Risk Management for U.S. State Department Securing U.S. Missions Overseas

Size: px
Start display at page:

Download "Risk Management for U.S. State Department Securing U.S. Missions Overseas"

Transcription

1 March 14, 2014 Risk Management for U.S. State Department Securing U.S. Missions Overseas Being on the front lines of U.S. national security has always been inherently risky; however, we strive to mitigate this risk to the maximum extent possible (DS) advances American interests and foreign policy We do this by maintaining a security program that includes analyzing threats, managing the security situation, and mitigating risks. Gregory B. Starr, Acting Assistant Secretary for Diplomatic Security, Bureau of Diplomatic Security Statement to the Senate Foreign Relations Committee, July 16, 2013 Introduction American diplomats have faced threats overseas since before the formation of the United States. For example, when John Adams sailed on board the Continental Navy frigate Boston in 1778, he faced the threat of trans- Atlantic travel, as well as the threat from His Majesty s Royal Navy, eager to capture or sink a colonial vessel. Nevertheless, our Founding Father faced the risk unflinchingly. Eventually, Adams secured the recognition, and the credit, of our burgeoning nation at The Hague in Those negotiations proved vital to the American cause, and the risk Adams faced was ultimately proven to be justified. Today, U.S. Diplomatic efforts overseas are just as important, but understanding the risk, and mitigating that risk intelligently, has never been so complex or so challenging. The modern international threat landscape, as reported in the U.S. media, can seem confusing and overwhelming, especially in an era of Expeditionary Diplomacy. While risk to diplomatic efforts is manageable, it is no longer enough simply to be reactive, or to rely on the lessons learned of past events. Diplomatic efforts in complex environments must focus security resources on proactive solutions, realtime situational awareness, and crisis and continuity preparedness. Moreover, a clear and documented enterprise risk management program, that is understood and embraced by all of State Department security professionals, diplomats, and the foreign officers alike is required. Risk Management the Panel determined that there is no formal risk management model in place for use by either DS or the Department Where risk management is not mainstreamed and understood by program and security managers across an organization, security is seen as an impediment to mission accomplishment rather than as an operational enabler. A risk management model makes it possible for an organization to identify security measures and resources required to achieve mission objectives and then determine the level of risk it is willing to accept to accomplish those objectives. 1 A quick Internet search will illustrate that there are numerous risk management models utilized within the security profession. Nevertheless, most models contain the following four general steps: Identify Risk; Prioritize Risk; Implement Countermeasures; and Measure Results. The models are usually visualized as a circle, as there is a cyclical nature to a methodology that is always looking for the new or emerging risk. Identify Risk Measure Results Prioritize Risk Implement Countermeasures 1 Report of The Independent Panel on Best Practices, Washington, DC, 29, August,

2 However, our online search would also show that the term risk is often not clearly defined or understood. So first, we must answer the question: What is Risk? First, risk can take many shapes, not just what some might often think, i.e., physical security risk. Risk can also relate to human capital, information, resiliency, and reputation/public relations, among many others. Second, risk is generally defined as a function of threat arrayed against vulnerabilities. In addition, most well developed risk assessment systems incorporate additional sophisticated variables, particularly the notion of criticality of a person, place or thing in a system of systems. Therefore, for our purposes here, risk is defined as: vulnerability include location, accessibility, adequacy of security, and availability, periodicity, or duration of the potential target. Therefore, a robust risk management program will identify and prioritize risk understanding the underlying issues of criticality, threat, and vulnerability and then move to mitigate the risk through countermeasures. Countermeasures are actions, devices, systems, or capabilities deployed to reduce or mitigate risk. Implementing countermeasures will generally attempt to affect either a threat (offensive) or a vulnerability (defensive) in order to reduce the overall risk score. Risk = Criticality x Threat x Vulnerability Criticality: The U.S. Department of Homeland Security defines criticality as, a systematic approach to identify and evaluate important or critical assets. Criticality assessments help planners determine the relative importance of assets, helping to prioritize the allocation of resources to the most critical assets. Threat: A threat assessment is a systematic effort to identify and evaluate existing or potential threats to a person, place or thing and its associated components. Due to the difficulty in assessing threat capabilities, intentions, and triggers, threat assessments often yield only general information and can lack details such as timing or the specific target. Threat assessments are compiled from comprehensive and rigorous research and analysis. These assessments consider the full spectrum of threats such as natural disasters, disease, criminal activity, political violence, and insider compromise. Vulnerability: A vulnerability assessment is the identification of weaknesses in physical structures, personnel protection systems, processes, or other areas that may be intentionally or unintentionally exploited by potential threats. Vulnerability is difficult to measure objectively. Factors to consider when determining Risk Mitigation It is important to note that no risk management program is a risk elimination program no matter how many countermeasures are applied, there will always be a residual risk, as risk never simply goes away. If we consider operating in complex environments, the goal of a well-developed and well-executed risk management program is to reduce the residual risk to an acceptable level, always weighted against the cost in terms of time, resources, dollars, and/or energy of the necessary countermeasures. To continue to operate under difficult circumstances in an age of Expeditionary Diplomacy, there will always have to be a degree of risk acceptance based on this cost-benefit analysis process. U.S. State Department personnel who volunteer to operate in austere and complex environments implicitly accept that there may be risk to their physical safety. Those individuals rely on the dedicated security professionals of the Bureau of Diplomatic Security 2

3 to reduce that risk to an acceptable level. In order to accomplish this goal, there must be a clear and uniform risk management system, with a common lexicon, that all of State Department understands and embraces. TorchStone Page believes that any good risk management program should begin with a foundation of solid intelligence, so that threats are discovered and identified. The remainder of this paper will discuss two potential intelligence solutions that help to identify threat, and hence risk. Enhanced Intelligence for Risk Management Intelligence Within A review of relevant documents confirmed that the intelligence community did not possess intelligence indicating planning or intentions for an attack on the Benghazi facility on or about September 11, Engaged local security workers--whether directly employed by the government or through a contractor- -can be an intelligence goldmine at U.S. missions overseas. When effectively developed, local staff can become a primary source feed delivering real-time, accurate, and insightful information regarding local opinions, attitudes, and even activities. Under thoughtful management, locally employed workers can even act as an early warning system to shifts in public opinion that could have adverse consequences for the U.S. State Department operating in unstable environments. In order for such an intelligence asset to bear fruit, first, the relationship must be one of mutual respect, dignity, and trust. Second, there must be an esprit de corps and a sense of being part of something larger than self among the employees. However, such loyalty the kind that will stand and fight in the face of grave danger can only be developed over time via team building, training, health care initiatives, and ongoing cultural sensitivity. To start, competitive financial remuneration levels certainly can assist with promoting loyalty in the early stages of employment. Money cannot be the end of the process, but employees that develop a vested interest in the continuing operation of their workplace are far more likely to provide advance warning of any intelligence that will protect their own livelihood. The importance of delivering developmental training should not be overlooked when fostering relationships with the local workforce. Over the last decade, the team behind TorchStone Page has found that investment in the employee, via training, is greatly appreciated by local staff and forges a strong bond. As those bonds mature, new communication and intelligence channels are opened as a return on investment (ROI). Beyond that, it is a mutually beneficial process: The employee gains new skills, performs better in his/her primary function, shares information readily, and develops a more loyal stance to the employer; and the employer has a security team that is loyal and will be more likely to act decisively in the face of adversity. Social Media Monitoring The [SSCI] Committee urges the DNI and the State Department to conduct a review of the types of intelligence products that INR 1 prepares and to look for ways to make INR s products more timely and responsive to world events, especially those that directly affect State Department personnel. 3 2 Interim Progress Report for the Members of the House Republican Conference on the Events Surrounding the September Terrorist Attacks in Benghazi, Libya. 3 U.S. Senate Select Committee on Intelligence Review of the Terrorist Attacks on U.S. Facilities in Benghazi, Libya, September 11-12, 2012, January 15,

4 In an age of self-publication 140 characters per Tweet via Twitter social media has become a big data source of real-time open source intelligence (OSINT). Smart phones have become ubiquitous not only in the West, but also in emerging and developing regions. The consequences of this fact are two numerous to mention here, and the potential ripple effects are still yet unknown. Nevertheless, as the world saw in the Arab Spring and its aftermath, Twitter, Facebook, Instagram, and other social media platforms can be used for mass communication, as well as coordination of operations, and even command and control purposes. The end result of such mobilization can be a violent and out-ofcontrol protest outside a U.S. Embassy, as was seen in Egypt in September of An incident that seemed to come out of nowhere, and yet, was orchestrated via social media. TorchStone Page, on behalf of private sector clients, has been searching for years for a social media monitoring technology that can provide advanced warning. Unfortunately, most of the highly touted software we have evaluated does little more than tell you what has already happened. At most, these software companies attempt to use analysts to search for trends in the historical data, and then, make predictions based on trending analysis. However, new solutions can now provide the actionable and protective intelligence our clients need to secure their people, facilities, and assets in the midst of real-time events. We believe that PathAR has developed a new generation social media technology that goes far beyond monitoring. The below image shows PathAR s software applied to recent labor strikes in Morocco, but more importantly, it depicts the strong operational links of those groups to local radical jihadists. TorchStone Page recognizes the increasing value that providers like PathAR bring to the development of intelligence, the identification of emerging and new threats, and hence, the important role to be played in a comprehensive risk management program. 4

5 Conclusion We can never truly eliminate all the risks facing our dedicated personnel working overseas to advance U.S. interests. However, as the Department has said, we place the highest priority on the security of our personnel and will continue to take steps, which in some instances includes extraordinary measures, to provide for their safety. 4 In a time of Expeditionary Diplomacy, the State Department finds itself representing the United States in failing and failed states, and in recently toppled states with new and uncertain governments. In recent years, State has even found itself absorbing transitional responsibilities from the U.S Department of Defense in Iraq and Afghanistan. If that is the mission of the State Department, then the mission of the Bureau of Diplomatic Security is to everywhere, ensure that the State Department can carry out its foreign policy missions safely and securely. 5 TorchStone Page believes that a robust, well-developed, and widely embraced risk management program across all of State is absolutely necessary for both of these missions to succeed. Moreover, at the heart of that risk management program should be innovative intelligence technology, services, and solutions. Delivering superior security services through improved intelligence and local engagement. David T. Niccolini Managing Director Washington, DC Mobile: Jeffrey S. Riner Senior Consultant Washington, DC Mobile: James J. Devenney Operations Manager London Mobile: + 44 (0) Bill Miller, Deputy Assistant Secretary of High Threat Posts, Bureau of Diplomatic Security, Statement to the Senate Foreign Relations Committee, July 16,

AT A HEARING ENTITLED THREATS TO THE HOMELAND

AT A HEARING ENTITLED THREATS TO THE HOMELAND STATEMENT OF JAMES B. COMEY DIRECTOR FEDERAL BUREAU OF INVESTIGATION BEFORE THE COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS UNITED STATES SENATE AT A HEARING ENTITLED THREATS TO THE HOMELAND

More information

National Infrastructure Protection Center

National Infrastructure Protection Center National Infrastructure Protection Center Risk Management: An Essential Guide to Protecting Critical Assets November 2002 Summary As organizations increase security measures and attempt to identify vulnerabilities

More information

GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA"

GETTING REAL ABOUT SECURITY MANAGEMENT AND BIG DATA GETTING REAL ABOUT SECURITY MANAGEMENT AND "BIG DATA" A Roadmap for "Big Data" in Security Analytics ESSENTIALS This paper examines: Escalating complexity of the security management environment, from threats

More information

HOMELAND SECURITY INTELLIGENCE RPAD 556

HOMELAND SECURITY INTELLIGENCE RPAD 556 HOMELAND SECURITY INTELLIGENCE RPAD 556 Dr. James E. Steiner Public Service Professor Rockefeller College The University at Albany, SUNY 423 State Street 518 708 4183 Office hours: by appointment Course

More information

UNITED STATES DEPARTMENT OF STATE BUREAU OF DIPLOMATIC SECURITY DIPLOMATIC SECURITY PROTECTS

UNITED STATES DEPARTMENT OF STATE BUREAU OF DIPLOMATIC SECURITY DIPLOMATIC SECURITY PROTECTS UNITED STATES DEPARTMENT OF STATE BUREAU OF DIPLOMATIC SECURITY DIPLOMATIC SECURITY PROTECTS 1 DIPLOMATIC SECURITY PROTECTS The Bureau of Diplomatic Security is the security and law enforcement arm of

More information

The Comprehensive National Cybersecurity Initiative

The Comprehensive National Cybersecurity Initiative The Comprehensive National Cybersecurity Initiative President Obama has identified cybersecurity as one of the most serious economic and national security challenges we face as a nation, but one that we

More information

Energy Industry Cybersecurity Report. July 2015

Energy Industry Cybersecurity Report. July 2015 Energy Industry Cybersecurity Report July 2015 Energy Industry Cybersecurity Report INTRODUCTION Due to information sharing concerns, energy industry cybersecurity information is not readily available.

More information

How To Write A National Cybersecurity Act

How To Write A National Cybersecurity Act ROCKEFELLER SNOWE CYBERSECURITY ACT SUBSTITUTE AMENDMENT FOR S.773 March 17, 2010 BACKGROUND & WHY THIS LEGISLATION IS IMPORTANT: Our nation is at risk. The networks that American families and businesses

More information

DEPARTMENT OF THE AIR FORCE PRESENTATION TO THE SUBCOMMITTEE ON MILITARY PERSONNEL COMMITTEE ON ARMED SERVICES UNITED STATES HOUSE OF REPRESENTATIVES

DEPARTMENT OF THE AIR FORCE PRESENTATION TO THE SUBCOMMITTEE ON MILITARY PERSONNEL COMMITTEE ON ARMED SERVICES UNITED STATES HOUSE OF REPRESENTATIVES DEPARTMENT OF THE AIR FORCE PRESENTATION TO THE SUBCOMMITTEE ON MILITARY PERSONNEL COMMITTEE ON ARMED SERVICES UNITED STATES HOUSE OF REPRESENTATIVES SUBJECT: SUICIDE PREVENTION STATEMENT OF: LIEUTENANT

More information

JOB ANNOUNCEMENT. Chief Security Officer, Cheniere Energy, Inc.

JOB ANNOUNCEMENT. Chief Security Officer, Cheniere Energy, Inc. JOB ANNOUNCEMENT Chief Security Officer, Cheniere Energy, Inc. Position Overview The Vice President and Chief Security Risk Officer (CSRO) reports to the Chairman, Chief Executive Officer and President

More information

Cyber ROI. A practical approach to quantifying the financial benefits of cybersecurity

Cyber ROI. A practical approach to quantifying the financial benefits of cybersecurity Cyber ROI A practical approach to quantifying the financial benefits of cybersecurity Cyber Investment Challenges In 2015, global cybersecurity spending is expected to reach an all-time high of $76.9

More information

NIMS ICS 100.HCb. Instructions

NIMS ICS 100.HCb. Instructions NIMS ICS 100.HCb Instructions This packet contains the NIMS 100 Study Guide and the Test Questions for the NIMS 100 final exam. Please review the Study Guide. Next, take the paper test - record your answers

More information

DEPARTMENT OF THE NAVY HEADQUARTERS UNITED STATES MARINE CORPS 3000 MARINE CORPS PENTAGON WASHINGTON, DC 20350 3000

DEPARTMENT OF THE NAVY HEADQUARTERS UNITED STATES MARINE CORPS 3000 MARINE CORPS PENTAGON WASHINGTON, DC 20350 3000 DEPARTMENT OF THE NAVY HEADQUARTERS UNITED STATES MARINE CORPS 3000 MARINE CORPS PENTAGON WASHINGTON, DC 20350 3000 MCO 3030.1 POC MARINE CORPS ORDER 3030.1 From : To: Commandant of the Marine Corps Distribution

More information

ENTERPRISE RISK MANAGEMENT FRAMEWORK

ENTERPRISE RISK MANAGEMENT FRAMEWORK ROCKHAMPTON REGIONAL COUNCIL ENTERPRISE RISK MANAGEMENT FRAMEWORK 2013 Adopted 25 June 2013 Reviewed: October 2015 TABLE OF CONTENTS 1. Introduction... 3 1.1 Council s Mission... 3 1.2 Council s Values...

More information

Assessment Profile: Establishing Curricular Categories for Homeland Security Education

Assessment Profile: Establishing Curricular Categories for Homeland Security Education Assessment Profile: Establishing Curricular Categories for Homeland Security Education During any examination or assessment of the subject, homeland security, it becomes quite evident that by the definition(s)

More information

TEXAS HOMELAND SECURITY STRATEGIC PLAN 2015-2020: PRIORITY ACTIONS

TEXAS HOMELAND SECURITY STRATEGIC PLAN 2015-2020: PRIORITY ACTIONS TEXAS HOMELAND SECURITY STRATEGIC PLAN 2015-2020: PRIORITY ACTIONS INTRODUCTION The purpose of this document is to list the aligned with each in the Texas Homeland Security Strategic Plan 2015-2020 (THSSP).

More information

Best practices FOR implementing an executive

Best practices FOR implementing an executive Best practices FOR implementing an executive protection program Executive Summary What is Executive Protection? Many executives have bought into common misperceptions about executive protection. As the

More information

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015 JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015 The following consists of the joint explanatory statement to accompany the Cybersecurity Act of 2015. This joint explanatory statement

More information

Hearing before the House Permanent Select Committee on Intelligence. Homeland Security and Intelligence: Next Steps in Evolving the Mission

Hearing before the House Permanent Select Committee on Intelligence. Homeland Security and Intelligence: Next Steps in Evolving the Mission Hearing before the House Permanent Select Committee on Intelligence Homeland Security and Intelligence: Next Steps in Evolving the Mission 18 January 2012 American expectations of how their government

More information

Addressing FISMA Assessment Requirements

Addressing FISMA Assessment Requirements SOLUTION BRIEF Heeding FISMA s Call for Security Metrics and Continuous Network Monitoring Addressing FISMA Assessment Requirements Using RedSeal november 2011 WHITE PAPER RedSeal Networks, Inc. 3965 Freedom

More information

Cybersecurity Enhancement Account. FY 2017 President s Budget

Cybersecurity Enhancement Account. FY 2017 President s Budget Cybersecurity Enhancement Account FY 2017 President s Budget February 9, 2016 Table of Contents Section 1 Purpose... 3 1A Mission Statement... 3 1.1 Appropriations Detail Table... 3 1B Vision, Priorities

More information

Optimizing Network Vulnerability

Optimizing Network Vulnerability SOLUTION BRIEF Adding Real-World Exposure Awareness to Vulnerability and Risk Management Optimizing Network Vulnerability Management Using RedSeal november 2011 WHITE PAPER RedSeal Networks, Inc. 3965

More information

Water Critical Infrastructure and Key Resources Sector-Specific Plan as input to the National Infrastructure Protection Plan Executive Summary

Water Critical Infrastructure and Key Resources Sector-Specific Plan as input to the National Infrastructure Protection Plan Executive Summary Water Critical Infrastructure and Key Resources Sector-Specific Plan as input to the National Infrastructure Protection Plan Executive Summary May 2007 Environmental Protection Agency Executive Summary

More information

Business Continuity Strategies for the Small Business Market

Business Continuity Strategies for the Small Business Market Business Continuity Strategies for the Small Business Market Solutions for Small Business Reports are designed to demonstrate how new technologies enabled by cable providers help small business owners

More information

Human Resource s Role in Crisis Events

Human Resource s Role in Crisis Events Human Resource s Role in Crisis Events Terri Howard, Senior Director FEI Behavioral Health 2013 FEI Behavioral Health All Rights Reserved May, 2013 Human Resource s Role in Crisis Events The ultimate impact

More information

Enterprise Security Tactical Plan

Enterprise Security Tactical Plan Enterprise Security Tactical Plan Fiscal Years 2011 2012 (July 1, 2010 to June 30, 2012) Prepared By: State Chief Information Security Officer The Information Security Council State of Minnesota Enterprise

More information

Campus Security Guidelines. Recommended Operational Policies for Local and Campus Law Enforcement Agencies

Campus Security Guidelines. Recommended Operational Policies for Local and Campus Law Enforcement Agencies Campus Security Guidelines Recommended Operational Policies for Local and Campus Law Enforcement Agencies A project of William J. Bratton, Chief of Police, Los Angeles President, Major Cities Chiefs Association

More information

Attack Intelligence: Why It Matters

Attack Intelligence: Why It Matters Attack Intelligence: Why It Matters WHITE PAPER Core Security +1 617.399-6980 info@coresecurity.com www.coresecurity.com A Proactive Strategy Attacks against your organization are more prevalent than ever,

More information

Legislative Language

Legislative Language Legislative Language SECTION 1. DEPARTMENT OF HOMELAND SECURITY CYBERSECURITY AUTHORITY. Title II of the Homeland Security Act of 2002 (6 U.S.C. 121 et seq.) is amended (a) in section 201(c) by striking

More information

HOW WELL DO YOU KNOW YOUR PROSPECTS?

HOW WELL DO YOU KNOW YOUR PROSPECTS? In today s turbulent economy, with most sales and marketing teams striving to build a robust sales pipeline regardless of industry, it is more important than ever before to effectively identify appropriate

More information

QUALITY TOOLBOX. Creating a Complete Business Management System. Many organizations have separate environmental management. Integrating environmental,

QUALITY TOOLBOX. Creating a Complete Business Management System. Many organizations have separate environmental management. Integrating environmental, QUALITY TOOLBOX Creating a Complete Business Management System Many organizations have separate environmental management and occupational, health, and safety management systems. They are defined as being

More information

Continuous Network Monitoring

Continuous Network Monitoring Continuous Network Monitoring Eliminate periodic assessment processes that expose security and compliance programs to failure Continuous Network Monitoring Continuous network monitoring and assessment

More information

DEFENSE SECURITY SERVICE

DEFENSE SECURITY SERVICE DEFENSE SECURITY SERVICE DEFENSE SECURITY SERVICE U N I T E D S TAT E S O F A M E R I C A STRATEGIC PLAN 2012-2016 Partnership and Service for a Secure Future TABLE OF CONTENTS Who We Are Vision Values

More information

Chapter 1: An Overview of Emergency Preparedness and Business Continuity

Chapter 1: An Overview of Emergency Preparedness and Business Continuity Chapter 1: An Overview of Emergency Preparedness and Business Continuity After completing this chapter, students will be able to: Describe organization and facility stakeholder needs during and after emergencies.

More information

COUNTERING OVERSEAS THREATS

COUNTERING OVERSEAS THREATS United States Government Accountability Office Report to Congressional Addressees March 2014 COUNTERING OVERSEAS THREATS Gaps in State Department Management of Security Training May Increase Risk to U.S.

More information

Costs of Major U.S. Wars

Costs of Major U.S. Wars Stephen Daggett Specialist in Defense Policy and Budgets June 29, 2010 Congressional Research Service CRS Report for Congress Prepared for Members and Committees of Congress 7-5700 www.crs.gov RS22926

More information

NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY

NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY JANUARY 2012 Table of Contents Executive Summary 1 Introduction 2 Our Strategic Goals 2 Our Strategic Approach 3 The Path Forward 5 Conclusion 6 Executive

More information

The Dow Chemical Company. statement for the record. David E. Kepler. before

The Dow Chemical Company. statement for the record. David E. Kepler. before The Dow Chemical Company statement for the record of David E. Kepler Chief Sustainability Officer, Chief Information Officer, Business Services and Executive Vice President before The Senate Committee

More information

WHITE PAPER AUTOMATED, REAL-TIME RISK ANALYSIS AND REMEDIATION

WHITE PAPER AUTOMATED, REAL-TIME RISK ANALYSIS AND REMEDIATION WHITE PAPER AUTOMATED, REAL-TIME RISK ANALYSIS AND REMEDIATION Table of Contents Executive Summary...3 Vulnerability Scanners Alone Are Not Enough...3 Real-Time Change Configuration Notification is the

More information

Pennsylvania House Veterans Affairs and Emergency Preparedness Public Hearing

Pennsylvania House Veterans Affairs and Emergency Preparedness Public Hearing Pennsylvania House Veterans Affairs and Emergency Preparedness Public Hearing Cyber-Terrorism: The Security of Banking, Financial and Insurance Systems Thursday, October 16, 2003 Pennsylvania Insurance

More information

Leveraging Network and Vulnerability metrics Using RedSeal

Leveraging Network and Vulnerability metrics Using RedSeal SOLUTION BRIEF Transforming IT Security Management Via Outcome-Oriented Metrics Leveraging Network and Vulnerability metrics Using RedSeal november 2011 WHITE PAPER RedSeal Networks, Inc. 3965 Freedom

More information

JOINT STATEMENT COMMISSION ON WARTIME CONTRACTING

JOINT STATEMENT COMMISSION ON WARTIME CONTRACTING JOINT STATEMENT COMMISSION ON WARTIME CONTRACTING TOTAL FORCE POLICY, THE QDR, AND OTHER DEFENSE OPERATIONAL PLANNING: WHY DOES PLANNING FOR CONTRACTORS CONTINUE TO LAG? JULY 12, 2010 Chairman Thibault,

More information

The 5 Cybersecurity Concerns You Can t Overlook

The 5 Cybersecurity Concerns You Can t Overlook The 5 Cybersecurity Concerns You Can t Overlook and how to address them 2014 SimSpace Corporation The 5 Cybersecurity Concerns You Can t Overlook CONCERN 1 You don t know how good your cybersecurity team

More information

Testimony of Dan Nutkis CEO of HITRUST Alliance. Before the Oversight and Government Reform Committee, Subcommittee on Information Technology

Testimony of Dan Nutkis CEO of HITRUST Alliance. Before the Oversight and Government Reform Committee, Subcommittee on Information Technology Testimony of Dan Nutkis CEO of HITRUST Alliance Before the Oversight and Government Reform Committee, Subcommittee on Information Technology Hearing entitled: Cybersecurity: The Evolving Nature of Cyber

More information

THE HUMAN FACTOR AT THE CORE OF FEDERAL CYBERSECURITY

THE HUMAN FACTOR AT THE CORE OF FEDERAL CYBERSECURITY THE HUMAN FACTOR AT THE CORE OF FEDERAL CYBERSECURITY CYBER HYGIENE AND ORGANIZATIONAL PLANNING ARE AT LEAST AS INTEGRAL TO SECURING INFORMATION NETWORKS AS FIREWALLS AND ANTIVIRUS SOFTWARE Cybersecurity

More information

CyberReady Solutions. Integrated Threat Intelligence and Cyber Operations MONTH DD, YYYY SEPTEMBER 8, 2014

CyberReady Solutions. Integrated Threat Intelligence and Cyber Operations MONTH DD, YYYY SEPTEMBER 8, 2014 CR CyberReady Solutions Actionable Insight for the Digital Enterprise Integrated Threat Intelligence and Cyber Operations MONTH DD, YYYY SEPTEMBER 8, 2014 INTELLIGENCE-DRIVEN OPERATIONS The Game Has Changed

More information

DHS, National Cyber Security Division Overview

DHS, National Cyber Security Division Overview DHS, National Cyber Security Division Overview Hun Kim, Deputy Director Strategic Initiatives Information Analysis and Infrastructure Protection Directorate www.us-cert.gov The strategy of DHS, as defined

More information

Statement for the Record by. Dr. Donald M. Kerr. Director, National Reconnaissance Office, Nominee for the Position of

Statement for the Record by. Dr. Donald M. Kerr. Director, National Reconnaissance Office, Nominee for the Position of Statement for the Record by Dr. Donald M. Kerr Director, National Reconnaissance Office, Nominee for the Position of Principal Deputy Director of National Intelligence, before the Senate Select Committee

More information

Internal Audit Practice Guide

Internal Audit Practice Guide Internal Audit Practice Guide Continuous Auditing Office of the Comptroller General, Internal Audit Sector May 2010 Table of Contents Purpose...1 Background...1 Definitions...2 Continuous Auditing Professional

More information

STATEMENT SHAYNE ADAMSKI SENIOR MANAGER OF DIGITAL ENGAGEMENT FEDERAL EMERGENCY MANAGEMENT AGENCY U.S. DEPARTMENT OF HOMELAND SECURITY BEFORE THE

STATEMENT SHAYNE ADAMSKI SENIOR MANAGER OF DIGITAL ENGAGEMENT FEDERAL EMERGENCY MANAGEMENT AGENCY U.S. DEPARTMENT OF HOMELAND SECURITY BEFORE THE STATEMENT OF SHAYNE ADAMSKI SENIOR MANAGER OF DIGITAL ENGAGEMENT FEDERAL EMERGENCY MANAGEMENT AGENCY U.S. DEPARTMENT OF HOMELAND SECURITY BEFORE THE COMMITTEE ON HOMELAND SECURITY SUBCOMMITTEE ON EMERGENCY

More information

Western Washington University Basic Plan 2013. A part of Western s Comprehensive Emergency Management Plan

Western Washington University Basic Plan 2013. A part of Western s Comprehensive Emergency Management Plan 2013 A part of Western s Record of Changes Change # Date Entered Description and Location of Change(s) Person making changes 2 1. PURPOSE, SCOPE, SITUATION OVERVIEW, ASSUMPTIONS AND LIMITATIONS A. PURPOSE

More information

The National Counterintelligence Strategy of the United States

The National Counterintelligence Strategy of the United States The National Counterintelligence Strategy of the United States Office of the National Counterintelligence Executive March 2005 National Counterintelligence Strategy of the United States PREFACE The Counterintelligence

More information

POWERFUL SOFTWARE. FIGHTING HIGH CONSEQUENCE CYBER CRIME. KEY SOLUTION HIGHLIGHTS

POWERFUL SOFTWARE. FIGHTING HIGH CONSEQUENCE CYBER CRIME. KEY SOLUTION HIGHLIGHTS ADVANCED CYBER THREAT ANALYTICS POWERFUL SOFTWARE. FIGHTING HIGH CONSEQUENCE CYBER CRIME. Wynyard Advanced Cyber Threat Analytics (ACTA) is a Pro-active Cyber Forensics solution that helps protect organisations

More information

Risk Management Handbook

Risk Management Handbook Risk Management Handbook 1999 Introduction Risk management is the process of selecting and implementing countermeasures to achieve an acceptable level of risk at an acceptable cost. The analytical risk

More information

Appendix 3 Disaster Recovery Plan

Appendix 3 Disaster Recovery Plan Appendix 3 Disaster Recovery Plan December 13, 2006 Revision XXQwest Government Services, Inc. 4250 North Fairfax DriveArlington, VA 22203(Delete this page)revision history Revision Number Revision Date

More information

The Need to Share: The U.S. Intelligence Community and Law Enforcement

The Need to Share: The U.S. Intelligence Community and Law Enforcement The Need to Share: The U.S. Intelligence Community and Law Enforcement A White Paper prepared by the AFCEA Intelligence Committee April 2007 Serving Intelligence Professionals and their Community The Need

More information

SITUATIONAL AWARENESS MITIGATE CYBERTHREATS

SITUATIONAL AWARENESS MITIGATE CYBERTHREATS Gaining the SITUATIONAL AWARENESS needed to MITIGATE CYBERTHREATS Industry Perspective EXECUTIVE SUMMARY To become more resilient against cyberthreats, agencies must improve visibility and understand events

More information

White Paper: Leveraging Web Intelligence to Enhance Cyber Security

White Paper: Leveraging Web Intelligence to Enhance Cyber Security White Paper: Leveraging Web Intelligence to Enhance Cyber Security October 2013 Inside: New context on Web Intelligence The need for external data in enterprise context Making better use of web intelligence

More information

V: RECOMMENDATIONS TERRORIST ATTACKS ON U.S. FACILITIES IN BENGHAZI

V: RECOMMENDATIONS TERRORIST ATTACKS ON U.S. FACILITIES IN BENGHAZI V: RECOMMENDATIONS TERRORIST ATTACKS ON U.S. FACILITIES IN BENGHAZI Recommendation: The Executive Branch should provide for a central planning and coordination mechanism (likely within an existing entity)

More information

Developing Greater Professionalism in GIS Project Management

Developing Greater Professionalism in GIS Project Management Bill Haaker Senior Project Manager ASI Technologies 1935 Jamboree Drive Colorado Springs, CO 80920 Developing Greater Professionalism in GIS Project Management Introduction Project management is widely

More information

Be Prepared. For Anything. Cyber Security - Confronting Current & Future Threats The role of skilled professionals in maintaining cyber resilience

Be Prepared. For Anything. Cyber Security - Confronting Current & Future Threats The role of skilled professionals in maintaining cyber resilience Cyber Security - Confronting Current & Future Threats The role of skilled professionals in maintaining cyber resilience Mike O Neill Managing Director Graeme McGowan Associate Director of Cyber Security

More information

Keynote Speech. Beth Dugan Deputy Comptroller for Operational Risk. The Clearing House s First Operational Risk Colloquium

Keynote Speech. Beth Dugan Deputy Comptroller for Operational Risk. The Clearing House s First Operational Risk Colloquium Keynote Speech by Beth Dugan Deputy Comptroller for Operational Risk at The Clearing House s First Operational Risk Colloquium February 11, 2015 Washington, D.C. Thank you. It s an honor to be invited

More information

Implementing Program Protection and Cybersecurity

Implementing Program Protection and Cybersecurity Implementing Program Protection and Cybersecurity Melinda Reed Office of the Deputy Assistant Secretary of Defense for Systems Engineering Mark Godino Office of the Deputy Assistant Secretary of Defense

More information

Diligence Management Consultants Company profile. Middle East - Africa - South Asia

Diligence Management Consultants Company profile. Middle East - Africa - South Asia Diligence Management Consultants Company profile Middle East - Africa - South Asia Chapter 1 Who we are Established in 2008 in the United Arab Emirates, Diligence has emerged as the primary security and

More information

September 24, 2015. Mr. Hogan and Ms. Newton:

September 24, 2015. Mr. Hogan and Ms. Newton: Mr. Michael Hogan and Ms. Elaine Newton Office of the Director, Information Technology Laboratory National Institute of Standards and Technology 100 Bureau Drive Mail Stop 8930 Gaithersburg, MD 20899-8930

More information

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA 1 Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand

More information

DIPLOMATIC SECURITY. Overseas Facilities May Face Greater Risks Due to Gaps in Security-Related Activities, Standards, and Policies

DIPLOMATIC SECURITY. Overseas Facilities May Face Greater Risks Due to Gaps in Security-Related Activities, Standards, and Policies United States Government Accountability Office Report to Congressional Committees June 2014 DIPLOMATIC SECURITY Overseas Facilities May Face Greater Risks Due to Gaps in Security-Related Activities, Standards,

More information

DISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES

DISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES APPENDIX 1 DISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES March 2008 Auditor General s Office Jeffrey Griffiths, C.A., C.F.E. Auditor General City of Toronto TABLE OF CONTENTS EXECUTIVE SUMMARY...1

More information

Law Enforcement and Homeland Security Anti-Terrorism Training

Law Enforcement and Homeland Security Anti-Terrorism Training Law Enforcement and Homeland Security Anti-Terrorism Training Our Experience Influences Your Success Florida Department of Law Enforcement A close partnership was developed between FDLE and ASERO while

More information

Countering Violent Extremism (CVE) Working Group Community-Oriented Policing Workshop 22 March 2013 United States Institute of Peace Washington

Countering Violent Extremism (CVE) Working Group Community-Oriented Policing Workshop 22 March 2013 United States Institute of Peace Washington Countering Violent Extremism (CVE) Working Group Community-Oriented Policing Workshop 22 March 2013 United States Institute of Peace Washington Chair s Summary Overview Community-Oriented Policing (COP)

More information

SOCIAL MEDIA LISTENING AND ANALYSIS Spring 2014

SOCIAL MEDIA LISTENING AND ANALYSIS Spring 2014 SOCIAL MEDIA LISTENING AND ANALYSIS Spring 2014 EXECUTIVE SUMMARY In this digital age, social media has quickly become one of the most important communication channels. The shift to online conversation

More information

Re: Joint Working Group on Improving Cybersecurity and Resilience Through Acquisition [Notice- OMA- 2014-01; Docket No. 2014-0002]

Re: Joint Working Group on Improving Cybersecurity and Resilience Through Acquisition [Notice- OMA- 2014-01; Docket No. 2014-0002] April 28, 2014 Ms. Hada Flowers General Services Administration Regulatory Secretariat Division (MVCB) 1800 F Street, NW, 2 nd Floor Washington, DC 20405 Re: Joint Working Group on Improving Cybersecurity

More information

Nine Steps to Smart Security for Small Businesses

Nine Steps to Smart Security for Small Businesses Nine Steps to Smart Security for Small Businesses by David Lacey Co-Founder, Jericho Forum Courtesy of TABLE OF CONTENTS INTRODUCTION... 1 WHY SHOULD I BOTHER?... 1 AREN T FIREWALLS AND ANTI-VIRUS ENOUGH?...

More information

THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS

THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS Download the entire guide and follow the conversation at SecurityRoundtable.org Collaboration and communication between technical

More information

Information Technology Solutions

Information Technology Solutions THE THREAT Organizations are making large investment in cyber defense, but are still in the dark in terms of how they would fare up against one of the simplest attacks that Cyber-criminals use to take

More information

Security Awareness Campaigns Deliver Major, Ongoing ROI

Security Awareness Campaigns Deliver Major, Ongoing ROI Security Awareness Campaigns Deliver Major, Ongoing ROI CONTENTS 01 01 02 04 05 06 Introduction The Challenge Immediate Value Evaluating effectiveness Ongoing value Conclusion INTRODUCTION By this point,

More information

REQUEST FOR INFORMATION

REQUEST FOR INFORMATION Department of Management Services REQUEST FOR INFORMATION Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services 3 September 2015 6506 Loisdale Rd, Ste 325

More information

NYS LOCAL GOVERNMENT VULNERABILITY SCANNING PROJECT September 22, 2011

NYS LOCAL GOVERNMENT VULNERABILITY SCANNING PROJECT September 22, 2011 NYS LOCAL GOVERNMENT VULNERABILITY SCANNING PROJECT September 22, 2011 Executive Summary BACKGROUND The NYS Local Government Vulnerability Scanning Project was funded by a U.S. Department of Homeland Security

More information

Why Crisis Response and Business Continuity Plans Fail

Why Crisis Response and Business Continuity Plans Fail Why Crisis Response and Business Continuity Plans Fail 10 Lessons Learned from Real-World Experience Many organizations invest considerable time, money and effort in developing Crisis Response and Business

More information

NAFSMA Position on Floodplain Management Issues

NAFSMA Position on Floodplain Management Issues National Association of Flood & Stormwater Management Agencies PO Box 56764, Washington, DC 20040 202-289-8625 www.nafsma.org I. Introduction NAFSMA Position on Floodplain Management Issues (Approved on

More information

FREQUENTLY ASKED QUESTIONS

FREQUENTLY ASKED QUESTIONS FREQUENTLY ASKED QUESTIONS Continuous Monitoring 1. What is continuous monitoring? Continuous monitoring is one of six steps in the Risk Management Framework (RMF) described in NIST Special Publication

More information

DoD Strategy for Defending Networks, Systems, and Data

DoD Strategy for Defending Networks, Systems, and Data DoD Strategy for Defending Networks, Systems, and Data November 13, 2013 Department DoDD of Defense Chief Information Officer DoD Strategy for Defending Networks, Systems, and Data Introduction In July

More information

The case for continuous penetration testing

The case for continuous penetration testing The case for continuous penetration testing By Oliver Cromwell, OccamSec Knowing your risk In an ideal world, risk management for an organization would be based on complete knowledge of all the factors

More information

Institutional Policy. Tackling the risk: Handicap International s Safety and Security Policy. Federal Executive Division 2012 IP 05

Institutional Policy. Tackling the risk: Handicap International s Safety and Security Policy. Federal Executive Division 2012 IP 05 Institutional Policy Tackling the risk: Handicap International s Safety and Security Policy Federal Executive Division 2012 IP 05 Institutional Policy Tackling the risk: Handicap International s Safety

More information

IBM index reveals key indicators of business continuity exposure and maturity

IBM index reveals key indicators of business continuity exposure and maturity IBM Global Technology Services Business Continuity and Resiliency Services IBM index reveals key indicators of business continuity exposure and maturity Will a more holistic approach to business continuity

More information

C ETS C/ETS: CYBER INTELLIGENCE + ENTERPRISE SOLUTIONS CSCSS / ENTERPRISE TECHNOLOGY + SECURITY

C ETS C/ETS: CYBER INTELLIGENCE + ENTERPRISE SOLUTIONS CSCSS / ENTERPRISE TECHNOLOGY + SECURITY CSCSS / ENTERPRISE TECHNOLOGY + SECURITY C/ETS: CYBER INTELLIGENCE + ENTERPRISE SOLUTIONS CENTRE FOR STRATEGIC CSCSS CYBERSPACE + SECURITY SCIENCE CSCSS / ENTERPRISE TECHNOLOGY + SECURITY GROUP Information

More information

Subject: Critical Infrastructure Identification, Prioritization, and Protection

Subject: Critical Infrastructure Identification, Prioritization, and Protection For Immediate Release Office of the Press Secretary The White House December 17, 2003 Homeland Security Presidential Directive / HSPD-7 Subject: Critical Infrastructure Identification, Prioritization,

More information

Remarks by. Carolyn G. DuChene Deputy Comptroller Operational Risk. at the

Remarks by. Carolyn G. DuChene Deputy Comptroller Operational Risk. at the Remarks by Carolyn G. DuChene Deputy Comptroller Operational Risk at the Bank Safety and Soundness Advisor Community Bank Enterprise Risk Management Seminar Washington, D.C. October 22, 2012 Good afternoon,

More information

Managed Security Services. Leverage our experienced security operations team to improve your cyber security posture

Managed Security Services. Leverage our experienced security operations team to improve your cyber security posture Managed Security Services Leverage our experienced security operations team to improve your cyber security posture Our approach to Managed Security Services Enterprises spend millions on technology to

More information

CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS

CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS PREPARING FOR ADVANCED CYBER THREATS Cyber attacks are evolving faster than organizations

More information

Counterintelligence Awareness Glossary

Counterintelligence Awareness Glossary Counterintelligence Awareness Glossary Access: The ability and opportunity to obtain knowledge of classified information. Anomaly: Activity r knowledge, outside the norm, that suggests a foreign entity

More information

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team Symantec Cyber Threat Analysis Program Symantec Cyber Threat Analysis Program Team White Paper: Symantec Security Intelligence Services Symantec Cyber Threat Analysis Program Contents Overview...............................................................................................

More information

WORLDWIDE SECURITY PROTECTION

WORLDWIDE SECURITY PROTECTION Worldwide Security Protection Resource Summary ($ in thousands) Appropriations FY 2008 Actual FY 2009 Estimate FY 2010 Request Increase / Decrease Positions 1,458 1,558 1,898 340 Funds 1,178,938 1,313,383

More information

December 17, 2003 Homeland Security Presidential Directive/Hspd-7

December 17, 2003 Homeland Security Presidential Directive/Hspd-7 For Immediate Release Office of the Press Secretary December 17, 2003 December 17, 2003 Homeland Security Presidential Directive/Hspd-7 Subject: Critical Infrastructure Identification, Prioritization,

More information

U.S. Department of Energy Office of Inspector General Office of Audits and Inspections

U.S. Department of Energy Office of Inspector General Office of Audits and Inspections U.S. Department of Energy Office of Inspector General Office of Audits and Inspections Audit Report The Department's Configuration Management of Non-Financial Systems OAS-M-12-02 February 2012 Department

More information

Cyber Security Solutions Integrated. Proactive. Resilient.

Cyber Security Solutions Integrated. Proactive. Resilient. Cyber Security Solutions Integrated. Proactive. Resilient. Between defending against cyber attacks and ensuring mission resilience, there is one important word: HOW Cyber attacks never stop coming. Intrusions

More information

Purpose of the Governor s strategy. Guiding Principles

Purpose of the Governor s strategy. Guiding Principles Purpose of the Governor s strategy The Governor s initiative to develop and implement a State of Tennessee program to counter terrorism within the State is outlined in this document. The primary purpose

More information