SlideShare a Scribd company logo

Enterprise Information Systems Security: A Case Study in the Banking Sector

CONFENIS 2012
CONFENIS 2012

Peggy Chaudhry, Sohail Chaudhry, Kevin Clark, Darryl Jones, Enterprise Information Systems Security: A Case Study in the Banking Sector

Business
1 of 24
Download to read offline
ENTERPRISE INFORMATION SYSTEMS SECURITY: A CASE STUDY IN THE BANKING SECTOR SEPTEMBER 20TH, 2012 CONFENIS - GHENT, BELGIUM Sohail Chaudhry, Peggy Chaudhry, Kevin Clark and Darryl Jones Villanova School of Business, Villanova, PA USA
Agenda  Introduction  Research Approach  Conceptual Model  Phase I – Banking Sector  Results  Future Research
Current Events
Have you had any cases of insider sabotage or IT security fraud conducted at your workplace? Source: Cyber-Ark Snooping Survey, April 2011, p. 3.
Research Approach  Focus: Enterprise Information Systems Security – Internal threats.  Literature Review & Development of Model.  Phase 1: Model tested via personal interviews of 4 senior information officers in a highly regulated industry – the Banking Industry.
Information Security Officers Interviewed Bank A Bank B Bank C Bank D • Public • Private, • Private, • Private, 8 100 70 years 15 years years Years • 20 Mil • 1.8 Bil • 550 Mil • 1.1 Bil USD in USD in USD in USD Assets assets assets Assets •2 • 13 • 10 • 11 Branches Branches Branches Branches
Federal Financial Institutions Examination Council (FFIEC) Security Process (e.g., Governance issues) Information Security Risk Assessment (e.g., steps in gathering information) Information Security Strategy (e.g., architecture considerations) Security Controls Implementation (e.g., access control) Security Monitoring (e.g., network intrusion detection systems) Security Process Monitoring and Updating
The Gramm-Leach-Bliley Act Access controls on customer information systems Access restrictions at physical locations containing customer information Encryption of electronic customer information Procedures to ensure that system modifications do not affect security. Dual control procedures, segregation of duties, and employee background checks Monitoring Systems to detect actual attacks on or intrusions into customer information systems Response programs that specify actions to be taken when unauthorized access has occurred. Protection from physical destruction or damage to customer information
Conceptual Framework Enterprise Information System Security Implementation Security Policy Security Access Top Level Awareness Control Management Support Corporate Governance
Pillar 1: Security Policy  Set rules for behavior  Define consequences of violations  Procedure for dealing with breach  Authorize company to monitor and investigate  Legal and regulatory compliance
Excerpt from interview: “Information Security Policy is not an option, it’s demanded from the top of the house on down, it’s board approved, accepted by regulators, and executed throughout the organization. ”
Pillar 2: Security Awareness  Continued education  Collective and individual activities  Formal classes, emails, discussion groups  Employee compliance
Excerpt from interview: “In training, we tell employees that we are tracking them, when we are not. It’s a deterrent. The fact is we have to use implied security in addition to actual security. ”
Pillar 3: Access Control  Limit information  Access linked to job function  Restrict information not relevant to position  Management of access rule changes
Have you ever accessed information on a system that was not relevant to your role? EMEA % US % C-Level % Yes 250 44% 243 28% 21 30% No 313 56% 616 72% 50 70% Grand Total 563 100% 859 100% 71 100% Source: Cyber-Ark Snooping Survey, April 2011, p. 2.
Do you agree that majority of recent security attacks have involved the exploitation of privileged account access? 24% 12% Agree 64% Disagree Not Sure Source: Cyber-Ark 2012 TRUST, SECURITY & PASSWORDS SURVEY, June 2012
Pillar 4: Top Level Management Support (TLMS)  Transparent support for policies and procedures  Engrain information security into company culture  Effective Communications
 “IT governance is a mystery to key decision-makers at most companies and that only about one-third of the managers’ surveyed understood how IT is governed at his or her company.”  Source: Weill, P., and Ross, J., “A Matrixed Approach to Designing IT Governance,” Sloan Management Review, 46(2), 2005, p. 26.
Phase 1 – The Banking Sector
Results  Overall, the Information Security Officers confirmed the main issues proposed in the conceptual model.  The four pillars, security policy, security awareness, access control, and TLMS were rated as extremely important for each of the interviewees.
Interview Content Analysis – Agreement
Interview Content Analysis - Dissonance
Future Research Phase II  Developing and administering a survey to a larger sample.  Seeking advice on potential sponsorship, professional affiliations that may be interested in working with us.
Thank You! Dankje! Merci! Danke!

Recommended

Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays worldSibghatullah Khattak
 
How To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckHow To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckSlideTeam
 
Best Practices for Access Reviews - How to Reduce Risks and Improve Operation...
Best Practices for Access Reviews - How to Reduce Risks and Improve Operation...Best Practices for Access Reviews - How to Reduce Risks and Improve Operation...
Best Practices for Access Reviews - How to Reduce Risks and Improve Operation...PECB
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 
WHY SOC Services needed?
WHY SOC Services needed?WHY SOC Services needed?
WHY SOC Services needed?manoharparakh
 
Cyber Threat Intelligence: Who is Targeting your Information?
Cyber Threat Intelligence: Who is Targeting your Information? Cyber Threat Intelligence: Who is Targeting your Information?
Cyber Threat Intelligence: Who is Targeting your Information? Control Risks
 
Chapter 6 Presentation
Chapter 6 PresentationChapter 6 Presentation
Chapter 6 PresentationAmy McMullin
 
Network monitoring tools
Network monitoring toolsNetwork monitoring tools
Network monitoring toolsQaswarBosan
 

Recommended

Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays worldSibghatullah Khattak
 
How To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckHow To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckSlideTeam
 
Best Practices for Access Reviews - How to Reduce Risks and Improve Operation...
Best Practices for Access Reviews - How to Reduce Risks and Improve Operation...Best Practices for Access Reviews - How to Reduce Risks and Improve Operation...
Best Practices for Access Reviews - How to Reduce Risks and Improve Operation...PECB
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 
WHY SOC Services needed?
WHY SOC Services needed?WHY SOC Services needed?
WHY SOC Services needed?manoharparakh
 
Cyber Threat Intelligence: Who is Targeting your Information?
Cyber Threat Intelligence: Who is Targeting your Information? Cyber Threat Intelligence: Who is Targeting your Information?
Cyber Threat Intelligence: Who is Targeting your Information? Control Risks
 
Chapter 6 Presentation
Chapter 6 PresentationChapter 6 Presentation
Chapter 6 PresentationAmy McMullin
 
Network monitoring tools
Network monitoring toolsNetwork monitoring tools
Network monitoring toolsQaswarBosan
 
Cyber Ranges: The (R)evolution in Cybersecurity Training
Cyber Ranges: The (R)evolution in Cybersecurity TrainingCyber Ranges: The (R)evolution in Cybersecurity Training
Cyber Ranges: The (R)evolution in Cybersecurity TrainingMinsait
 
Information Security Management System in the Banking Sector
Information Security Management System in the Banking SectorInformation Security Management System in the Banking Sector
Information Security Management System in the Banking SectorSamvel Gevorgyan
 
Cyber Security Standards Compliance
Cyber Security Standards ComplianceCyber Security Standards Compliance
Cyber Security Standards ComplianceDr. Prashant Vats
 
Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment QuestionnairesThird-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment QuestionnairesCorporater
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
Chapter 10 Mobile and Embedded Device Security
Chapter 10 Mobile and Embedded Device Security Chapter 10 Mobile and Embedded Device Security
Chapter 10 Mobile and Embedded Device Security Dr. Ahmed Al Zaidy
 
Cybersecurity Audit
Cybersecurity AuditCybersecurity Audit
Cybersecurity AuditEC-Council
 
Authentication, authorization, accounting(aaa) slides
Authentication, authorization, accounting(aaa) slidesAuthentication, authorization, accounting(aaa) slides
Authentication, authorization, accounting(aaa) slidesrahul kundu
 
RSA Anatomy of an Attack
RSA Anatomy of an AttackRSA Anatomy of an Attack
RSA Anatomy of an Attackintegritysolutions
 
Building an InfoSec RedTeam
Building an InfoSec RedTeamBuilding an InfoSec RedTeam
Building an InfoSec RedTeamDan Vasile
 
Information security governance
Information security governanceInformation security governance
Information security governanceKoen Maris
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
 
Understanding IT Governance and Risk Management
Understanding IT Governance and Risk ManagementUnderstanding IT Governance and Risk Management
Understanding IT Governance and Risk Managementjiricejka
 
SOC Cyber Security
SOC Cyber SecuritySOC Cyber Security
SOC Cyber SecuritySteppa Cyber Security
 
Understanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUnderstanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUlf Mattsson
 
TechWiseTV Workshop: Encrypted Traffic Analytics
TechWiseTV Workshop: Encrypted Traffic Analytics TechWiseTV Workshop: Encrypted Traffic Analytics
TechWiseTV Workshop: Encrypted Traffic Analytics Robb Boyd
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
Information security
Information securityInformation security
Information securityLusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Frameworkn|u - The Open Security Community
 
Information Security in the Banking Sector. A Case Study on UserLock
Information Security in the Banking Sector. A Case Study on UserLockInformation Security in the Banking Sector. A Case Study on UserLock
Information Security in the Banking Sector. A Case Study on UserLockIS Decisions
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecuritylearnt
 

More Related Content

What's hot

Cyber Ranges: The (R)evolution in Cybersecurity Training
Cyber Ranges: The (R)evolution in Cybersecurity TrainingCyber Ranges: The (R)evolution in Cybersecurity Training
Cyber Ranges: The (R)evolution in Cybersecurity TrainingMinsait
 
Information Security Management System in the Banking Sector
Information Security Management System in the Banking SectorInformation Security Management System in the Banking Sector
Information Security Management System in the Banking SectorSamvel Gevorgyan
 
Cyber Security Standards Compliance
Cyber Security Standards ComplianceCyber Security Standards Compliance
Cyber Security Standards ComplianceDr. Prashant Vats
 
Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment QuestionnairesThird-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment QuestionnairesCorporater
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
Chapter 10 Mobile and Embedded Device Security
Chapter 10 Mobile and Embedded Device Security Chapter 10 Mobile and Embedded Device Security
Chapter 10 Mobile and Embedded Device Security Dr. Ahmed Al Zaidy
 
Cybersecurity Audit
Cybersecurity AuditCybersecurity Audit
Cybersecurity AuditEC-Council
 
Authentication, authorization, accounting(aaa) slides
Authentication, authorization, accounting(aaa) slidesAuthentication, authorization, accounting(aaa) slides
Authentication, authorization, accounting(aaa) slidesrahul kundu
 
Building an InfoSec RedTeam
Building an InfoSec RedTeamBuilding an InfoSec RedTeam
Building an InfoSec RedTeamDan Vasile
 
Information security governance
Information security governanceInformation security governance
Information security governanceKoen Maris
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
 
Understanding IT Governance and Risk Management
Understanding IT Governance and Risk ManagementUnderstanding IT Governance and Risk Management
Understanding IT Governance and Risk Managementjiricejka
 
Understanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUnderstanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUlf Mattsson
 
TechWiseTV Workshop: Encrypted Traffic Analytics
TechWiseTV Workshop: Encrypted Traffic Analytics TechWiseTV Workshop: Encrypted Traffic Analytics
TechWiseTV Workshop: Encrypted Traffic Analytics Robb Boyd
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 

What's hot (20)

Cyber Ranges: The (R)evolution in Cybersecurity Training
Cyber Ranges: The (R)evolution in Cybersecurity TrainingCyber Ranges: The (R)evolution in Cybersecurity Training
Cyber Ranges: The (R)evolution in Cybersecurity Training
 
Information Security Management System in the Banking Sector
Information Security Management System in the Banking SectorInformation Security Management System in the Banking Sector
Information Security Management System in the Banking Sector
 
Cyber Security Standards Compliance
Cyber Security Standards ComplianceCyber Security Standards Compliance
Cyber Security Standards Compliance
 
Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment QuestionnairesThird-Party Risk Management (TPRM) | Risk Assessment Questionnaires
Third-Party Risk Management (TPRM) | Risk Assessment Questionnaires
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Chapter 10 Mobile and Embedded Device Security
Chapter 10 Mobile and Embedded Device Security Chapter 10 Mobile and Embedded Device Security
Chapter 10 Mobile and Embedded Device Security
 
Cybersecurity Audit
Cybersecurity AuditCybersecurity Audit
Cybersecurity Audit
 
Authentication, authorization, accounting(aaa) slides
Authentication, authorization, accounting(aaa) slidesAuthentication, authorization, accounting(aaa) slides
Authentication, authorization, accounting(aaa) slides
 
RSA Anatomy of an Attack
RSA Anatomy of an AttackRSA Anatomy of an Attack
RSA Anatomy of an Attack
 
Building an InfoSec RedTeam
Building an InfoSec RedTeamBuilding an InfoSec RedTeam
Building an InfoSec RedTeam
 
Information security governance
Information security governanceInformation security governance
Information security governance
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
 
Understanding IT Governance and Risk Management
Understanding IT Governance and Risk ManagementUnderstanding IT Governance and Risk Management
Understanding IT Governance and Risk Management
 
SOC Cyber Security
SOC Cyber SecuritySOC Cyber Security
SOC Cyber Security
 
Understanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUnderstanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External Threats
 
TechWiseTV Workshop: Encrypted Traffic Analytics
TechWiseTV Workshop: Encrypted Traffic Analytics TechWiseTV Workshop: Encrypted Traffic Analytics
TechWiseTV Workshop: Encrypted Traffic Analytics
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
 
Information security
Information securityInformation security
Information security
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Framework
 

Viewers also liked

Information Security in the Banking Sector. A Case Study on UserLock
Information Security in the Banking Sector. A Case Study on UserLockInformation Security in the Banking Sector. A Case Study on UserLock
Information Security in the Banking Sector. A Case Study on UserLockIS Decisions
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecuritylearnt
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 pptvasanthimuniasamy
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 
chapter 8- Management Information Systems Managing the Digital Firm
chapter 8- Management Information Systems Managing the Digital Firmchapter 8- Management Information Systems Managing the Digital Firm
chapter 8- Management Information Systems Managing the Digital FirmMohamad Fathi
 
Auth shield information security solution provider for banking sector in india
Auth shield information security solution provider for banking sector in indiaAuth shield information security solution provider for banking sector in india
Auth shield information security solution provider for banking sector in indiaAuthShield Labs
 
Data Protection: We\'re In This Together
Data Protection: We\'re In This TogetherData Protection: We\'re In This Together
Data Protection: We\'re In This Togethermyeaton
 
Force.Com Business Case Building The Case For Force.Com Presentation
Force.Com Business Case Building The Case For Force.Com PresentationForce.Com Business Case Building The Case For Force.Com Presentation
Force.Com Business Case Building The Case For Force.Com PresentationAndre Thouin
 
Build A Business Case For IT Security - Dhananjay Rokde (Hotel_Digital_Securi...
Build A Business Case For IT Security - Dhananjay Rokde (Hotel_Digital_Securi...Build A Business Case For IT Security - Dhananjay Rokde (Hotel_Digital_Securi...
Build A Business Case For IT Security - Dhananjay Rokde (Hotel_Digital_Securi...XEventsHospitality
 
Business case for Information Security program
Business case for Information Security programBusiness case for Information Security program
Business case for Information Security programWilliam Godwin
 
CHED Information System Strategic Plan (ISSP)
CHED Information System Strategic Plan (ISSP)CHED Information System Strategic Plan (ISSP)
CHED Information System Strategic Plan (ISSP)Charlie Calimlim
 
Information security challenges in today’s banking environment
Information security challenges in today’s banking environmentInformation security challenges in today’s banking environment
Information security challenges in today’s banking environmentEvan Francen
 
NORM for Banking Intro
NORM for Banking IntroNORM for Banking Intro
NORM for Banking IntroGeorge Colwell
 
Building cross platfrom solutions for enterprise - the mobileshow- may 2014
Building cross platfrom solutions for enterprise - the mobileshow- may 2014Building cross platfrom solutions for enterprise - the mobileshow- may 2014
Building cross platfrom solutions for enterprise - the mobileshow- may 2014Kareem ElSayyed
 
Prozone Enterprise Content Management
Prozone Enterprise Content ManagementProzone Enterprise Content Management
Prozone Enterprise Content ManagementJasna Komatovic
 
Conichiwa Banking Solutions
Conichiwa Banking SolutionsConichiwa Banking Solutions
Conichiwa Banking SolutionsFrederik Metz
 
Solix Corporate Overview
Solix Corporate OverviewSolix Corporate Overview
Solix Corporate OverviewKunal Grover
 

Viewers also liked (20)

Information Security in the Banking Sector. A Case Study on UserLock
Information Security in the Banking Sector. A Case Study on UserLockInformation Security in the Banking Sector. A Case Study on UserLock
Information Security in the Banking Sector. A Case Study on UserLock
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecurity
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 ppt
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
 
chapter 8- Management Information Systems Managing the Digital Firm
chapter 8- Management Information Systems Managing the Digital Firmchapter 8- Management Information Systems Managing the Digital Firm
chapter 8- Management Information Systems Managing the Digital Firm
 
Auth shield information security solution provider for banking sector in india
Auth shield information security solution provider for banking sector in indiaAuth shield information security solution provider for banking sector in india
Auth shield information security solution provider for banking sector in india
 
Data Protection: We\'re In This Together
Data Protection: We\'re In This TogetherData Protection: We\'re In This Together
Data Protection: We\'re In This Together
 
Force.Com Business Case Building The Case For Force.Com Presentation
Force.Com Business Case Building The Case For Force.Com PresentationForce.Com Business Case Building The Case For Force.Com Presentation
Force.Com Business Case Building The Case For Force.Com Presentation
 
Build A Business Case For IT Security - Dhananjay Rokde (Hotel_Digital_Securi...
Build A Business Case For IT Security - Dhananjay Rokde (Hotel_Digital_Securi...Build A Business Case For IT Security - Dhananjay Rokde (Hotel_Digital_Securi...
Build A Business Case For IT Security - Dhananjay Rokde (Hotel_Digital_Securi...
 
Business case for Information Security program
Business case for Information Security programBusiness case for Information Security program
Business case for Information Security program
 
CHED Information System Strategic Plan (ISSP)
CHED Information System Strategic Plan (ISSP)CHED Information System Strategic Plan (ISSP)
CHED Information System Strategic Plan (ISSP)
 
Information security challenges in today’s banking environment
Information security challenges in today’s banking environmentInformation security challenges in today’s banking environment
Information security challenges in today’s banking environment
 
NORM for Banking Intro
NORM for Banking IntroNORM for Banking Intro
NORM for Banking Intro
 
Building cross platfrom solutions for enterprise - the mobileshow- may 2014
Building cross platfrom solutions for enterprise - the mobileshow- may 2014Building cross platfrom solutions for enterprise - the mobileshow- may 2014
Building cross platfrom solutions for enterprise - the mobileshow- may 2014
 
Enliven CEM Banking Brochure
Enliven CEM Banking BrochureEnliven CEM Banking Brochure
Enliven CEM Banking Brochure
 
Prozone Enterprise Content Management
Prozone Enterprise Content ManagementProzone Enterprise Content Management
Prozone Enterprise Content Management
 
Conichiwa Banking Solutions
Conichiwa Banking SolutionsConichiwa Banking Solutions
Conichiwa Banking Solutions
 
Tools used in climate risk management policies
Tools used in climate risk management policies Tools used in climate risk management policies
Tools used in climate risk management policies
 
Solix Corporate Overview
Solix Corporate OverviewSolix Corporate Overview
Solix Corporate Overview
 
Buildtrack Banking solutions
Buildtrack Banking solutionsBuildtrack Banking solutions
Buildtrack Banking solutions
 

Similar to Enterprise Information Systems Security: A Case Study in the Banking Sector

The Federal Information Security Management Act
The Federal Information Security Management ActThe Federal Information Security Management Act
The Federal Information Security Management ActMichelle Singh
 
I Series User Management
I Series User ManagementI Series User Management
I Series User ManagementSJeffrey23
 
information security management
information security managementinformation security management
information security managementGurpreetkaur838
 
Data Security: What Every Leader Needs to Know
Data Security: What Every Leader Needs to KnowData Security: What Every Leader Needs to Know
Data Security: What Every Leader Needs to KnowRoger Hagedorn
 
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptxTop_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptxinfosec train
 
2013 Data Protection Maturity Trends: How Do You Compare?
2013 Data Protection Maturity Trends: How Do You Compare?2013 Data Protection Maturity Trends: How Do You Compare?
2013 Data Protection Maturity Trends: How Do You Compare?Lumension
 
Information Security Background
Information Security BackgroundInformation Security Background
Information Security BackgroundNicholas Davis
 
Information security background
Information security backgroundInformation security background
Information security backgroundNicholas Davis
 
Proactive information security michael
Proactive information security michael Proactive information security michael
Proactive information security michael Priyanka Aash
 
The Role of Information Security Policy
The Role of Information Security PolicyThe Role of Information Security Policy
The Role of Information Security PolicyRobot Mode
 
3 guiding priciples to improve data security
3 guiding priciples to improve data security3 guiding priciples to improve data security
3 guiding priciples to improve data securityKeith Braswell
 
Information Security Assessment Offering
Information Security Assessment OfferingInformation Security Assessment Offering
Information Security Assessment Offeringeeaches
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network SecurityJohn Ely Masculino
 
Securing And Protecting Information
Securing And Protecting InformationSecuring And Protecting Information
Securing And Protecting InformationLaura Martin
 
Dancyrityshy 1foundatioieh
Dancyrityshy 1foundatioiehDancyrityshy 1foundatioieh
Dancyrityshy 1foundatioiehAnne Starr
 
MUSE 2015 Product Showcase v2
MUSE 2015 Product Showcase v2MUSE 2015 Product Showcase v2
MUSE 2015 Product Showcase v2Chris Baldwin
 
1. Respond to other student Discussion Board providing additional
1. Respond to other student Discussion Board providing additional 1. Respond to other student Discussion Board providing additional
1. Respond to other student Discussion Board providing additional TatianaMajor22
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk ManagementDMIMarketing
 

Similar to Enterprise Information Systems Security: A Case Study in the Banking Sector (20)

The Federal Information Security Management Act
The Federal Information Security Management ActThe Federal Information Security Management Act
The Federal Information Security Management Act
 
I Series User Management
I Series User ManagementI Series User Management
I Series User Management
 
information security management
information security managementinformation security management
information security management
 
Data Security: What Every Leader Needs to Know
Data Security: What Every Leader Needs to KnowData Security: What Every Leader Needs to Know
Data Security: What Every Leader Needs to Know
 
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptxTop_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
 
2013 Data Protection Maturity Trends: How Do You Compare?
2013 Data Protection Maturity Trends: How Do You Compare?2013 Data Protection Maturity Trends: How Do You Compare?
2013 Data Protection Maturity Trends: How Do You Compare?
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
Information Security Background
Information Security BackgroundInformation Security Background
Information Security Background
 
Information security background
Information security backgroundInformation security background
Information security background
 
Proactive information security michael
Proactive information security michael Proactive information security michael
Proactive information security michael
 
The Role of Information Security Policy
The Role of Information Security PolicyThe Role of Information Security Policy
The Role of Information Security Policy
 
3 guiding priciples to improve data security
3 guiding priciples to improve data security3 guiding priciples to improve data security
3 guiding priciples to improve data security
 
Information Security Assessment Offering
Information Security Assessment OfferingInformation Security Assessment Offering
Information Security Assessment Offering
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network Security
 
Securing And Protecting Information
Securing And Protecting InformationSecuring And Protecting Information
Securing And Protecting Information
 
Dancyrityshy 1foundatioieh
Dancyrityshy 1foundatioiehDancyrityshy 1foundatioieh
Dancyrityshy 1foundatioieh
 
MUSE 2015 Product Showcase v2
MUSE 2015 Product Showcase v2MUSE 2015 Product Showcase v2
MUSE 2015 Product Showcase v2
 
1. Respond to other student Discussion Board providing additional
1. Respond to other student Discussion Board providing additional 1. Respond to other student Discussion Board providing additional
1. Respond to other student Discussion Board providing additional
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
 
5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management
 

More from CONFENIS 2012

Enterprise systems in healthcare: leveraging what we know from other industr...
Enterprise systems in healthcare: leveraging what we know from other industr... Enterprise systems in healthcare: leveraging what we know from other industr...
Enterprise systems in healthcare: leveraging what we know from other industr...CONFENIS 2012
 
[Dutch] GeOS, het informatiehart van het dienstverleningscentrum Heilig Hart
[Dutch] GeOS, het informatiehart van het dienstverleningscentrum Heilig Hart [Dutch] GeOS, het informatiehart van het dienstverleningscentrum Heilig Hart
[Dutch] GeOS, het informatiehart van het dienstverleningscentrum Heilig Hart CONFENIS 2012
 
Understanding the role of knowledge management during the ERP implementation ...
Understanding the role of knowledge management during the ERP implementation ...Understanding the role of knowledge management during the ERP implementation ...
Understanding the role of knowledge management during the ERP implementation ...CONFENIS 2012
 
Effect of ERP implementation on the company efficiency - A Macedonian case
Effect of ERP implementation on the company efficiency - A Macedonian caseEffect of ERP implementation on the company efficiency - A Macedonian case
Effect of ERP implementation on the company efficiency - A Macedonian caseCONFENIS 2012
 
User perceptions, motivations and implications on ERP usage: An Indian Higher...
User perceptions, motivations and implications on ERP usage: An Indian Higher...User perceptions, motivations and implications on ERP usage: An Indian Higher...
User perceptions, motivations and implications on ERP usage: An Indian Higher...CONFENIS 2012
 
[Dutch] ICT & Ryhove: een geslaagd huwelijk?
[Dutch] ICT & Ryhove: een geslaagd huwelijk?[Dutch] ICT & Ryhove: een geslaagd huwelijk?
[Dutch] ICT & Ryhove: een geslaagd huwelijk?CONFENIS 2012
 
[Dutch] CRM en collaboration: een verstandshuwelijk of een LAT-relatie?
[Dutch] CRM en collaboration: een verstandshuwelijk of een LAT-relatie?[Dutch] CRM en collaboration: een verstandshuwelijk of een LAT-relatie?
[Dutch] CRM en collaboration: een verstandshuwelijk of een LAT-relatie?CONFENIS 2012
 
[Dutch] E-commerce en ERP
[Dutch] E-commerce en ERP[Dutch] E-commerce en ERP
[Dutch] E-commerce en ERPCONFENIS 2012
 
[Dutch] Sociale media en crisiscommunicatie
[Dutch] Sociale media en crisiscommunicatie[Dutch] Sociale media en crisiscommunicatie
[Dutch] Sociale media en crisiscommunicatieCONFENIS 2012
 
[Dutch] Zelf opstellen van bedrijfsprocessen - BPM & DMS: nieuwe manier van d...
[Dutch] Zelf opstellen van bedrijfsprocessen - BPM & DMS: nieuwe manier van d...[Dutch] Zelf opstellen van bedrijfsprocessen - BPM & DMS: nieuwe manier van d...
[Dutch] Zelf opstellen van bedrijfsprocessen - BPM & DMS: nieuwe manier van d...CONFENIS 2012
 
[Dutch] ICT-INSPIRATIEDAG - CONFENIS 2012
[Dutch] ICT-INSPIRATIEDAG - CONFENIS 2012[Dutch] ICT-INSPIRATIEDAG - CONFENIS 2012
[Dutch] ICT-INSPIRATIEDAG - CONFENIS 2012CONFENIS 2012
 
[Dutch] Van Enterprise Resource Planning (ERP) voor kmo’s naar Collectief Res...
[Dutch] Van Enterprise Resource Planning (ERP) voor kmo’s naar Collectief Res...[Dutch] Van Enterprise Resource Planning (ERP) voor kmo’s naar Collectief Res...
[Dutch] Van Enterprise Resource Planning (ERP) voor kmo’s naar Collectief Res...CONFENIS 2012
 
[Dutch] JIT 2.0. - een methode voor ondersteunen van proces-automatisatie en ...
[Dutch] JIT 2.0. - een methode voor ondersteunen van proces-automatisatie en ...[Dutch] JIT 2.0. - een methode voor ondersteunen van proces-automatisatie en ...
[Dutch] JIT 2.0. - een methode voor ondersteunen van proces-automatisatie en ...CONFENIS 2012
 
[Dutch] Software is een middel, geen doel!
[Dutch] Software is een middel, geen doel![Dutch] Software is een middel, geen doel!
[Dutch] Software is een middel, geen doel!CONFENIS 2012
 
What's beyond ERP? New normal ERP? by Ludo Van den Kerckhove
What's beyond ERP? New normal ERP? by Ludo Van den KerckhoveWhat's beyond ERP? New normal ERP? by Ludo Van den Kerckhove
What's beyond ERP? New normal ERP? by Ludo Van den KerckhoveCONFENIS 2012
 
[Dutch] Wat zijn sociale mediagebruikers, melkkoeien of onbetaalde werknemers...
[Dutch] Wat zijn sociale mediagebruikers, melkkoeien of onbetaalde werknemers...[Dutch] Wat zijn sociale mediagebruikers, melkkoeien of onbetaalde werknemers...
[Dutch] Wat zijn sociale mediagebruikers, melkkoeien of onbetaalde werknemers...CONFENIS 2012
 
Group preference aggregation based on ELECTRE methods for ERP system selection
Group preference aggregation based on ELECTRE methods for ERP system selectionGroup preference aggregation based on ELECTRE methods for ERP system selection
Group preference aggregation based on ELECTRE methods for ERP system selectionCONFENIS 2012
 
A Multicriteria Model for Strategic Implementation of Business Process Manage...
A Multicriteria Model for Strategic Implementation of Business Process Manage...A Multicriteria Model for Strategic Implementation of Business Process Manage...
A Multicriteria Model for Strategic Implementation of Business Process Manage...CONFENIS 2012
 
Some Considerations on Contracts ERP Buyer-Seller perspective
Some Considerations on Contracts ERP Buyer-Seller perspectiveSome Considerations on Contracts ERP Buyer-Seller perspective
Some Considerations on Contracts ERP Buyer-Seller perspectiveCONFENIS 2012
 
A Decision Support System Based on RCM Approach to Define Maintenance Strategies
A Decision Support System Based on RCM Approach to Define Maintenance StrategiesA Decision Support System Based on RCM Approach to Define Maintenance Strategies
A Decision Support System Based on RCM Approach to Define Maintenance StrategiesCONFENIS 2012
 

More from CONFENIS 2012 (20)

Enterprise systems in healthcare: leveraging what we know from other industr...
Enterprise systems in healthcare: leveraging what we know from other industr... Enterprise systems in healthcare: leveraging what we know from other industr...
Enterprise systems in healthcare: leveraging what we know from other industr...
 
[Dutch] GeOS, het informatiehart van het dienstverleningscentrum Heilig Hart
[Dutch] GeOS, het informatiehart van het dienstverleningscentrum Heilig Hart [Dutch] GeOS, het informatiehart van het dienstverleningscentrum Heilig Hart
[Dutch] GeOS, het informatiehart van het dienstverleningscentrum Heilig Hart
 
Understanding the role of knowledge management during the ERP implementation ...
Understanding the role of knowledge management during the ERP implementation ...Understanding the role of knowledge management during the ERP implementation ...
Understanding the role of knowledge management during the ERP implementation ...
 
Effect of ERP implementation on the company efficiency - A Macedonian case
Effect of ERP implementation on the company efficiency - A Macedonian caseEffect of ERP implementation on the company efficiency - A Macedonian case
Effect of ERP implementation on the company efficiency - A Macedonian case
 
User perceptions, motivations and implications on ERP usage: An Indian Higher...
User perceptions, motivations and implications on ERP usage: An Indian Higher...User perceptions, motivations and implications on ERP usage: An Indian Higher...
User perceptions, motivations and implications on ERP usage: An Indian Higher...
 
[Dutch] ICT & Ryhove: een geslaagd huwelijk?
[Dutch] ICT & Ryhove: een geslaagd huwelijk?[Dutch] ICT & Ryhove: een geslaagd huwelijk?
[Dutch] ICT & Ryhove: een geslaagd huwelijk?
 
[Dutch] CRM en collaboration: een verstandshuwelijk of een LAT-relatie?
[Dutch] CRM en collaboration: een verstandshuwelijk of een LAT-relatie?[Dutch] CRM en collaboration: een verstandshuwelijk of een LAT-relatie?
[Dutch] CRM en collaboration: een verstandshuwelijk of een LAT-relatie?
 
[Dutch] E-commerce en ERP
[Dutch] E-commerce en ERP[Dutch] E-commerce en ERP
[Dutch] E-commerce en ERP
 
[Dutch] Sociale media en crisiscommunicatie
[Dutch] Sociale media en crisiscommunicatie[Dutch] Sociale media en crisiscommunicatie
[Dutch] Sociale media en crisiscommunicatie
 
[Dutch] Zelf opstellen van bedrijfsprocessen - BPM & DMS: nieuwe manier van d...
[Dutch] Zelf opstellen van bedrijfsprocessen - BPM & DMS: nieuwe manier van d...[Dutch] Zelf opstellen van bedrijfsprocessen - BPM & DMS: nieuwe manier van d...
[Dutch] Zelf opstellen van bedrijfsprocessen - BPM & DMS: nieuwe manier van d...
 
[Dutch] ICT-INSPIRATIEDAG - CONFENIS 2012
[Dutch] ICT-INSPIRATIEDAG - CONFENIS 2012[Dutch] ICT-INSPIRATIEDAG - CONFENIS 2012
[Dutch] ICT-INSPIRATIEDAG - CONFENIS 2012
 
[Dutch] Van Enterprise Resource Planning (ERP) voor kmo’s naar Collectief Res...
[Dutch] Van Enterprise Resource Planning (ERP) voor kmo’s naar Collectief Res...[Dutch] Van Enterprise Resource Planning (ERP) voor kmo’s naar Collectief Res...
[Dutch] Van Enterprise Resource Planning (ERP) voor kmo’s naar Collectief Res...
 
[Dutch] JIT 2.0. - een methode voor ondersteunen van proces-automatisatie en ...
[Dutch] JIT 2.0. - een methode voor ondersteunen van proces-automatisatie en ...[Dutch] JIT 2.0. - een methode voor ondersteunen van proces-automatisatie en ...
[Dutch] JIT 2.0. - een methode voor ondersteunen van proces-automatisatie en ...
 
[Dutch] Software is een middel, geen doel!
[Dutch] Software is een middel, geen doel![Dutch] Software is een middel, geen doel!
[Dutch] Software is een middel, geen doel!
 
What's beyond ERP? New normal ERP? by Ludo Van den Kerckhove
What's beyond ERP? New normal ERP? by Ludo Van den KerckhoveWhat's beyond ERP? New normal ERP? by Ludo Van den Kerckhove
What's beyond ERP? New normal ERP? by Ludo Van den Kerckhove
 
[Dutch] Wat zijn sociale mediagebruikers, melkkoeien of onbetaalde werknemers...
[Dutch] Wat zijn sociale mediagebruikers, melkkoeien of onbetaalde werknemers...[Dutch] Wat zijn sociale mediagebruikers, melkkoeien of onbetaalde werknemers...
[Dutch] Wat zijn sociale mediagebruikers, melkkoeien of onbetaalde werknemers...
 
Group preference aggregation based on ELECTRE methods for ERP system selection
Group preference aggregation based on ELECTRE methods for ERP system selectionGroup preference aggregation based on ELECTRE methods for ERP system selection
Group preference aggregation based on ELECTRE methods for ERP system selection
 
A Multicriteria Model for Strategic Implementation of Business Process Manage...
A Multicriteria Model for Strategic Implementation of Business Process Manage...A Multicriteria Model for Strategic Implementation of Business Process Manage...
A Multicriteria Model for Strategic Implementation of Business Process Manage...
 
Some Considerations on Contracts ERP Buyer-Seller perspective
Some Considerations on Contracts ERP Buyer-Seller perspectiveSome Considerations on Contracts ERP Buyer-Seller perspective
Some Considerations on Contracts ERP Buyer-Seller perspective
 
A Decision Support System Based on RCM Approach to Define Maintenance Strategies
A Decision Support System Based on RCM Approach to Define Maintenance StrategiesA Decision Support System Based on RCM Approach to Define Maintenance Strategies
A Decision Support System Based on RCM Approach to Define Maintenance Strategies
 

Recently uploaded

Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Dipal Arora
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxAndy Lambert
 
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756dollysharma2066
 
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLMONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLSeo
 
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyThe Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyEthan lee
 
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxB.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxpriyanshujha201
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...Aggregage
 
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...Any kyc Account
 
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...anilsa9823
 
HONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsHONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsMichael W. Hawkins
 
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...lizamodels9
 
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Lviv Startup Club
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANIlamathiKannappan
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Centuryrwgiffor
 
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...rajveerescorts2022
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfPaul Menig
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Roland Driesen
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...amitlee9823
 

Recently uploaded (20)

Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
 
Forklift Operations: Safety through Cartoons
Forklift Operations: Safety through CartoonsForklift Operations: Safety through Cartoons
Forklift Operations: Safety through Cartoons
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptx
 
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
 
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLMONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
 
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyThe Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
 
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxB.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
 
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
 
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
 
HONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsHONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael Hawkins
 
Mifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pills
Mifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pillsMifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pills
Mifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pills
 
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
 
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMAN
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Century
 
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdf
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
 

Enterprise Information Systems Security: A Case Study in the Banking Sector

  • 1. ENTERPRISE INFORMATION SYSTEMS SECURITY: A CASE STUDY IN THE BANKING SECTOR SEPTEMBER 20TH, 2012 CONFENIS - GHENT, BELGIUM Sohail Chaudhry, Peggy Chaudhry, Kevin Clark and Darryl Jones Villanova School of Business, Villanova, PA USA
  • 2. Agenda  Introduction  Research Approach  Conceptual Model  Phase I – Banking Sector  Results  Future Research
  • 4. Have you had any cases of insider sabotage or IT security fraud conducted at your workplace? Source: Cyber-Ark Snooping Survey, April 2011, p. 3.
  • 5. Research Approach  Focus: Enterprise Information Systems Security – Internal threats.  Literature Review & Development of Model.  Phase 1: Model tested via personal interviews of 4 senior information officers in a highly regulated industry – the Banking Industry.
  • 6. Information Security Officers Interviewed Bank A Bank B Bank C Bank D • Public • Private, • Private, • Private, 8 100 70 years 15 years years Years • 20 Mil • 1.8 Bil • 550 Mil • 1.1 Bil USD in USD in USD in USD Assets assets assets Assets •2 • 13 • 10 • 11 Branches Branches Branches Branches
  • 7. Federal Financial Institutions Examination Council (FFIEC) Security Process (e.g., Governance issues) Information Security Risk Assessment (e.g., steps in gathering information) Information Security Strategy (e.g., architecture considerations) Security Controls Implementation (e.g., access control) Security Monitoring (e.g., network intrusion detection systems) Security Process Monitoring and Updating
  • 8. The Gramm-Leach-Bliley Act Access controls on customer information systems Access restrictions at physical locations containing customer information Encryption of electronic customer information Procedures to ensure that system modifications do not affect security. Dual control procedures, segregation of duties, and employee background checks Monitoring Systems to detect actual attacks on or intrusions into customer information systems Response programs that specify actions to be taken when unauthorized access has occurred. Protection from physical destruction or damage to customer information
  • 9. Conceptual Framework Enterprise Information System Security Implementation Security Policy Security Access Top Level Awareness Control Management Support Corporate Governance
  • 10. Pillar 1: Security Policy  Set rules for behavior  Define consequences of violations  Procedure for dealing with breach  Authorize company to monitor and investigate  Legal and regulatory compliance
  • 11. Excerpt from interview: “Information Security Policy is not an option, it’s demanded from the top of the house on down, it’s board approved, accepted by regulators, and executed throughout the organization. ”
  • 12. Pillar 2: Security Awareness  Continued education  Collective and individual activities  Formal classes, emails, discussion groups  Employee compliance
  • 13. Excerpt from interview: “In training, we tell employees that we are tracking them, when we are not. It’s a deterrent. The fact is we have to use implied security in addition to actual security. ”
  • 14. Pillar 3: Access Control  Limit information  Access linked to job function  Restrict information not relevant to position  Management of access rule changes
  • 15. Have you ever accessed information on a system that was not relevant to your role? EMEA % US % C-Level % Yes 250 44% 243 28% 21 30% No 313 56% 616 72% 50 70% Grand Total 563 100% 859 100% 71 100% Source: Cyber-Ark Snooping Survey, April 2011, p. 2.
  • 16. Do you agree that majority of recent security attacks have involved the exploitation of privileged account access? 24% 12% Agree 64% Disagree Not Sure Source: Cyber-Ark 2012 TRUST, SECURITY & PASSWORDS SURVEY, June 2012
  • 17. Pillar 4: Top Level Management Support (TLMS)  Transparent support for policies and procedures  Engrain information security into company culture  Effective Communications
  • 18. “IT governance is a mystery to key decision-makers at most companies and that only about one-third of the managers’ surveyed understood how IT is governed at his or her company.”  Source: Weill, P., and Ross, J., “A Matrixed Approach to Designing IT Governance,” Sloan Management Review, 46(2), 2005, p. 26.
  • 19. Phase 1 – The Banking Sector
  • 20. Results  Overall, the Information Security Officers confirmed the main issues proposed in the conceptual model.  The four pillars, security policy, security awareness, access control, and TLMS were rated as extremely important for each of the interviewees.
  • 21. Interview Content Analysis – Agreement
  • 23. Future Research Phase II  Developing and administering a survey to a larger sample.  Seeking advice on potential sponsorship, professional affiliations that may be interested in working with us.
  • 24. Thank You! Dankje! Merci! Danke!