PRESENTATION FOR THE WORKSHOP ON DEVELOPING NATIONAL CRITICAL INFRASTRUCTURE PROTECTION IN SERBIA

ROLE OF PRIVATE SECURITY COMPANIES

BELGRADE -SERBIA

John Kanalis, CCO BECCA Europe Administrator Authorized BECCA Instructor

www.BECCA-online.orgjkanalis@otenet.gr

becca eu@otenet.gr

We focus on Human Factor

Conscience is a mother-in-law whose visit never ends. H.L. Mencken

Critical Infrastructure Protection (CIP) &

How to Safeguard Sensitive Business Information

QUESTIONS & ANSWERS "If your only tool is a hammer, you tend to see every problem as a nail." Abraham Maslow

What means Sensitive Business

Information (SBI) in CIP? Sensitive critical infrastructure protection related

information, means facts about a critical infrastructure, which if disclosed could be used to plan and act with a view to causing disruption or destruction of critical infrastructure installations, Council Directive 2008/114/EC, Article 2d

but in simple words sensitive business information are (i) Technical Information. (ii) Business and Commercial Information. (iii) Miscellaneous Information and Documentation.

So,what covers basic concepts and principles that address the

security-related issue of safeguarding SBI?

The collection of approaches that address issues

covering physical, electronic, administrational, and procedural aspects of critical/sensitive business information protection and which insure that no breaches of this critical/sensitive business information will occur.

"Fortuna audaces juvat (Luck helps the brave)" Publius Vergilius Maro

What means Confidentiality?

Confidentiality refers to limits on who can get what kind

of information. Confidentiality is an ethical or professional duty not to disclose information to a third party. Confidentiality may apply because of the legal or ethical requirements of certain professionals (Private Security Companies),board members, staff and visitors that are legally required to keep certain sensitive/critical business information confidential. This legal obligation exists even though any contracts or other documents related to confidentiality may not have signed.

"I didn’t forget your advice, but Nature forces me to have my opinion" Aeschylus

Is Confidentiality a toolbox?"In theory there is no difference between theory and practice. In practice there is". Lawrence Peter "Yogi" Berra

-- Yogi Berra

Confidentiality applied as a stand-

alone process can help identify whether complete pathways exist that link to a potential "window of

opportunity". The need for confidentiality exists when information is designated as “confidential” (e.g. stamped

or announced). It also applies where the need for it is obvious or evident (nature of the material or context of

the situation), or required by applicable law, even though the information is not specifically designated as

confidential. Confidentiality as an applied countermeasure to safeguard sensitive information (single

most valuable asset) is a reflection of a wide variety of protection techniques due to the number of espionage

techniques that exist.

Why implement Confidentiality? "History is Philosophy learned from examples" Thucydides

To create and sustain a mature risk management

environment To enable and develop a results-oriented approach to

security risk management To avoid unnecessary costs (Losses) and make quick

responses as crisis arise. To establish a good internal management control system To protect critical information assets throughout an

enterprise because security is a journey rather than a one-time event

“Management refers to the process of getting things done, effectively and efficiently through other people”1. David A. DeCenzo,PhD, Stephen P. Robbins,PhD,

2. Human Resource Management, 7th Edition

What the Toolbox contains?(Indicative)

The Four Faces of Business EspionageThe Confidentiality Survey The Laws of ConfidentialityThe Business Confidentiality Management Process & sub

processesThe Five Steps of Direct Approach Process The Business Confidentiality Gap Awareness etc

"We spend all our time searching for security, and then we hate it when we get it ". John Ernst Steinbeck

And why absence of guarding measures for SBI

leads to Espionage?

Because as it has been proved by BECCA, the basic trigger

for someone to exercise espionage is that; "if you have a product or service to sell, you have something

worth stealing" BECCA: Business Espionage Controls & Countermeasures Association

www.BECCA-online.org "There is always more spirit in attack than

in defense." Titus Livius

Patavinus

What is Business (Industrial /Economic)

Espionage?

“The term Industrial Espionage refers to the practice of obtaining business or technological information through surreptitious means” (Grolier Multimedia Encyclopedia).

Most definitions and discussions concerning business espionage will likely be under the heading of “economic espionage” or “industrial espionage”.

"There's no sense in being precise when you don't even know what you're talking about". John von Neumann

But, why people spy?"If everybody is thinking alike, then nobody is thinking".

George S. Patton

BECCA members answering the question found four driving forces at work today in private and public sectors, in the following order of importance;

MONEY ADVENTURE IDEALISM ALIENATION

"To see what is in front of one's nose needs a constant struggle". George Orwell

Finally, security is about what?"The best way to have a good idea is to have lots of ideas."

Linus Pauling

Fundamentally, security is about people. It’s not really computers that are breaking into different systems, its people. It’s your adversaries. It’s often actually your insiders, people that work for you. So understanding the motivation of those people and, I believe, training your people -people you trust, people that works for you, yourself, your employees, your contractors- to be proactive about security is one of the very best paths you can take to maintaining a good security stance.

And because CONFIDENTIALITY is an old but often forgotten preventative strategy lets remember what Nicholas Machiavelli said about initiating changes;

"… there is nothing more difficult to arrange, more doubtful of success, more dangerous to carry through than initiating changes...The innovator makes enemies of all those who prosper under the old order, and only lukewarm support is forthcoming from those who would prosper under the new. Men are generally incredulous, never really trusting new things unless they have tested them by experience.“

Similia Similibus ServienturSimilar will be served by Similar

Thank you all for your kind attention