Your SlideShare is downloading. ×
Managing and securing the enterprise
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.


Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Managing and securing the enterprise


Published on

Published in: Education, Technology, Business

  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. Managing and Securing the Enterprise
  • 2. Securing the EnterpriseInformation resources are distributedthroughout the organization and beyondas Internet and wireless technologiesextend organizational boundaries.Time-to-exploitation of sophisticatedspyware and worms has shrunk frommonths to days.
  • 3. Time-to-exploitation It is the elapsed time between when a vulnerability is discovered and the time it is exploited.
  • 4. Regulations Industry Self-Regulations: Payment Card Industry (PCI) Data Security Standard. • Visa • Master Card • American Express • Discover • It is required for all members, merchants, or service providers that store, process, or transmit cardholder data.
  • 5. Small Business Regulations • Visa The Council USA • Equifax of Better • IBM Business • Verizon Bureaus. • eBay
  • 6. Cyber-Blackmail Trojan encrypts the data on user’s computer, then the attacker offers to decrypt it for $300 or more.
  • 7. Why IT Security??
  • 8. Mistakes Information • Human errorSecurity Forum • System malfunctioningdiscovered that • Failure to understand the effect of the mistakes adding a new piece of software tocaused due to: the rest of the system Led to threats for IT
  • 9. IT Security & Internal Control Model Senior Securitymanagement procedurescommitment & & support enforcement Security Security policies & tools : training Hardware & software
  • 10. IS Vulnerabilities & Threats Un- international Threats Computer International Crimes Threats
  • 11. Un-International Threats Human errors Environmental hazards Computer system failures
  • 12. International Threats Intentional threat Theft of data Inappropriate use of data Theft of computers Theft of equipments or programs
  • 13. International ThreatsDeliberate manipulation in handling, entering, processing, transferring or programming data Strikes, riots Malicious damage to computer resources Destruction from viruses and other attacks Miscellaneous computer abuses Internet fraud
  • 14. Computer CrimesCrime done on theInternet, call cybercrimes.• Hacker • White-hat hackers • Black-hat hackers• Cracker
  • 15. Methods of attack on computing Data tampering Programming attacks Viruses Worms Zombies Phishing DoS Botnets
  • 16. Frauds and Computer Crimes Fraud is a serious financial crime involving: Deception Confidence Trickery
  • 17. Types of Frauds Occupational Fraud Operating management fraud Conflict of interest Bribery Misappropriation Senior management financial reporting fraud Accounting cycle fraud
  • 18. Fraud prevention and Detection Adelphia Global crossing Tyco
  • 19. Other crimes Crimes by Flash MP3/MP4Computer drives players
  • 20. Computer Crimes Identity theft: worst and most prevalent crimes.  Thefts where individuals’ social security and credit card numbers are stolen and used by thieves.  Obtaining information about other people  By stealing wallets  E-sharing and databases
  • 21. Types of identity crimes Stolen desktop Online, by an ex-employee Computer tapes lost in transit Malicious users Missing backup tapes
  • 22. Internal control Is the work atmosphere that a company sets for its employees. It is a process designed to achieve:  Reliability of financial reporting  Operational efficiency  Compliance with laws  Regulations and policies  Safeguarding of assets
  • 23. Frauds to be controlled by ICS Fraud committed against a company Fraud committed for a company
  • 24. Symptoms Missing documents Delayed bank deposits Holes in accounting records Numerous outstanding checks or bills Disparity between accounts payable and receivable Employees who do not take vacations etc.
  • 25. -cont.. A large drop in profits Major increase in business with other particular customers. Customers complaining about double billing Repeated duplicate payments Employees with the same address or phone numbers as a vendor
  • 26. IC procedures and activities Segregation of duties and dual custody Independent checks Proper system of authorization Physical safeguard Documents and records