Converged Security Risk: Supply Chain and Downsizing Scenarios

On the 24th September, Optimal Risk ran the latest Security Institute Masterclass, hosted by Seimens in London. The topic was convergence, chaired by Mike O’Neill, Managing Director at Optimal Risk. The masterclass took somewhat of a different format with participants breaking out into two work groups to tackle converged scenarios that were provided by two guest speakers, including Dan Solomon, Director of Cyber Risk & Security Services. Both speakers facilitated their approaches to the tasks based on the principles they had presented.The material used by Dan in available for download at
http://www.optimalrisk.com/Cyber-Security/Converged-Security-Risk.

The two scenarios were real and relevant examples of companies that faced significant challenges in undertaking security planning for converged risks:
  • The first was the issue of downsizing and the security risk this poses, when employees with considerable confidential company knowledge are made redundant with potentially catastrophic consequences.
  • The second scenario tackled the burning issue of supply chain security, specifically for a firm that needed to introduce a high level of converged security into a newly acquired subsidiary in parallel to increasing its own practices significantly.
In both cases the groups were asked to consider vulnerabilities and risk inherent to the situation, and develop recommendations for the cross-departmental implementation of a suitable solution.

The downsizing scenario challenged the participants to consider the different levels of risk and criticality of eight different contingencies that the company had prepared for, and to construct an integrated implementation strategy that would best accommodate them on a corporate and site basis. The group was also tasked with assigning ‘ownership’ to the different contingency solutions, and identifying a range of control measures to manage delivery and monitor progress of an ‘effects-based’ approach. The scenario uniquely illustrated that delivering security requires a process of collective involvement and responsibilities, which can be a delicate and long term commitment.

The supply chain scenario challenged the participants to consider the knowledge gap concerning the effectiveness of existing security measures, inter-company interdependencies, the ‘degree of certainty’ assigned to their assumptions, and consider the factors that were likely to impact them. With reference to a model for converged security planning, the group was tasked with prioritising systems, processes, and management issues that required remediation, and consider the optimal combination of departmental roles and responsibilities for implementation. The scenario illustrated the dynamic complexities of converged security risk, and the need for an integrated approach to identifying vulnerabilities. For more information about the scenario-building methodology visit http://www.optimalrisk.com/Risk-Security-Consulting/Risk-Scenario-Building

Both scenarios illustrated that high levels of security were key factors in enabling profitable continuity of operations, particularly as sophisticated converged threats could potentially have severe effects on the businesses and their processes which was well illustrated by the speakers in their preambles, and require layered security measures ‘in depth’. It was also highlighted in the final debate that robust converged security while combining persuasion and compulsion, contributed considerably to the trust and confidence in the firm: with its key customers and within its supply chain; and as such should be seen as a differentiator.

In summing up the lessons of the day, the Chairman highlighted that converged security planning needs to consider plausible threats, beyond just ‘the probable’ specifically in relation to the insider threats from bad practice as well as bad intent. He also drew attention to the principle that planning for converged threats should be characterised by a reluctance to simplify the process, and by a proactive approach to maintaining greater awareness of threats, and anticipating their impacts.

Optimal Risk is the UK's leading provider of consulting and services in the field of convergence. For more information about how Optimal Risk can improve your resilience and preparedness for converged security risks visit http://www.optimalrisk.com/Cyber-Security.
Posted: 7 October 2013 by Optimal Risk Admin | with 0 comments
Filed under: chain, contingency, convergence, cyber, interdependencies, planning, resilience, risk, scenario-building, security, supply, vulnerabilities