Upload
phamdan
View
214
Download
1
Embed Size (px)
Citation preview
Security Risk ManagementProtecting Aon’s People, Property, and Information
American Red Cross
2013 Disaster Preparedness Summit2013 Disaster Preparedness Summit
Capability Planning
Information Security • Client & Supplier Security • Corporate Security & Safety Programs • Risk & Compliance Business Continuity Management • Information Governance • Global Emergency Operations Center
August 2013
Leading global provider of risk management, insurance and reinsurance brokerage, and human resources solutions and outsourcing services
Aon Corporation | Who We Are
Security Risk Management
Proprietary & Confidential | August 2013 1
Aon Corporation | What We Do
Aon plc
Aon Risk Solutions Aon Benfield Aon Hewitt
• Retail Brokerage
• Risk Assessment & Advisory
• Treaty Reinsurance Brokerage
• Facultative
• Rewards & Compensation
• Engagement & Leadership
• Workforce Planning &
2Security Risk Management
Proprietary & Confidential | August 2013
Advisory
• Captive Management
• Affinity Programs
• Premium Finance
• Claims Advocacy & Administration
• Select Personal Lines
• Actuarial & Analytics
• Technology Solutions
• Facultative Reinsurance Brokerage
• Capital Markets & Financial Advisory
• Analytics & Technical Services
• Claims Management
• Strategy, Claims, & Operations Consulting
• Workforce Planning & Administration
• Defined Contribution & Defined Benefit
• Investments & Financial Planning
• Health & Benefits
• Population Health & Absence
• Health Care Exchanges
National Preparedness Goal | Five Mission Areas
Mission Definition
Prevention Prevent, avoid or stop an imminent, threatened or actual act of terrorism.
Protection Protect our citizens, residents, visitors, and assets against the greatest threats and hazards in a manner that allows our interests, aspirations, and way of life to thrive.
Mitigation Reduce the loss of life and property by lessening the impact of future disasters.
Response Respond quickly to save lives, protect property and the environment, and meet basic human needs in the aftermath of a catastrophic incident.
Security Risk Management
Proprietary & Confidential | August 2013 3
human needs in the aftermath of a catastrophic incident.
Recovery Recover through a focus on the timely restoration, strengthening and revitalization of infrastructure, housing and a sustainable economy, as well as the health, social, cultural, historic and environmental fabric of communities affected by a catastrophic incident.
Core Capabilities Within Mission Areas
Prevention Protection Mitigation Response Recovery
• Planning
• Public Information
and Warning
• Operational
Coordination
• Forensics and
Attribution
• Intelligence and
Information Sharing
• Interdiction and
Disruption
• Planning
• Public Information
and Warning
• Operational
Coordination
• Access Control and
Identity Verification
• Cyber security
• Intelligence and
Information Sharing
• Planning
• Public Information
and Warning
• Operational
Coordination
• Community
Resilience
• Long-Term
Vulnerability
Reduction
• Risk and Disaster
• Planning
• Public Information and
Warning
• Operational Coordination
• Critical Transportation
• Environmental
Response/Health and Safety
• Fatality Management
Services
• Infrastructure Systems
• Planning
• Public Information and
Warning
• Operational
Coordination
• Economic Recovery
• Health and Social
Services
• Housing
• Infrastructure Systems
Security Risk Management
Proprietary & Confidential | August 2013 4
Disruption
• Screening, Search,
and Detection
• Interdiction and
Disruption
• Physical Protective
Measures
• Risk Management
for Protection
Programs and
Activities
• Screening, Search
and Detection
• Supply Chain
Integrity and Security
• Risk and Disaster
Resilience
Assessment
• Threats and
Hazard
Identification
• Mass Care Services
• Mass Search and Rescue
Operations
• On-Scene Security and
Protection
• Operational
Communications
• Public and Private Services
and Resources
• Public Health and Medical
Services
• Situational Assessment
• Natural and Cultural
Resources
Pre-9/11 | Three Silos
Security Risk Management
Proprietary & Confidential | August 2013 5
Private
Sector
Public
Sector
Family &
Community
Breaking Down the Silos
� Recognition that collaboration between sectors might be beneficial
� Formation of Public / Private Partnerships
– ChicagoFIRST (2003)
– Regional Partnership Council (RFCfirst 2005)
– Lake-Cook Regional Critical Incident Partnership (LCRCIP 2007)
� Formal and informal information sharing
– Tabletop exercises across sectors– Tabletop exercises across sectors
– Think tank / working groups
� Result - Improved Collaboration
– Pre- and post-incident
– Information sharing protocols developed
– Interdependency knowledge sharing
Security Risk Management
Proprietary & Confidential | August 2013 6
Post-9/11 Events
� Northeast Blackout (2003)
� Indian Ocean Earthquake and Tsunami (2004)
� London Bombing (2005)
� Hurricane Katrina (2005)
� Fires in California (2007)
� Mumbai Bombings | Taj Mahal Palace Hotel (2008)� Mumbai Bombings | Taj Mahal Palace Hotel (2008)
� H1N1 (2009)
� Japan Earthquake (2011)
� NATO Summit in Chicago (2012)
� Summer Olympics in London (2012)
� Hurricane Sandy (2012)
� Flooding in Calgary (2013)
Security Risk Management
Proprietary & Confidential | August 2013 7
NATO Summit | Chicago 2012
� Pre-event Planning
– Began six months prior to event
– Attended information sharing sessions with Federal, State, Local and
Private entities
• Communication Plan
• Road Closures / Transportation Limitations
• Security Plan
• General knowledge sharing of intended actions• General knowledge sharing of intended actions
– Conducted risk assessment of office proximity to events
– Reviewed business requirements & deliverables
– Assessed impact on colleagues ability to arrive/leave work
� Event
– communicate, communicate, communicate
Security Risk Management
Proprietary & Confidential | August 2013 8
Summer Olympics | London (2012)
� Planning began one year prior
� Coordination with public entities
– What does life look like?
– What are the restrictions/limitations on transportation?
– Who is communicating what and when?
� Industry specific collaboration
– What are other insurers doing to prepare and respond?
– How will we interact during the event?
� Internal Coordination
– Steering Committee (Human Resources, Information Technology,
Security Risk Management, Facilities, etc.)
– Scenario planning with Business Units
– Communication plan
Security Risk Management
Proprietary & Confidential | August 2013 9
Benefits
� Relationships formed
� Improved understanding of challenges faced by all entities
� Trust built
� Improved information sharing / communication protocols
– Where do you get it?
– Who is going to give it to you and when?– Who is going to give it to you and when?
– What are you going to do with it?
� Improved coordination
Security Risk Management
Proprietary & Confidential | August 2013 10
Contact Information
Theresa Enright
Aon plc
200 E. Randolph St.
Chicago, IL 60601
(312) 381-2463
Security Risk Management
Proprietary & Confidential | August 2013 12