Big Data: Harnessing it to improve Risk Management

24 Aug 2015 Bulletin: Issue 39 - Risk management Resource

The maritime industry – not renowned for its willingness to proactively embrace change - is now seeing both the benefit and necessity of employing big data to enhance commercial opportunities, and also improve the safety and sustainability of the industry and those that work within it.

The maritime industry – not renowned for its willingness to proactively embrace change
- is now seeing both the benefit and necessity of employing big data to enhance commercial opportunities, and also improve the safety and sustainability of the industry and those that work within it.
 
These opportunities also bring unprecedented challenges. Previously, the relative lack of connectivity of various data sources has provided some sort of protection; however the modern-day internet of things has changed this. Organisations need to understand and mitigate the risk they face within their operating environment, ensuring effective precautions and responses are in place should they fall prey to cyber attack.
At RightShip we clearly recognise the commercial advantages of big data, having spent the last two years upgrading our online risk management platform to a multi-million dollar predictive analytics tool.
 
The ability to instantly and meaningfully analyse multiple, massive data feeds into a simple risk assessment tool means that real-time analysis will better target substandard maritime performance. The benefits to our clients are huge.
 
Our business is based on receiving incoming data, running it through complex internal processes, and distributing the results to clients through a secure online platform. Systems and procedures that protect this process are vital, and we achieve this by being certified to ISO/IEC 27001 Information Security Management which provides a systematic approach to managing information to ensure it remains secure.
 
The aim of all of this is to ensure communication security, protection of client information (in and out) and business continuity.
 

Communications Security & Information Protection

 
A full-time Marine Assurance Coordinator is employed to ensure that requirements to ISO/IEC 27001 are applicable to our people, processes and IT systems. This involves control of information (how people access the system), classification of information (differentiated access levels for individuals), ongoing information security education for all staff, the use of licensed and trackable software, and an asset management process.
Users of our risk management platform require authentication, which is achieved through a cryptographic protocol developed by AuthO.
 
All communications between client browsers and our server is encrypted using SSL, which ensures that all data remains private and integral.
 

Business Continuity

Cloud computing conjures up images of something that comes out of the sky; however the reality is quite different. Systems are generated by physical hardware that is housed inside buildings, connected by networking cable – and so online security also necessitates security of the physical environment of our servers, ensuring protection against external and environmental threats such as fire and floods.
 
Likewise, physical access to the RightShip offices and the disparate locations of the some 38 servers that are used requires authorised electronic security passes – sometimes in multiple formats. Data is backed up frequently, mirrored and moved to separate servers, which in turn are also backed up frequently.
 
BIMBO, ICS, INTERTANKO and Intercargo have recently announced that they are jointly developing standards and guidelines to address the major cyber security issues faced by the shipping industry. A strategic, coordinated and ongoing effort is needed to protect the industry and its individual players who wish to maintain either the business as usual approach, or develop an operational advantage in this era of rapid technological change.
Just like physical and asset security, shipping operators will have to find tailored solutions to cyber security that protect their organisational information and complement their operating environment.