Somerson, Ira Dec 0704

27
IDENTIFYING THREATS IN A GLOBAL MARKETPLACE IDENTIFYING THREATS IN A GLOBAL MARKETPLACE Ira S. Somerson, BCFE, CPP Ira S. Somerson, BCFE, CPP Loss Management Consultants, Inc. Loss Management Consultants, Inc. stitute for Global Management Stud stitute for Global Management Stud And Temple CIBER And Temple CIBER Global Security Concerns Global Security Concerns October 2 & 3, 2003 October 2 & 3, 2003 The Philadelphia Federal Reserve The Philadelphia Federal Reserve

TAGS:

description

Global Security ConcernsGlobalSecurityConcerns October 2 & 3, 2003October2&3,2003 The Philadelphia Federal ReserveThePhiladelphiaFederalReserve IDENTIFYING THREATS IN A GLOBAL MARKETPLACEIDENTIFYINGTHREATSINAGLOBALMARKETPLACE Ira S. Somerson, BCFE, CPPIraS.Somerson,BCFE,CPP Loss Management Consultants, Inc.LossManagementConsultants,Inc. Overseas Security Advisory CouncilOverseasSecurityAdvisoryCouncil LMCLMC™™

Transcript of Somerson, Ira Dec 0704

Page 1: Somerson, Ira Dec 0704

IDENTIFYING THREATS IN A GLOBAL MARKETPLACEIDENTIFYING THREATS IN A GLOBAL MARKETPLACEIra S. Somerson, BCFE, CPPIra S. Somerson, BCFE, CPP

Loss Management Consultants, Inc.Loss Management Consultants, Inc.

Institute for Global Management StudiesInstitute for Global Management StudiesAnd Temple CIBERAnd Temple CIBER

Global Security ConcernsGlobal Security ConcernsOctober 2 & 3, 2003October 2 & 3, 2003

The Philadelphia Federal ReserveThe Philadelphia Federal Reserve

Page 2: Somerson, Ira Dec 0704

““The regulatory, ethical, and legalThe regulatory, ethical, and legalframework that provide protectionsframework that provide protections

to us and individuals and to ourto us and individuals and to ourbusiness activities at home do notbusiness activities at home do not

apply abroad.” apply abroad.”

Overseas Security Advisory CouncilOverseas Security Advisory Council

LMCLMC™™

Page 3: Somerson, Ira Dec 0704

Western EuropeWestern Europe 28%28%Latin AmericaLatin America 22%22%Far East/Pacific Is.Far East/Pacific Is. 14%14%

Mid East/No AfricaMid East/No Africa 11%11%

Eastern EuropeEastern Europe 9%9%South/Central AsiaSouth/Central Asia 9%9%Sub Saharan AfricaSub Saharan Africa 7%7%

THREATS BY REGIONTHREATS BY REGION2003 to Date2003 to Date

LMCLMC™™Overseas Security Advisory Council - 2003Overseas Security Advisory Council - 2003

Page 4: Somerson, Ira Dec 0704

Fast FoodFast Food 35%35%ReligiousReligious 17%17%Soft DrinkSoft Drink 10%10%OilOil 9%9%RetailRetail 9%9%FinancialFinancial 8%8%HotelHotel 4%4%AirlineAirline 4%4%OtherOther 4%4%

THREATS BY INDUSTRY: 2003 to DateTHREATS BY INDUSTRY: 2003 to Date

LMCLMC™™Overseas Security Advisory Council - 2003Overseas Security Advisory Council - 2003

Page 5: Somerson, Ira Dec 0704

THREATS TO BE CONSIDERED IN ANTHREATS TO BE CONSIDERED IN AN INTERNATIONAL ENVIRONMENT INTERNATIONAL ENVIRONMENT

TERRORISMTERRORISM PERSONAL SECURITYPERSONAL SECURITY PERSONNEL SECURITYPERSONNEL SECURITY PHYSICAL SECURITY OF FACILITYPHYSICAL SECURITY OF FACILITY INFORMATION AND DATA SECURITYINFORMATION AND DATA SECURITY COMMUNICATIONS SECURITYCOMMUNICATIONS SECURITY INFRASTRUCTURE SECURITYINFRASTRUCTURE SECURITY

LMCLMC™™Overseas Security Advisory Council - 2003Overseas Security Advisory Council - 2003

Page 6: Somerson, Ira Dec 0704

THREATS TO BE CONSIDERED IN ANTHREATS TO BE CONSIDERED IN AN INTERNATIONAL ENVIRONMENT INTERNATIONAL ENVIRONMENT

DISGRUNTLED INSIDERSDISGRUNTLED INSIDERS CIVIL UNREST AND/OR CULTURAL CIVIL UNREST AND/OR CULTURAL

CONFLICTSCONFLICTS CRIMINAL THREATSCRIMINAL THREATS ECONOMIC COMPETITIONECONOMIC COMPETITION ACTS OF INTELLIGENCE SERVICES ACTS OF INTELLIGENCE SERVICES ACTS OF WARACTS OF WAR

LMCLMC™™Overseas Security Advisory Council - 2003Overseas Security Advisory Council - 2003

Page 7: Somerson, Ira Dec 0704

LMCLMC™™

LESSONS FROM RECENTLESSONS FROM RECENTCYBER ATTACK CASE STUDIESCYBER ATTACK CASE STUDIES

CYBER ATTACKS IMMEDIATELY CYBER ATTACKS IMMEDIATELY ACCOMPANY PHYSICAL ATTACKSACCOMPANY PHYSICAL ATTACKS

CYBER ATTACKS ARE INCREASING IN CYBER ATTACKS ARE INCREASING IN VOLUME, SOPHISTICATION, AND VOLUME, SOPHISTICATION, AND COORDINATIONCOORDINATION

CYBER ATTACKERS ARE ATTRACTED TO CYBER ATTACKERS ARE ATTRACTED TO HIGH VALUE TARGETSHIGH VALUE TARGETS

IIINSTITUTE FOR SECURITY TECHNOLOGY STUDIESINSTITUTE FOR SECURITY TECHNOLOGY STUDIES

AT DARTMOUTH COLLEGE, 9/22/01AT DARTMOUTH COLLEGE, 9/22/01

Page 8: Somerson, Ira Dec 0704

LMCLMC™™

POTENTIAL SOURCES OFPOTENTIAL SOURCES OFCYBER ATTACKESCYBER ATTACKES

TERRORIST GROUPSTERRORIST GROUPS TERRORIST SYMPATHIZERS AND ANTI-TERRORIST SYMPATHIZERS AND ANTI-

U.S. HACKERSU.S. HACKERS TARGETED NATION-STATESTARGETED NATION-STATES THRILL SEEKERSTHRILL SEEKERS

INSTITUTE FOR SECURITY TECHNOLOGY STUDIESINSTITUTE FOR SECURITY TECHNOLOGY STUDIESAT DARTMOUTH COLLEGE, 9/22/01AT DARTMOUTH COLLEGE, 9/22/01

Page 9: Somerson, Ira Dec 0704

LMCLMC™™

CYBER ATTACKERS HAVE RECENTLY:CYBER ATTACKERS HAVE RECENTLY:

DEFACED ELECTRONIC INFORMATION DEFACED ELECTRONIC INFORMATION SITES IN THE UNITED STATES AND SITES IN THE UNITED STATES AND ALLIED COUNTRIES AND SPREAD ALLIED COUNTRIES AND SPREAD DISINFORMATION AND PROPAGANDA.DISINFORMATION AND PROPAGANDA.

INSTITUTE FOR SECURITY TECHNOLOGY STUDIESINSTITUTE FOR SECURITY TECHNOLOGY STUDIESAT DARTMOUTH COLLEGE, 9/22/01AT DARTMOUTH COLLEGE, 9/22/01

Page 10: Somerson, Ira Dec 0704

LMCLMC™™

CYBER ATTACKERS HAVE RECENTLY:CYBER ATTACKERS HAVE RECENTLY:

INSTITUTE FOR SECURITY TECHNOLOGY STUDIESINSTITUTE FOR SECURITY TECHNOLOGY STUDIESAT DARTMOUTH COLLEGE, 9/22/01AT DARTMOUTH COLLEGE, 9/22/01

DENIED SERVICE TO LEGITIMATE DENIED SERVICE TO LEGITIMATE COMPUTER USERS IN THE U.S. AND COMPUTER USERS IN THE U.S. AND ABROAD BY USE OF:ABROAD BY USE OF: WORMSWORMS VIRUSESVIRUSES OTHER COMPUTER WEAKNESSESOTHER COMPUTER WEAKNESSES

Page 11: Somerson, Ira Dec 0704

LMCLMC™™

CYBER ATTACKERS HAVE RECENTLY:CYBER ATTACKERS HAVE RECENTLY:

COMMITTED UNAUTHORIZED COMMITTED UNAUTHORIZED INTRUSIONS INTO SYSTEMS AND INTRUSIONS INTO SYSTEMS AND NETWORKS BELONGING TO THE NETWORKS BELONGING TO THE UNITED STATES AND ALLIED UNITED STATES AND ALLIED COUNTRIES, RESULTING IN CRITICAL COUNTRIES, RESULTING IN CRITICAL INFRASTRUCCTURE OUTAGES AND INFRASTRUCCTURE OUTAGES AND CORRUPTION OF VITAL DATA.CORRUPTION OF VITAL DATA.

INSTITUTE FOR SECURITY TECHNOLOGY STUDIESINSTITUTE FOR SECURITY TECHNOLOGY STUDIESAT DARTMOUTH COLLEGE, 9/22/01AT DARTMOUTH COLLEGE, 9/22/01

Page 12: Somerson, Ira Dec 0704

ONLINE RESOURCESONLINE RESOURCES www.cert.org (The Carnegie Mellon Computer

Emergency Response Team) www.fedcirc.gov (The Federal Computer Incident

Response Center) www.incidents.org (community and business

collaboration of victimization) www.ists.dartmouth.edu (The Institute for Security

Technology Studies at Dartmouth) www.nipe.gov (The National Infrastructure Protection

Center) www.sans.org (The System Administration,

Networking and Security)LMCLMC™™

http://www.cert.org/
http://www.fedcirc.gov/
http://www.incidents.org/
http://www.ists.dartmouth.edu/
http://www.nipe.gov/
http://www.sans.org/
Page 13: Somerson, Ira Dec 0704

RISK, THREAT & VULNERABILITY RISK, THREAT & VULNERABILITY CONSIDERATIONSCONSIDERATIONS

THREAT = INTENT + CAPABILITYTHREAT = INTENT + CAPABILITY CAPABILITY = TOOLS + KNOWLEDGECAPABILITY = TOOLS + KNOWLEDGE RISK = THREAT + RISK = THREAT +

COUNTERMEASURESCOUNTERMEASURES HOW HOW OFTENOFTEN WILL THE RISK OCCUR? WILL THE RISK OCCUR?

LMCLMC™™Overseas Security Advisory Council - 2003Overseas Security Advisory Council - 2003

Page 14: Somerson, Ira Dec 0704

SECURITY RISK COSTSSECURITY RISK COSTS LEGAL & DAMAGE CONTROLLEGAL & DAMAGE CONTROL EXPECTED REVENUE LOSSEXPECTED REVENUE LOSS

SHAREHOLDER VALUESHAREHOLDER VALUE REPUTATION (GOOD WILL)REPUTATION (GOOD WILL)

LOSS OF PRODUCTIVITYLOSS OF PRODUCTIVITY MARKET SHARE & TIMINGMARKET SHARE & TIMING

RELATIONSHIPS WITH CONTRACTORSRELATIONSHIPS WITH CONTRACTORS

LMCLMC™™

Page 15: Somerson, Ira Dec 0704

FINANCIAL IMPACT FINANCIAL IMPACT OF SECURITY LOSSESOF SECURITY LOSSES

IMPACT TO OTHER PRODUCT DESIGNIMPACT TO OTHER PRODUCT DESIGN EMPLOYEE MORALEEMPLOYEE MORALE

COST TO SERCURE (AFTER THE FACT)COST TO SERCURE (AFTER THE FACT) RESEARCH & DEVELOPMENT RESEARCH & DEVELOPMENT

SPECIAL EQUIPMENT CAPITALIZEDSPECIAL EQUIPMENT CAPITALIZED STAFF RECRUITING & TRAININGSTAFF RECRUITING & TRAINING

OVERHEAD COSTSOVERHEAD COSTS DEBT SERVICEDEBT SERVICE

LMCLMC™™

Page 16: Somerson, Ira Dec 0704

COST OF PROGRAMCOST OF PROGRAM

PREDICTABILITY OFPREDICTABILITY OFLOSSLOSS

COMPUTATION OFCOMPUTATION OFINFORMATION LOSSINFORMATION LOSS

NET PRESENT LOSSNET PRESENT LOSS ORORNET PRESENT GAINNET PRESENT GAIN

NET PRESENT VALUENET PRESENT VALUE

LMCLMC™™

Page 17: Somerson, Ira Dec 0704

EXAMPLEEXAMPLECOST OF ONECOST OF ONEINFORMATION LOSSINFORMATION LOSS $1,000,000.00 $1,000,000.00

COST DIVIDED BY POTENTIALCOST DIVIDED BY POTENTIALFOR LOSS TO OCCUR OVER AFOR LOSS TO OCCUR OVER ATEN-YEAR PERIOD. IF ONLYTEN-YEAR PERIOD. IF ONLYONCE, DIVIDE BY 10=COST/YRONCE, DIVIDE BY 10=COST/YR 100,000.00 100,000.00

LESS COST OF PROGRAM/YR LESS COST OF PROGRAM/YR 75,000.00 75,000.00

NET PRESENT VALUE -------------------- $ 25,000.00NET PRESENT VALUE -------------------- $ 25,000.00

LMCLMC™™

Page 18: Somerson, Ira Dec 0704

SECURITY OBJECTIVESSECURITY OBJECTIVES DETERDETER DETECTDETECT DELAYDELAY RESPONDRESPOND RECOVERRECOVER

LMCLMC™™

Page 19: Somerson, Ira Dec 0704

THE MISSION OF NTERNATIONAL THE MISSION OF NTERNATIONAL SECURITY MANAGEMENTSECURITY MANAGEMENT

RRIISSKK

SSEECCUURRIITTYY

AATTTT IITTUUDDEE

CCHHAANNCCEE

LMCLMC™™

Page 20: Somerson, Ira Dec 0704

THE MISSION OF NTERNATIONAL THE MISSION OF NTERNATIONAL SECURITY MANAGEMENTSECURITY MANAGEMENT

PEOPLEPEOPLE INFORMATIONINFORMATION PROPERTYPROPERTY REPUTATIONREPUTATION

SECURTY OF:SECURTY OF: RR

IISSKK

SS EE CC UU RR II TT YY ATTITUDEATTITUDE

CHANCECHANCE

LMCLMC™™

Page 21: Somerson, Ira Dec 0704

RISK ASSESSMENTRISK ASSESSMENTTHE ART AND THE ART AND

SCIENCE OF SCIENCE OF MEASURING THE MEASURING THE

FORESEEABILITY FORESEEABILITY OF EVENTS OF EVENTS

AFFECTING THE AFFECTING THE SAFETY AND SAFETY AND SECURITY OF SECURITY OF

ASSETS ASSETS LMCLMC™™

Page 22: Somerson, Ira Dec 0704

EXAMPLES OF WHAT A RISK EXAMPLES OF WHAT A RISK ASSESSMENT SHOULD CONSIDERASSESSMENT SHOULD CONSIDER

INTELLIGENCE GATHERINGINTELLIGENCE GATHERING OPERATIONAL ASPECTS OF THE OPERATIONAL ASPECTS OF THE

ASSET/FACILITY ASSET/FACILITY NATURE OF NEIGHBORING FACILITIES NATURE OF NEIGHBORING FACILITIES

(OR TENANTS)(OR TENANTS) ACCESS ROADS TO FACILITYACCESS ROADS TO FACILITY

LMCLMC™™

Page 23: Somerson, Ira Dec 0704

EXAMPLES OF WHAT A RISK EXAMPLES OF WHAT A RISK ASSESSMENT SHOULD CONSIDERASSESSMENT SHOULD CONSIDER

LMCLMC™™

ORGANIZATION’S INCIDENT HISTORY ORGANIZATION’S INCIDENT HISTORY AND ABILITY TO ANALYZE THE DATAAND ABILITY TO ANALYZE THE DATA

FACILITY MANAGEMENT EFFICIENCYFACILITY MANAGEMENT EFFICIENCY EFFICIENCY OF EXISTING SECURITY EFFICIENCY OF EXISTING SECURITY

STRATEGYSTRATEGY

Page 24: Somerson, Ira Dec 0704

HOW DO WE DETER, DETECT, DENY, HOW DO WE DETER, DETECT, DENY, RESPOND TO AND/OR RECOVER RESPOND TO AND/OR RECOVER

FROM ATTACKS?FROM ATTACKS? TECHNOLOGY MANAGEMENTTECHNOLOGY MANAGEMENT PROCEDURAL MANAGEMENTPROCEDURAL MANAGEMENT SECURITY AWARENESSSECURITY AWARENESS INTELLIGENCE GATHERING AND INTELLIGENCE GATHERING AND

ANALYSISANALYSIS LAW ENFORCEMENT MANAGEMENTLAW ENFORCEMENT MANAGEMENT

LMCLMC™™

Page 25: Somerson, Ira Dec 0704

STANDARD SECURITY STANDARD SECURITY INDUSTRY PRACTICESINDUSTRY PRACTICES

PUBLISH SECURITY GUIDELINESPUBLISH SECURITY GUIDELINES PREPARE SUPPORT MATERIALSPREPARE SUPPORT MATERIALS

EMPLOYEE & CONTRACTOR(NEW & EMPLOYEE & CONTRACTOR(NEW & EXISTING) ORIENTATIONEXISTING) ORIENTATION

SECURITY AWARENESS TRAININGSECURITY AWARENESS TRAINING

SECURITY PROJECTSSECURITY PROJECTS

LMCLMC™™

Page 26: Somerson, Ira Dec 0704

THE MISSING LINKTHE MISSING LINK PAY ATTENTION TO PAY ATTENTION TO

GOVERNMENT ALERT GOVERNMENT ALERT LEVELS.LEVELS.

CARE ENOUGH TO CARE ENOUGH TO REPORTREPORT SOMETHING THAT SOMETHING THAT DOESN’T LOOK RIGHT TO DOESN’T LOOK RIGHT TO YOU!YOU!

BE AWARE BUT NOT BE AWARE BUT NOT PARANOIDPARANOID

LMCLMC™™

Page 27: Somerson, Ira Dec 0704

WHAT WHAT YOUYOU CAN DO? CAN DO?

LMCLMC™™

BECOME PART OF THE BECOME PART OF THE SOLUTIONSOLUTION

VS.VS.BEING PART OF BEING PART OF THE PROBLEMTHE PROBLEM


TIAA-CREF FUNDS ROTH IRA CONVERSION · PDF fileROTH IRA CONVERSION FORM/ADOPTION AGREEMENT (RETAIL CLASS ONLY ... Traditional Contributory IRA Traditional Rollover IRA 4. ... Existing

TIAA-CREF FUNDS ROTH IRA CONVERSION · PDF fileROTH IRA CONVERSION FORM/ADOPTION AGREEMENT (RETAIL CLASS ONLY ... Traditional Contributory IRA Traditional Rollover IRA 4. ... Existing

Self directed ira llc new standard ira

Self directed ira llc new standard ira

The AllianceBernstein IRA and Roth IRA Application · PDF fileINDIVIDUAL RETIREMENT ACCOUNT IRA Application ... o convert a Traditional IRA to a Roth IRA, ... complete and return the

The AllianceBernstein IRA and Roth IRA Application · PDF fileINDIVIDUAL RETIREMENT ACCOUNT IRA Application ... o convert a Traditional IRA to a Roth IRA, ... complete and return the

ENGG DEC 0704.doc

ENGG DEC 0704.doc

Gold IRA Investing | Rollover into a Gold IRA

Gold IRA Investing | Rollover into a Gold IRA

Understanding IRA distributions - ABS Agentsabsagents.com/.../Understanding-IRA-Distributions...IRA basics: traditional vs. Roth Traditional IRA All distributions from traditional

Understanding IRA distributions - ABS Agentsabsagents.com/.../Understanding-IRA-Distributions...IRA basics: traditional vs. Roth Traditional IRA All distributions from traditional

Roth IRA vs. Traditional IRA - Exploring Your IRA Options€¦ · *A Roth IRA qualified distribution occurs when money is withdrawn from your Roth IRA after you have owned a Roth

Roth IRA vs. Traditional IRA - Exploring Your IRA Options€¦ · *A Roth IRA qualified distribution occurs when money is withdrawn from your Roth IRA after you have owned a Roth

Traditional IRA/Roth IRA - seaportsecurities.com · 6 TRADITIONAL IRA/ROTH IRA Tax-free earnings for life A Roth IRA is different from a Traditional IRA. Unlike a Traditional IRA,

Traditional IRA/Roth IRA - seaportsecurities.com · 6 TRADITIONAL IRA/ROTH IRA Tax-free earnings for life A Roth IRA is different from a Traditional IRA. Unlike a Traditional IRA,

The French Revolution - Ça ira! Ça ira! (Edith Piaf) Ça ira! – Ça ira, ça ira! Les aristocrates à la lanterne! – Song dates from the Revolution itself.

The French Revolution - Ça ira! Ça ira! (Edith Piaf) Ça ira! – Ça ira, ça ira! Les aristocrates à la lanterne! – Song dates from the Revolution itself.

Cass, David Dec 0704

Cass, David Dec 0704

Morgan Stanley Institutional IRA Application and Adoption … · 2020. 8. 16. · roth ira traditional ira sep transfer from other roth ira sponsor to roth ira (791) roth ira conversion

Morgan Stanley Institutional IRA Application and Adoption … · 2020. 8. 16. · roth ira traditional ira sep transfer from other roth ira sponsor to roth ira (791) roth ira conversion

bitsberger Dec 0704

bitsberger Dec 0704

IDENTIFYING THREATS IN A GLOBAL MARKETPLACE Ira S. Somerson, BCFE, CPP Loss Management Consultants, Inc. Institute for Global Management Studies And Temple.

IDENTIFYING THREATS IN A GLOBAL MARKETPLACE Ira S. Somerson, BCFE, CPP Loss Management Consultants, Inc. Institute for Global Management Studies And Temple.

IRA Accounts - Midland Application Package · • IRA (Using Midland IRA as Custodian for Equities Account, or for Equities and Futures Account*) IRA Accounts - Midland Application

IRA Accounts - Midland Application Package · • IRA (Using Midland IRA as Custodian for Equities Account, or for Equities and Futures Account*) IRA Accounts - Midland Application

Bernoulli 0704

Bernoulli 0704

2612 Product Info 0704

2612 Product Info 0704

IRA Rollover Guide F - LPL Financial › ... › disclosures › IRA-Rollover-Guide.pdfto roll assets 4to an IRA. The IRA Rollover Guide The objective of the IRA Rollover Guide is

IRA Rollover Guide F - LPL Financial › ... › disclosures › IRA-Rollover-Guide.pdfto roll assets 4to an IRA. The IRA Rollover Guide The objective of the IRA Rollover Guide is

IRA INVESTMENT GUIDE - American Hartford Gold Group · The IRA can be funded through an IRA to IRA transfer. Simply complete the Transfer Request form included in the IRA Kit. Mail

IRA INVESTMENT GUIDE - American Hartford Gold Group · The IRA can be funded through an IRA to IRA transfer. Simply complete the Transfer Request form included in the IRA Kit. Mail

PART 1. IRA OWNER PART 2. IRA TRUSTEE IRA Application.pdfis a transfer from my deceased spouse’s Traditional IRA and the assets were removed from the IRA in any year after death.

PART 1. IRA OWNER PART 2. IRA TRUSTEE IRA Application.pdfis a transfer from my deceased spouse’s Traditional IRA and the assets were removed from the IRA in any year after death.

York Antwerp Rules 0704

York Antwerp Rules 0704