Your Federal Quarterly Tax Payments are due April 15th Get Help Now >>

Corporate It Policy - PowerPoint by isv11699

VIEWS: 769 PAGES: 29

Corporate It Policy document sample

More Info
									How Corporate Security Changed After 9/11

            John M. McCarthy
            Managing Partner
    Business Security Advisory Group
           www.bsag-cso.com
The Business Security Advisory Group (BSAG)
  specializes in a broad range of corporate security
  consulting services including :
 Business continuity,

 Risk assessment and management,

 Regulatory compliance,

 Strategic security planning and policy
  development.
          Getting Ahead of the Problems
                 www.bsag-cso.com
   Corporate Security’s responsibilities prior to
    9/11

   Corporate Security’s responsibilities post 9-11

   Laws and regulations regulating the security
    industry post 9/11

   Corporate Security in the 21st Century
   Investigations – violation of corporate policy and
    other corporate crimes

   Physical security – gates, guards, guns

   Executive protection – ensuring top executives
    and families were secure
   Corporate Security generally a middle
    management responsibility

   Corporate Security generally thought of as the
    “Corporate Cop”

   Corporate Security plans and programs generally
    responsive or reactive to immediate incidents –
    no long term planning
   Mostly reactive-incident happens, security
    responds – fire house mentality

   Stove Pipe thinking – Security programs
    sometimes contrary to Business Unit’s business
    plans and goals

   Law Enforcement Driven – security goal must be
    attained at all costs – no priorities
September 10, 2001   September 11, 2001
   Three thousand civilians murdered

   $80 Billion dollars in losses

   11 Million people in developing countries pushed
    into poverty.

   Financial markets closed

   Air transportation system grounded
       Mail Processing –                       Protection of Offices
        86%                                      and Physical
       Travel – 85%                             Plants – 69%
       Protection of                           Employee Morale –
        Employees – 79%                          69%
       Protection of                           Supply Chain
        Infrastructure – 75%                     Distribution – 51%
       Risk Assessment –                       Customer Security –
        71%                                      50%
*   3 Booz, Allen, Hamilton Survey – 11/01
                                                Productivity – 47%
   Corporate Security gets the attention of
    Executive Management

   Corporate Security seen as a resource to the
    company not as a necessary evil

   Corporate Security an advisor to Executive
    Management and Business Units concerning
    comprehensive security programs for personnel
    and corporate asset protection
   Corporate Security reports to the “C” suite in
    many companies and is no longer a mid-level
    executive responsibility
   Corporate security executives become more
    business oriented in management style and
    program content
   Corporate Security becomes an enterprise
    function of the company
   Emergency plans include crisis management,
    disaster recovery and business continuity
    developed in a proactive environment
   Corporate Security executives now craft strategic
    and tactical security plans for business units.
   Plans and programs consider business goals and
    budgets
   All corporate security plans and programs are
    more proactive and include prevention of
    terrorist attack
   The Public Sector recognizes its greater
    responsibility to protect its citizens and assets
   Corporate Security deals more with federal, state
    and local officials as security regulations
    exponentially increase
   Public and private partnerships flourish as both
    attempt to craft meaningful emergency proactive
    plans, protective processes, security laws and
    regulations
   Corporate security plans and programs develop a
    legal compliance component as corporations
    comply with the new mandated legislation

   Corporate Security’s programs are more
    restrictive and costly as both terrorism and
    legislative compliance are emphasized
Legislation*
Access to Information Act
Arming Pilots Against Terrorism Act
Aviation and Transportation Security Act
Bank Protection Act of 1968
Canadas Bill C-6
Childrens Online Privacy Protection Act (COPPA)
Corporate Manslaughter and Corporate Homicide Act 2007(UK)
Customs Modernization Act
Cyber Security Enhancement Act of 2002
CyberCrime TreatyE-Signature Act
European Union Data Protection Directive
Executive Order 12958 –
Information SharingExecutive Order 13224 –
Doing Business w/ Terrorists
Executive Order 13231 –
Infrastructure Protection
Executive Order 13234 –
Legislation (Continued)

Citizen Preparedness
Family Educational Rights and Privacy Act
Federal Anti-Tampering Act
Federal Computer Security Bill –
H.R. 1259Federal Hazardous Materials Law
Foreign Corrupt Practices Act
Homeland Security Act
International Emergency Economic Powers Act
Maritime Transportation Security Act of 2002
National Information Infrastructure Protection Act
Notification and Federal Employee Anti-Discrimination and Retaliation Act
Patriots Act
Personal Information Protection and Electronic Documents Act
Legislation (Continued)
Presidential Directive 2
Presidential Directive 3
Presidential Directive 7
Presidential Directive 8
Public Health Security and Bioterrorism Preparedness & Response Act
Robinson-Patman Anti-Trust Act
Safe Explosives Act
Safe Harbor Act
The Occupational Safety and Health Act
The Currency and Foreign Transactions Reporting Act
Title 18 - Federal Sentencing Guidelines
Trade Act of 2002
US Global Anti-Corruption Policy
US The Currency and Foreign Transactions Reporting Act
USA PATRIOT Act
Voluntary Private Sector Preparedness Accreditation and Certification Program
*Above information furnished by Security Executive Council
                                                                          Executive Orders*1
Common Name                                   Brief Description                           Citation   Effective    Website
                                                                                                     Date

Executive Order 12958 - Information Sharing   Prescribed a uniform system for             EO12958    Apr. 2001    http://frwebgate.access.gpo.gov/cgi-
                                              classifying, safeguarding and                                       bin/getdoc.cgi?dbname=1995_register&docid=fr20
                                              declassifying national security                                     ap95-135.pdf
                                              Information

Executive Order 13224 - Doing Business w/     Blocks property and prohibits               EO13224    Sept. 2001   http://frwebgate.access.gpo.gov/cgi-
Terrorists                                    transactions with persons who commit,                               bin/getdoc.cgi?dbname=2001_register&docid=fr25
                                              threaten to commit, or support                                      se01-133.pdf
                                              terrorism

Executive Order 13231 - Infrastructure        Establishes a protection program to         EO13231    Oct. 2001    http://www.whitehouse.gov/news/orders/
Protection                                    safeguard information systems for
                                              critical infrastructure

Executive Order 13234 - Citizen               Establishes a Presidential Task Force       EO13234    Nov. 2001    http://frwebgate.access.gpo.gov/cgi-
Preparedness                                  on citizen preparedness in the war on                               bin/getdoc.cgi?dbname=2001_register&docid=fr15
                                              terrorism                                                           no01-130.pdf

Presidential Directive 2                      Seeks to combat terrorism through           NSPD-2     Oct. 2001    http://www.whitehouse.gov/news/releases/2001/10
                                              Immigration Policies; creates the                                   /20011030-2.html
                                              Foreign Terrorist Tracking Task Force


Presidential Directive 3                      Design system to create a common            HSPD-3                  http://www.whitehouse.gov/news/releases/2002/03
                                              vocabulary, context, and structure for                              /print/20020312-5.html
                                              ongoing national discussion about the
                                              nature of the threats to US and the
                                              appropriate measures that should be
                                              taken in response



Presidential Directive 7                      Established national policy for Federal     HSPD-7     Dec. 2003    http://www.whitehouse.gov/news/releases/2003/12
                                              departments and agencies to identify                                /print/20031217-5.html
                                              and prioritize US critical infrastructure
                                              and key resources and to protect them
                                              against terrorist attacks



Presidential Directive 8                      Established policies to strengthen          HSPD-8     Dec. 2003    http://www.whitehouse.gov/news/releases/2003/12
                                              preparedness of US to prevent and                                   /print/20031217-5.html
                                              respond to threatened or actual
                                              terrorist attacks--requires national
                                              domestic all-hazards preparedness
                                              goal
                                                                                    Statutes*1

            Common Name                          Brief Description          Responsible Government                     Effective
                                                                              Department              Citation         Date                            Website



Homeland Security Act (incorporated Executive   Establishes new              Dept. of Homeland       H.R. 5005;        Nov. 2002   http://frwebgate.access.gpo.gov/cgi-
Orders above)                                   Department of                Security                Pub.L. 107-296                bin/getdoc.cgi?dbname=107_cong_public_laws&do
                                                Homeland Security,                                                                 cid=f:publ296.107.pdf
                                                reorganization plan




Foreign Corrupt Practices Act (FCPA)            Prohibits corrupt            Dept. of Justice        15 U.S.C. §       1977        http://www.usdoj.gov/criminal/fraud/fcpa.html
                                                payments to foreign                                  78dd-1, 78dd-2    (amended
                                                officials for the purpose                                              1998)
                                                of obtaining or keeping
                                                business.




Cyber Security Enhancement Act of 2002          Established stronger         Dept. of Homeland       6 U.S. C. § 145   Nov. 2002   http://www4.law.cornell.edu/uscode/6/145.html
                                                sentencing guidelines        Security
                                                and policy statements
                                                to reflect the serious
                                                nature of certain
                                                computer crimes




Federal Anti-Tampering Act (FAT)                Establishes criminal         Dept. of Health and     18 U.S.C. §       Nov. 2003   http://www4.law.cornell.edu/uscode/18/1365.html
                                                penalties for tampering,     Human Services (FDA)    1365
                                                or attempting to
                                                tamper, with any
                                                consumer product that
                                                affects interstate or
                                                foreign commerce
                                                                                   Statutes*1

Common Name                                          Brief Description            Responsible         Citation        Effective   Website
                                                                                  Government                          Date
                                                                                  Department
International Emergency Economic Powers Act          Incorporates multiple        Dept. of Homeland   50 U.S.C. §     Nov. 2003   http://www4.law.cornell.edu/uscode/50/1701.html
(IEEPA)                                              executive orders re:         Security            1701 et seq.
                                                     economic actions
                                                     against adverse
                                                     countries (Burma,
                                                     Sudan, Iraq, etc.)




National Information Infrastructure Protection Act   Provides for stricter        Dept. of Homeland   18 U.S.C. §     Jan. 1997   http://www4.law.cornell.edu/uscode/18/1030.html
                                                     penalties to protect         Security            1030
                                                     confidentiality, integrity
                                                     and availability of
                                                     systems and
                                                     information




Public Health Security and Bioterrorism              Establishes national,        Dept. of Homeland   H.R. 3448       Jan. 2002   http://frwebgate.access.gpo.gov/cgi-
Preparedness & Response Act (PHSBPR)                 state and local              Security (DHHS)     Pub. L. 107-                bin/getdoc.cgi?dbname=107_cong_public_laws&do
                                                     preparedness and                                 188                         cid=f:publ188.107
                                                     response strategies,
                                                     and procedures to
                                                     protect US food, water,
                                                     and drug supplies




USA PATRIOT Act (a.k.a. Anti-Terrorism Act)          Enhances powers to           Dept. of Homeland   H.R. 3162       Oct. 2001   http://www.eff.org/Privacy/Surveillance/Terrorism/hr
                                                     both domestic law            Security            Pub.L. 107-56               3162.php
                                                     enforcement and
                                                     international
                                                     intelligence agencies to
                                                     deter and punish
                                                     terrorism
                                                                          Statutes*1

Common Name                                    Brief Description         Responsible            Citation         Effective   Website
                                                                         Government                              Date
                                                                         Department
Maritime Transportation Security Act of 2002   Requires sectors of       Dept. of Homeland      46 U.S.C. §      Nov. 2002   http://www4.law.cornell.edu/uscode/46/2101.html
(MTSA)                                         maritime industry to      Security (U.S. Coast   2101 et seq.
                                               complete security         Guard)                 Pub.L. 107-295
                                               assessments, develop
                                               security plans and
                                               implement security
                                               measures and
                                               procedures.




Federal Hazardous Materials Law                Establishes regulations   Dept. of Homeland      49 U.S.C. §      Jan. 1983   http://www4.law.cornell.edu/uscode/49/stIIIch51.ht
                                               for transport of          Security (DOT)         5101 et seq.     (amended    ml
                                               hazardous materials via                                           last in
                                               all modes                                                         1999)


Trade Act of 2002                              Gave the president        Dept. of Homeland      Public Law       Aug. 2002   http://frwebgate.access.gpo.gov/cgi-
                                               increased authority to    Security (Customs)     107-210                      bin/getdoc.cgi?dbname=107_cong_public_laws&do
                                               make it easier to trade                                                       cid=f:publ210.107
                                               with other countries;
                                               also sought to protect
                                               workers displaced by
                                               jobs moving abroad




Notification and Federal Employee Anti-        Mandates that Federal     Dept. of Homeland      5 U.S.C. §       Oct. 2003   http://www4.law.cornell.edu/uscode/5/2302.html
Discrimination and Retaliation Act (No FEAR    Agencies be more          Security               2302 et. seq.
Act)                                           accountable for                                  Pub.L. 107-174
                                               violations of anti-
                                               discrimination and
                                               whistleblower
                                               protection laws
                                                                            Statutes*1
Common Name                                       Brief Description         Responsible          Citation         Effective   Website
                                                                            Government                            Date
                                                                            Department


Customs Modernization Act (Mod Act) (Passed       Sets out specific rules   Dept. of Homeland    H.R. 3450        Jan. 1993   http://thomas.loc.gov/cgi-
as part of NAFTA)                                 and requirements for      Security (Customs)   Pub. L 103-182               bin/query/C?c103:./temp/~c103xXsW4u
                                                  importers, brokers, and
                                                  others regarding
                                                  recordkeeping




Arming Pilots Against Terrorism Act (Sec. 1401    Establishes a program     Dept. of Homeland    Pub.L 107-296    Nov. 2002   http://frwebgate.access.gpo.gov/cgi-
of Homeland Security Act)                         to deputize pilots        Security (DOT)                                    bin/getdoc.cgi?dbname=107_cong_public_laws&do
                                                                                                                              cid=f:publ296.107.pdf




Aviation and Transportation Security Act (ATSA)   Established               Dept. of Homeland    S. 1447          Nov. 2001   http://frwebgate.access.gpo.gov/cgi-
                                                  Transportation Security   Security (DOT)       Pub. L 107-71                bin/getdoc.cgi?dbname=107_cong_public_laws&do
                                                  Association and                                                             cid=f:publ071.107.pdf
                                                  centralized security
                                                  system for the
                                                  transportation industry




Safe Explosives Act (Sec. 1122 of Homeland        Amended section 18        Dept. of Homeland    PL 107-296       Nov. 2002   http://frwebgate.access.gpo.gov/cgi-
Security Act)                                     USC 842(i) by adding      Security (DOT)                                    bin/getdoc.cgi?dbname=107_cong_public_laws&do
                                                  several categories to                                                       cid=f:publ296.107.pdf
                                                  list of person who may
                                                  not lawfully ship,
                                                  transport, or receive
                                                  explosives in/out of US


*1Above information furnished by the Security
Executive Council
   Vicarious corporate executive liability for
    violation of some of the criminal and
    environmental laws
   Civil liability in money damages for tort law
    violations
   Criminal liability for companies and employees in
    foreign venues for violations of international
    laws and regulations
   Overarching federal statutes either mandate or
    furnish guidelines for fines and/or punishment
    for violation of statutes and regulations
   Corporate Security executives will be law
    enforcement and business qualified and also
    possess some technical security and
    management ability

   Chief Security Officer will report to Executive
    Management and have complete unfettered
    access to the “C” suite

   Corporate Security will have an enterprise
    component and deal with security matters in a
    manner business executives will understand
   Corporate Security plans and programs will be
    mostly pro-active and preventative anticipating
    security challenges and emergencies before they
    occur
   Corporate Security will use the team concept and
    interact with all the business units and service
    departments to ensure cost effective corporate
    security policy is practically implemented
    company wide.
   Corporate Security plans and programs will have
    to deal with the reality of government regulation
    and develop innovative methods to keep current
    with the laws and effect compliance

   Develop innovative methods to ensure security
    solutions are as multi-faceted as possible so that
    the cost and compliance components can be
    spread among other business units
Corporate Security will re-orient its goals from
  strictly law enforcement objectives to ones that
  includes a business component e.g. provide
  metrics for security services that:
   Increase profitability
   Reduce costs
   Enhance the brand
   Improve customer relationships
   Reduce employee attrition
   Drug Testing Programs
   Employee Reduction Programs
   Investigative and Interview Training
   Background Inquiries
   Expatriate Mobilization Programs
   Workplace Violence Programs
   Crisis Management Programs
   Security Awareness Programs
   Domestic and Global Evacuation Programs
QUESTIONS?

								
To top