security - emmanuel fuchs webs site

Download Report

Transcript security - emmanuel fuchs webs site

Security
Crisis Management
Emmanuel FUCHS
Slides available at www.Elfuchs.Fr
Crisis Management
•
•
•
•
Crisis
Crisis Management Process
Risk analysis
Crisis Management System
Crisis management system
Yes I start by the end !
Definition
• A crisis can be defined as any
unplanned event, occurrence or
sequence of events that has a specific
undesirable consequence.
Crises examples
•
•
•
•
Natural disasters,
Financial manipulation,
Pollution,
Terrorism,
Crisis management
• Coordination
– Effective coordination of activities among the
organizations having a management/response role;
• Warning
– Early warning and clear instructions to all concerned if
a crisis occurs;
• Decision
– Continued assessment of actual and potential
consequences of the crisis;
• Continuity
– Continuity of business operations during and
immediately after the crisis.
Crisis management planning
Event
Prepare Plan
Execute Plan
Crisis management planning
• Develop
– Policy, strategy, priority, controls.
• Test
– Planning gaps.
• Train
– Prepare staff.
• Maintain
– Update, improve.
Contingency plan content
• Objective of the plan:
– Continue normal operations, continue in a degraded
mode, abort the function as quickly as safely possible,
• Criteria for invoking the plan:
– Local disaster, experiencing serious system failures,
• Expected life of the plan:
– How long can operations continue in contingency
operating mode?
• Roles, responsibilities and authority
Contingency plan content
• Training on and testing of plans
• Procedures for operating in contingency mode
• Resource plan for operating in contingency
mode:
– Staffing, scheduling, materials, supplies, facilities,
temporary hardware and software, communications,
…
• Criteria for returning to normal operating mode
• Procedures for returning to normal operating
mode
• Procedures for recovering lost or damaged data
Crisis Management
•
•
•
•
Crisis
Crisis Management Process
Risk analysis
Crisis Management System
Crisis management process loop
Preparation
Mitigation
Response
Rebuild
Crisis management process loop
• Mitigation
– Long-term measures for reducing or
eliminating risk. (Risk analysis)
• Preparedness
– Develop plans of action (command).
• Response
– Activate and control on the field actors.
• Recovery
– Rebuild and restart normal activities.
Process phase
Mitigation
Preparedness
Response
Risk analysis
Event
Recovery
Crisis Management
•
•
•
•
Crisis
Crisis Management Process
Risk analysis
Crisis Management System
Risk management
• The term risk management is applied in a
number of diverse disciplines.
• Statistics, economics, psychology, social
sciences, biology, engineering, toxicology,
systems analysis, operations research, decision
theory
Risk analysis
• Risk analysis tries to answer the
questions:
– 1) what can happen ?
– 2) how likely is it to happen ?
– 3) given that it occurs, what are the
consequences ?
Risk analysis case
3150mm
12500mm
3250mm
Very Expensive
Painting
15000mm
4600mm
1800,0 mm x 2000,0 mm
Risk analysis case
• Vulnerability : no burglar alarm system
• Threat : burglary
• Countermeasure : install burglar alarm
Risk analysis case
•
•
•
•
Value of the painting : 1000 euros
Value of the burglar alarm : 200 euros
Probability of burglary : 10%
Value of the risk : 1000 euros x 10 %
• Risk = 100 euros
Burglar alarm more expensive than the risk !
Risk analysis goal
• A procedure to identify threats & vulnerabilities,
analyze them to verify the exposures, and
highlight how the impact can be eliminated or
reduced.
• Risk analysis goal:
– To commensurate (balanced) security measures with
the risks applicable.
– To establish where to invest security budget for the
best return.
Risk and uncertainty
• Uncertainty frequently impacts our decisions and
actions.
• When we talk about risk, we mean the chance
that some undesirable impact will occur.
• Hence, we normally seek to avoid or minimize
risk.
Coin toss
• Two coin toss
– That gains $50 or breaks even,
– That gains $150 or loses $100,
• The average or 'expected' outcome of both
tosses is $25.
Risk impact assessment.
In project management
• Risk impact is the effect on project
objectives if the risk occurs, which may be
a negative effect (threat) or a positive
effect (opportunity).
• Risk is the effect “positive” or “negative” of
an event.
Risk analysis in project management
•
Risk probability and risk impact may be
described in qualitative way :
– Unacceptable (red area)
– Acceptable, but risk reduction measures
needs to be considered (yellow area)
– Unconditionally acceptable ie the risk is
negligible (green area)
probability
Risk analysis in project management
consequence
Project risk management
ID
Risk
Probab. Impact
R01
Schedule slippage and
slow progress in general
Medium
High
R02
Under-estimation of the
required effort
Low
Medium
R03
Change of key-personnel
Low
High
R04
Unstable or inconsistent
requirements.
Medium
Medium
R05
Technical difficulties in
harmonisation,
adaptation and
integration of software
components
The identified user
requirements are not
feasible within the scope
of the project
Medium
Medium
Low
High
R06
Preventive/Corrective Action
Strong project management and full
commitment to the project from senior
management within each partner
organisation Application of management
principles/tools proven in comparable
projects
Monitor the planned versus actual effort
per task. Early warning in quarterly status
reviews. Timely team reinforcement
Standardising the way of working across
the various teams.
Definition of resources backup policy for
fast compensation and substitution
Requirements changes impacts to be
pointed out as soon as they arise. Early
agreed requirements document
Early assessment of software risks.
Early definition of standards, interfaces,
conventions. Structured software
development process
Manage the user requirements analysis
process in order to ensure that
expectations are realistic
Clearly prioritise those functions that will
be essential for the prototype
Risks evaluation
IMPACT
LOW
P
HIGH
R
O
B
A
B MEDIUM
I
L
I
LOW
T
Y
MEDIUM
HIGH
R04
R05
R01
R02
R03
R06
Risk elements
•
•
•
•
Event: what could happen?
Probability: how likely is it to happen?
Impact: how bad will it be if it happens?
Mitigation: how to reduce the probability and by
how much?
• Contingency: how to reduce the impact and by
how much?
• Reduction = mitigation x contingency
• Exposure = risk – reduction
Types of risk analysis
• Quantitative risk analysis
– The probability of an event occurring
– The likely loss should it occur.
• Probability x likely loss
• Qualitative risk analysis
– Focuses on the impact
– Risk model
Qualitative risk analysis model
• Threats
• Vulnerabilities
• controls
Qualitative risk analysis model
• Threats
– Things that can go wrong or that can 'attack'
the system.
• Examples might include fire or fraud.
– Threats are ever present for every system.
Threats
•
Human
– From individuals or organizations, illness, death, etc.
•
Operational
– From disruption to supplies and operations, loss of access to essential assets, failures
in distribution, etc.
•
Reputation
– From loss of business partner or employee confidence, or damage to reputation in the
market.
•
Procedural
– From failures of accountability, internal systems and controls, organization, fraud, etc.
•
Project
– Risks of cost over-runs, jobs taking too long, of insufficient product or service quality,
etc.
•
Financial
– From business failure, stock market, interest rates, unemployment, etc.
•
Technical
– From advances in technology, technical failure, etc.
•
Natural
– Threats from weather, natural disaster, accident, disease, etc.
•
Political
– From changes in tax regimes, public opinion, government policy, foreign influence,
etc.
Natural threats
•
•
•
•
•
•
•
•
•
Flooding,
Fire,
Seismic activity,
High winds,
Snow and ice storms,
Volcanic eruption,
Tornado, hurricane,
Epidemic,
Tidal wave, typhoon.
Technical threats
• Power failure/fluctuation,
• Heating,
• Ventilation or air conditioning failure, malfunction
or failure of CPU,
• Failure of system software,
• Failure of application software,
• Telecommunications failure,
• Gas leaks,
• Communications failure,
• Nuclear fallout.
Human threats
•
•
•
•
•
•
•
•
•
Robbery,
Bomb threats,
Embezzlement,
Extortion,
Burglary,
Vandalism,
Terrorism,
Civil disorder,
Chemical spill,
•
•
•
•
•
•
•
•
•
•
Sabotage,
Explosion,
War,
Biological contamination,
Radiation contamination,
Hazardous waste,
Vehicle crash,
Airport proximity,
Work stoppage (strike)
Computer crime.
Qualitative risk analysis model
• Vulnerabilities
– Make a system more prone to attack by a
threat or make an attack more likely to have
some success or impact.
• For example, for fire a vulnerability would be the
presence of inflammable materials (e.G. Paper).
• Software Complexity
Qualitative risk analysis model
• Controls
– Countermeasures for vulnerabilities.
– There are four types of controls:
• Deterrent controls
– Reduce the likelihood of a deliberate attack
• Preventative controls
– Protect vulnerabilities and make an attack unsuccessful or
reduce its impact
• Corrective controls
– Reduce the effect of an attack
• Detective controls
– Discover attacks and trigger preventative or corrective controls.
Qualitative risk analysis model
THREAT
VULNERABILITY
CONTROLS
Fire
Presence of Flammable
materials
Sprinklers Extinguishers
Software Error
Complexity
Design and development,
standards, Change control.
Qualitative risk analysis model
Threat
creates
Attack
eploits
Vulnerabilty
Results in
Impact
Qualitative risk analysis model
Threat
Deterrent
control
creates
Reduces likelihood of
Attack
discovers
Detective
Control
Triggers
eploits
Triggers
protects
Vulnerabilty
Results in
Corrective
Control
Preventative
control
Reduces
Decreases
Impact
Risk management process
Establish
Context
Identify Risks
Opportunities & Losses
Analyze Risks
Likelihood & Severity
Evaluate Risks
Ranked & Prioritized
Treat Risks
Crisis Management
•
•
•
•
Crisis
Crisis Management Process
Risk analysis
Crisis Management System
Crisis management system
Incident management system
• Provide the pertinent, accurate information you need to make critical
decisions.
• Deploy personnel, equipment, communication, facilities and
procedures effectively and efficiently.
• Give access to information to plan, direct, coordinate and control
resources.
• Foster collaboration and coordination with other command control
systems.
• Deliver secure, dependable systems on time and within budget.
Emergency response organization
Strategic
Big Picture
Operational
Tactical First Responder
Emergency system architecture
Higher level Response (Strategic level)
Planning tools
Risk Assessment
emergency centers
(Operative Level)
Low response Cell (Tactical Level)
Simulation Framework
M&S System
Management
First Responders Units
Environment
(Urban area, weather)
Resource Mgt
(logistic, …)
Critical Assets
Crisis management schedule
Preparation
Non real time
Off line
Crisis Management
Real Time
On line
incident response phase
The incident
Crisis management system
functions
•
Command and control
– To provide the functions necessary to put multiple response and recovery plans
into action
•
Communication and intelligence
– To effectively receive and transmit information
•
Coordination and documentation
– To organize all of the steps taken to respond to an event and create a record of
those actions to protect employees, infrastructure and shareholder value
•
Automated checklists
– To ensure that response and recovery is complete for major functions
•
Alert notifications
– To sort and distribute messages so managers/commanders can track and log
multiple and varied notifications
•
Media management
– To inform the media about the progress the company is making toward normal
operations
Emergency system architecture
Plans
Managment
Crisis
Managers
Geographical
information
Ressources
Managment
Events
Managment
Alerts
Managment
Check Lists
Managment
Documents
Managment
Modelling
&
Simulation
Brieffing
Emergency system architecture
Geographical information system
geo-referenced
information: information
that is associated with a
physical location
Common situation awareness
•
•
•
•
•
•
•
•
•
•
•
•
Annotations and markups
Data sharing and synchronization
Chat
Data acquisition
Geospatial collaboration
Asset tracking: blue force tracking, location-based
services
Decentralized data editing
Fusion of geospatial data
Neutral and trusted workspace
Sensor integration
Reporting
Web-based services
Distributed crisis management
system
• All participants have to share information, make decisions and
deploy resources without being physically present in the same
place.
• Using web-enabled software allows participants to work from
their normal workstation, from home or from the field.
• Emergency plans and reports are available from any location.
• All information can be maintained in a central database that is
available to participants from anywhere in the world.
Web services based distributed emergency system architecture
Emergency
Work
Flow
Services
Orchestration
Transform
Use
Services
Expose
Components
Middleware
Conclusion
Thank you for your attention
Questions are welcome
Contacts :
[email protected]
Slides available at www.elfuchs.fr