In The Boardroom Press Room About Us Research Reports Contact Us

In the Boardroom With...
Mr. J.R. Reagan
Managing Director and Solution Leader
Security & Identity Management Group
BearingPoint (NYSE: BE) Thanks for joining us today, JR. You've had a really interesting career path with over 20 years of Federal, Intelligence and Commercial sector experience. Please give our audience an overview of your background and your role at BearingPoint.

J.R. Reagan: As you mentioned, I have a broad background in Federal, Intelligence and Commercial sectors that's proven particularly valuable in my role as Solution Leader for our Public Sector Security & Identity Management practice. My role at BearingPoint is to find and help develop innovative solutions for clients around security and identity management – whether that's biometrics, smart cards, or other unique solutions for the market. What are the major market drivers right now for security and identity management solutions?

J.R. Reagan: World events and the increased incidence of identity theft have caused IT and physical security technologies to converge, and converge on a global scale. Officials responsible for security must now comply with the demands of substantial standards and guidelines, many of which may not have been in place when initially establishing their security programs.

Whether it's physical or cyber security – from Electronic Passport (ePassport), the Visa Waiver Mandate and Electronic Identity (eID), to port entry and shipping – organizations around the world are now forced to address new security issues. Additionally, regulatory drivers here in the U.S. in the form of standard credentialing for government workers, as seen in the House/Senate Presidential Directive-12 (HSPD-12), new DMV standards in response to the Real ID Act and other initiatives have increased the importance of Security and Identity Management. Key drivers include:

•  Passport/VISA: Immigration; Electronic Passport (ePassport); Electronic Identity (eID); National Identity
•  Law Enforcement: Booking; Evidence Tracking; Fingerprint/Face Identity ; Corrections
•  Civil Needs: Corporate ID; Student Identity ; Fraud; Logistics
•  Defense / Intelligence: Uniform Identity ; Logistics; Watchlists; Threat Database
•  Border Control: Global Trade Management (GTM); Port Entry; Aviation; Shipping
•  State/Municipal: Mass Transit; Medical; Benefits; Department of Motor Vehicles (DMV) In the Federal Government sector, we understand that BearingPoint is involved with the Common Access Card (CAC) and Transportation Worker Identification Credential (TWIC) programs among others. Without giving away any trade secrets, can you give us an overview of BearingPoint's role in these high profile programs?

J.R. Reagan: The Transportation Worker Identification Credential (TWIC) solution provides a uniform credential for transportation workers requiring access to the nation's transportation facilities. The solution provides added security through incorporating standardized vetting procedures, biometrics, and a smart card to ensure an individual accessing secure areas within the nation's transportation system are authorized to do so, and are who they say they are. The TWIC solution was implemented during a Prototype Phase at 28 sites across the United States , and is currently in operation today. BearingPoint's solution provides strong identity vetting and proofing processes for large agency populations.

BearingPoint also provides support to the DoD's Common Access Card program (CAC) and assists the DoD in developing its strategy to comply with HSPD-12 and the corresponding Federal Information Process Standard, commonly referred to as FIPS. In addition, BearingPoint handles program management, systems analysis and technical support, information technology contract management/acquisition support and business operations management support across the Defense Manpower Data Center enterprise. Any other Federal Government programs you care to mention?

J.R. Reagan: BearingPoint also supports the FDIC's Security Program, which serves as a focal point for an annual information technology security self-assessment as well as ongoing IT security monitoring activities. These tasks are in addition to other programs BearingPoint has been assisting the FDIC with since 2003, including Certification and Accreditation, security infrastructure review, System Test and Evaluation, and Security control implementation. What about BearingPoint wins at the State & Local level?

J.R. Reagan: One interesting project BearingPoint is working on is with the New York City Office of the Criminal Justice Coordinator, on its DataShare project.  This integrated justice initiative will expand information sharing across criminal justice agencies by replacing the existing technical infrastructure for data exchange and deploying a Public Safety Portal. In addition, BearingPoint is engaged in integrated justice projects in Montgomery County , Md. ,  Washington , D.C. and many other jurisdictions. Let's turn to the commercial market. Can you give our audience an overview of BearingPoint wins in the Financial, Healthcare, and Education verticals?

J.R. Reagan: Our Financial Services practice has recognized the complexity and urgency of the need to protect information assets for our financial industry clients. This need comes from the fact that managing financial and non-public personal information has become a subject to numerous regulations including Gramm-Leach-Bliley Act, Sarbanes-Oxley Act, Basel II Capital Accord, SEC and FFIEC regulations, European Data Privacy Directive, California SB1386, OCC 2001-47 third party information sharing and many others.

Our financial services clients have asked BearingPoint to help then to comply with these and other regulations including special provisions designed to protect customer privacy, protect all sensitive financial information under management, and help our clients to develop defense and risk mitigation strategies that address payment, credit card and on-line banking fraud.

To address these concerns Bearingpoint has formed a cross-disciplined Customer Identity Management practice that has been successful in addressing clients concerns about security, privacy and compliance.

The majority of our clients are Fortune 100 financial institutions that include global banks, diversified financial services firms including major brokerage houses, major insurance companies, and leading credit card companies. What about the International arena, any particular projects you care to mention?

J.R. Reagan: BearingPoint recently completed a 23-month on-time project for the complete modernization of the systems and processes for managing passport applications in the Government of Ireland's Department of Foreign Affairs. The passport incorporates leading edge technology to provide advanced security, including a polycarbonate datapage featuring laser engraved and perforated images of the holder's photograph and signature, giving Ireland one of the world's most modern and secure passports in the world. “Phishing” and “pharming” threats are becoming more prevalent and sophisticated but many end-users still do not understand these terms and how they can lead directly to identity theft. Please give our audience an overview of “Phishing”. What can enterprises do to prevent damage to their brands and what can individuals do to protect themselves?

J.R. Reagan: "Phishing," is an online threat that involves sending bogus e-mails – allegedly from a bank or other online business – that reroutes user replies to a phony, but authentic-looking, website and asked to enter sensitive information. If they type in their passwords or account numbers, thieves have that data. Now phishers have been joined by "pharmers," who have made the scam more sophisticated by planting malicious software on a user's computer or poisoning servers that direct traffic on the Internet. Even if a user types in the correct address of a website, the software can send them to a phony one.

Dealing with the threat is a difficult issue. Some financial institutions are already experimenting with "multi-factor authentication. In the U.S. , federal regulators are now requiring banks to have at least two-factor authentication with their websites by the end of 2006. The Federal Financial Institutions Examination Council has very recently issued a press release as well as specific, non guidance. Other industries are further behind, and individuals are battling the threat on a daily basis. One will read on that, World events and the increased incidence of identity theft have caused IT & physical security technologies to converge. The result has been Federal mandates such as the Homeland Security Policy Directive 12 (HSPD12) and the Federal Information Security Management Act (FISMA) of 2002. Information security & identity management projects have been pushed to the forefront of government procurement initiatives.” Please give us an overview of these and other Federal mandates such as HIPPA, Gramm Leach Bliley, and Sarbanes Oxley.

J.R. Reagan: Homeland Security Presidential Directive 12 (HSPD-12) requires issuance of secure and reliable forms of identification to employees and contractors using U.S. government facilities and information systems. BearingPoint has been integrally involved in early efforts to implement this heightened level of security within the federal workforce. One of the most important security requirements is the need to improve the identification of federal government employees, contractors and contract employees. This requirement applies both to allowing people to physically enter facilities and to permitting them to obtain logical (including network and application ) access to information. With the technology dimensions of HSPD-12, agencies can set a course to compliance and to a stronger, safer country. At the same time, they can leverage their investments to improve government services and efficiency.

The Federal Information Security Management Act of 2002, or FISMA, is intended to improve the security of the information resources that support the operation of the federal government. The Office of Management and Budget provides rankings that provide a measure of the progress agencies have made in improving compliance with FISMA, so compliance gets a lot of attention. FIMA represents an important step toward enhancing the protection of the government's information technology (IT) systems and data. It has brought unprecedented awareness of the need for strong security, as well as a mechanism for agencies to assess their progress. The ultimate goal of every agency, though, is not simply to get a good FISMA score but to improve the protection of its IT assets. FISMA requirements include processes that allow agencies to leverage their internal controls cost-effectively. And, as some agencies are finding that taking steps to enhance procedures, systems, and technology not only leads to better security, but also to a better FISMA scorecard.

Since 1996, the Healthcare Insurance Portability and Accountability Act (HIPAA), has perhaps raised more issues in the healthcare community than it has answered about security and privacy. HIPAA takes the notion of accountability to a new level, mandating the administrative simplicity of patient information with transaction standards, and the security of individual patient medical records. Privacy of sensitive information contained in patient medical records is included in this ruling. This regulation has prompted some pervasive technology and security needs among various corporations that share and forward healthcare information.

In today's environment of tougher regulations and increased scrutiny where Basel II, the Sarbanes-Oxley Act of 2002, the USA PATRIOT Act, the GLBA and the EU Data Privacy Directive require greater financial and customer transparency, being able to meet compliance requirements and run the business more efficiently is invaluable. With their overlapping data, process and data requirements, all of these initiatives are interconnected and interdependent. Thus, developing new, converged data models and re-using existing data from your customer, risk management, financial management, and information security databases is a smart, cost-effective strategy. What resources such as case studies, and white papers, are available at for end-users?

J.R. Reagan: For more info, I recommend you review our public website: Once there be sure to check out the “ Security & Identity Management Resource Center ,” which provides a number of links to various whitepapers and other information on the BearingPoint practice.

Please read our Terms of Use and Disclaimer.
BearingPoint is included in our  Investment Guide To 350+ Security Stocks©.