Integrated Security, Safety and Surveillance Solution i3S

White Paper & Solution(s) options © Casper Abraham, FEB 2010

http://www.edgevalue.com Email : [email protected] Cellphone : +91 98450 61870

Integrated … „S‟afety, „S‟urveillance & „S‟ecurity

Physical, Virtual, People, Cash & Information Security

Base of Experts, Advisory, Staffing & Consulting.

The Firm

Software, Backend, Tool & Platform

Business Model, Methodology, and System(s)

Full-range services in Governance, Risk & Compliance

Systems Integrators

General

2012 Global Numbers

Systemic Failures

1. Buying, Installing & Infrastructure is the easy part.

2. Maintenance. Uptime. Spares.

3. Is it working at all? Display Signage problems.

4. It‟s not just cameras. Lighting. Night-vision. Audio.

5. Sensors. Trip. Vibration. Light. Sound. Patterns. Detection. Intelligence.

6. Recording. It‟s TOO-BIG. Imagine 10,000 cameras in HDTV, 24x7x365.

7. No one can watch all, all the time. It‟s boring work. Impossible to motivate.

8. How do you know when an event occurs?

9. You have to RECORD before, DURING and after the event.

List of NATURAL Hazards …

Displaced Persons Drought Earthquakes Epidemics and other Health Threats Extreme Temperatures Floods Global Climate Change Hail Hurricanes and Tropical Storms Infestations/Invasive Species Landslides Power Outage Structural Fire Technological Hazards/HAZMAT Terrorism and Civil Hazards Thunderstorms and Lightning Tornadoes Wildfire Winter Snow/Ice Storms

List of MAN-MADE Threats …

Vindictive Behaviour Weapons. Firearms. Chemicals. Explosives. Hostage Situation. Dacoit. Ideology, Psychological and Behavioural Situations.

Selfish Behaviour Petty Theft. White Collar Entry. Identity Theft / Fake Identity. Fudged paperwork / documentation. Unauthorised Vehicles vs Changed Licence Plates. Removal of Assets.

Co-Operative Behaviour Cartels of Security + Staff + Others. Lax systems. NOR Audit NOR Oversight.

Aspect. It‟s about ….

1. Choice 1. Better to be „safe‟ than „sorry‟.

2. Insurance 1. If nothing is going to happen … you don‟t need it.

3. Uncertainty 1. An attempt to Predict / Quantify the future.

4. The opposite of „Risky‟ is „Secure‟.

Priorities …

1. Databases.

2. People logins.

3. Remote access.

4. Storage & Backup issues.

5. Down & Repair related issues.

Two sides of the same coin

Risky … • Greed • High risk – High rewards • Force Majeure. • Requires Insurance. • Contingency & Backup Plans. • Exit options. • Speculation vs Gambling. • Unknown threats / weaknesses.

Security … • Safe • Average Returns. • Known threats / weaknesses.

Today‟s Reality …

Event, Incident, Crime, observable

‘physical’ or ‘virtual’ action takes place.

Investigation, Modus operandi, Witnesses, Suspects, Evidence, Forensics, Motive, Detective work, legal or illegal. Law & Constitution. Police. Courts. Jail.

Intent to destruct. Sixth Sense. Intuition. Suspicious. Pattern.

Intelligence Gathering. What if …and IF. Word &

Observations of others. Behavioural Patterns. Prepared

to die. PROFILING.

Track the WHOLE population?

1. Create-Identify, Train, Motivate & Manage a base of PROFILERS.

2. Start with the Criminals in Jail. Of course you can PROFILE them.

3. Database of their accomplices. 4. Foreigners in INDIA. 5. Foreigners in INDIA STATE(s).

6. A risk metric on every TARGET.

7. Do you want to know more about

who is IN? 8. Do you want to know more about

who is OUT? 9. Do you want to monitor or watch

their movements? Monthly? Weekly? Hourly? Real-time?

10. Public? Households? Private?

Key-patterns … 1. Lifestyle. 2. Family, friends & relationships. 3. Travel. 4. Opinions & Beliefs. 5. Behavioural Assessment. 6. Observable Behaviour Profile. 7. Income & Sources. 8. Spending on what. 9. What do they possess? 10. What was; and is now not with them?

Going to be a criminal …

1. Manual 24-hour Surveillance. Detective work. Night Vision

Binoculars. Photo & Video Cameras. Bugs & Microphones. Recorders. Telephone Taps.

Your life was hardly threatened. Intuition, Sixth Sense, “I can feel it” & Behavioural

Pattern Recognition. “I know this guy did it.”

2. Challenges today … Surveillance presence detection. CBRN Presence.

Mobile phones. Internet. Radio monitoring. Encryption.

Aspirational threat to Planning threat. Your own life is threatened if you challenge OR become

a part of the “situation”. Intuition, Sixth Sense, “I can feel it” & Behavioural

Pattern Recognition. “I know this guy is up to no good … but is that a Homeland Security threat?”.

Further challenges …

1. There may yet be no infringement of the law.

2. Is it a law-enforcement, Police, State issue? 3. When is it a central, Defense or Homeland,

Central issue? 4. Our man (or woman) … the whole range.

Personal Values; Individual behaviour; Current Stress; trigger-happy; Moral issues … Human Rights; Encounters; Self-defense; Whether armed; adequate protection; on-the-spot „manual‟ or „automated‟ information; information-on-demand. Real time Decision-making

So how real is a threat?

Threat nuances …

1. What are the Force Majeure threats? 2. Are lives at stake? 3. Can Insurance solve it? 4. Airlines were downed for 3 days … so what. The

city came to a stand-still for 5 days … so what. The US economy is slumping … so what? The Delhi CWG games was a disaster … so what?

5. Katrina. Asian Tsunami. Gulf oil spill. Hungary toxic spill. Pakistan floods. What could have been done? Is something being done about other FUTURE such events?

6. Even if someone knew something was going to happen … Clairvoyants? Hollywood? Witches? Aliens?

7. And if it never happened … perhaps it was not going to happen at all. Who pays? How do you prove this?

Security Activity Monitoring

Traditionally, security has focused on putting up a perimeter fence to keep others out, but it has evolved to monitoring activities and identifying patterns that would have been missed before. Information security professionals face the challenge of detecting malicious activity in a constant stream of discrete events that are usually associated with an authorized user and are generated from multiple network, system and application sources. At the same time, security departments are facing increasing demands for ever-greater log analysis and reporting to support audit requirements. A variety of complimentary (and sometimes overlapping) monitoring and analysis tools help enterprises better detect and investigate suspicious activity – often with real-time alerting or transaction intervention. By understanding the strengths and weaknesses of these tools, enterprises can better understand how to use them to defend the enterprise and meet audit requirements.

Risk Management is like Cricket

1. You have limited resources. You are allowed only 9 fielders.

2. Never equally placed. You have to focus on manageable higher risk areas.

3. If you want stop the 4’s you will be giving away singles.

4. If you are stopping the singles, going over the top is a danger.

5. You need some good, fast fielders in the first place.

6. Catches win matches. 7. Everything depends on the

Game Situation. What are your objectives?

8. Do you know the batsmen? Your competitors?

9. You need a Plan B at all times. 10. You have to think on your feet.

Financial Risk

High Risk – High Rewards

Good … • Sound as a Bank. • Ensure capital return. • The Markets

• EQUITY. • DEBT • COMMODITY • CURRENCY

• Safe as houses. • Property • Art & Antiques.

Bad … • Islamic Banking. • Gambling. • Speculation • Throw good

money behind bad • Ponzi Schemes. • MLM

Risk

1. Controllable – Manage it.

– Eg. Forward Contracts / Commodities Exchange.

2. Un-controllable – Insurance

– Force Majeure Management.

Systems Thinking & Systems Dynamics related to Risk

1. Behavioural Systems Thinking.

2. Financial Systems Thinking.

3. Risk Systems Thinking.

4. Systems Dynamics Modeling.

5. Team, Systems, Practice, Instrument level Systems flowcharts.

6. Mathematical Modeling.

7. Behavioural Modeling.

ALM Flow Example

Classical Risk Curve

Staff at Risk Management Steps

1. Identify the hazards

2. Decide who might be harmed and how

3. Evaluate the risks and decide on precaution

4. Record your findings and implement them

5. Review and update (if necessary)

Risk Factors

Asset(s)

Vulnerability

Threat Risk

Risk_Metric R% = A% x T% x V%

Internal

Choose ..

Sharing

Integrity

Security Ideas for implementation :-

• IT Policy

• Intangible Assets

• List. Cost. Manage. Usage.

• Internal Patent System.

• USA Defense Services Orange Book

• Setup a MarComm, Communications, Documentation Division.

• Establish a „VI‟ practice.

• Develop a part-branded „consumer-usable‟ line of products.

• Design & Manage a Catalogue.

• Push OR Pull „strategy‟ ….

Sharing + Security + Integrity = 100%

Paper Wealth

Built on shaky fundamentals

Risk because of Information & Communications Technology

Six sigma credo …

We don't know what we don't know.

We can't do what we don't know.

We won't know until we measure.

We don't measure what we don't value.

We don't value what we don't measure.

Your personal data

1. Credit-card numbers. 2. CW2 security numbers. (back of credit-card). 3. Credit reports 4. Social Insurance numbers. 5. Driver‟s License numbers. 6. ATM cards. 7. Telephone Calling Cards. 8. Mortgage details. 9. Date of birth. 10. Passwords, PIN‟s. 11. Home address. 12. Phone numbers. 13. Address book and Personal contacts information.

Corporate data …

1. Trade secrets. Recipes & Formulations. Bill of Materials.

2. Cost information. Vendors; procurement costs; supplier chain information.

3. Price information. Customers; selling costs; customer relationship information.

4. Purchase track record – Sales History.

Exposure cases …

1. DSW, USA. Credit-card information from 108 stores; from 96,000 USA check transactions exposure of US $ 1.5 M.

2. CardSystems, USA. Card-information of Japan; HongKing; Phillipines; and Australia. Exposure US $ 40 M.

3. Mphasis-Citibank. Stolen US $ 350,000/-

4. Sumitomo Bank. Stolen passwords caught prior to stealing US $ 397 M.

5. Citibank UPS shipment of customer data; 123,690 Japanese customers; exposure US $ 3.9 M.

6. Accura Bank; stolen micro-film data; exposing 26,400 customers.

7. Commonwealth Bank of Australia – ATM cash-transfers. Stolen US $ 17 M.

8. Central Bank of Russia. Bank transfer information sold on-line.

9. Michinoku Bank. Thrown CD‟s retrieved of nearly all its customer-information; exposure US $ 1.3 M.

Who‟s got it …

1. Banks 2. Card companies. 3. Credit reference Agencies. 4. Merchants. 5. Government Agencies. 6. Phone companies. 7. Insurance Firms. 8. Data brokerage firms. List Managers. 9. Payment Processing Agencies. 10. Direct Marketing Agencies. 11. Market Research Firms.

Priorities …

1. Databases.

2. People logins.

3. Remote access.

4. Storage & Backup issues.

5. Down & Repair related issues.

The only three …

1. What you know. o Login ID. Passwords. PIN. Personal data.

Public and Private Keys. (PKI).

2. What you have. o ID Card. Token number. Ticket. Boarding

Pass. PKI Digital Certificate(s).

3. Who you are. o Signature. Fingerprint. Blood Group. Your

walk. Iris Pattern. Hand Geometry. Body language. Voice Recognition. DNA.

AutoID : A key Technology

Device AutoID Smart

Tag 1. ID 2. Pull data 3. Push data

Enormous cloud

of devices

Collective or Group Risk

Mixed community Handling

1. Purple Zone Residential Towers.

2. Orange Zone Manufacturing (EZ)

3. Green Zone Commercial Complexes

4. Cream Zone Retail Public Access

5. Red Zone Utilities. Admin. Control

Rooms.

Mapped Systems 1. Perimeter Controls. 2. Roads. * 3. Conduits/Pipes. * 4. Water. Sewage. * 5. Power. * Lighting. 6. Sensors – Cameras. 7. Key-Cards. Access Control. 8. Display Signage 9. Vehicle Parking. 10. Vehicle Movement. 11. Access Point(s Control. 12. Fibre Communications. 13. IT Infrastructure 14. CED Wireless Network. 15. Security Manpower

Information System. 16. Law Enforcement. * 17. Operational Systems. 18. Tactical Systems. 19. Emergency. Crises. 20. Miscellaneous

Manufacturing 21. Integrated Software Tool(s).

* Systems with likely Central, State, City or Municipal Authority.

Layer Codes

A =

B = Perimeter. Fence. Access Points. Boundaries.

C = Sensors. Cameras. Microphones.

D = Disaster. Risk. Emergency. Crisis Points

E =

F = Fire-Handling Points

G = to K =

L = Lighting.

M = Manned. Security. Rest-Stop-Points.

N = Conduits. Cabling. Fibre. Networking.

O =

P = Power Lines.

R = Roads. Parking. Traffic Direction.

S = Sewage.

W = Potable Water. Pipes. Junctions. Outlets.

It SHOULD NOT be … what most people think of as Security Today.

1. Security Staff • 10, 50 … 200 „uniformed

jokers‟ floating around. • Not empowered. • Not trained. • Not civil, nor helpful. • Gate Pass. In-Out Register. ID

Card. Plate recording. • Happily out-source to so-called

„ex-Services Experts‟.

2. CCTV • A bunch of cameras connected

to a few TV‟s. • No one sees it. • If you see something, no action

is taken or actioned too late. • Footage not available when

needed. • Analog is „cheap‟ but „dead‟. • Inadequate Lighting. Poor

angles. Low coverage. You thought …….. BUT the reality.

i3S Imperative Elements

Statutory Element(s) * Constitution Adherence * Federal Subject(s) * State Subject(s) * Statutory Reporting

Intelligence (Elements) * Doing the Best / Footwork * CCTV (Visual intelligence) * Sensory Intelligence / Alerts * Virtual Convergence World * IT aided Intelligence. * Automation.

Staffing Element(s) * Operational STATE Deployment. * Owned STAFF Deployment. * Outsource STAFF Deployment. * Stakeholder(s) STAFF – ADMIN – MGT.

Infrastructure Element(s) * Fibre-Wired and Wireless Network. * Server(s), Client(s), CEDs, Handhelds etc. * Connectivity, Availability, Redundancy & Backup. * Devices, Cameras, Sensors, Lighting, Power-Supply etc. * Control Rooms, Access Points, Distribution Points etc.

Roads vs IT analogy

Network Roads, number of lanes, number of check-points, signal lights, flyovers.

Wired or wireless. Analog, Digital or IP.

Servers Parking Lots. Car Lifts. Parallel Parking.

Data and Information stored remote centrally

Bandwidth Per-hour vehicle capacity, Types and Speeds of cars, uphill, curves

Size and speed of data transfer

Connectivity Toll Gates, Exit Ramps, Security Checks, Weather conditions, Sex (!), Age and Health of Driver, VIP in-town

Availability and usability to an end-user.

Connectivity Tap-Points

FROM

TO

• Camera Station • CED (Mobile-Handheld) • Public Alarm • Action to i3S Policy

• WorkStation Access • CED (Mobile-Handheld) • Helpdesk Request • Subscriptions View • Self-Service • Accountable Staff

External Access; Inputs

and Out

Internal Management; Inputs and Out

Financial

Types …

1. Cash. 1. Theft. Fraud. Loss. 2. Liquidity. Un-availability. 3. Bad Debt.

2. Assets. 1. Plant & Machinery / Office Equipment. 2. Non-performing Assets. 3. Lower than planned ROI. 4. Depreciation. 5. Cost vs Performance. 6. Availability. Reliability. Maintainability.

3. IPR. 1. WTO. WIPO. GATTS. Country-Statutory-Industry. 2. Patents. Copyrights. Trademarks. Secrets. 3. Appreciation.

4. Capital vs Expense. 5. Inventory

1. Over-stock. Under-stock. Just-in-time. Carrying Costs. 2. Obsolescence. 3. Re-work. Re-cycling. Inefficiencies. Quality issues. 4. Waste. Write-off.

„Accountability‟ Transfer … “Whose „cash‟ is it anyway?”

1. Extremely INDUSTRY specific. • Compare. Automobiles vs Pharma. vs Music

CD‟s vs Bollywood Films vs Your Industry.

2. Manufacturer OR Distributor OR Retailer. 3. Investors. Share-holders. Stake-holders. 4. Banks. FI‟s. Mutual Funds. 5. Mortgages. Loans. Leasing. Hire-purchase. 6. Purchase of risk. In-transit documents.

Invoices. Payments. Letters of Credit. Hundi (in Asia).

7. Futures and Options.

Cost of FAILURE!

Regulatory Action

Corporate Liability

Indirect Costs

Loss of Customer

Confidence

Force Majeure

1. Those "physical" events that are foreseeable, although unpredictable, such as fires, floods or vandalism.

2. Those day-to-day "business" events or governmental actions that cannot be forecast, but which are foreseeable, such as strikes or regulatory activities. This includes your service provider's subcontractors and vendors not performing tasks possibly necessary to your provider's performance under the agreement that your provider may claim are "beyond its reasonable control."

3. Those events that, although admittedly still pretty rare, are now unfortunately quite plausible in a world where commerce is easily touched by international politics, such as military actions, embargoes, rebellions and terrorism.

4. Those events caused by extraordinary elements of nature or "acts of God," which are truly unforeseeable force majeure events.

Business Continuity Factors vis-à-vis Information & Technology

1. Uptime (near 100%) 1. Backup, Housekeeping, Mirror, Geographical Spread,

Employee Standby, Hotfix, 24x7x365 service(s) availability.

2. Downtime (near 0%) 1. MTTR, MTBF, 24x7x365 service(s) availability.

3. Assess, Quantify, Measure 1. Information Costing. Investor, Vendor, Customer &

Co-worker „impact‟. What-if scenarios.

4. Risk & Qualify. High, Medium, Low, No. 1. Insurance. Personnel standby. Internal & External

Audits.

GREY QUADRANT - Low severity - High Probability

RED QUADRANT - High severity - High Probability

YELLOW QUADRANT - High severity - Low Probability

GREEN QUADRANT - Low severity - Low Probability

Real Trouble Try to reduce Impact

Nuisance Problems

Closely Monitor for increasing

Probability

Problems not significant

0

0

10

10

Probability of occurrence

Sev

erit

y o

f Im

pa

ct

When „risk‟ happens ….

1. On-track plan. (Backup, contingency)

2. Insurance, premiums & documentation.

3. Handling the Media (and fallout …)

4. Not repeating a mistake …

5. Factor #1 - Probability.

6. Factor #2 - Outcome or hazard.

Tools

1. Sensitivity Analysis. (What if …)

2. Statistics - Normal Distribution.

Access Risks

The only three …

1. What you know. 1. Login ID. Passwords. PIN. Personal data.

Public and Private Keys. (PKI).

2. What you have. 1. ID Card. Token number. Ticket. Boarding Pass.

PKI Digital Certificate(s).

3. Who you are. 1. Signature. Fingerprint. Retinal Pattern. Body

language. Voice Pattern. DNA.

IT Best Practices

1. Without SSL encryption, the integrity of data is compromised.

2. Without robust physical and network security, sensitive corporate data is at risk of intrusion

3. Building an effective in-house PKI system will take considerable time and expense. Opt for managed PKI services.

4. Free software will crack your password in 30 minutes.

5. Email is leaking your business secrets.

6. Traditional access control solutions are either ineffective or costly

7. Your web site can be spoofed with a point and a click.

8. Testing in production is tempting fate.

9. The weakest link in your security is your people.

10. On the web, nobody knows if you are a Martian.

Reality checklist

1. Almost everything is turning electronic & digital.

2. Applications will never be secure.

3. The perimeter is disappearing.

4. The determined hacker will get in, always.

5. Awareness training will help, only so much.

ID Theft.

24%

16%

15%11%

7%

5%

4%

18%

Credit-Card Fraud

Phone or Utilities Fraud

Bank Fraud

Employment-related Fraud

Govt. documents fraud

Attempted ID Theft

Loan Fraud

Other Identify Theft

Key threats in 2011

Our offer

Physical + Virtual (Lobby)

DMZ on Extranet

The proposal

1. Approach your „I.T.‟ as you would your physical office. You have a centralised reception area.

2. You have physical security. You have cameras. You have off-office hours infrastructure.

3. You have a back-gate for materials. In/Out registers. Documentation.

4. You also have Policies, Rules & Regulations, Guidelines, Methods, Processes & Systems.

5. There is „Human Decision Making‟ in terms of out-of-policy, contingency & crises.

The Service

Business Continuity is a matter of Practice and includes :- 1. Study of Existing Systems. 2. Desired State Definition.. 3. Gap Analysis. 4. Budgets & Costs Allocation. 5. Design & Plan. 6. Implement.

a. Buy-out, License, Acquire, Recruit. b. Integrate, Implement, Train, Setup, Establish. c. Intensive Monitoring Services. (Typically 3 months). d. Regular Monitoring Services. (Annual Contracts).

7. Review, Feedback, Correction.

Possible Scope of Supply …

From your India-based establishment … as your Worldwide Single-Point Source ….

1. Study of Existing Systems. 2. Desired State Definition.. 3. Gap Analysis. 4. Budgets & Costs Allocation. 5. Design & Plan. 6. Implement.

a. Buy-out, License, Acquire, Recruit. b. Integrate, Implement, Train, Setup, Establish. c. Intensive Monitoring Services. (Typically 3 months). d. Regular Monitoring Services. (Annual Contracts).

7. Review, Feedback, Correction.

… including …

1. Top Management „Interaction‟ & „Support‟. 2. Design & Management of your „Red Book‟ 3. Physical Manning at all physical server locations. 4. 24x7x365 Manned Monitoring 5. 24x7.x365 Automated „Sniffiing‟ & „Snooping‟ Conrols. 6. Hardware & Software Firewalls. 7. Internal Audit(s). Infrastructure, Administrators & I.T.

Departments of Internal, Vendors, Customers, Investor & Co-worker Groups access.

8. External Audit Support 9. Downtime Services. 10. Crises Services. 11. Choice of Technologies. 12. Online Certificate Design, Method & Systems.

If I.T. down assessment …

1. If Hardware, Networking, Storage goes down ….

2. If Systems Software goes down …

3. If Application(s) Software goes down … Bugs, Staging, Testing, Y2K type scenarios ….

4. If Data goes down …

5. If Information unavailable …

6. If unable to find-out what has gone down …

Security Policy

1. Written General Security Policy. 2. Written IT Security Policy.

1. IP‟s. Listed & Controlled. 2. Allow & Deny. Group, individual & others. 3. Logs. Logs backup. Logs Analyses. Decisions. 4. Disaster Recovery. 5. DOS, DDOS etc.

3. Client „transparent‟ document. 4. Internal audit. 5. External audit.

Information or Intelligence Domain

Central Intelligence

•Gather Information, OR Intelligence.

•Data. Images. Audio. Video.

•Store. Retrieve. Analyze. Pattern Recognition. Intuition. Assign Field Work. •Gather MORE information. •Sort. Extract. Merge. Collate. Integrate. Consolidate. Automate.

• Efficiencies. ROI. TCO.

Disseminate. Execute. Act. Assist. Support. Help. Facilitate.

• Assign Work

• Intelligence on Demand.

• Verification. Authentication, Fact-Checks.

• Friend or Foe Decision Making.

People Risk

The „Human Being‟ behind every „Risk‟ related event.

Shrinkage

One word for Risk, Safety, Security, Surveillance, Graft, Corruption,

Negligence; Stupidity; Ignorance; ill-informed; uneducated; Theft. Fraud;

Counterfeit; Negligence; Attrition …???

PRAY (People Risk Assessment & Yield) Model

Risk from People

People Actions Costs

Employees

Suppliers

Customers

TEMPS

Catering Staff

Housekeeping

Security Staff

Drivers

Ghost Employees

Order Acceptance

Procurement

Wrong Vendor

Wrong Hiring

Poor Decisions

Direct OR Indirect

Fixed OR Variable

Liable for Litigation Negligence

Graft (CORRUPTION)

Cartel

Behavioural

Not Insured

100% Revenue Loss

Increased Cost

Lower Profits

High Risk Behavour

Stopped Learning

Ego – Alpha-Male

Long term consequence

Personal Debt

Greed

Clinical Problem(s)

No Succession Planning

Poor Due-Diligence

Obsolescence

Re-work & Waste

New Economy Organisational Design

Delivery / Production / Manufacturing

People

Commercial

Sales

Customer Contact

Marketing

Contract Staff

Our Staff

External Outside Control

Internal Our Control

Modern Organisations do not work from one premises. All Staff may not be homogenous; not from one area; community; state or even country. Wireless allows into and out of any location; voice, video & definitely data.

The Enterprise has to be MORE in control while being forced OUT-OF-CONTROL by the

pace of Technology.

Out-sourcing

• Benefits

1. Required Skills.

2. Lower Costs.

3. Quicker Access.

4. Better Systems.

5. More Professional.

• Risks

1. Culture mis-fit

2. Increased Costs.

3. Less co-ordinated.

4. Integration issues.

5. Less-in-control

Types / Categories of Workforce …

Class A 1. Board, Committee, Association. 2. Our Staff. Permanent. 3. Key Owners, Managers, Stakeholders of Members. 4. VIP‟s. Statutory Authorities. Pre-approved Guests/Visitors. 5. Out-sourced Security Key-Managers, Authorised Staff.

Class B 1. Our Security Staff 2. Out-sourced Permanent Security Staff.

Class C 1. OUR or external Part-time OR Temporary Security Staff.

Class D 1. Staff of „Member-Units‟. Permanent. 2. Temporary Staff. TEMPS. 3. Service-Provider. Utilities. Supplies. Catering. Transport Drivers +

Support-Staff. 4. Any new Employee / Regular LESS than one year of Regularity.

Class E 1. Contractor. Staff. Labour-force. Contractor Suppliers. Contractor

Services. 2. Trade or Manufacturing. Goods Inward and Goods Outward. 3. Waste Disposal. IN and OUT movement.

Risk Level Rating of People

1. 0 to 9 : 9 = no risk; 1 VERY HIGH RISK. 0 = unknown / not assigned.

2. Everyone is assigned a Level 5. Has to earn by time, inputs, self-service, behaviour,

references, feedback to lower the Risk LEVEL.

PRAY (People Risk Assessment & Yield) Model

Negligent Hiring

1. What is negligent hiring? 2. Should all companies be expected to have a

screening policy? 3. Does every employee need to be screened? 4. How much should a company expect to pay

for screening? 5. What can it cost a company should they

chose not to have a screening program? 6. Do you have enough „Johari-window‟

information to make an offer? 7. Are all screening companies alike?

Negligent Hiring Problems …

1. Shrinkage. Theft. Robbery. White collar crime.

2. Security Staff are compromised!

3. Cartels / Organised Crime are formed!

4. IT, data, Information & know-how leaks.

5. Rapists! Women‟s Issues.

6. Pornography. Video-Cam. Exploitation.

7. Pedophiles. Children abuse. (Where applicable).

8. Fellow-workers being blackmailed.

9. Paper-work fudging albeit for personal gain.

People Risk examples

1. Ghost Employees. Not on your payroll, not coming to work being paid maybe electronically.

2. Cartel of Security, Catering, Housekeeping & Admin. in waste (and other) removal from the premises.

3. Labour (HR or line Staff) taking a „cut‟ in recruitment, placement, promotions.

4. Poor Decision-Making. Order Acceptance, Vendor Identification, Technology due-diligence, Loan disbursement. Based on wrong or Inadequate data or information.

5. High-risk behaviour in their personal, private life. Gambling. Drugs. Debt. Wine. Women/Men.

6. Time-allocation. Priorities, motivation, interests in a different direction or area. Non-professionalism.

7. Travel + Stay when it could have been done with Video-conferencing.

Some Solution(s) Step(s)

1. Rating : Keep a simple score-card. On a scale of 1 to 9 everyone is a 5

till proved otherwise based on Actions and Performance.

2. Internal FIR : Maintain a database of any and all incidents (tangible and

intangible) transparent ensuring personal privacy; warnings; let-offs;

rewards & recongition.

3. PMS : Perform periodic Reviews. Behavioural as important as

Performance.

4. Voperty : The modern-organisation is no longer on one-premises. It is

virtual and on-line as much as off-line. Intellectual Property is as

important as Property. Trade-secrets, diagrams, customer or supplier

databases.

5. Infrastructure Enhancement & Technology Support.

6. KRI : Acquire, implement, maintain and manage a set of Key Risk

Indicators.

7. Process, Methodology, Workflow. Checklists. Visual Maps. Step-

accountability.

Infrastructure Recommendations

1. Single-window Access Control System. (Staff, Catering, House-keeping, Temps, Security). Audited Attendance.

2. Eyes and Ears on the ground. Networked Cameras; Adequate Lighting; Sensors for required needs.

3. Triple-play convergent digital networks.

4. Things monitoring. Raw materials & Finished Goods. Consumables. Fixed and Mobile Assets. Repair-men kits. Catering, Housekeeping, Waste removal.

5. Centralised Servers + Platform for Intergrated, Real-time, Remote & Localised Routine Reporting, Audits and Alert/Alarm Systems.

6. Transparency, Convenience, Ease-of-use, Ergonomics, Managed Queues, Systems, People-flow.

Infrastructure Functionality

Information or Intelligence Domain

Central Intelligence

•Gather Information, OR Intelligence.

•Data. Images. Audio. Video.

•Store. Retrieve. Analyze. Pattern Recognition. Intuition. Assign Field Work.•Gather MORE information.•Sort. Extract. Merge. Collate. Integrate. Consolidate. Automate.

• Efficiencies. ROI. TCO.

Disseminate. Execute. Act. Assist. Support. Help. Facilitate.

• Assign Work

• Intelligence on Demand.

• Verification. Authentication, Fact-Checks.

• Friend or Foe Decision Making.

Risk from Graft / Corruption

Managed Services

1. Choose to work with Riskpro India. (http://riskpro.in) Typically a minimum of 15-month contract.

2. Study, Report, KRI-set & GRC (Governance, Risk & Compliance) Roadmap within one month.

3. Put in place our clextra Software Platform. 4. Identify and Train the „Task-force‟ on GRC

Roadmap. 5. Maintain, Monitor, Manage, Analyze.

„Routine‟ and „Alert‟ Reporting to Management.

Risk Management

Based on the COSO model

Another Model

IT Risk Model

Risk of No Information

Risk of No Information & Communications Technology

E D C B A

Source Interface Distribution Interface Request

SERVERS Web-Pipe Ether-Space Local ISP CLIENTS

1.4 90% plus

1.3 60-89%

1.2 Ok

1.1 Less than 50%

2.4 Predictive

2.3 In-time2.2 Yesterday2.1 Post-mortem

3.4 DataHouse

3.3 Database

3.2 11-500 Pages

3.1 1-10 Page

4.4 Video

4.3 Audio

4.2 Visuals

4.1 Text

5.3 Sharing

5.2 Integrity

5.1 Security

5.3 Backup

5.2 Hardware

5.1 Power

Supply Side Supply Side

1

2

Relevance

Timeliness

3

4

5

6Infrastruc

ture

Quantity

Media

Quality

Any „IT-record‟ in your Business …

1. Tangible Assets Master 2. Buy Purchase Orders Master 3. Main Metrics 4. Expenses Master 5. Firms Master 6. Inventory Master 7. Invoices Master 8. Mfg. Job-Work Orders Master 9. Intangible Assets Transactions 10. Intangible Assets : Library : Info.Units 11. Owners : Contacts - Customers - Vendors 12. Individual Employee Master : Login II 13. Teams Master 14. Unit Master 15. RFID Hardware etc. 16. Seats Management Database 17. Individual Users Master : Login I 18. Vehicle Master

User definable … #1/3

A000,FORCE MAJEURE A001,Unpredictable A002,Political Forces A003,Terrorism A004,Genuine B000,FINANCE B001,Cash Liquidity B002,Market valuation of Equity B003,Audit B004,Financial due-diligence B005,Technology due-diligence B006,Theft of cash B007,Mis-use of cash B008,Mis-use of documents B009,non-Performing Assets B010,Tax B011,External Audit B012,Internal Audit B013,Depreciation B014,Credit Risk B015,Bad Debt B016,Book Value of Equity-Shares B017,Market Value of Equity-Shares B018,Bull-run B019,Bear-run C000,COMPLIANCE C001,Regulatory Compliance C002,Central Compliance C003,SOX Compliance C004,Stock-Exchange Compliance

C005,Central Labour Compliance C006,Local Labour Compliance C007,Local Safety Compliance D000,LEGAL D001,Major Lawsuit D002,minor Lawsuit D003,Loss of original documents D004,Legal fees D005,Stay order Costs D006,Stay order Time E000,PLANNING E001,Vendor Base. (Contractual and Moral) E002,Customer Base. (Affinity and Purchasing). E003,Sales Projections E004,Expenses Projections E005,Cashflow Projections E006,Meeting Manpower Plans F000,HR FA00,INVESTORS FA01,The Head of the Board FA02,The Board FA03,The CEO FA04,The CEOs Team FA05,Investors ROI needs FA06,Investors Values FB00,EMPLOYEES FB01,Absenteeism FB02,Non-performance FB03,Quality

User definable … #2/3

FB04,Quantity FB05,Negligence FB06,Fraud FB07,Unionism FB08,Training FB09,Requisite Operational Skills FB10,Motivation FC00,MANAGERS FC01,Not a Manager FC02,Not a Coach-Leader FC03,Manager Unionism FC04,Labour Unionism FC05,Fraud FC06,Planning FC07,Plan adherence FC08,Gap closure FC09,Training FC10,Requisite Operational Skills FC11,Motivation FD00,BEHAVIOURAL FD01,Narcissistic FD02,Nepotism FD03,Authoritarian FD04,Physical Male-Female FD05,Verbal Male-Female FD06,Submissive FD07,Sycophancy FD08,Destructive Intelligence FD09,Stupid-Dumb-Idiotic FD10,Hands-off

FD11,Hands-on FD12,Motivation FD13,Time-wastage FD14,Gambling FD15,Other pursuits FD16,Indoor inclinations FD17,Outdoor inclinations FD18,Commitment to Quality FD19,Commitment to Quantity FD20,Personal problems FD21,Financial burden FD22,Family problems FD23,Personal Health FD24,Alcoholism FD25,Drugs-Chemicals effect FD26,Obsessive Compulsive Disorder FD27,Attention Deficiency FD28,Hyperactive Syndrome G000,INVENTORY G001,Book Valuation G002,Market Valuation G003,Physical Checking G004,Obsolescence G005,Over-stocking G006,Under-stocking / Stock-outs G007,H. LOGISTICS RISKS G008,Delayed inflow G009,Delayed outflow G010,Transit Damage G011,Transit Theft

User definable … #3/3

G012,Transit Spoilage G013,I. PURCHASE RISKS . G014,Quality. Re-work G015,Wastage and write-off. G016,Short-supply H000,MANUFACTURING H001,Line Downtime H002,Partial Downtime H003,Shopfloor Accidents H004,Labour - unionism H005,Capacity availability H006,Output efficiency H007,In-logistics Space H008,Out-Logistics Space H009,Power-Energy availability H010,Water availability H011,Flow constraints H012,Process inefficiency H013,Safety Systems J000,REDUNDANCY - BACKUP J001,Duplication J002,Backup J003,Alternate System J004,mis-matched capacities J005,Absenteeism J006,People Training J007,Use of Consultants-Advisors

K000,MARKETING KA00,EXTERNAL KA01,Customer understanding KA02,Customer need specifications KA03,Quantity of Reach KA04,Quality of Reach KA05,Too much communications KA06,Too little communications KA07,Market segmentation KA08,Choice of channels KA09,Delivery-Install-Commissioning KA10,Training KA11,Customer Usage KA12,After Market Services KA13,Product Lifecycle Revenue KA14,Product Lifecycle Expenses KA15,Product Lifecycle Profit KA16,Reputation Risk KA17,Brand Dispersion Risk KB00,PUBLICITY KB01,Bad Press due to internal incidences KB02,Bad Press due to extraneous incidences KB03,Investor relations. KB04,ex-employee relations. KB05,Customer relations. KB06,Vendor relations. KB07,Press relations. KB08,Political relations.

Define & Manage Sets

Set 1 Set 2 Set 3 Set 4 Set 64 Set 65 Set 7821

A000,FORCE MAJEURE

A001,Unpredictable

A002,Political Forces

A003,Terrorism

A004,Genuine

B000,FINANCE

B001,Cash Liquidity

B002,Market valuation of Equity

B003,Audit

B004,Financial due-dilligence

B005,Technology due-dilligence

B006,Theft of cash

B007,Mis-use of cash

B008,Mis-use of documents

B009,non-Performing Assets

B010,Tax

B011,External Audit

B012,Internal Audit

B013,Depreciation

B014,Credit Risk

B015,Bad Debt

B016,Book Value od Equity-Shares

B017,Market Value of Equity-Shares

B018,Bull-run

B019,Bear-run

A set can have any number of user-definable metrics.

Assign Set to a Record …

1 Tangible Assets 2 Buy Purchase Orders 3 Main Metrics 4 Expenses 5 Firms 6 Inventory 7 Invoices 8 Mfg. Job-Work Orders 9 Intangible Assets Transactions 10 Intangible Assets : Library : Info.Units 11 Contacts - Customers – Vendors – Agents – Drivers - Traders 12 Level II login users : Employee, Customer, Doctor, Patient, Student 13 Teams 14 Unit – Group – Household (In addition to Teams). 15 RFID Hardware etc. Gates, Doors and Access Equipment. 16 Seats - Workstations – Desks etc. 17 Level I login users 18 Vehicle

Each Metric includes …

1. Cost. On a scale of 0 (no-cost) to 10 (very high); this is the means to „level‟

ANY and ALL Threats to a business.

2. Vulnerability On a scale of 0 (none) to 10 (definite) Internal weaknesses and under

reasonable control factors.

3. Threat On a scale of 0 (none) to 10 (definite) External factors perhaps with

minimal or no control.

4. Percentage This is a percentage for leveling. P = C x V x T (Multiplication and

Percentage of the above earlier 3 parameters).

5. Statistical Chance Independent of the above, a Standard Market statistical percentage of

an occurrence for this type of risk. Allows upto 4 decimal places. Ie. 1 in 10,000 chance of occurrence.

ICT Best Practices

1. Without SSL encryption, the integrity of data is compromised.

2. Without robust physical and network security, sensitive corporate data is at risk of intrusion

3. Building an effective in-house PKI system will take considerable time and expense. Opt for managed PKI services.

4. Free software will crack your password in 30 minutes. 5. Email is leaking your business secrets. 6. Traditional access control solutions are either

ineffective or costly 7. Your web site can be spoofed with a point and a click. 8. Testing in production is tempting fate. 9. The weakest link in your security is your people. 10. On the web, nobody knows if you are a Martian.

Report : Screenshot

RFID and Physical Location based.

Checklist Approach …

Checklist Library(s)

Cycles Feature …

hdocs

mdocs (Broadband Scalable )

Inventory Approvals

Incident „areas‟ and Bibliography

1. clextra Cupboard dodocs 1. archival system for all periodic Reporting.

2. clextra Cupboard cdocs 1. archival system for all random Reporting.

3. Organisational Filing System. 1. Individual and/or Team based.

2. Selective access to everyone in the organisation.

3. Supports MS Office, schematics, multimedia and/or any other format.

4. Numbered email. PULL System. (No PUSH).

5. Multimedia File binning.

6. Technology permitting …. SMS, Mobile etc.

Coding System(s) : 2 of 10‟s, dozens.

1. Location Code. Eg. inKAblrAZON01 (13 character code). 1. 2 chars – ISO country code. 2. 2 chars – Country State code. 3. 3 chars – City code. 4. 1 alpha – Zone code. 5. 3 chars – Preferably 9 or 81 directions N,E,W,S,C 6. 2 chars – Cna be sub-zones OR floors OR any other.

2. Device Code inKAblrAZON01-rc000006 1. Device no. 6 Grouped treatment as a Particular type of

Display, or Camera, or IN or OUT gate, reader, writer, sensor etc.

3. Also supported EPC codes; GPS codes and point-maps on ANY image(s).

Shrinkage, Risk, Security

Shrinkage Euphemism for Theft. Fraud; Counterfeit; Negligence;

Attrition;

Inventory Shrinkage ...

1. - Empty boxes or "hollow squares" in stacked goods.

2. - Mislabeled boxes containing scrap, obsolete items or lower value materials.

3. - Consigned inventory, inventory that is rented, or traded-in items for which credits have not been issued.

4. - Diluted inventory so it is less valuable (e.g., adding water to liquid substances).

5. - Increasing or otherwise altering the inventory counts for those items the auditor did not test count.

6. - Programming the computer to produce fraudulent physical quantity tabulations or priced inventory listings.

7. - Manipulating the inventory counts/compilations for locations not visited by the auditor.

8. - Double-counting inventory in transit between locations.

9. - Physically moving inventory and counting it at two locations.

Inventory More Shrinkage

1. - Including in inventory merchandise recorded as sold but not yet shipped to a customer.

2. - Arranging for false confirmations of inventory held by others.

3. - Including inventory receipts for which corresponding payables had not been recorded.

4. - Overstating the stage of completion of work-in-process.

5. - Reconciling physical inventory amounts to falsified amounts in the general ledger.

6. - Manipulating the "roll-forward" of an inventory taken before the financial statement date.

Inventory & shrinkage

1. - Not retiring WIP and not classifying completed jobs as finished goods after dispatching them to customers.

2. - Falsifying computer runs by overriding the WIP applications.

3. - Including extraneous elements, like period costs, in WIP tabulations.

4. - Excluding job-related direct costs, such as special-purpose tools and jigs, from WIP tabulations.

5. - Tinkering with process cost allocation and overhead calculation functions.

6. - Including abnormal process losses in WIP.

7. - Overstating the stage of completion of work-in-process.

8. - Programming the computer to produce fraudulent physical quantity tabulations or priced inventory listings

Inventory Not the final word on Shrinkage

1. - Physically counted percentage factor.

2. - Items requiring further audit scrutiny.

3. - Surreptitious check(s) percentage factor.

4. - Physical opening and case-label match factor.

5. - Increase in count factor from original plan due to findings.

6. - Time-gap between disparate location physical counts.

7. - Factor of likely owned property/materials/stock.

8. - Specialist factor. Does observer understand the inventory?

Loss of Original Documents

1. Litigation. 2. Direct cash loss. 3. Lack of control over your „Staff‟. 4. Reduced Customer confidence. 5. The „good faith‟ in which these were given to you

in the first place. 6. Perception of „corruption‟ and „deliberate‟ act. 7. Negligence. 8. Inability to „store‟, „monitor‟ and „manage‟ over

long periods of time. (10+ years). 9. Inability to use technology such as Library

Science methods, barcode, RFID etc. 10. Inability to cost per-document storage and ROI,

TCO for Document Management.

Other fraud …

1. Identify Theft.

2. Credit Card.

3. Password Theft.

4. TCP-IP Theft.

5. Patent Infringement.

6. Copyright, Trademark Theft.

7. Industrial espionage.

8. Counterfeits and Knock-offs.

GPS etc.

Integrating GPS, GIS, GPRS, 3G, RFID, AutoID & related technologies

onto a Single Unified Integrated Real-time Remote Triple Play

Solution.

Geography : 7 level Detail

Map Tracks : Actual Path(s)

Route Maps : Commute etc.

Beats, Timings, Circuits …

i3S Incident(s) Database

1. MANUAL and/or AUTO-ENTRY Recording of all incidents.

2. MANUAL cataloging and bibliography of incidents.

3. THEREFORE search of incidents.

4. Checklists for follow-up & Tracking.

5. Opening of a „Case‟ for legal procedure. Information and evidence handling, court follow-up.

i3S Case(s) Tracking

1. If FIR is registered.

2. Case Development and Management.

3. Evidence and Support information.

4. Court dates and Follow-up.

5. Long-term tracking of all Cases.

6. Costs and Decision making related to each Case.

i3S Storage Solution

i3S Bibliography, Search etc.

Individual Risk

The „Human Being‟

Typical Certification Areas …

1. Access Control

2. Application Development Security

3. Business Continuity and Disaster Recovery Planning

4. Cryptography

5. Information Security Governance and Risk Management

6. Legal, Regulations, Investigations and Compliance

7. Operations Security

8. Physical (Environmental) Security

9. Security Architecture and Design

10. Telecommunications and Network Security

Video Analytics

Features …

1. Assuming 100‟s of 1000‟s of camera / eyes are deployed … 2. Primary thinking and application is deterrence. 3. Can‟t CAPTURE, TRANSMIT and STORE ALL in high-definition; 25 fps; Colour …

the costs are astronomical. 4. Any „real-time‟ alerts from streaming-live from multiple camera automation based on

Pattern Recognition is WAY TOO EXPENSIVE and NOT REALISTIC. 5. Being pro-active cannot imply predicting „what will happen‟ or „the future‟. 6. So what do you capture …

1. Assume last-hour or last 3-days or whatever. 2. Pre-alert and post-alert EXTRACT from the above stream. 3. CLEAR bibliography; date, time, physical location, camera, view, quality, quantity, length,

guard-on-duty etc. etc. 4. Alerts can happen …

1. in-camera – Motion Detection. Field of View. Range of programmable features. License Plat recognition.

2. non-camera – Sensors. Vibration. Trip-wire. Light. Noise. RF. Optical etc. etc. etc. 3. Currency. Cheques. Documents or other Verification.

7. Intelligence on the Edge 1. Camera stores full-streams locally. Discarding after pre-set life-cycles. 2. UPLOAD to central STORE any and all incidents. 3. Create an clextra bibliography record for every UPLOAD.

8. Guard-Services Alert 9. Forensics. Evidence. Search. Analytics.

Guard Services …

1. Guards have to watch 100‟s at a time. NOT POSSIBLE. 2. Guards are human. Don‟t expect them to watch even ONE

all the time. 3. When an ALERT happens; must be able to localise;

locate; have decision-options and mobilise to tackle the ALERT as appropriate.

4. Systems of ALERT prioritisation. 1. Fire. Earthquake. Flood. 2. Dacoity. Terrorist Threat. Bomb. 3. Single Incident. Armed vs Un-armed. 4. Small start threat. Smoke. Water. Gas-Lead etc. 5. Tampering alert. Door. Window. Cables. Camera etc. 6. Client or Customer THEFT vs Employee THEFT. 7. System Authority. CEO. Police. Guards themselves. 8. Infringement. Person in non-authorised zones. 9. Infringement. Animals. Dogs. Cats. Rodents. Pests.

5. Risk and False-alarm RULES Management.

Not just your cameras … there are more

1. Storefronts 2. In-Store Cameras. 3. Gas Stations 4. Police stations 5. Businesses 6. Government & Office Buildings 7. Houses. Estates. Gate Security. Guard Security. 8. Traffic cams. Red light cams. 9. Taxi companies – Most taxis nowadays have dash

cams, and a driver can manually trigger them 10. Any witnesses with cellphones 11. Any witnesses with digital cameras, camcorders 12. Any witnesses. Record their statements with your

on-hand camera.

Someone … should want to

1. Pay for it.

2. Look at it.

3. Use it.

4. Make it count.

5. Just evidence. Seeing is believing.

6. Use it as evidence in a court of law.

7. Save a life.

8. Save property.

9. Save time.

10. Do something … for someone.

The „face‟ of „Information Security‟

1. There is someone looking over your shoulder.

2. Uniform & Authority Matter.

3. He is trained and tough.

4. This person is authorised ‘internal’ and ‘by law’ to act on our behalf.

5. This person is Technically Qualified and aware.

6. If you ‘cross the line’ … you are in trouble.

7. You can ask me as to ‘what the line is’.

8. Honestly; I am here to help you do your job ‘honestly’.

Cash Security

Counterfeit Management

1. Identifying counterfeit NOTES and COINS requires a combination of AUTOMATION & PEOPLE skills.

1. Automation Concerns 1. Automated kiosks DO NOT have this luxury and have to be

able to stand-alone and independently decide to ACCEPT or REJECT.

2. Reject in many instances can mean loss of Business and Consumer confidence.

3. Automated kiosks can be mis-used for money-laundering; coin hoarding; higher-note disposal etc.

2. Manual Concerns 1. Remove the drudgery of counting.

2. ONUS on protecting and end-of-shift settlement.

3. Know how to be able to identify counterfeit.

The Solution

1. Coin operated Vending Machines.

2. Coin or Cash based Media Dispensing.

3. Ticketing kiosks.

4. Utilities Bill Payment by Cash and/or Smartcards and/or Debit and/or Credit Cards.

5. GPS, GIS, GRPS, GSM, RFID based Tracking.

6. Touch screen based interaction.

7. Network integration with central computing facilities.

8. Local alarms & alerts; including automated and manual video surveillance.

9. Supply of HARDWARE, SOFTWARE, SYSTMES-PROCESS-METHODOLOGY starting with Awareness Training.

10. Pre-Sale; In-Sale and Post-Sale Staff & User training.

Who needs this …

1. Any business handling cash.

2. Banks. Cash deposit. Cash withdrawal.

3. Coin-to-cash and cash-to-coin exchangers.

4. Retail operations.

5. Notes and/or Coins counting.

6. Government Utilities. Receipt Printing.

7. Parking. Ticketing. Events. Journey slips.

8. Vehicle Parking.

9. Toll Gates and pay-per-use applications.

10. Currency Exchange.

Base of Experts, Advisory, Staffing & Consulting.

The Firm

Software, Backend, Tool & Platform

Business Model, Methodology, and System(s)

Full-range services in Governance, Risk & Compliance

Systems Integrators

http://www.edgevalue.com http://www.clextra.in

[email protected] © JAN 1999 Edgevalue

62 B Modi Residency Miller Road

Bangalore 560 042 INDIA Phone : 91 (india) 80 (bangalore) 2595 0059

Cellphone : 98450 61870