12

-12

-2007

MA

INP

OR

T S

EC

UR

ITY

CO

NF

ER

EN

CE

: T

HE

WE

AK

ES

T L

INK

Sh

eet:

1

12

-12

-2007

MA

INP

OR

T S

EC

UR

ITY

CO

NF

ER

EN

CE

: T

HE

WE

AK

ES

T L

INK

Sh

eet:

2

INTRODUCTION

• Jan Otten, CEO – Founder of Respond BV

• Operational Risk Management Specialist

12

-12

-2007

MA

INP

OR

T S

EC

UR

ITY

CO

NF

ER

EN

CE

: T

HE

WE

AK

ES

T L

INK

Sh

eet:

3

ISSUE OF THIS TALK

Our security is no stronger as its weakest link!

12

-12

-2007

MA

INP

OR

T S

EC

UR

ITY

CO

NF

ER

EN

CE

: T

HE

WE

AK

ES

T L

INK

Sh

eet:

4

THE WEAKEST LINK

Do you know your weakest link?

Do you measure your incidents?

Do you have prevention plans?

Do you balance between risk and acceptance?

12

-12

-2007

MA

INP

OR

T S

EC

UR

ITY

CO

NF

ER

EN

CE

: T

HE

WE

AK

ES

T L

INK

Sh

eet:

5

THE WEAKEST LINK

Let us play this game.

12

-12

-2007

MA

INP

OR

T S

EC

UR

ITY

CO

NF

ER

EN

CE

: T

HE

WE

AK

ES

T L

INK

Sh

eet:

6

In which year happened the attack on the Twin Towers?

2000

2001

2002

THE WEAKEST LINK

Question 1:

12

-12

-2007

MA

INP

OR

T S

EC

UR

ITY

CO

NF

ER

EN

CE

: T

HE

WE

AK

ES

T L

INK

Sh

eet:

7

How big is the tank storage in the Port of Rotterdam?

nearly 20.000.000 M3

nearly 30.000.000 M3

nearly 40.000.000 M3

THE WEAKEST LINK

Question 2:

12

-12

-2007

MA

INP

OR

T S

EC

UR

ITY

CO

NF

ER

EN

CE

: T

HE

WE

AK

ES

T L

INK

Sh

eet:

8

On how many levels is the international standard security code (ISPS) based?

3

4

5

THE WEAKEST LINK

Question 3:

12

-12

-2007

MA

INP

OR

T S

EC

UR

ITY

CO

NF

ER

EN

CE

: T

HE

WE

AK

ES

T L

INK

Sh

eet:

9

How many emergency doors does this conference room have?

2

4

6

THE WEAKEST LINK

Question 4:

12

-12

-2007

MA

INP

OR

T S

EC

UR

ITY

CO

NF

ER

EN

CE

: T

HE

WE

AK

ES

T L

INK

Sh

eet:

10

Your Formula 1 Cockpit

1. Position Ambition

2. Race track Rules/Law

3. Internal/External Risks Threats/Tolerance

4. Incidents Mitigation/Recovery

12

-12

-2007

MA

INP

OR

T S

EC

UR

ITY

CO

NF

ER

EN

CE

: T

HE

WE

AK

ES

T L

INK

Sh

eet:

11

Communication

Coordination

Information

YOUR SECURITY DASHBOARD

12

-12

-2007

MA

INP

OR

T S

EC

UR

ITY

CO

NF

ER

EN

CE

: T

HE

WE

AK

ES

T L

INK

Sh

eet:

12

COMMUNICATION CLOCK

Who will inform you?

Who do you have to notify?

Is the contact database okay?

Who is responsible for what?

Will you be notified if…?

12

-12

-2007

MA

INP

OR

T S

EC

UR

ITY

CO

NF

ER

EN

CE

: T

HE

WE

AK

ES

T L

INK

Sh

eet:

13

100% COMMUNICATION

Communicator, QuickAlert, Gaos, Bot-mi

Users: NCTb, ProRail, KLM, Defense, Fire Dept.

12

-12

-2007

MA

INP

OR

T S

EC

UR

ITY

CO

NF

ER

EN

CE

: T

HE

WE

AK

ES

T L

INK

Sh

eet:

14

100% COMMUNICATION

12

-12

-2007

MA

INP

OR

T S

EC

UR

ITY

CO

NF

ER

EN

CE

: T

HE

WE

AK

ES

T L

INK

Sh

eet:

15

INFORMATION CLOCK

Do we have a common picture?

Is the map up to date?

Do we have experience?

How much waste is gone?

Where are the resources?

12

-12

-2007

MA

INP

OR

T S

EC

UR

ITY

CO

NF

ER

EN

CE

: T

HE

WE

AK

ES

T L

INK

Sh

eet:

16

100% INFORMED

Incident Master, Crisis-Online, Essential Waste.

Users: NCTb, NCC, Alcoa, Dow.

Portal

System A

System B

System C

System D

Systiiiiem E

Information G

Information F

Applications/

Systems

Single Sign On

Windows

GUIFused & Integrated

12

-12

-2007

MA

INP

OR

T S

EC

UR

ITY

CO

NF

ER

EN

CE

: T

HE

WE

AK

ES

T L

INK

Sh

eet:

17

100% INFORMED

Quality Mgmt

Integrated Enterprise Risk Management - Dynamic Process Management

Activiteit

Subproces

Proces

Procesmodel

Rol

Functie

Organisatiemodel

Competenties

Medewerker

Module

Applicatie

Applicatiemodel

Data

Entiteiten (& Relaties)

Datamodel

Financial

Risks

Strategic

Risks

Operation

al

Risks

Hazard

Risks

Act

ivity

Time objective

Incident response plan

Crisis Management plan

Recovery plan

Act

ivity

Time objective

Incident response plan

Crisis Management plan

Recovery plan

Dynamic Risk Management - Think Global – Act Local

Process EngineeringFire EnvironmentSafety

Inventory

Audit

Risk Evaluation

Measures

Plan & Follow up

Inventory

Audit

Risk Evaluation

Measures

Plan & Follow up

Inventory

Audit

Risk Evaluation

Measures

Plan & Follow up

Inventory

Audit

Evaluation

(Re-)engineer

Simulation &

Implementation

Dynamic improvement

Security

Inventory

Audit

Risk Evaluation

Measures

Plan & Follow up

12

-12

-2007

MA

INP

OR

T S

EC

UR

ITY

CO

NF

ER

EN

CE

: T

HE

WE

AK

ES

T L

INK

Sh

eet:

18

COORDINATION CLOCK

What is the status?

Are you in control of the press?

Who is in charge?

Please verify that …

Give me a report please?

12

-12

-2007

MA

INP

OR

T S

EC

UR

ITY

CO

NF

ER

EN

CE

: T

HE

WE

AK

ES

T L

INK

Sh

eet:

19

100% COORDINATION

Essential Suite, RiskMatrix

Users: NCTb, NCC, Prisons, BP, DAF

12

-12

-2007

MA

INP

OR

T S

EC

UR

ITY

CO

NF

ER

EN

CE

: T

HE

WE

AK

ES

T L

INK

Sh

eet:

20

100% COORDINATION

12

-12

-2007

MA

INP

OR

T S

EC

UR

ITY

CO

NF

ER

EN

CE

: T

HE

WE

AK

ES

T L

INK

Sh

eet:

21

“How you manage information determines whether you win or lose. Information flow must be rapid and

accurate so organizations can act faster, make more informed decisions, react to unplanned events and close the gap on

customer responsiveness.”

Bill Gates

12

-12

-2007

MA

INP

OR

T S

EC

UR

ITY

CO

NF

ER

EN

CE

: T

HE

WE

AK

ES

T L

INK

Sh

eet:

22

MANAGE YOUR SECURITY DASHBOARD

TO FIX YOUR WEAKEST LINKS

12

-12

-2007

MA

INP

OR

T S

EC

UR

ITY

CO

NF

ER

EN

CE

: T

HE

WE

AK

ES

T L

INK

Sh

eet:

23

ISSUE OF THIS TALK

Our security is no stronger as its weakest link!

Thank you, Jan Otten

jotten@respond.nl

BE PREPARED!