Slide 1

A to in an Sociotechnical Systems Approach Security Threats For MNEs Age of Asymmetric Threats Redesigning Edo Castle Allen D. Engle IFSAM 2014 Norman Spain Peter Dowling

Slide 2

1 CONTEXT INTRODUCTORY CASTLE SEQUENCE HERE Multinational Enterprises (MNEs) as Systems Sophisticated Global Value Chains Dispersed, Yet Leveraged and Integrated Responsive and Flexible Complex and Tightly Coupled Systems (Charles Perrows Normal Accidents (1984) Rogue or Disaffected Employees

Slide 3

1 CONTEXT INTRODUCTORY CASTLE SEQUENCE HERE

Slide 4

1 Asymmetric threats are INTRODUCTORY CASTLE SEQUENCE HERE Unusual in our eyes. Irregular in that they are posed by instruments unrecognized by the long-standing laws of war. Unmatched in our arsenal of capabilities and plans. Leveraged against our particular assets. Designed not only to secure leverage against our assets, but also intended to work around, offset, and negate what in other contexts are our strengths. -Gray, 2002

Slide 5

1 Environmental Realities INTRODUCTORY CASTLE SEQUENCE HERE Political Acts state/terrorist Highly Unusual Natural Disasters tsunami, floods, droughts, ice caps, Gtterdmmerung Criminal Acts kidnapping, piracy Pandemics Ebola, SARS Industry and State Espionage

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14

Slide 15

Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

1 A Social-technical Systems Approach INTRODUCTORY CASTLE SEQUENCE HERE Beyond the Borders of Traditional HR All-encompassing Asian General Affairs approach to IHRM Sociotechnical Systems Theory People and Technology -Emery & Trist, 1978

Slide 21

1 Reaction: Risk Management INTRODUCTORY CASTLE SEQUENCE HERE A Four Stage Model 1. Identify Risk 2. Assess Risk 3. Manage Risk 4. Evaluate Key Management Activities Relevant to Risk Management -Gillingham & Suder, 2007

Slide 22

1 Three Starting Points and Traditions Data Information Technology; Passwords, Firewalls and beyond People Human Resources; Risk management; Security; Background Checking; Recruitment and Selection; Training in safety Policies; Payment to reinforce safe behaviors Things Loss Prevention and Safety; Plant Security, Law Enforcement and Military Culture -Data, People, Things. Fine & Wiley, 1971 Data People Things

Slide 23

1 Three Points Growing Together? Things Data People

Slide 24

2 COMPONENTS

Slide 25

2 Components: Immediate Goal An encompassing model that delineates the components (issues, qualities, characteristics) of building a defensive system (castle imagery) for MNEs that is capable of resisting or mitigating these new and unpredictable threats.

Slide 26

2 Components: Long Term Goal To create a template, vocabulary and attendant questionnaire instrument capable of capturing key decisions, elements and relationships of a robust MNE security system a security portfolio.

Slide 27

2 Components: General Approaches Concentrated vs. Dispersed Assets Reinforced vs. Redundant Assets Extensive vs. Minimal Security Zones

Slide 28

2 Components: Perimeter Long Wall Fortlets Outposts Convoys Other

Slide 29

2 Components: Interface Bimodal Green Zones or Red Zones Gradation and Levels Roman Camp Temporary, but high quality and safe with a significant reduction in risk Other

Slide 30

2 Components: Suppliers / Contractors Embedded in MNE Isomorphism Persuaded to adopt security practices Stand Alone Certified? ISO/IEC 27001-2013 Other

Slide 31

2 Other components?

Slide 32

2 Roles and Relationships How Do Security systems relate across DATA(IT) PEOPLE (HRM) THINGS (LP&S) ?

Slide 33

Stand Alone Three Distinct Systems Primary Role and Notified Role Shared, Collective Authority and Responsibility 2 Roles and Relationships

Slide 34

2 Strategic Locii (Centralized / Decentralized) Corporate SBU Regional / Product Division Local - Facility

Slide 35

2 Strategic Locii (Standardized / Customized) Preference for highly standardized practices, systems, protocols and approaches vs. Preference for or tolerance of local interpretations and arrangements

Slide 36

2 Risk Management Cycles for MNEs Proactive Triggers Constant Weekly Monthly Quarterly Annually Other Reactive Triggers Critical Incident MNE Specific Critical Incident Industry Critical Incident General Random

Slide 37

2 Risk Analysis Risk Analysis Processes Actors, Protocols and Schemas Risk Analysis Results and Dissemination Processes Need to Know Timing Form Attention Getting

Slide 38

3 CONSTELLATIONS INTRODUCTORY CASTLE SEQUENCE HERE

Slide 39

3 CONSTELLATIONS INTRODUCTORY CASTLE SEQUENCE HERE Data

Slide 40

3 CONSTELLATIONS INTRODUCTORY CASTLE SEQUENCE HERE Data People

Slide 41

3 CONSTELLATIONS INTRODUCTORY CASTLE SEQUENCE HERE Data People Things

Slide 42

Data 3 CONSTELLATIONS Data Focused Security Data Critical Industries Research and Development, High Technology, Telecom, Banks, Finance

Slide 43

People 3 CONSTELLATIONS People-focused security Banking, legal, labor intensive, service sectors, knowledge sectors Many expatriates operating in uncertain regions of the world

Slide 44

Things 3 CONSTELLATIONS Things-focused security Plant, equipment and distribution critical industries Petrochemicals, car production, retail, extraction industries

Slide 45

4 CONCLUSIONS INTRODUCTORY CASTLE SEQUENCE HERE Much more readings and analyses across the three starting points of security (IT, HR and LP&S) More assessment on components, roles and constellations Review of the more complete model by security practitioners and specialist academics

Slide 46

4 CONCLUSIONS INTRODUCTORY CASTLE SEQUENCE HERE Conversion of model into a research instrument Validation studies

Slide 47

THANK YOU FOR YOUR ATTENTION DMO ARIGATGOZAIMASHITA IFSAM 2014