1 / 14

2012 Transportation Research Board Annual Meeting Washington DC January 25 th , 2012 Michael J. Penders, Esq. Enviro

Standards for Supply Chain Risk Assessment and Security Management: ISO 28000 Assuring Safety, Security, and Sustainability using supply chain analysis, planning, and integrated Quality Management Systems. 2012 Transportation Research Board Annual Meeting Washington DC

adamma
Télécharger la présentation

2012 Transportation Research Board Annual Meeting Washington DC January 25 th , 2012 Michael J. Penders, Esq. Enviro

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Standards for Supply Chain Risk Assessment and Security Management: ISO 28000 Assuring Safety, Security, and Sustainability using supply chain analysis, planning, and integrated Quality Management Systems 2012 Transportation Research Board Annual Meeting Washington DC January 25th, 2012 Michael J. Penders, Esq. Environmental Security International L3C www.esisecurity.com

  2. Identifying Vulnerabilities and Reducing Risk withIntegrated Management Systems: Performance Measures, Accountability, and Deterrence • Integrated Security Management requires the capacity to detect, prevent, and limit consequences of deliberate or negligent acts across the supply and distribution chains. • Focused on acts that would use hazardous materials, wastes, supply chain, or infrastructure as a weapon or means of delivering an attack. • An All Hazards Approach to Risk Assessment

  3. Process for Integrated Risk Assessment, Management and Systems • Planning for many release and attack scenarios that pose threats to critical assets; not just worst case. • Dynamic paradigms for risk assessment and planning. • Benefits of Integrating Environmental, Health, Safety, Emergency Response, Disaster Recovery, Business Continuity, Information and Physical Security systems. • Organizational Resiliency • Enterprise Risk Management

  4. Homeland Defense, Integrated Management Systems, and National Security • Nationally, Internationally, at Ports, and at Facilities: “We don’t know what we know.” • Stove piping of agencies and information • Speed and synthesis: keys to comprehension and security. • Integrating environmental, energy, and security monitoring into operational controls, with defenses for IT systems

  5. Integrating Elements of Security into Operational Management Systems • Access to Reliable Information by Decision Makers, Emergency Responders, Security • Data Mining, Operational Controls, Remote Sensing • Planning, Communications, Training • Standards for Incident Command • Demonstrated Performance at Military Bases

  6. Critical Elements of Vulnerability, Risk Assessment and Systems Review • Facility and Treatment Review • Physical Security: Perimeter; access controls; vehicles and materials delivery management; hazardous materials management; facilities design; critical infrastructure; personnel; subcontractors • SCADA, Information, and Cyber Security • Critical Control Points along Supply Chain

  7. Strategic Security Management • Blue Plains D.C. Waste Water Treatment Facility • Pollution Prevention and Strategic Sustainability • Co-Generation, Redundancy, Defenses • Management Controls and Real Time Monitoring • Towards an Integrated Systems Approach • Assuming worst case scenarios and that the enemy knows; design systems accordingly

  8. New Standard and Incentives for Integrated Security Management • New International Standards for Security Management System (SMS) • ISO 28000; ISO 27000 • Performance Measures for Integrated Systems: Speed, Synthesis, Risk Reduction • E-Commerce and Supply Chain Management • Insurance/Financial/Regulatory Consideration

  9. Security Planning Model Continuous Vigilance Model Change Security Management System Incident SVA Audit

  10. Leadership commitment Security vulnerability assessment Legal and other requirements Threat and hazard deterrence and mitigation Implementation and operation Resources, roles, responsibility and authority Competence, training and awareness Continuous improvement Monitoring and measurement System evaluation Nonconformity, corrective action and preventive action Control of record Internal audit Management review Communications and warning Documentation Control of documents Operations and procedure Emergency preparedness and response Security Management System Model Elements

  11. SVA Methodology Step 1: Asset Characterization Step 2: Threat Assessment Step 3: Vulnerability Analysis Step 4: Risk Assessment Step 5: Countermeasures Analysis

  12. Security Management System Value to external Stakeholders: Customers; Government; Financial Institutions, Public Integrated Security Management System Innovative Technologies Enterprise Risk Management Business Continuity Deterrence

  13. For more information or questions: Michael Penders mpenders@esisecurity.com (703) 330-3752 www.esisecurity.com

More Related