Risk-based security in practice Turning information into smart screening. October 2014

Similar documents
From Dabbling to Doing The Age of the Intuitive Enterprise

The Deloitte-NASCIO Cybersecurity Study Insights from

The HIPAA Security & Privacy Rule How Municipalities Can Prepare for Compliance

Anticipating the wider business impact of a cyber breach in the health care industry

Spiros Angelopoulos Principal Solutions Architect ForgeRock. Debi Mohanty Senior Manager Deloitte & Touche LLP

Cloud Computing Overview. The Business and Technology Impact. October 2013

Office of Acquisition Program Management (OAPM)

Airport Consultants Council

COUNTERING IMPROVISED EXPLOSIVE DEVICES

Building and Testing an Effective Incident Response Plan

Cyber Risk and Networked Medical Devices

Deloitte Accounting Research Tool Frequently Asked Questions

Standing Together for Financial Industry Resilience Quantum Dawn 3 After-Action Report. November 19, 2015

Standing Together for Financial Industry Resilience Quantum Dawn IV after-action report June 2018

Headline Verdana Bold

Deloitte Accounting Research Tool Frequently Asked Questions

Data Protection. Practical Strategies for Getting it Right. Jamie Ross Data Security Day June 8, 2016

Risk Management for Homeland Security and Enhancing Food Safety

Managing Cyber Risk. Robert Entin Executive Vice President Chief Information Officer Vornado Realty Trust

Multi-factor authentication enrollment guide for Deloitte client or business partner user

#DeloitteInnovation: In-Time Uncover the Potential of SAP HANA

The Quest to Measure Strength of Function for Authenticators: SOFA, So Good

The value of visibility. Cybersecurity risk management examination

Section One of the Order: The Cybersecurity of Federal Networks.

Cyber Security Incident Response Fighting Fire with Fire

The NIST Cybersecurity Framework

UAE National Space Policy Agenda Item 11; LSC April By: Space Policy and Regulations Directory

13.f Toronto Catholic District School Board's IT Strategic Review - Draft Executive Summary (Refer 8b)

STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE

CRS Report for Congress

Are we breached? Deloitte's Cyber Threat Hunting

Executive Order on Coordinating National Resilience to Electromagnetic Pulses

Real estate predictions 2017 What changes lie ahead?

International Atomic Energy Agency Meeting the Challenge of the Safety- Security Interface

Emerging Technologies The risks they pose to your organisations

National Counterterrorism Center

Global Mobile Consumer Survey, US Edition Overview of results

Framework for Improving Critical Infrastructure Cybersecurity

Strategic Five-Year Technology Investment Plan for Aviation Security

COUNTERING IMPROVISED EXPLOSIVE DEVICES

Published Privacy Impact Assessments on the Web. ACTION: Notice of Publication of Privacy Impact Assessments (PIA).

Thailand Digital Government Development Plan Digital Government Development Agency (Public Organization) (DGA)

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

U.S. Japan Internet Economy Industry Forum Joint Statement October 2013 Keidanren The American Chamber of Commerce in Japan

General Data Protection Regulation. May 25, 2018 DON T PANIC! PLAN!

CFOs in a new global environment Sandy Cockrell, Deloitte

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

INFORMATION ASSURANCE DIRECTORATE

How Smart are You?: How Smart Phones and Tablets are Changing Financial Services. FIRMA National Risk Management Training Conference Julia Kirby

Cincinnati/Northern Kentucky International Airport. Partnership for Nuclear Security Insider Threat Summit September, 2015

Evaluating Cybersecurity Coverage A Maturity Model. Presented to: ISACA Charlotte Chapter Vision for IT Audit 2020 Symposium

LEAD RETRIEVAL BY FIRA BARCELONA

MassMEDIC s 21st Annual Conference

The Beyond the Border Action Plan

National Policy and Guiding Principles

Avoid a DCIM Procurement Disaster

THE WHITE HOUSE. Office of the Press Secretary EXECUTIVE ORDER

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

THE WHITE HOUSE Office of the Press Secretary EXECUTIVE ORDER

Vulnerability Assessments and Penetration Testing

CENTER for REGULATORY STRATEGY AMERICAS. Global cybersecurity compliance integrity A daunting but manageable challenge

Information Security Continuous Monitoring (ISCM) Program Evaluation

Connecting the Connectivities Symposium 11 June Thailand

Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

PTA. Practical Threat Analysis Calculative Tool

MFA Enrollment Guide. Multi-Factor Authentication (MFA) Enrollment guide STAGE Environment

GOVERNMENT IT: FOCUSING ON 5 TECHNOLOGY PRIORITIES

Legal, Ethical, and Professional Issues in Information Security

Advancing the MRJ project

Assessing the impacts of Amended Toxic Substances Control Act (TSCA) to the DoD Mission and the Defense Industrial Base (DIB)

Cybersecurity Risk Management:

STRATEGIC PLAN. USF Emergency Management

THE WHITE HOUSE. Office of the Press Secretary. For Immediate Release September 23, 2014 EXECUTIVE ORDER

Internet of Things (IoT) Securing the Connected Ecosystem

Global Services for the Public Sector

State of South Carolina Interim Security Assessment

Vulnerability Management. June Risk Advisory

MNsure Privacy Program Strategic Plan FY

REINVENTING ETHICAL, SUSTAINABLE SUPPLY CHAINS

Why C-TPAT? An Overview

Homeland Security Institute. Annual Report. pursuant to. Homeland Security Act of 2002

#DeloitteInnovation: In-Time How efficiently do you use your SAP HANA?

Beyond the Border: A Shared Vision for Perimeter Security and Economic Competitiveness

In 2017, the Auditor General initiated an audit of the City s information technology infrastructure and assets.

2 1 S T C E NTURY INFRASTRUCTURE C OMMI S SION EXECUTIVE SUMMARY

Solutions Technology, Inc. (STI) Corporate Capability Brief

Performance Measurement, Data and Decision Making: A Matter of Alignment. Mark F. Muriello Assistant Director Tunnels, Bridges & Terminals

GDPR: A QUICK OVERVIEW

Cyber Security is it a boardroom issue?

Presidential Documents

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

Bharath Chari Cyber Risk Sr. Manager, Deloitte & Touche LLP

Cyber Security: Are digital doors still open?

UAE Space Policy Efforts Towards Long Term Sustainability of Space Activities Agenda Item 4; COPUOS June 2017 By: Space Policy and

2017 Aid for Trade - Partner Country Questionnaire SurveyMonkey

PREPARED STATEMENT OF ERNEST R. FRAZIER, SR., ESQ. AMTRAK, CHIEF OF POLICE AND SECURITY DEPARTMENT

NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY

Overview. Business value

Compliance with ISPS and The Maritime Transportation Security Act of 2002

CASE STUDY: RELOCATE THE DATA CENTER OF THE NATIONAL SCIENCE FOUNDATION. Alan Stuart, Managing Director System Infrastructure Innovators, LLC

Transcription:

Risk-based security in practice Turning information into smart screening October 2014

Organizations charged with securing our society s vital functions transit, commerce, communication have expansive missions that create complex operational and budgetary challenges. Transportation Security Administration Federal Bureau of Investigation Customs and Border Protection Screens 1.8 million air travelers and 4.2 million checked and carry-on bags at 450 airports every day About TSA: Your Safety is Our Priority, Transportation Security Administration (no date) Manages over 13,000 special agents and 3,000 intelligence analysts who respond to diverse national security threats FY 2015 Authorization and Budget Request to Congress, Federal Bureau of Investigation (March 2014) Processes nearly 1 million U.S. and foreign citizens at air, land, and sea ports every day along 7,000 miles of land borders and 95,000 miles of coastline Integrity and Personal Accountability Strategy, Customs and Border Patrol (September 2014) Risk-based security (RBS) offers a solution to balance the many competing priorities of security organizations. In the aviation sector, security challenges are made even more complicated by the threat posed by adaptive adversaries. 2 Risk-based security in practice: Turning information into smart screening Copyright 2014 Deloitte Development LLC. All rights reserved.

Physical screening is one of many dependent layers of security within a much broader risk-based security (RBS) system. At the airport level, the RBS system consists of pre-screening, real-time threat assessment, routing, identity and credentialing, and differentiated screening at the checkpoint. 1 Pre-Screening Government Records Commercial Data Watchlists Risk Algorithm Virtual Routing Boarding Pass Issued 2 Real Time Threat Assessment 3 4 Physical Routing Identity and Credentialing 5 Physical Screening Unknown Risk Standard Low Risk Expedited High Risk Enhanced Systems-level thinking offers greater insight into security performance and capability gaps. 3 Risk-based security in practice: Turning information into smart screening Copyright 2014 Deloitte Development LLC. All rights reserved.

Quantifying the different components of the RBS system creates a transparent, defendable, and effective methodology for decision making. A Trade Space framework can be used to measure the impact of risk-based security on the factors that are most important to the organization. Trade Space Framework Examples of Metrics for Quantifying RBS Success Security Effectiveness: Probability of detection of certain threats Operational Efficiency: Throughput of passengers through the checkpoint; Staffing cost savings Passenger Experience: Wait times for passengers; Privacy issues and public perception of RBS Passenger Experience Industry Vitality: Impact to aviation industry Fiscal/Policy Issues: Impact on the cost per passenger screened; Organizational fiscal savings With a multi-objective tradeoff framework, decision makers are able to compare different options and identify the most effective solution for their organization. 4 Risk-based security in practice: Turning information into smart screening Copyright 2014 Deloitte Development LLC. All rights reserved.

Checkpoint modeling enables policy makers to perform analysis on all of its components to drive acquisitions and deployment decisions. Checkpoint modeling gives decision makers the ability to measure changes in checkpoint performance, at the airport and system level, as technologies and procedures are modified. Aviation System Security Effectiveness Tool (ASSET) Constraints around adversary behavior, countermeasure deployment, and countermeasure effectiveness can be varied to take into account competing hypotheses or knowledge gaps. Quantitative modeling tools enable decision makers to perform what if analysis to enhance checkpoint system performance. 5 Risk-based security in practice: Turning information into smart screening Copyright 2014 Deloitte Development LLC. All rights reserved.

Successful implementation of RBS principles can drive success across an organization s core mission and strategic objectives. Deloitte has supported TSA throughout every phase of its transformation to risk-based security and has helped the organization reach key milestones. IMPACT 450 airports Transformed by RBS 50% Of passengers receive expedited screening $120 million In annual cost savings Performed system-wide analysis to prioritize capabilities and equipment across US airports and drive acquisitions decisions Conducted risk assessments that supported the inclusion of 7 populations into expedited screening programs Designed RBS strategy and architecture that has decreased technology and labor costs across the aviation system A robust RBS strategy requires end-to-end design from strategy development and assessment of risk to the development of performance metrics to ensure success and process integrity. As used in this document, Deloitte means Deloitte Consulting LLP, a subsidiary of Deloitte LLP. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting. 6 Risk-based security in practice: Turning information into smart screening Copyright 2014 Deloitte Development LLC. All rights reserved.

As RBS continues to expand, there are three areas that should be addressed to realize RBS gains in a global environment. Achieving this future vision can improve aviation security operations around the world. 1 Global Harmonization: Establish the role of and promote harmonization of pre-screening globally 2 Common Security: Develop consistent method to measure system equivalencies 3 Quantified RBS Outcomes: Quantify systemwide changes to help measure against system objectives and to garner support for RBS 7 Risk-based security in practice: Turning information into smart screening Copyright 2014 Deloitte Development LLC. All rights reserved.

As used in this document, "Deloitte" means Deloitte Consulting LLP, a subsidiary of Deloitte LLP. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting. This publication contains general information only and Deloitte is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This publication is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte shall not be responsible for any loss sustained by any person who relies on this publication. Copyright 2014 Deloitte Development LLC. All rights reserved. 36 USC 220506 Member of Deloitte Touche Tohmatsu Limited

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback