Global Security Program Overview

Transcription

1 STATE STREET GLOBAL SECURITY Global Security Program Overview ASIS International Kansas City Chapter March 5, 2015 Stephen D Baker CPP Vice President & Deputy Chief Security Officer

2 About State Street A global leader providing Financial Services to Institutional Investors Fiduciary heritage since 1792 About 29,665 employees in 29 countries Core business managing and servicing financial assets Operating globally in more than 100 geographic markets $28.2 trillion of assets under custody and administration (AUC/A) $2.5 trillion of assets under management (AUM) Our powerful global franchise sets us apart in meeting the needs of Institutional investors 2

3 Financial Services Security Program Advantage State Street is designated as a systemically important financial institution both in the US and Globally Regulated by the SEC Regulated by the Federal Reserve Regulated by many State Organizations Regulated by International Agencies and Authorities Country and State Legislative Oversight Financial Services Critical Infrastructure Strong Corporate Governance Audited by Internal and External Auditors Driven by Strong Control Environment Audited by Customers via Customers Internal and External Auditors 3

4 A strong legacy of protection GLOBAL SECURITY Global Security protects State Street s people, clients, assets, information, continuity of operations and reputation through the development and management of security programs and services worldwide A history of consistent performance 4

5 Organizational Overview Chief Legal Officer Chief Security Officer Jack Eckenrode Security Programs, Systems & Technology Stephen D. Baker Security Operations & Systems Incident Mgmt. & Response Preparedness Infectious Disease Mgmt. Safe Travel & Safe Workplace Investigations Jack Eckenrode Background Investigations & Due Diligence Cyber Investigations & ediscovery Traditional Investigations Policies, Standards, Risk Assessments & Strategies Vendor Risk Management Executive Protection EMEA & Asia Pacific Security 5

6 Global Security Program Benefits Value Reduce Company Liability Reduce Insurance Rates Protect Physical Assets Protect Trade Secrets Assurance Investor Confidence Customer Confidence Continuity of Operations Company Reputation Employer of Choice Employee Confidence- Productivity Stakeholder Analytics 6

7 Cost vs. Benefit Security can properly protect any asset However, it may take a pot of gold! Proper balance of cost and acceptance of risk is essential Use a standard of reasonableness Partner closely with internal business partners and management to agree on an appropriate course of action Risk assessments include: Crime Demographics Socio-Economic Landscape Resource Availability Travel Risk Health Risk Geo-Political Risk Terrorism Risk Environmental Risk 7

8 Physical Security Programs and Services A Commitment to a Best in Class Program Regional security teams supported by global centers of excellence Americas Regional Security Teams EMEA Regional Security Teams Global Functions Asia-Pacific Regional Security Teams Corporate Information Systems Global Realty Services Global Human Resources Corporate Audit Corporate Finance Cyber & Traditional Invest. Background Investigation Incident Mgmt. & Response Executive Protection Security Operations Security Systems & Technology Safe Travel Program Balancing cost, risk and business requirements when developing,. managing and delivering programs and services 8

9 Major Program Areas Protective Services Physical Security Operations & Systems Workplace Safety Programs Travel Security / Executive Protection Incident & Infectious Disease Response Investigative Services Background Screening / Due Diligence Fraud & Misconduct Inquiries Data Loss Monitoring & Cyber Investigations Litigation Support (ediscovery / Forensics) Strategy & Initiatives Security Risk Strategies & Assessments Policy Management & Industry Standards Vendor Security Risk Programs Metrics, Compliance 9

10 Global Security Infrastructure Over 50 servers 60+ SharePoint solutions Multiple cyber labs Multiple fire walls Multiple networks Controllers & intelligent panels Vulnerability and patch systems Network analytics Several thousand global endpoints One Business Intelligence System 10

11 Background Investigations Credit Check Criminal Check Educational Check Previous Employment Personal References OFAC E-Verify Due Diligence (Know Your Customer) Investigations Disqualifiers Substance abuse convictions Violent crimes Crimes of dishonesty Computer crimes OUI / DUI convictions (2) Bad Debt ($5,000), Lien or civil judgment (no threshold) Application Misrepresentation 11

12 Cyber Investigations Detect, Analyze, Respond, Defend, and Investigate Cyber Incidents or Threats Key word monitoring Specific threats & Inappropriate business references File transfer monitoring Threats (internal / external) Appropriate use and standard of conduct Follow-up review Evidence acquisition E-Discovery Proprietary thefts Economic espionage 12

13 Traditional Investigations Investigate actual or suspected crimes and/or misconduct Employee Misconduct (Standard of Conduct Violations) Workplace Safety / Threats of Violence Threat Management and Response Plans Thefts/Misappropriate of Company Assets Harassment Fraud / Money Laundering / Corruption Other 13

14 Collaborative Functional Engagement Investigates, reviews, deliberates, reports and recommends actions Global Security Corporate Legal Global Human Resources Employee Relations Corporate Audit 14

15 Vendor Risk Management Global Security works with other functions as part of a comprehensive Vendor Risk Assessment Management Program of State Street s vendors Vendor Security Risk Assessments Physical Security Program Background Check Investigations Our dual program approach is designed to assure our third-party vendors have risk based programs thereby reducing exposure to economic, reputational and regulatory risk. 15

16 Design Criteria and Physical Security Standards* Site Security (24x7 Monitoring or On-Site Staff) Card Access Video and Recording Alarm Systems Lobby Security Dock Security Bollards, Barrier, Boulders, etc. Locking Hardware Demising Walls Protective Window Film Ion Detection Biometrics Elevator Secure Lobbies Physical Elements & Technology (Homeland Security) * Application is based on risk, etc. 16

17 Additional Global Security Programs Badge ID Operations Multiple Technology Card used Worldwide Authorized Signers Quarterly Access Control Reviews Automated HR feeds Joiners and Leavers Blocking Security Control Center Operations 24 X 7 X Quincy, London, Sydney Executive Protection Senior Executives Board of Directors Travel to Countries of Risk 17

18 Additional Global Security Programs continued Infectious Disease Infectious Disease Consultant Incident Response Team Incident Management and Emergency Response Monitor local, US and World Events Fire Life Safety and Evacuation Programs Semi-annual Evacuation Drills Safe Workplace Training and Awareness Programs Joint Intelligence Partnership US Attorney, FBI, USSS, DHS, etc. Massachusetts State Police, Boston Police, Transit Police Massport / Logan Aviation and Port Security Authorities Vendor / Partners 18

19 Additional Global Security Programs continued Travel Security Country Risk Assessment Traditional Investigations Fraud, Theft, Policy Violation Special Event Security Customer Events, Shareholder Meetings, Executive Events Risk Assessment & Intelligence Control Risks, Air Security, USHS, BRIC, NC4, DOS, Fusion Centers Technical Countermeasures Venue Search Bomb CBRN Assessment Ion Detection, Bomb Dogs, X-Ray 19

20 Global Security Internal & External leadership involvement State Street Committees & activities: Operational Risk Committee Scenario Analysis Frequency and correlation Client Assurance Team TPRM Steering Committee Country and Counter party risk Data Center strategy Steering committee Information security steering committee Business Continuity Steering committee GHR logistics steering committee Industry committees and activities: ASIS Leadership management practices council Vice Chair ASIS KC Chapter Chair ASIS CSO roundtable Liaison ASIS technical standards committee(s) ASIS Banking and Financial council 2014 Webinar 2014 Annual conference presentations 20

21 Global Security Industry Certifications & Awards Industry Awards: Security 500 Top Security Organizations 2011, 2012, 2013 & 2014 Top Security Leaders award 2012 & 2013 Security magazine 2014 Security 500 Financial Services Thought Leader Stephen D. Baker, CPP Industry Certifications: Certified Protection Professional Certified Information Systems Security Professional Certified Physical Security Professional Certified Fraud Examiner 21

22 Conclusion Questions? 22