The Intersection of Security & Compliance: The New Risk Assessment

® RiskWatch
The Leader in Security Risk Assessment
The Intersection of Security & Compliance:
The New Risk Assessment by Caroline Ramsey Hamilton, President & CEO-RiskWatch, Inc.
Background organization's ability to carry out its primary Since September 11, 2001, there is no doubt function -- whether that function is manufacturing that the entire security industry has been products, providing services, moving cargo, fundamentally changed. In shock waves that providing infrastructure or administering reached out across borders to the boardrooms of programs. Security budgets are important now the world, security moved from a misunderstood and those budgets are being evaluated with a backroom function to the number one priority of risk management perspective -- how much both government organizations and Fortune security do we need to be secure? How much 1000 companies. does it cost to improve our security program to the most effective level? And, for the first time, Finally, organizations were ready to "do are we, as an organization compliant with the whatever it takes" to improve security and that new security guidelines? meant a plethora of new regulations that require TECHNOLOGY Ship and Seaport Securitymore stringent security and other requirements NIST 800-26 Maritime Transportation Security Act of 2002NIST 800-14 International Maritime Organization (IMO), ISPS CodeFederal Manager's Financial Integrity Act of 1982 IMO Circular 443: Measures to Prevent Unlawful Acts Against that influence the nature of both physical security FISCAM (Federal Information System) (in development) Passengers and Crew Onboard ShipsISO/IEC 17799 U.S. Coast Guard CFR 33 and NVIC CircularsISO/IEC 27799:2000(E) ILO New Guidelines: Code of Practice on Security, Health and Safety and information security. These new Security Self-Assessment Guide for IT Systems in PortsNSTISSI No. 1000, (National Security Telecommunications & Information Systems Security Instruction (NIACAP) U.S. Dept. of Defense requirements are mandatory -- and most are Office of Management and Budget (OMB) A-123, A-124, A-127, DOD Anti-terrorism Guidelines, 2000-12-16/12Hand A-130 DOD 5200.40 BS7799 Code of Practice Department of Defense (DOD) 5200.28  subject to either audit or review, by an outside Cyber Security Policy P03-002: Information Security Policy Unified Facilities Criteria 4-010-01: Minimum Antiterrorism SPAS for Insurance Companies: Underwriting for E-Commerce Standards for BuildingsBusiness Disruption Insuranceorganization. A key element in these new The Turnbull Report - Combined Code Transportation (Supply Chain )SecurityBASC Standards HIPAA C-TPAT Healthcare Insurance Portability and Accountability Act of 1997 Container Security Initiativerequirements was the risk analysis/risk GAO Report on Container SecurityPhysical & Homeland Security TAPA - FSR 2000-31: Freight Suppliers Minimum Security FEMA 426 Guidelines to Protect Buildings Against Terrorism Requirementsassessment requirement that forces Bank Secrecy ActPatriot Act Financial Services-Regulatory ComplianceASIS Threat Guidelinesorganizations to conduct a formal assessment of FEMA 428 Primer to Design Safe School Projects in Case of GLBA (Gramm Leach Bliley Act)Terrorist Attacks Sarbanes Oxley ActGAO Report on Risk & Antiterrorism Title V -- Privacy: Disclosure of Nonpublic Personal Informationtheir security profile -- the threats that are GAO State of Security at Chemical Facilities EDP Auditor's Guidelines for Risk AnalysisNFPA 730 Guide for Premises Security GAO Guidelines - Risk Management forNIJ Vulnerability of US Chemical Facilities Homeland Securitypresent, the assets that need protection, a review of existing vulnerabilities and the analysis of these elements, such as threat/vulnerability Where Compliance Meets Security
pairing, culminating in a list of controls that will The chart below illustrates some of the many be implemented. requirements that affect different organizations, many which were created after 9/11. They are Moving Security up to the Boardroom found in almost all industries-financial services,
The effect of these new regulations is to elevate healthcare, transportation, manufact... [download for more]