Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
12
-12
-2007
MA
INP
OR
T S
EC
UR
ITY
CO
NF
ER
EN
CE
: T
HE
WE
AK
ES
T L
INK
Sh
eet:
1
12
-12
-2007
MA
INP
OR
T S
EC
UR
ITY
CO
NF
ER
EN
CE
: T
HE
WE
AK
ES
T L
INK
Sh
eet:
2
INTRODUCTION
• Jan Otten, CEO – Founder of Respond BV
• Operational Risk Management Specialist
12
-12
-2007
MA
INP
OR
T S
EC
UR
ITY
CO
NF
ER
EN
CE
: T
HE
WE
AK
ES
T L
INK
Sh
eet:
3
ISSUE OF THIS TALK
Our security is no stronger as its weakest link!
12
-12
-2007
MA
INP
OR
T S
EC
UR
ITY
CO
NF
ER
EN
CE
: T
HE
WE
AK
ES
T L
INK
Sh
eet:
4
THE WEAKEST LINK
Do you know your weakest link?
Do you measure your incidents?
Do you have prevention plans?
Do you balance between risk and acceptance?
12
-12
-2007
MA
INP
OR
T S
EC
UR
ITY
CO
NF
ER
EN
CE
: T
HE
WE
AK
ES
T L
INK
Sh
eet:
5
THE WEAKEST LINK
Let us play this game.
12
-12
-2007
MA
INP
OR
T S
EC
UR
ITY
CO
NF
ER
EN
CE
: T
HE
WE
AK
ES
T L
INK
Sh
eet:
6
In which year happened the attack on the Twin Towers?
2000
2001
2002
THE WEAKEST LINK
Question 1:
12
-12
-2007
MA
INP
OR
T S
EC
UR
ITY
CO
NF
ER
EN
CE
: T
HE
WE
AK
ES
T L
INK
Sh
eet:
7
How big is the tank storage in the Port of Rotterdam?
nearly 20.000.000 M3
nearly 30.000.000 M3
nearly 40.000.000 M3
THE WEAKEST LINK
Question 2:
12
-12
-2007
MA
INP
OR
T S
EC
UR
ITY
CO
NF
ER
EN
CE
: T
HE
WE
AK
ES
T L
INK
Sh
eet:
8
On how many levels is the international standard security code (ISPS) based?
3
4
5
THE WEAKEST LINK
Question 3:
12
-12
-2007
MA
INP
OR
T S
EC
UR
ITY
CO
NF
ER
EN
CE
: T
HE
WE
AK
ES
T L
INK
Sh
eet:
9
How many emergency doors does this conference room have?
2
4
6
THE WEAKEST LINK
Question 4:
12
-12
-2007
MA
INP
OR
T S
EC
UR
ITY
CO
NF
ER
EN
CE
: T
HE
WE
AK
ES
T L
INK
Sh
eet:
10
Your Formula 1 Cockpit
1. Position Ambition
2. Race track Rules/Law
3. Internal/External Risks Threats/Tolerance
4. Incidents Mitigation/Recovery
12
-12
-2007
MA
INP
OR
T S
EC
UR
ITY
CO
NF
ER
EN
CE
: T
HE
WE
AK
ES
T L
INK
Sh
eet:
11
Communication
Coordination
Information
YOUR SECURITY DASHBOARD
12
-12
-2007
MA
INP
OR
T S
EC
UR
ITY
CO
NF
ER
EN
CE
: T
HE
WE
AK
ES
T L
INK
Sh
eet:
12
COMMUNICATION CLOCK
Who will inform you?
Who do you have to notify?
Is the contact database okay?
Who is responsible for what?
Will you be notified if…?
12
-12
-2007
MA
INP
OR
T S
EC
UR
ITY
CO
NF
ER
EN
CE
: T
HE
WE
AK
ES
T L
INK
Sh
eet:
13
100% COMMUNICATION
Communicator, QuickAlert, Gaos, Bot-mi
Users: NCTb, ProRail, KLM, Defense, Fire Dept.
12
-12
-2007
MA
INP
OR
T S
EC
UR
ITY
CO
NF
ER
EN
CE
: T
HE
WE
AK
ES
T L
INK
Sh
eet:
14
100% COMMUNICATION
12
-12
-2007
MA
INP
OR
T S
EC
UR
ITY
CO
NF
ER
EN
CE
: T
HE
WE
AK
ES
T L
INK
Sh
eet:
15
INFORMATION CLOCK
Do we have a common picture?
Is the map up to date?
Do we have experience?
How much waste is gone?
Where are the resources?
12
-12
-2007
MA
INP
OR
T S
EC
UR
ITY
CO
NF
ER
EN
CE
: T
HE
WE
AK
ES
T L
INK
Sh
eet:
16
100% INFORMED
Incident Master, Crisis-Online, Essential Waste.
Users: NCTb, NCC, Alcoa, Dow.
Portal
System A
System B
System C
System D
Systiiiiem E
Information G
Information F
Applications/
Systems
Single Sign On
Windows
GUIFused & Integrated
12
-12
-2007
MA
INP
OR
T S
EC
UR
ITY
CO
NF
ER
EN
CE
: T
HE
WE
AK
ES
T L
INK
Sh
eet:
17
100% INFORMED
Quality Mgmt
Integrated Enterprise Risk Management - Dynamic Process Management
Activiteit
Subproces
Proces
Procesmodel
Rol
Functie
Organisatiemodel
Competenties
Medewerker
Module
Applicatie
Applicatiemodel
Data
Entiteiten (& Relaties)
Datamodel
Financial
Risks
Strategic
Risks
Operation
al
Risks
Hazard
Risks
Act
ivity
Time objective
Incident response plan
Crisis Management plan
Recovery plan
Act
ivity
Time objective
Incident response plan
Crisis Management plan
Recovery plan
Dynamic Risk Management - Think Global – Act Local
Process EngineeringFire EnvironmentSafety
Inventory
Audit
Risk Evaluation
Measures
Plan & Follow up
Inventory
Audit
Risk Evaluation
Measures
Plan & Follow up
Inventory
Audit
Risk Evaluation
Measures
Plan & Follow up
Inventory
Audit
Evaluation
(Re-)engineer
Simulation &
Implementation
Dynamic improvement
Security
Inventory
Audit
Risk Evaluation
Measures
Plan & Follow up
12
-12
-2007
MA
INP
OR
T S
EC
UR
ITY
CO
NF
ER
EN
CE
: T
HE
WE
AK
ES
T L
INK
Sh
eet:
18
COORDINATION CLOCK
What is the status?
Are you in control of the press?
Who is in charge?
Please verify that …
Give me a report please?
12
-12
-2007
MA
INP
OR
T S
EC
UR
ITY
CO
NF
ER
EN
CE
: T
HE
WE
AK
ES
T L
INK
Sh
eet:
19
100% COORDINATION
Essential Suite, RiskMatrix
Users: NCTb, NCC, Prisons, BP, DAF
12
-12
-2007
MA
INP
OR
T S
EC
UR
ITY
CO
NF
ER
EN
CE
: T
HE
WE
AK
ES
T L
INK
Sh
eet:
20
100% COORDINATION
12
-12
-2007
MA
INP
OR
T S
EC
UR
ITY
CO
NF
ER
EN
CE
: T
HE
WE
AK
ES
T L
INK
Sh
eet:
21
“How you manage information determines whether you win or lose. Information flow must be rapid and
accurate so organizations can act faster, make more informed decisions, react to unplanned events and close the gap on
customer responsiveness.”
Bill Gates
12
-12
-2007
MA
INP
OR
T S
EC
UR
ITY
CO
NF
ER
EN
CE
: T
HE
WE
AK
ES
T L
INK
Sh
eet:
22
MANAGE YOUR SECURITY DASHBOARD
TO FIX YOUR WEAKEST LINKS
12
-12
-2007
MA
INP
OR
T S
EC
UR
ITY
CO
NF
ER
EN
CE
: T
HE
WE
AK
ES
T L
INK
Sh
eet:
23
ISSUE OF THIS TALK
Our security is no stronger as its weakest link!
Thank you, Jan Otten
BE PREPARED!