Port ERPBCP Update

About This Presentation

Title:

Port ERPBCP Update

Description:

Example: Company badge with photo must be worn when ever inside the company building ... Restoration And Recovery Information. Safety and Security ... – PowerPoint PPT presentation

Number of Views:31

Avg rating:3.0/5.0

Slides: 20

Provided by: stevelo9

Category:

more less

Transcript and Presenter's Notes

Title: Port ERPBCP Update

1
Port of Redwood CityERP/BCP DevelopmentUpdate
Steve Longoria, CCP, CHS-III, CPM Security
Consultant Aanko Technologies Inc.
2
AGENDA

The Challenge of Security
The Ingredients of an Attack
Protection Framework
ERP/BCP Highlights
Ten Immutable Laws of Security Administration

3
The Challenge Of Security
Ports face challenges from government mandates to
ensure their infrastructure and information
assets are secure, yet not impede the flow of
commerce.

Provide services
Wharves, Offices, Site Access, Security
while protecting Port assets.
Financial data, Infrastructure, network
resources, intellectual property, customer
information, waterways

4
7 Step Security Process

Establish Security Team
Perform a Security Assessment of I2
Conduct a Risk Analysis for assets
Design/implement Security Standards (FSP)
Write an Organization ERP/BCP
Implement ERP/BCP Training Awareness
Perform Ongoing Security Management

5
Why is Security so difficult?

An attacker only has to find a single entry point
into the Port restricted areas-its own and its
tenants. You have to plan for and defend every
possible entry point
Persistence is their greatest weapon. Managing
Risk is your best defense
There is a delicate balance between the security
of a Port and its level of functionality/usability

6
Why Do So Many Security Strategies Fail?

Too loose or too restrictive policies
Poor design, analysis and countermeasures to
security issues
Ignoring the problem or not giving proper
attention to potential security risks due to
politics or poor procedures

7
The Ingredients of an Attack
Threat Motive Method Vulnerability ATTACK!
8
Need for ERP/BCP Integration
9
What are the Threats?

The accidental mistake by an ignorant employee or
contractor can be a security threat as well and
must be planned for
Integration of ERP pre-disaster tools leverage
contigency planning techniques to mitigate
Natural disasters

10
What are the Vulnerabilities?

Port lacks security features
Port still open
Commerce not addressed by security mandates

Technology
Cracks in the protective wall
Planning, Policies procedures
The human factor

Designing for security
Roles responsibilities
Auditing, tracking, follow up
Continuity of staff assignments
Staying up-to-date with security development

Lack of Funding
Lack of commitment
Human error

11
What are the Methods?

Unauthorized R/A Access
IT Viruses
Bombs or Bomb Threats
Arson
E-mail impersonation

Network eavesdropping
Social engineering
Environmental Damage
Sabotage
Theft

Just examples, many more methods possible
12
Framework for Protection
Technology
Planning, Policies procedures
The human factor
13
Prevention

Avoid the problems before they happen
Typically a proactive approach
Will only guard against the attacks that could be
forseen
This is the area where technology is most helpful
Example Must use personnel badging system to
access office areas

14
Detection

Detect the security breaches that are able to
overcome the prevention
Relevant both for the forseen and unforseen
security breaches
Can be both reactive and proactive
Technology can help a lot, but this is a complex
area that requires a lot of intelligence and
awareness
It is vital to collect all evidence and document
all actions, if you want to prosecute later
Example Company badge with photo must be worn
when ever inside the company building

15
Reaction

Detection without reaction is meaningless! ERP
Initiation needed
Restore the Infrastructure, information or
service to normal operation BCP Initiation
needed
Learn from experience and improve security
update plans

16
Defense In Depth