IN THE BOARDROOM™ with...
Mr. J.R. Reagan
Managing Director and Solution Leader
Security & Identity Management Group
BearingPoint (NYSE: BE)
SecuritySolutionsWatch.com: Thanks for joining us
today, JR. You've had a really interesting career path with over
20 years of Federal, Intelligence and Commercial sector
experience. Please give our audience an overview of your
background and your role at BearingPoint.
J.R. Reagan: As you mentioned, I have a broad
background in Federal, Intelligence and Commercial sectors that's
proven particularly valuable in my role as Solution Leader for our
Public Sector Security & Identity Management practice. My role
at BearingPoint is to find and help develop innovative solutions
for clients around security and identity management – whether
that's biometrics, smart cards, or other unique solutions for the
market.
SecuritySolutionsWatch.com: What are the major
market drivers right now for security and identity management
solutions?
J.R. Reagan: World events and the increased
incidence of identity theft have caused IT and physical security
technologies to converge, and converge on a global scale.
Officials responsible for security must now comply with the
demands of substantial standards and guidelines, many of which may
not have been in place when initially establishing their security
programs.
Whether it's physical or cyber security – from Electronic
Passport (ePassport), the Visa Waiver Mandate and Electronic
Identity (eID), to port entry and shipping – organizations
around the world are now forced to address new security issues.
Additionally, regulatory drivers here in the U.S. in the form of
standard credentialing for government workers, as seen in the
House/Senate Presidential Directive-12 (HSPD-12), new DMV
standards in response to the Real ID Act and other initiatives
have increased the importance of Security and Identity Management.
Key drivers include:
• Passport/VISA: Immigration;
Electronic Passport (ePassport); Electronic Identity (eID);
National Identity
• Law Enforcement: Booking; Evidence
Tracking; Fingerprint/Face Identity ; Corrections
• Civil Needs: Corporate ID; Student
Identity ; Fraud; Logistics
• Defense / Intelligence: Uniform
Identity ; Logistics; Watchlists; Threat Database
• Border Control: Global Trade
Management (GTM); Port Entry; Aviation; Shipping
• State/Municipal: Mass Transit;
Medical; Benefits; Department of Motor Vehicles (DMV)
SecuritySolutionsWatch.com: In the Federal
Government sector, we understand that BearingPoint is involved
with the Common Access Card (CAC) and Transportation Worker
Identification Credential (TWIC) programs among others. Without
giving away any trade secrets, can you give us an overview of
BearingPoint's role in these high profile programs?
J.R. Reagan: The Transportation Worker
Identification Credential (TWIC) solution provides a uniform
credential for transportation workers requiring access to the
nation's transportation facilities. The solution provides added
security through incorporating standardized vetting procedures,
biometrics, and a smart card to ensure an individual accessing
secure areas within the nation's transportation system are
authorized to do so, and are who they say they are. The TWIC
solution was implemented during a Prototype Phase at 28 sites
across the United States , and is currently in operation today.
BearingPoint's solution provides strong identity vetting and
proofing processes for large agency populations.
BearingPoint also provides support to the DoD's Common Access
Card program (CAC) and assists the DoD in developing its strategy
to comply with HSPD-12 and the corresponding Federal Information
Process Standard, commonly referred to as FIPS. In addition,
BearingPoint handles program management, systems analysis and
technical support, information technology contract
management/acquisition support and business operations management
support across the Defense Manpower Data Center enterprise.
SecuritySolutionsWatch.com: Any other Federal
Government programs you care to mention?
J.R. Reagan: BearingPoint also supports the
FDIC's Security Program, which serves as a focal point for an
annual information technology security self-assessment as well as
ongoing IT security monitoring activities. These tasks are in
addition to other programs BearingPoint has been assisting the
FDIC with since 2003, including Certification and Accreditation,
security infrastructure review, System Test and Evaluation, and
Security control implementation.
SecuritySolutionsWatch.com: What about
BearingPoint wins at the State & Local level?
J.R. Reagan: One interesting project
BearingPoint is working on is with the New York City Office of the
Criminal Justice Coordinator, on its DataShare project. This
integrated justice initiative will expand information sharing
across criminal justice agencies by replacing the existing
technical infrastructure for data exchange and deploying a Public
Safety Portal. In addition, BearingPoint is engaged in
integrated justice projects in Montgomery County , Md. ,
Washington , D.C. and many other jurisdictions.
SecuritySolutionsWatch.com: Let's turn to the
commercial market. Can you give our audience an overview of
BearingPoint wins in the Financial, Healthcare, and Education
verticals?
J.R. Reagan: Our Financial Services practice
has recognized the complexity and urgency of the need to protect
information assets for our financial industry clients. This need
comes from the fact that managing financial and non-public
personal information has become a subject to numerous regulations
including Gramm-Leach-Bliley Act, Sarbanes-Oxley Act, Basel II
Capital Accord, SEC and FFIEC regulations, European Data Privacy
Directive, California SB1386, OCC 2001-47 third party information
sharing and many others.
Our financial services clients have asked BearingPoint to help
then to comply with these and other regulations including
special provisions designed to protect customer privacy, protect
all sensitive financial information under management, and help our
clients to develop defense and risk mitigation strategies that
address payment, credit card and on-line banking fraud.
To address these concerns Bearingpoint has formed a
cross-disciplined Customer Identity Management practice that has
been successful in addressing clients concerns about security,
privacy and compliance.
The majority of our clients are Fortune 100 financial
institutions that include global banks, diversified financial
services firms including major brokerage houses, major
insurance companies, and leading credit card companies.
SecuritySolutionsWatch.com: What about the
International arena, any particular projects you care to mention?
J.R. Reagan: BearingPoint recently completed a
23-month on-time project for the complete modernization of the
systems and processes for managing passport applications in the
Government of Ireland's Department of Foreign Affairs. The
passport incorporates leading edge technology to provide advanced
security, including a polycarbonate datapage featuring laser
engraved and perforated images of the holder's photograph and
signature, giving Ireland one of the world's most modern and
secure passports in the world.
SecuritySolutionsWatch.com: “Phishing” and
“pharming” threats are becoming more prevalent and
sophisticated but many end-users still do not understand these
terms and how they can lead directly to identity theft. Please
give our audience an overview of “Phishing”. What can
enterprises do to prevent damage to their brands and what can
individuals do to protect themselves?
J.R. Reagan: "Phishing," is an
online threat that involves sending bogus e-mails – allegedly
from a bank or other online business – that reroutes user
replies to a phony, but authentic-looking, website and asked to
enter sensitive information. If they type in their passwords or
account numbers, thieves have that data. Now phishers have been
joined by "pharmers," who have made the scam more
sophisticated by planting malicious software on a user's computer
or poisoning servers that direct traffic on the Internet. Even if
a user types in the correct address of a website, the software can
send them to a phony one.
Dealing with the threat is a difficult issue. Some financial
institutions are already experimenting with "multi-factor
authentication. In the U.S. , federal regulators are now requiring
banks to have at least two-factor authentication with their
websites by the end of 2006. The Federal Financial Institutions
Examination Council has very recently issued a press release as
well as specific, non guidance. Other industries are further
behind, and individuals are battling the threat on a daily basis.
SecuritySolutionsWatch.com: One will read on
BearingPoint.com that, “ World events and the
increased incidence of identity theft have caused IT &
physical security technologies to converge. The result has been
Federal mandates such as the Homeland Security Policy Directive 12
(HSPD12) and the Federal Information Security Management Act (FISMA)
of 2002. Information security & identity management projects
have been pushed to the forefront of government procurement
initiatives.” Please give us an overview of these and other
Federal mandates such as HIPPA, Gramm Leach Bliley, and Sarbanes
Oxley.
J.R. Reagan: Homeland Security Presidential
Directive 12 (HSPD-12) requires issuance of secure and reliable
forms of identification to employees and contractors using U.S.
government facilities and information systems. BearingPoint has
been integrally involved in early efforts to implement this
heightened level of security within the federal workforce. One of
the most important security requirements is the need to improve
the identification of federal government employees, contractors
and contract employees. This requirement applies both to allowing
people to physically enter facilities and to permitting them to
obtain logical (including network and application ) access to
information. With the technology dimensions of HSPD-12, agencies
can set a course to compliance and to a stronger, safer country.
At the same time, they can leverage their investments to improve
government services and efficiency.
The Federal Information Security Management Act of 2002, or
FISMA, is intended to improve the security of the information
resources that support the operation of the federal government.
The Office of Management and Budget provides rankings that provide
a measure of the progress agencies have made in improving
compliance with FISMA, so compliance gets a lot of attention. FIMA
represents an important step toward enhancing the protection of
the government's information technology (IT) systems and data. It
has brought unprecedented awareness of the need for strong
security, as well as a mechanism for agencies to assess their
progress. The ultimate goal of every agency, though, is not simply
to get a good FISMA score but to improve the protection of its IT
assets. FISMA requirements include processes that allow agencies
to leverage their internal controls cost-effectively. And, as some
agencies are finding that taking steps to enhance procedures,
systems, and technology not only leads to better security, but
also to a better FISMA scorecard.
Since 1996, the Healthcare Insurance Portability and
Accountability Act (HIPAA), has perhaps raised more issues in the
healthcare community than it has answered about security and
privacy. HIPAA takes the notion of accountability to a new level,
mandating the administrative simplicity of patient information
with transaction standards, and the security of individual patient
medical records. Privacy of sensitive information contained in
patient medical records is included in this ruling. This
regulation has prompted some pervasive technology and security
needs among various corporations that share and forward healthcare
information.
In today's environment of tougher regulations and increased
scrutiny where Basel II, the Sarbanes-Oxley Act of 2002, the USA
PATRIOT Act, the GLBA and the EU Data Privacy Directive require
greater financial and customer transparency, being able to meet
compliance requirements and run the business more efficiently is
invaluable. With their overlapping data, process and data
requirements, all of these initiatives are interconnected and
interdependent. Thus, developing new, converged data models and
re-using existing data from your customer, risk management,
financial management, and information security databases is a
smart, cost-effective strategy.
SecuritySolutionsWatch.com: What resources such as
case studies, and white papers, are available at www.BearingPoint.com
for end-users?
J.R. Reagan: For more info, I recommend you
review our public website: www.bearingpoint.com.
Once there be sure to check out the “ Security & Identity
Management Resource Center ,” which provides a number of links
to various whitepapers and other information on the BearingPoint
practice.
Please
read our Terms of Use and Disclaimer.
BearingPoint is included in our Investment
Guide To 350+ Security Stocks©.
|