Securing the EnterpriseInformation resources are distributedthroughout the organization and beyondas Internet and wireless technologiesextend organizational boundaries.Time-to-exploitation of sophisticatedspyware and worms has shrunk frommonths to days.
Time-to-exploitation It is the elapsed time between when a vulnerability is discovered and the time it is exploited.
Regulations Industry Self-Regulations: Payment Card Industry (PCI) Data Security Standard. • Visa • Master Card • American Express • Discover • It is required for all members, merchants, or service providers that store, process, or transmit cardholder data.
Small Business Regulations • Visa The Council USA • Equifax of Better • IBM Business • Verizon Bureaus. • eBay
Cyber-Blackmail Trojan encrypts the data on user’s computer, then the attacker offers to decrypt it for $300 or more.
Mistakes Information • Human errorSecurity Forum • System malfunctioningdiscovered that • Failure to understand the effect of the mistakes adding a new piece of software tocaused due to: the rest of the system Led to threats for IT
IT Security & Internal Control Model Senior Securitymanagement procedurescommitment & & support enforcement Security Security policies & tools : training Hardware & software
IS Vulnerabilities & Threats Un- international Threats Computer International Crimes Threats
Un-International Threats Human errors Environmental hazards Computer system failures
International Threats Intentional threat Theft of data Inappropriate use of data Theft of computers Theft of equipments or programs
International ThreatsDeliberate manipulation in handling, entering, processing, transferring or programming data Strikes, riots Malicious damage to computer resources Destruction from viruses and other attacks Miscellaneous computer abuses Internet fraud
Fraud prevention and Detection Adelphia Global crossing Tyco
Other crimes Crimes by Flash MP3/MP4Computer drives players
Computer Crimes Identity theft: worst and most prevalent crimes. Thefts where individuals’ social security and credit card numbers are stolen and used by thieves. Obtaining information about other people By stealing wallets E-sharing and databases
Types of identity crimes Stolen desktop Online, by an ex-employee Computer tapes lost in transit Malicious users Missing backup tapes
Internal control Is the work atmosphere that a company sets for its employees. It is a process designed to achieve: Reliability of financial reporting Operational efficiency Compliance with laws Regulations and policies Safeguarding of assets
Frauds to be controlled by ICS Fraud committed against a company Fraud committed for a company
Symptoms Missing documents Delayed bank deposits Holes in accounting records Numerous outstanding checks or bills Disparity between accounts payable and receivable Employees who do not take vacations etc.
-cont.. A large drop in profits Major increase in business with other particular customers. Customers complaining about double billing Repeated duplicate payments Employees with the same address or phone numbers as a vendor
IC procedures and activities Segregation of duties and dual custody Independent checks Proper system of authorization Physical safeguard Documents and records