logging in or signing up secf alp Bernadette Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINTLite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 268 Category: Entertainment License: All Rights Reserved Like it (0) Dislike it (0) Added: November 12, 2007 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript Active Loss Prevention initiative: Active Loss Prevention initiative Ian Lloyd Director of the Active Loss Prevention initiativeSituation: Situation New technologies bring new opportunities They also bring new risks from old threats Accidents Crime War / terrorism The difference is often the speed with which things happenLearning from history: Learning from history Just like all new technology waves Mercantile shipping Telegraph / telephone Automobile (safety) Aviation Petrochemicals Buildings In all these, the gains far outweighed the losses, until …..Losses happen: Losses happen Losses begin to happen Lives are lost Social pressure for change Financial risk becomes to great Fortunes wrecked Reputations ruined (Anderson!)Problem : Problem Disparate technologies Missing links – sensors, design, code, tests etc. No commercial frameworks Legal, insurance, risk, audit, regulation etc. Governance gaps Prevention and risk management is not institutionalised at any level Boardroom staff What happened next …What happened next?: What happened next? Shipping Lloyd’s coffee house Technical change and standards Legislation Insurance Drew in the ship owners and entrepreneurs There was unsustainable loss – both financial and reputationWhat happened next?: What happened next? Buildings Woolworths Discos Structural collapses Earthquakes! Change was reactive to socially, politically or financially unacceptable losses Occurred over time Development of new technology, standards, laws and commercial instruments Spurred on by the opportunity to make money Innovators and early adopters get involved IT and the Internet: IT and the Internet History is repeating itself Dependencies and risks are huge Impact can be national or international Speed of adoption is increasing Need to act before the disaster Digital Pearl Harbour Continent wide Brown out Collapse of a currency Destruction of an IT enabled business Technology driven: Technology drivenBad publicity: Bad publicity Free Kevin! DDOS War Games Viruses and Worms Corporate Data Collection Spam Carnivore Web DefacementsPerceived Inaction: Perceived Inaction Media Surveys Increased Public Fear and Concern Experience within governmentHere Come the Governments (and the Lawyers! ): Here Come the Governments (and the Lawyers! ) Data Protection Laws Legal Barriers to Enforcing Rights Liability for NegligenceWhy legislation?: Why legislation? Problems of form Electronic “signature” Electronic “writing” Introduction as evidence Liability apportionment Particularly CA (third party) liabilitySelf regulation: Self regulation Agree standards to work to Certification to those standards Global acceptance and usage Critical Infrastructures: Information Systems & Telecommunications Emergency Services Critical InfrastructuresDon’t forget the old stuff: Don’t forget the old stuff “Electronic Commerce will modify some of the traditional models for the conduct of business. However, it is important that many of the long-standing elements of commerce be replicated in the electronic world” (NIST, http://nii.nist.gov/pubs/trust-1.html)Slide17: “trust is essential to business - security just gets in the way” “trust is essential to business - security just gets in the way”Vision: Vision Technology Governance Commercial Trust services Risk termsRoadmap: RoadmapA quote…: A quote… “It is good to trust… Acting as if you don’t trust the other party forces you to find ways to trust the transaction. …it is better not to” -Sholom Bryski, quoting one of his mentorsDelivering the traffic light: Delivering the traffic lightServices that may be needed: Services that may be needed Notary Restoration Services Access Control Evidential Analysis Identity tracking Storage -contracts -keys -evidential -documents Monitoring real time Reliable Messaging Underwriter Credential Management PolicyCustomer requirements: Customer requirements ‘Commercial’ Vocabulary of risk terms Liability Actuarial data Steering group Digital Chain of Trust Risk mitigation Risk management methods Insurance response to business needs Propagation of liability Education and promotion Standards of due care ‘Technical’ Trust services Technology liaison group Standards of due care Risk management tools How topics fit together Policy Guidance: How topics fit together Policy Guidance Mitigation Effectiveness Actuarial Data Risk Vocabulary Standards of Due Care Insurance ‘packaged products’ Liability (standards, contract terms, model laws, model regulations) Risk Management Methods Mitigation improvementInterfaces: Interfaces Notary Restoration Services Access Control Evidential Analysis Identity tracking Storage Monitoring real time Reliable Messaging Underwriter Credential Management PolicySlide26: Trust Services Recommendation Verification Messaging Notary Credentials Notary Secret Keeping Identity Archiving Identity Tracking Trusted Storage Service Storage Technology Identity Credentials Roles Responsibilities AuthorisationTo regulate or not: To regulate or not Some regulation is needed Industry self regulation can do the rest Governments must make sure self regulation works well Industry must behave responsiblyCustomer top 4: Trust Services Liability Actuarial Data Vocabulary of risk terms Trust Services Technical services that will be needed to deliver the requirements of other groups Initial support from technology providers Liability Scope requirements for a set of projects for this area Examples: Standard contract terms, model law, model regulation, standard terms of business etc Vocabulary of risk terms A set of terms that can be used to accurately communicate risk information Initial support from legal, audit and insurance Actuarial Data Enable the insurance industry to assess risk, cost, frequency of events, severity etc Initial interest from insurance institutions Customer top 4 Slide29: Governance & Policy Architecture Requirements Design Spec Procure Manage Parts & Pieces ‘AIC’ ‘Verifier ‘Watchdog’ ‘Interrogator’ ‘Identifier’ Board & Advisors Executive VP & Specialists CIO & Operations Procurement Suppliers Active Loss Prevention Open Group Core Active Loss Prevention Initiative Renew Education & Training Management & InformationHow topics fit together Risk Quantification: How topics fit together Risk Quantification Mitigation Effectiveness Actuarial Data Risk Vocabulary Liability (Third parties, propagation, jurisdiction)How topics fit together Due Care Guidance: How topics fit together Due Care Guidance Mitigation Effectiveness Actuarial Data Risk Vocabulary Standards of Due Care Risk Management Methods Liability (Third parties, propagation, jurisdiction)How topics fit together Due Care and Liability: How topics fit together Due Care and Liability Mitigation Effectiveness Actuarial Data Risk Vocabulary Standards of Due Care Risk Management Methods Liability (Third parties, propagation, jurisdiction)How topics fit together Policy Guidance: How topics fit together Policy Guidance Mitigation Effectiveness Actuarial Data Risk Vocabulary Standards of Due Care Insurance ‘packaged products’ Liability (standards, contract terms, model laws, model regulations) Risk Management Methods Mitigation improvement Certified components or services You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.
secf alp Bernadette Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINTLite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 268 Category: Entertainment License: All Rights Reserved Like it (0) Dislike it (0) Added: November 12, 2007 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript Active Loss Prevention initiative: Active Loss Prevention initiative Ian Lloyd Director of the Active Loss Prevention initiativeSituation: Situation New technologies bring new opportunities They also bring new risks from old threats Accidents Crime War / terrorism The difference is often the speed with which things happenLearning from history: Learning from history Just like all new technology waves Mercantile shipping Telegraph / telephone Automobile (safety) Aviation Petrochemicals Buildings In all these, the gains far outweighed the losses, until …..Losses happen: Losses happen Losses begin to happen Lives are lost Social pressure for change Financial risk becomes to great Fortunes wrecked Reputations ruined (Anderson!)Problem : Problem Disparate technologies Missing links – sensors, design, code, tests etc. No commercial frameworks Legal, insurance, risk, audit, regulation etc. Governance gaps Prevention and risk management is not institutionalised at any level Boardroom staff What happened next …What happened next?: What happened next? Shipping Lloyd’s coffee house Technical change and standards Legislation Insurance Drew in the ship owners and entrepreneurs There was unsustainable loss – both financial and reputationWhat happened next?: What happened next? Buildings Woolworths Discos Structural collapses Earthquakes! Change was reactive to socially, politically or financially unacceptable losses Occurred over time Development of new technology, standards, laws and commercial instruments Spurred on by the opportunity to make money Innovators and early adopters get involved IT and the Internet: IT and the Internet History is repeating itself Dependencies and risks are huge Impact can be national or international Speed of adoption is increasing Need to act before the disaster Digital Pearl Harbour Continent wide Brown out Collapse of a currency Destruction of an IT enabled business Technology driven: Technology drivenBad publicity: Bad publicity Free Kevin! DDOS War Games Viruses and Worms Corporate Data Collection Spam Carnivore Web DefacementsPerceived Inaction: Perceived Inaction Media Surveys Increased Public Fear and Concern Experience within governmentHere Come the Governments (and the Lawyers! ): Here Come the Governments (and the Lawyers! ) Data Protection Laws Legal Barriers to Enforcing Rights Liability for NegligenceWhy legislation?: Why legislation? Problems of form Electronic “signature” Electronic “writing” Introduction as evidence Liability apportionment Particularly CA (third party) liabilitySelf regulation: Self regulation Agree standards to work to Certification to those standards Global acceptance and usage Critical Infrastructures: Information Systems & Telecommunications Emergency Services Critical InfrastructuresDon’t forget the old stuff: Don’t forget the old stuff “Electronic Commerce will modify some of the traditional models for the conduct of business. However, it is important that many of the long-standing elements of commerce be replicated in the electronic world” (NIST, http://nii.nist.gov/pubs/trust-1.html)Slide17: “trust is essential to business - security just gets in the way” “trust is essential to business - security just gets in the way”Vision: Vision Technology Governance Commercial Trust services Risk termsRoadmap: RoadmapA quote…: A quote… “It is good to trust… Acting as if you don’t trust the other party forces you to find ways to trust the transaction. …it is better not to” -Sholom Bryski, quoting one of his mentorsDelivering the traffic light: Delivering the traffic lightServices that may be needed: Services that may be needed Notary Restoration Services Access Control Evidential Analysis Identity tracking Storage -contracts -keys -evidential -documents Monitoring real time Reliable Messaging Underwriter Credential Management PolicyCustomer requirements: Customer requirements ‘Commercial’ Vocabulary of risk terms Liability Actuarial data Steering group Digital Chain of Trust Risk mitigation Risk management methods Insurance response to business needs Propagation of liability Education and promotion Standards of due care ‘Technical’ Trust services Technology liaison group Standards of due care Risk management tools How topics fit together Policy Guidance: How topics fit together Policy Guidance Mitigation Effectiveness Actuarial Data Risk Vocabulary Standards of Due Care Insurance ‘packaged products’ Liability (standards, contract terms, model laws, model regulations) Risk Management Methods Mitigation improvementInterfaces: Interfaces Notary Restoration Services Access Control Evidential Analysis Identity tracking Storage Monitoring real time Reliable Messaging Underwriter Credential Management PolicySlide26: Trust Services Recommendation Verification Messaging Notary Credentials Notary Secret Keeping Identity Archiving Identity Tracking Trusted Storage Service Storage Technology Identity Credentials Roles Responsibilities AuthorisationTo regulate or not: To regulate or not Some regulation is needed Industry self regulation can do the rest Governments must make sure self regulation works well Industry must behave responsiblyCustomer top 4: Trust Services Liability Actuarial Data Vocabulary of risk terms Trust Services Technical services that will be needed to deliver the requirements of other groups Initial support from technology providers Liability Scope requirements for a set of projects for this area Examples: Standard contract terms, model law, model regulation, standard terms of business etc Vocabulary of risk terms A set of terms that can be used to accurately communicate risk information Initial support from legal, audit and insurance Actuarial Data Enable the insurance industry to assess risk, cost, frequency of events, severity etc Initial interest from insurance institutions Customer top 4 Slide29: Governance & Policy Architecture Requirements Design Spec Procure Manage Parts & Pieces ‘AIC’ ‘Verifier ‘Watchdog’ ‘Interrogator’ ‘Identifier’ Board & Advisors Executive VP & Specialists CIO & Operations Procurement Suppliers Active Loss Prevention Open Group Core Active Loss Prevention Initiative Renew Education & Training Management & InformationHow topics fit together Risk Quantification: How topics fit together Risk Quantification Mitigation Effectiveness Actuarial Data Risk Vocabulary Liability (Third parties, propagation, jurisdiction)How topics fit together Due Care Guidance: How topics fit together Due Care Guidance Mitigation Effectiveness Actuarial Data Risk Vocabulary Standards of Due Care Risk Management Methods Liability (Third parties, propagation, jurisdiction)How topics fit together Due Care and Liability: How topics fit together Due Care and Liability Mitigation Effectiveness Actuarial Data Risk Vocabulary Standards of Due Care Risk Management Methods Liability (Third parties, propagation, jurisdiction)How topics fit together Policy Guidance: How topics fit together Policy Guidance Mitigation Effectiveness Actuarial Data Risk Vocabulary Standards of Due Care Insurance ‘packaged products’ Liability (standards, contract terms, model laws, model regulations) Risk Management Methods Mitigation improvement Certified components or services