How Data Analytics Add Value to Security Risk Management Patrick Hennies, Rainer Rex 15th European ASIS, 04/08/2016
Who we are Global leading positions in consumer and industrial businesses Consumer Businesses Industrial Business Laundry & Home Care Beauty Care Adhesive Technologies 2
Who we are Henkel at a glance 2015 50,000 employees worldwide Active in more than 190 countries Around 18.1 bn sales, +3.0% organic sales growth 61% of our sales generated by our top 10 brands 472 locations around the world 139 years of brand success 3
Global Security Organization Corporate Security Fire Safety Operational Security Regional Security 4
Corporate Governance Segregation of Duties Headquarter Specialized Experts providing guidelines and ensuring holistic security Regions Regional Experts providing local knowledge following the framework provided by the Headquarter 5
Security Threats at Henkel Diverse landscape North America Regional Head of Security Corporate Security Head of Corporate Security Office Global Security Corporate Director Global Security Europe Regional Head of Security Commonwealth of Independent States Regional Head of Security Russia Area Security Manager Ukraine Area Security Manager Mexico Area Security Manager Latin America Regional Head of Security India / Middle East / Africa Regional Head of Security Greater China Area Security Manager Threat Rating Insignificant Low Colombia / Andean Area Security Manager India Area Security Manager Asia / Pacific Regional Head of Security Security Analyst China Medium High Brazil / Mercosur Area Security Manager Extreme Approx. ~200 employees, 15 nationalities in 12 locations 6
Global Trends Challenges for Security Management Failure of Infrastructure Social Instability Global Threats World Without Secrets Terrorism & Extremism Natural Disasters 7
The Challenge Separate significant from irrelevant alerts Storm Kidnapping Power outages Protests Explosions Traffic accident Tsunami Flight cancellations Crime Flooding Demonstrations 8 Strikes Earthquake Shootings Flight disruptions Blackouts Terrorist Attacks Plane Crash Bombing Pandemic Daily confrontation with a flood of alerts
The Response Intelligent Data Analyses Increasing number of Alerts BIG DATA 8000 Enormous data Short lifetime of information Reliability of Facts 7000 6000 5000 4000 3000 2000 1000 1965 3408 2403 2677 6000 5037 estimated 2263 2000 0 2003 2005 2015 2016 Informational Warning & Critical Fast and reliable decision making is essential 9
The Benefits How data analytics support management communication 10
Big Data vs. Rich Data Monitoring and analyzing real-time data Big Data Rich Data Impressive volume, Limited value Precise and subject to rigorous quality control 11
Changing Security 2020 Move from reactive to proactive VOLUME Data Size VELOCITY Speed of Change VARIETY Different forms of data sources VERACITY Uncertainty of Data Develop a methodology to gain control of information! 12
Threat Inventory What needs to be monitored? Crime Health threats Sabotaget Extortion Embezzlementt Burglaryt Kidnappingt Natural disaster Theftt Fraud Stalking Geopolitical t threats Workplace violencet Vandalismt Assaultt Infrastructure collapse Information loss 13
Big Data Transformation to Rich Data Threats Data sources Intelligence services News & web monitoring Security service provider External network information Internal incident reporting Strategic concept Information aggregation Operational knowledge Security Risk Assessment 14
Corporate Security Define threats for each work stream Threats by activists and social unrest Natural disaster threats Crimet Infrastructure collapse Information loss and espionage threats 15
Implementation example: Physical Security Matching asset risk ratings and mitigation measures Pool of relevant threats Data Sources Relevant threats per work stream Algorithm Defined assets per work stream Individual asset risk ratings Pre-defined measures tailored to asset risk 16
Threat Management An effective framework Policies Roles Measures Auditability 17
Visualization What we have today Conventional risk maps Self-made charts 300 250 48.0 53.0 200 150 100 50 0 45.0 45.0 52.0 42.0 47.0 48.0 44.0 46.9 45.0 45.9 38.6 34.6 30.6 20.4 27.4 35.0 2008 2014 2016 Theft Property offenses Assault Workplace violence Vadalism Corruption 18
Visualization What we are looking for 19
Example of missing data Emergency Travel Assistance 20
Example of missing data Alert and trend analytics Likes, Comments and Shares Alert Feedback Source:www.sproutsocial.com Likes Comments Shares Incoming Alert not relevant to be monitored highly relevant Please select relevancy for your organization! Source: www.rivaliq.com Source: www.rivaliq.com Source:www.seo-united.de 21
Benefits of Rich Data What is it all about? Value-added calculation Fact based threat levels Continuous benchmarking Measures Risk adjusted prevention Enhanced forecast 22
Why are we here? No rich data without data exchange! 23