Global Security Program Overview



Similar documents
JOB ANNOUNCEMENT. Chief Security Officer, Cheniere Energy, Inc.

FINAL May Guideline on Security Systems for Safeguarding Customer Information

Aligning Compliance Program Priorities with Business Objectives

Information Technology

Cybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission. June 25, 2015

Cyber Risks in the Boardroom

Arizona Counter Terrorism Information Center

Vendor Risk Management Financial Organizations

CYBERSECURITY EXAMINATION SWEEP SUMMARY

The rise of third party relationships means rise in risk and regulation. Non-compliance is risky business for financial institutions

Sharing Cybersecurity Threat Info With the Government -- Should You Be Afraid To Do So?

Ten Steps for Preventing a terrorist Attack

Ten Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder

METRICS AND ANALYSIS IN SECURITY MANAGEMENT

Cyber-Security Risk- IP Theft and Data Breaches Protecting your Crown Jewels Internally and with Your Key Third Parties

Information Security Management System Information Security Policy

Establishing a State Cyber Crimes Unit White Paper

Security Risk Assessment Tool

Forensic Services. Third Party Risks. March 2013

White Paper: The Seven Elements of an Effective Compliance and Ethics Program

Benefits of Big Data Analytics in Security Helping Proactivity and Value Creation. June 2015

COMPLIANCE PROGRAM GUIDANCE FOR MEDICARE FEE-FOR-SERVICE CONTRACTORS

Office of Inspector General

Into the cybersecurity breach

EnCase Enterprise For Corporations

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

CISM (Certified Information Security Manager) Document version:

A Framework for Managing Crime and Fraud

Computer Forensics Preparation

Operational Risk Management Policy

Defending against modern cyber threats

Organizational Security Track FAQ

Cybersecurity in the States 2012: Priorities, Issues and Trends

Fostering Incident Response and Digital Forensics Research

Tackling fraud in the charity sector Making your money count

The structure and organization of the Fusion Center takes its direction from four key documents, they are:

How-To Guide: Cyber Security. Content Provided by

GLOBAL BUSINESS DIALOGUE ON ELECTRONIC COMMERCE CYBER SECURITY AND CYBER CRIME SEPTEMBER 26, CEO EDS Corporation

Task Area 1: IT Services for Biomedical Research, Health Sciences, and Healthcare

Cybersecurity y Managing g the Risks

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

Experience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC.

Compilation of Results of a Pilot Survey of Cybersecurity Practices of Small and Mid Sized Investment Adviser Firms

Short courses presented by the NWU Programme in Forensic Accountancy

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015

Cyber security Building confidence in your digital future

Federal Bureau of Investigation s Integrity and Compliance Program

LaSorsa & Associates

The Evolution of HR Audits

Cybersecurity Awareness

Information Security Management System Policy

PRINCIPLES AND PRACTICE OF INFORMATION SECURITY

From Big Data to Rich Data How Data Analytics Add Value to Security Risk Management. Patrick Hennies, Rainer Rex 15th European ASIS, 04/08/2016

El Camino College Homeland Security Spring 2016 Courses

Cybersecurity Awareness. Part 2

SRA International Managed Information Systems Internal Audit Report

October 24, Mitigating Legal and Business Risks of Cyber Breaches

SCHEME OF EXAMINATION PG DIPLOMA IN CORPORATE AND INDUSTRIAL SECURITY MANAGEMENT (PGDCISM) ONE YEAR PROGRAMME

2 Gabi Siboni, 1 Senior Research Fellow and Director,

MIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)

Fraud Prevention and Deterrence

A Database Security Management White Paper: Securing the Information Business Relies On. November 2004

ELEMENT FINANCIAL CORPORATION CODE OF BUSINESS CONDUCT AND ETHICS

Security Measures at Toronto Public Library

Corporate Compliance Australia. 5 Essential Elements of Compliance

Cyber Security and your Financial Institution: Are you ready for the increased scrutiny related to cyber risks?

SECTION C: DESCRIPTION/SPECIFICATIONS/WORK STATEMENT

Legislative Language

CYBER SECURITY Cyber Security for Canadian Directors in the Wake of Ashley Madison

1. Compliance with Laws, Rules and Regulations

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015

STATE OF NEW HAMPSHIRE STRATEGIC PLAN TO ADDRESS CYBER CRIME

Questions You Should be Asking NOW to Protect Your Business!

INTEGRITY DUE DILIGENCE GUIDELINES FOR LENDING TRANSACTIONS

The Clearwell ediscovery Platform

Insert Client Name Request for Proposal for Security Risk Assessment Services Consulting

Eric Moriak - CISSP, CISM, CGEIT, CISA, CIA Program Manager - IT Audit Children s Medical Center Dallas. Dallas, Texas

2015 CEO & Board University Cybersecurity on the Rise. Matthew J. Putvinski, CPA, CISA, CISSP

Anti-Fraud Management Example In Accounts Payable. Michael Heckner October 12, 2012

Exploring Converged Access of IT Security and Building Access Today, Tomorrow and the Future

Transcription:

STATE STREET GLOBAL SECURITY Global Security Program Overview ASIS International Kansas City Chapter March 5, 2015 Stephen D Baker CPP Vice President & Deputy Chief Security Officer

About State Street A global leader providing Financial Services to Institutional Investors Fiduciary heritage since 1792 About 29,665 employees in 29 countries Core business managing and servicing financial assets Operating globally in more than 100 geographic markets $28.2 trillion of assets under custody and administration (AUC/A) $2.5 trillion of assets under management (AUM) Our powerful global franchise sets us apart in meeting the needs of Institutional investors 2

Financial Services Security Program Advantage State Street is designated as a systemically important financial institution both in the US and Globally Regulated by the SEC Regulated by the Federal Reserve Regulated by many State Organizations Regulated by International Agencies and Authorities Country and State Legislative Oversight Financial Services Critical Infrastructure Strong Corporate Governance Audited by Internal and External Auditors Driven by Strong Control Environment Audited by Customers via Customers Internal and External Auditors 3

A strong legacy of protection GLOBAL SECURITY Global Security protects State Street s people, clients, assets, information, continuity of operations and reputation through the development and management of security programs and services worldwide A history of consistent performance 4

Organizational Overview Chief Legal Officer Chief Security Officer Jack Eckenrode Security Programs, Systems & Technology Stephen D. Baker Security Operations & Systems Incident Mgmt. & Response Preparedness Infectious Disease Mgmt. Safe Travel & Safe Workplace Investigations Jack Eckenrode Background Investigations & Due Diligence Cyber Investigations & ediscovery Traditional Investigations Policies, Standards, Risk Assessments & Strategies Vendor Risk Management Executive Protection EMEA & Asia Pacific Security 5

Global Security Program Benefits Value Reduce Company Liability Reduce Insurance Rates Protect Physical Assets Protect Trade Secrets Assurance Investor Confidence Customer Confidence Continuity of Operations Company Reputation Employer of Choice Employee Confidence- Productivity Stakeholder Analytics 6

Cost vs. Benefit Security can properly protect any asset However, it may take a pot of gold! Proper balance of cost and acceptance of risk is essential Use a standard of reasonableness Partner closely with internal business partners and management to agree on an appropriate course of action Risk assessments include: Crime Demographics Socio-Economic Landscape Resource Availability Travel Risk Health Risk Geo-Political Risk Terrorism Risk Environmental Risk 7

Physical Security Programs and Services A Commitment to a Best in Class Program Regional security teams supported by global centers of excellence Americas Regional Security Teams EMEA Regional Security Teams Global Functions Asia-Pacific Regional Security Teams Corporate Information Systems Global Realty Services Global Human Resources Corporate Audit Corporate Finance Cyber & Traditional Invest. Background Investigation Incident Mgmt. & Response Executive Protection Security Operations Security Systems & Technology Safe Travel Program Balancing cost, risk and business requirements when developing,. managing and delivering programs and services 8

Major Program Areas Protective Services Physical Security Operations & Systems Workplace Safety Programs Travel Security / Executive Protection Incident & Infectious Disease Response Investigative Services Background Screening / Due Diligence Fraud & Misconduct Inquiries Data Loss Monitoring & Cyber Investigations Litigation Support (ediscovery / Forensics) Strategy & Initiatives Security Risk Strategies & Assessments Policy Management & Industry Standards Vendor Security Risk Programs Metrics, Compliance 9

Global Security Infrastructure Over 50 servers 60+ SharePoint solutions Multiple cyber labs Multiple fire walls Multiple networks Controllers & intelligent panels Vulnerability and patch systems Network analytics Several thousand global endpoints One Business Intelligence System 10

Background Investigations Credit Check Criminal Check Educational Check Previous Employment Personal References OFAC E-Verify Due Diligence (Know Your Customer) Investigations Disqualifiers Substance abuse convictions Violent crimes Crimes of dishonesty Computer crimes OUI / DUI convictions (2) Bad Debt ($5,000), Lien or civil judgment (no threshold) Application Misrepresentation 11

Cyber Investigations Detect, Analyze, Respond, Defend, and Investigate Cyber Incidents or Threats Key word monitoring Specific threats & Inappropriate business references File transfer monitoring Threats (internal / external) Appropriate use and standard of conduct Follow-up review Evidence acquisition E-Discovery Proprietary thefts Economic espionage 12

Traditional Investigations Investigate actual or suspected crimes and/or misconduct Employee Misconduct (Standard of Conduct Violations) Workplace Safety / Threats of Violence Threat Management and Response Plans Thefts/Misappropriate of Company Assets Harassment Fraud / Money Laundering / Corruption Other 13

Collaborative Functional Engagement Investigates, reviews, deliberates, reports and recommends actions Global Security Corporate Legal Global Human Resources Employee Relations Corporate Audit 14

Vendor Risk Management Global Security works with other functions as part of a comprehensive Vendor Risk Assessment Management Program of State Street s vendors Vendor Security Risk Assessments Physical Security Program Background Check Investigations Our dual program approach is designed to assure our third-party vendors have risk based programs thereby reducing exposure to economic, reputational and regulatory risk. 15

Design Criteria and Physical Security Standards* Site Security (24x7 Monitoring or On-Site Staff) Card Access Video and Recording Alarm Systems Lobby Security Dock Security Bollards, Barrier, Boulders, etc. Locking Hardware Demising Walls Protective Window Film Ion Detection Biometrics Elevator Secure Lobbies Physical Elements & Technology (Homeland Security) * Application is based on risk, etc. 16

Additional Global Security Programs Badge ID Operations Multiple Technology Card used Worldwide Authorized Signers Quarterly Access Control Reviews Automated HR feeds Joiners and Leavers Blocking Security Control Center Operations 24 X 7 X 365 - Quincy, London, Sydney Executive Protection Senior Executives Board of Directors Travel to Countries of Risk 17

Additional Global Security Programs continued Infectious Disease Infectious Disease Consultant Incident Response Team Incident Management and Emergency Response Monitor local, US and World Events Fire Life Safety and Evacuation Programs Semi-annual Evacuation Drills Safe Workplace Training and Awareness Programs Joint Intelligence Partnership US Attorney, FBI, USSS, DHS, etc. Massachusetts State Police, Boston Police, Transit Police Massport / Logan Aviation and Port Security Authorities Vendor / Partners 18

Additional Global Security Programs continued Travel Security Country Risk Assessment Traditional Investigations Fraud, Theft, Policy Violation Special Event Security Customer Events, Shareholder Meetings, Executive Events Risk Assessment & Intelligence Control Risks, Air Security, USHS, BRIC, NC4, DOS, Fusion Centers Technical Countermeasures Venue Search Bomb CBRN Assessment Ion Detection, Bomb Dogs, X-Ray 19

Global Security Internal & External leadership involvement State Street Committees & activities: Operational Risk Committee Scenario Analysis Frequency and correlation Client Assurance Team TPRM Steering Committee Country and Counter party risk Data Center strategy Steering committee Information security steering committee Business Continuity Steering committee GHR logistics steering committee Industry committees and activities: ASIS Leadership management practices council Vice Chair ASIS KC Chapter Chair ASIS CSO roundtable Liaison ASIS technical standards committee(s) ASIS Banking and Financial council 2014 Webinar 2014 Annual conference presentations 20

Global Security Industry Certifications & Awards Industry Awards: Security 500 Top Security Organizations 2011, 2012, 2013 & 2014 Top Security Leaders award 2012 & 2013 Security magazine 2014 Security 500 Financial Services Thought Leader Stephen D. Baker, CPP Industry Certifications: Certified Protection Professional Certified Information Systems Security Professional Certified Physical Security Professional Certified Fraud Examiner 21

Conclusion Questions? 22

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information