Your Federal Quarterly Tax Payments are due April 15th Get Help Now >>

Corporate It Policy - PowerPoint by isv11699

VIEWS: 769 PAGES: 29

Corporate It Policy document sample

More Info
									How Corporate Security Changed After 9/11

            John M. McCarthy
            Managing Partner
    Business Security Advisory Group
The Business Security Advisory Group (BSAG)
  specializes in a broad range of corporate security
  consulting services including :
 Business continuity,

 Risk assessment and management,

 Regulatory compliance,

 Strategic security planning and policy
          Getting Ahead of the Problems
   Corporate Security’s responsibilities prior to

   Corporate Security’s responsibilities post 9-11

   Laws and regulations regulating the security
    industry post 9/11

   Corporate Security in the 21st Century
   Investigations – violation of corporate policy and
    other corporate crimes

   Physical security – gates, guards, guns

   Executive protection – ensuring top executives
    and families were secure
   Corporate Security generally a middle
    management responsibility

   Corporate Security generally thought of as the
    “Corporate Cop”

   Corporate Security plans and programs generally
    responsive or reactive to immediate incidents –
    no long term planning
   Mostly reactive-incident happens, security
    responds – fire house mentality

   Stove Pipe thinking – Security programs
    sometimes contrary to Business Unit’s business
    plans and goals

   Law Enforcement Driven – security goal must be
    attained at all costs – no priorities
September 10, 2001   September 11, 2001
   Three thousand civilians murdered

   $80 Billion dollars in losses

   11 Million people in developing countries pushed
    into poverty.

   Financial markets closed

   Air transportation system grounded
       Mail Processing –                       Protection of Offices
        86%                                      and Physical
       Travel – 85%                             Plants – 69%
       Protection of                           Employee Morale –
        Employees – 79%                          69%
       Protection of                           Supply Chain
        Infrastructure – 75%                     Distribution – 51%
       Risk Assessment –                       Customer Security –
        71%                                      50%
*   3 Booz, Allen, Hamilton Survey – 11/01
                                                Productivity – 47%
   Corporate Security gets the attention of
    Executive Management

   Corporate Security seen as a resource to the
    company not as a necessary evil

   Corporate Security an advisor to Executive
    Management and Business Units concerning
    comprehensive security programs for personnel
    and corporate asset protection
   Corporate Security reports to the “C” suite in
    many companies and is no longer a mid-level
    executive responsibility
   Corporate security executives become more
    business oriented in management style and
    program content
   Corporate Security becomes an enterprise
    function of the company
   Emergency plans include crisis management,
    disaster recovery and business continuity
    developed in a proactive environment
   Corporate Security executives now craft strategic
    and tactical security plans for business units.
   Plans and programs consider business goals and
   All corporate security plans and programs are
    more proactive and include prevention of
    terrorist attack
   The Public Sector recognizes its greater
    responsibility to protect its citizens and assets
   Corporate Security deals more with federal, state
    and local officials as security regulations
    exponentially increase
   Public and private partnerships flourish as both
    attempt to craft meaningful emergency proactive
    plans, protective processes, security laws and
   Corporate security plans and programs develop a
    legal compliance component as corporations
    comply with the new mandated legislation

   Corporate Security’s programs are more
    restrictive and costly as both terrorism and
    legislative compliance are emphasized
Access to Information Act
Arming Pilots Against Terrorism Act
Aviation and Transportation Security Act
Bank Protection Act of 1968
Canadas Bill C-6
Childrens Online Privacy Protection Act (COPPA)
Corporate Manslaughter and Corporate Homicide Act 2007(UK)
Customs Modernization Act
Cyber Security Enhancement Act of 2002
CyberCrime TreatyE-Signature Act
European Union Data Protection Directive
Executive Order 12958 –
Information SharingExecutive Order 13224 –
Doing Business w/ Terrorists
Executive Order 13231 –
Infrastructure Protection
Executive Order 13234 –
Legislation (Continued)

Citizen Preparedness
Family Educational Rights and Privacy Act
Federal Anti-Tampering Act
Federal Computer Security Bill –
H.R. 1259Federal Hazardous Materials Law
Foreign Corrupt Practices Act
Homeland Security Act
International Emergency Economic Powers Act
Maritime Transportation Security Act of 2002
National Information Infrastructure Protection Act
Notification and Federal Employee Anti-Discrimination and Retaliation Act
Patriots Act
Personal Information Protection and Electronic Documents Act
Legislation (Continued)
Presidential Directive 2
Presidential Directive 3
Presidential Directive 7
Presidential Directive 8
Public Health Security and Bioterrorism Preparedness & Response Act
Robinson-Patman Anti-Trust Act
Safe Explosives Act
Safe Harbor Act
The Occupational Safety and Health Act
The Currency and Foreign Transactions Reporting Act
Title 18 - Federal Sentencing Guidelines
Trade Act of 2002
US Global Anti-Corruption Policy
US The Currency and Foreign Transactions Reporting Act
Voluntary Private Sector Preparedness Accreditation and Certification Program
*Above information furnished by Security Executive Council
                                                                          Executive Orders*1
Common Name                                   Brief Description                           Citation   Effective    Website

Executive Order 12958 - Information Sharing   Prescribed a uniform system for             EO12958    Apr. 2001
                                              classifying, safeguarding and                                       bin/getdoc.cgi?dbname=1995_register&docid=fr20
                                              declassifying national security                                     ap95-135.pdf

Executive Order 13224 - Doing Business w/     Blocks property and prohibits               EO13224    Sept. 2001
Terrorists                                    transactions with persons who commit,                               bin/getdoc.cgi?dbname=2001_register&docid=fr25
                                              threaten to commit, or support                                      se01-133.pdf

Executive Order 13231 - Infrastructure        Establishes a protection program to         EO13231    Oct. 2001
Protection                                    safeguard information systems for
                                              critical infrastructure

Executive Order 13234 - Citizen               Establishes a Presidential Task Force       EO13234    Nov. 2001
Preparedness                                  on citizen preparedness in the war on                               bin/getdoc.cgi?dbname=2001_register&docid=fr15
                                              terrorism                                                           no01-130.pdf

Presidential Directive 2                      Seeks to combat terrorism through           NSPD-2     Oct. 2001
                                              Immigration Policies; creates the                                   /20011030-2.html
                                              Foreign Terrorist Tracking Task Force

Presidential Directive 3                      Design system to create a common            HSPD-3        
                                              vocabulary, context, and structure for                              /print/20020312-5.html
                                              ongoing national discussion about the
                                              nature of the threats to US and the
                                              appropriate measures that should be
                                              taken in response

Presidential Directive 7                      Established national policy for Federal     HSPD-7     Dec. 2003
                                              departments and agencies to identify                                /print/20031217-5.html
                                              and prioritize US critical infrastructure
                                              and key resources and to protect them
                                              against terrorist attacks

Presidential Directive 8                      Established policies to strengthen          HSPD-8     Dec. 2003
                                              preparedness of US to prevent and                                   /print/20031217-5.html
                                              respond to threatened or actual
                                              terrorist attacks--requires national
                                              domestic all-hazards preparedness

            Common Name                          Brief Description          Responsible Government                     Effective
                                                                              Department              Citation         Date                            Website

Homeland Security Act (incorporated Executive   Establishes new              Dept. of Homeland       H.R. 5005;        Nov. 2002
Orders above)                                   Department of                Security                Pub.L. 107-296                bin/getdoc.cgi?dbname=107_cong_public_laws&do
                                                Homeland Security,                                                                 cid=f:publ296.107.pdf
                                                reorganization plan

Foreign Corrupt Practices Act (FCPA)            Prohibits corrupt            Dept. of Justice        15 U.S.C. §       1977
                                                payments to foreign                                  78dd-1, 78dd-2    (amended
                                                officials for the purpose                                              1998)
                                                of obtaining or keeping

Cyber Security Enhancement Act of 2002          Established stronger         Dept. of Homeland       6 U.S. C. § 145   Nov. 2002
                                                sentencing guidelines        Security
                                                and policy statements
                                                to reflect the serious
                                                nature of certain
                                                computer crimes

Federal Anti-Tampering Act (FAT)                Establishes criminal         Dept. of Health and     18 U.S.C. §       Nov. 2003
                                                penalties for tampering,     Human Services (FDA)    1365
                                                or attempting to
                                                tamper, with any
                                                consumer product that
                                                affects interstate or
                                                foreign commerce

Common Name                                          Brief Description            Responsible         Citation        Effective   Website
                                                                                  Government                          Date
International Emergency Economic Powers Act          Incorporates multiple        Dept. of Homeland   50 U.S.C. §     Nov. 2003
(IEEPA)                                              executive orders re:         Security            1701 et seq.
                                                     economic actions
                                                     against adverse
                                                     countries (Burma,
                                                     Sudan, Iraq, etc.)

National Information Infrastructure Protection Act   Provides for stricter        Dept. of Homeland   18 U.S.C. §     Jan. 1997
                                                     penalties to protect         Security            1030
                                                     confidentiality, integrity
                                                     and availability of
                                                     systems and

Public Health Security and Bioterrorism              Establishes national,        Dept. of Homeland   H.R. 3448       Jan. 2002
Preparedness & Response Act (PHSBPR)                 state and local              Security (DHHS)     Pub. L. 107-                bin/getdoc.cgi?dbname=107_cong_public_laws&do
                                                     preparedness and                                 188                         cid=f:publ188.107
                                                     response strategies,
                                                     and procedures to
                                                     protect US food, water,
                                                     and drug supplies

USA PATRIOT Act (a.k.a. Anti-Terrorism Act)          Enhances powers to           Dept. of Homeland   H.R. 3162       Oct. 2001
                                                     both domestic law            Security            Pub.L. 107-56               3162.php
                                                     enforcement and
                                                     intelligence agencies to
                                                     deter and punish

Common Name                                    Brief Description         Responsible            Citation         Effective   Website
                                                                         Government                              Date
Maritime Transportation Security Act of 2002   Requires sectors of       Dept. of Homeland      46 U.S.C. §      Nov. 2002
(MTSA)                                         maritime industry to      Security (U.S. Coast   2101 et seq.
                                               complete security         Guard)                 Pub.L. 107-295
                                               assessments, develop
                                               security plans and
                                               implement security
                                               measures and

Federal Hazardous Materials Law                Establishes regulations   Dept. of Homeland      49 U.S.C. §      Jan. 1983
                                               for transport of          Security (DOT)         5101 et seq.     (amended    ml
                                               hazardous materials via                                           last in
                                               all modes                                                         1999)

Trade Act of 2002                              Gave the president        Dept. of Homeland      Public Law       Aug. 2002
                                               increased authority to    Security (Customs)     107-210                      bin/getdoc.cgi?dbname=107_cong_public_laws&do
                                               make it easier to trade                                                       cid=f:publ210.107
                                               with other countries;
                                               also sought to protect
                                               workers displaced by
                                               jobs moving abroad

Notification and Federal Employee Anti-        Mandates that Federal     Dept. of Homeland      5 U.S.C. §       Oct. 2003
Discrimination and Retaliation Act (No FEAR    Agencies be more          Security               2302 et. seq.
Act)                                           accountable for                                  Pub.L. 107-174
                                               violations of anti-
                                               discrimination and
                                               protection laws
Common Name                                       Brief Description         Responsible          Citation         Effective   Website
                                                                            Government                            Date

Customs Modernization Act (Mod Act) (Passed       Sets out specific rules   Dept. of Homeland    H.R. 3450        Jan. 1993
as part of NAFTA)                                 and requirements for      Security (Customs)   Pub. L 103-182               bin/query/C?c103:./temp/~c103xXsW4u
                                                  importers, brokers, and
                                                  others regarding

Arming Pilots Against Terrorism Act (Sec. 1401    Establishes a program     Dept. of Homeland    Pub.L 107-296    Nov. 2002
of Homeland Security Act)                         to deputize pilots        Security (DOT)                                    bin/getdoc.cgi?dbname=107_cong_public_laws&do

Aviation and Transportation Security Act (ATSA)   Established               Dept. of Homeland    S. 1447          Nov. 2001
                                                  Transportation Security   Security (DOT)       Pub. L 107-71                bin/getdoc.cgi?dbname=107_cong_public_laws&do
                                                  Association and                                                             cid=f:publ071.107.pdf
                                                  centralized security
                                                  system for the
                                                  transportation industry

Safe Explosives Act (Sec. 1122 of Homeland        Amended section 18        Dept. of Homeland    PL 107-296       Nov. 2002
Security Act)                                     USC 842(i) by adding      Security (DOT)                                    bin/getdoc.cgi?dbname=107_cong_public_laws&do
                                                  several categories to                                                       cid=f:publ296.107.pdf
                                                  list of person who may
                                                  not lawfully ship,
                                                  transport, or receive
                                                  explosives in/out of US

*1Above information furnished by the Security
Executive Council
   Vicarious corporate executive liability for
    violation of some of the criminal and
    environmental laws
   Civil liability in money damages for tort law
   Criminal liability for companies and employees in
    foreign venues for violations of international
    laws and regulations
   Overarching federal statutes either mandate or
    furnish guidelines for fines and/or punishment
    for violation of statutes and regulations
   Corporate Security executives will be law
    enforcement and business qualified and also
    possess some technical security and
    management ability

   Chief Security Officer will report to Executive
    Management and have complete unfettered
    access to the “C” suite

   Corporate Security will have an enterprise
    component and deal with security matters in a
    manner business executives will understand
   Corporate Security plans and programs will be
    mostly pro-active and preventative anticipating
    security challenges and emergencies before they
   Corporate Security will use the team concept and
    interact with all the business units and service
    departments to ensure cost effective corporate
    security policy is practically implemented
    company wide.
   Corporate Security plans and programs will have
    to deal with the reality of government regulation
    and develop innovative methods to keep current
    with the laws and effect compliance

   Develop innovative methods to ensure security
    solutions are as multi-faceted as possible so that
    the cost and compliance components can be
    spread among other business units
Corporate Security will re-orient its goals from
  strictly law enforcement objectives to ones that
  includes a business component e.g. provide
  metrics for security services that:
   Increase profitability
   Reduce costs
   Enhance the brand
   Improve customer relationships
   Reduce employee attrition
   Drug Testing Programs
   Employee Reduction Programs
   Investigative and Interview Training
   Background Inquiries
   Expatriate Mobilization Programs
   Workplace Violence Programs
   Crisis Management Programs
   Security Awareness Programs
   Domestic and Global Evacuation Programs

To top