
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal AuditorsION-E Defense In Depth Presentation for The Institiute of Internal Auditors
ION-E Defense In Depth Presentation for The Institiute of Internal Auditors
 
Undertake the Risk Analysis Policy
Undertake the Risk Analysis PolicyUndertake the Risk Analysis Policy
Undertake the Risk Analysis Policy
 
Cyber Attacks aren't going away - including Cyber Security in your risk strategy
Cyber Attacks aren't going away - including Cyber Security in your risk strategyCyber Attacks aren't going away - including Cyber Security in your risk strategy
Cyber Attacks aren't going away - including Cyber Security in your risk strategy
 
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtThe Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
 
Threat Based Risk Assessment
Threat Based Risk AssessmentThreat Based Risk Assessment
Threat Based Risk Assessment
 
Cyber Security 2016 Cade Zvavanjanja1
Cyber Security 2016 Cade Zvavanjanja1Cyber Security 2016 Cade Zvavanjanja1
Cyber Security 2016 Cade Zvavanjanja1
 
Risk Management (1) (1).ppt
Risk Management (1) (1).pptRisk Management (1) (1).ppt
Risk Management (1) (1).ppt
 
Focusing on the Threats to the Detriment of the Vulnerabilities
Focusing on the Threats to the Detriment of the VulnerabilitiesFocusing on the Threats to the Detriment of the Vulnerabilities
Focusing on the Threats to the Detriment of the Vulnerabilities
 
Rapid Risk Assessment: A New Approach to Risk Management
Rapid Risk Assessment: A New Approach to Risk ManagementRapid Risk Assessment: A New Approach to Risk Management
Rapid Risk Assessment: A New Approach to Risk Management
 
How to Simplify Audit Compliance with Unified Security Management
How to Simplify Audit Compliance with Unified Security ManagementHow to Simplify Audit Compliance with Unified Security Management
How to Simplify Audit Compliance with Unified Security Management
 
Security Site Surveys and Risk Assessments
Security Site Surveys and Risk AssessmentsSecurity Site Surveys and Risk Assessments
Security Site Surveys and Risk Assessments
 
2015 Global Threat Intelligence Report - an analysis of global security trends
2015 Global Threat Intelligence Report - an analysis of global security trends2015 Global Threat Intelligence Report - an analysis of global security trends
2015 Global Threat Intelligence Report - an analysis of global security trends
 
Assuring Reliable and Secure IT Services
Assuring Reliable and Secure IT ServicesAssuring Reliable and Secure IT Services
Assuring Reliable and Secure IT Services
 
My_notes_part1.pdf
My_notes_part1.pdfMy_notes_part1.pdf
My_notes_part1.pdf
 

Dernier

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Principled Technologies
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 

Dernier (20)

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 

Adequate securitynew1404.019

  • 1. WHAT IS AN ADEQUATE LEVEL OF SECURITY? Wivenhoe Management Group
  • 2. What is an Adequate Level of Security? There is clearly a substantial difference in protecting a facility from persons intent on destroying the infrastructure to those intent on defacing it. Defining that difference is critical Wivenhoe Management Group
  • 3. Factors That Determine An Adequate Level of Security 1. Type of Facility 2. Cost 3. Risk Acceptance 4. Insurance Requirements 5. SVA Recommendations 6. Liability Wivenhoe Management Group
  • 4. Factors That Determine An Adequate Level of Security 1. Basis of Security Understanding 2. Threat Level 3. Accepted Security Industry Standards & Practice 4. Legal Compliance 5. Environment 6. Incident History 7. Other Wivenhoe Management Group
  • 5. Basis of Security Understanding Sandia - Detect, Delay, Respond DHS - Deter, Detect, Delay, Respond Security Industry Experience Keep the Problem Out Deter the Problem Elsewhere Wivenhoe Management Group
  • 6. Threat Level Crime Rate Statistics • Homicide • Rape • Robbery • Aggravated Assault • Crimes Against Persons • Burglary • Larceny • Motor Vehicle Theft • Crimes Against Property Wivenhoe Management Group
  • 7. Accepted Security Industry Standards & Practices Design Criteria Properly Maintained Equipment Training Manufacturer Authorized Installers Proper Lighting Accepted System Design Current Software & Firmware Wivenhoe Management Group
  • 8. Accepted Security Industry Standards & Practices As Built Drawings Response Time to System Failure Back-Up Power Systems Meeting Federal & Local Codes Minimum Video Recording Time Schedules Identifying Types & Quantities of Security Panels Wivenhoe Management Group
  • 9. Accepted Security Industry Standards & Practices Due Diligence Related to Contractors Clear Definition of Performance Requirements Required Installation Permits Electric Surge Protection Wivenhoe Management Group
  • 10. Legal Compliance • Specific Industry Security Requirements • Data Security Requirements • Physical Security Requirements Wivenhoe Management Group
  • 11. Incident History • Five (5) Year History • Type of Incident • Actions Taken • Incident/Serious Breach Wivenhoe Management Group
  • 12. Liability • Standard Law Suit • Negligence • Gross Negligence • Repercussions Wivenhoe Management Group
  • 13. Environment • Crime Rates • Type of Crime Category • Transportation Hub • Nearby Targets • Sensitive Border • Target Vantage Point Wivenhoe Management Group
  • 14. Type of Facility • Hazardous • Strategic Value • Age & Condition • Key Infrastructure • Research Facility • Communication Hub Wivenhoe Management Group
  • 15. Cost • Cost, the Leading Factor • Cost, a Double-Edged Sword • Cost, Lowest Bidder • Cost, Technology Changes Wivenhoe Management Group
  • 16. Risk Acceptance Higher Risk = Less Cost Lower Risk Safe Choice Difference is Liability Wivenhoe Management Group
  • 17. Insurance Concerns Escalating Medical Costs Increasing Value of Assets Ever Present Terrorism Wivenhoe Management Group
  • 18. Insurance Requirements UL Certified Alarm System Data Security Compliance Safety Compliance Cyber Crime Prevention Active Shooter Containment Wivenhoe Management Group
  • 19. SVA Requirements What is an SVA? Security Vulnerability Assessment Wivenhoe Management Group
  • 20. Why Perform An SVA? • Threat Level • Critical Assets • Findings & Recommendations • Federal Grant Funding • Customer Confidence Wivenhoe Management Group
  • 21. Why Perform An SVA? • Counter Liability • Phased Solution • Emergency Planning & Response – Active Shooter – Bomb Threat • Measured Response Wivenhoe Management Group
  • 22. SUMMARY Basis of Security • Deter Detect Delay Respond • Detect Delay Respond Wivenhoe Management Group
  • 23. SUMMARY Many Factors Threat Level Legal Compliance Accepted Standards Environment Incident History Liability Facility Type Risk Acceptance Insurance Cost Security Vulnerability Assessment Wivenhoe Management Group
  • 24. SUMMARY More Important Factors Threat Level Liability Facility Type Legal Compliance Wivenhoe Management Group
  • 25. QUESTIONS Questions can be sent to: David McCann Principal Consultant Wivenhoe Management Group dmccann@wivenhoegroup.com www.wivenhoegroup.com Wivenhoe Management Group