SlideShare a Scribd company logo

Security Organization/ Infrastructure

•Download as PPTX, PDF•
•
P
Priyank Hada
Technology
1 of 35
Security Organization / Infrastructure
The size of security team depends on • Size of the enterprise • Systems environment (distributed versus centralized) • Number of components in the operating environment • Organizational and management structure of the enterprise • Number and locations of operational sites (i.e., national versus international) • How the sites are interconnected • Assessed risk • IT Strategic Plan • IT budget
Key challenges • Migration of the security function from a centralized, mainframe-based function to an effective governing body in the distributed systems environment. • Understanding the different security requirements for all of the technology implementations within the enterprise. • Obtaining adequately budgeted resources. • Overutilization of employees.
Who are the key players of the security organization? • The Chief Information Officer (CIO), the Chief Financial Officer (CFO), the Security Officer, security coordinators or liaisons, application coordinators, Human Resources, Legal Counsel, help desk, department management, and all system and information users.
The Executive Committee for Security • Responsible for ensuring that the objective of a secure operating environment, through the establishment of an ISA, is clearly defined in the enterprise strategic plans. • Include the CEO, the CFO, the COO, the CIO, the Security Officer, department or business unit directors, advisors to executive management, and/or members of the Board of Directors
The Chief Information Officer • IT policy and aligning IT strategy with business strategies • Business technology planning process, including the sponsorship of collaborative planning processes • New and existing applications development for enterprise initiatives and overall coordination for business unit or divisional initiatives
• IT infrastructure and architecture (e.g., computers and networks) operations and investment decisions • Sourcing and purchase decisions, which include make versus buy decisions relative to outsourcing, versus in-house provisioning of IT services and skills • Establishing partnerships, including strategic relationships with key IT suppliers and consultants • Technology transfer by providing enabling technologies that make it easier for customers and suppliers to do business with the enterprise as well as increase revenue and profitability
• Customer satisfaction with internal and external clients to ensure continuous customer satisfaction • Implementation of security initiatives related to all IT components to protect the infrastructure and reduce risk to a manageable and acceptable level • Providing training for all IT users to ensure productive use of existing and new systems
The Chief Financial Officer • Determining and maintaining the adequacy of internal controls to ensure that enterprise assets are safeguarded and liabilities are appropriately minimized • Ensuring the adequacy of accounting systems and procedures to enable the accurate reporting of the company’s financial position and operating results, and the proper recording of corporate transactions • Directing the preparation of internal monthly, quarterly, and annual financial and operating results
• Ensuring the accurate and timely preparation of external SEC and shareholder reports, as well as those required by other institutions • Overseeing the development of financial information systems enterprise wide to promote the timely and accurate assimilation, consolidation, and reporting of financial results and position • Supporting the ongoing IS projects and improving the strategic capabilities of the Controller’s function to balance its existing tactical strength
The Security Officer • Communicate with executive management on the risks and controls related to the business and operational systems environment • Ensure that appropriate user access and authentication controls are in place • Ensure that the documented security policies, standards, and procedures are reviewed, updated, and maintained periodically by appropriate individuals • Evaluate security exposures, misuse, or noncompliance situations, and ensure implementation of security controls to address those incidences • Ensure that all business unit/department Security Coordinators understand and execute their security responsibilities in accordance with related policies, standards, and procedures
• Organize and conduct periodic Security Team meetings • Research security Web sites, CERT advisories, publications, vendor correspondence on application patches, updates, and version releases, and the media for recent exposures and their fixes in operating systems and networks • Develop and implement the Security Awareness Program with assistance from Security Team members • Develop and implement the Review and Compliance Program with assistance from Security Team members
Security Officer Placement (Typical)
• When the ISA in the enterprise has become mature through several cycles of assessment, mitigation, audit, and effective compliance Security Officer Placement (Mature Security Life Cycle)
The Security Team • Represent particular security and business continuation issues and concerns within each enterprise location • Identify risks within each member’s area of concentration and ensure that appropriate controls are implemented to address these risks • Develop, review, and recommend all security policies, standards, and procedures that will be implemented across sites • Develop and implement an Information Security Awareness Program for all information technology administrators, development personnel, users, and their management, and administer the implementation of this program within their area • Create and maintain the security architecture as well as champion the implementation process
Security Coordinators or Liaisons • The coordinator’s primary responsibility is to ensure that appropriate user access within the scope of their business function is maintained. • Ensuring that application access forms are initiated for existing and new users within the respective departmental area • Ensuring that access is modified or deleted when employees and non-employees (i.e., consultants, contractors, business partners) operating within their business function or site are transferred or terminated
• Conducting user security awareness within their departmental function • Ensuring that the enterprise Confidentiality Agreement and exit interview forms are signed by all users operating within their department or area of responsibility • Actively participating as a member of the Security Team • Coordinating with the Security Officer on all security-related matters
Departmental Management • Departmental management is responsible for establishing the overall security strategy for department information. • Classification of information owned by the department. • Classifications will indicate the level of sensitivity and availability required for the information.
Network and Application Administrators • Network and application administrators are technically responsible for the operation of the network or application. • Risk assessment and the identification of vulnerabilities • These administrators are responsible for assisting the departmental manager in implementing and managing information technology policies, procedures, standards, and departmental guidelines for a particular component of the operating environment.
• The difference between the security coordinator (liaison) and the network administrator is that the security coordinator works within the business unit and is aware of the appropriate access policies for each employee within that department or business unit. • The network and application administrators actually implement the access control policies for each individual but may have no knowledge if the access is appropriate.
Human Resources • Human Resources and departmental management are responsible for providing timely information to the enterprise LAN managers and application administrators about employee termination or transfers so that appropriate steps can be taken to revoke or change access to systems and information. • New hires will be given the opportunity to read the Security Policy and Confidentiality Agreement and sign an acknowledgment form.
Legal Counsel • Responsible for reviewing all security policies and procedures for enforceability. • Breach of confidentiality, misuse of information, or destruction of information, files, or programs are often cause for termination or the subject of legal liability. • The law indicates that monitoring procedures will be disclosed to the users of the application or resource.
Audit • Four levels of audit functions: – Internal audit function, including electronic data processing (EDP) auditing – External audit function required by the SEC, NYSE, NASDAQ, and AMEX and performed by public accounting and auditing firms – Component audits performed by the system administrators and security liaisons; and – Compliance audits performed by the Security Officer and Security Team.
Internal Audit • Primary responsibility it is to assess risk, measure compliance to policy, validate financial reporting, and provide corporate governance.
• Understand the organization’s business, the accounting process, and internal control concepts. • Assess risk at the account and potential error levels. • Plan the audit approach and test of controls. • Test controls and ensure that adequate internal controls are in place. • Review the corporate code of conduct and monitor compliance with it.
• Ensure integrity and objectivity of financial statements. • Review financial statements and recommend their approval to the board. • Oversee the company quarterly reporting process. • Consider selection, implementation, and impact of significant accounting policies. • Review management judgment of accounting methods and estimates. • Understand financial and operational issues. • Participate in activities designed to prevent and detect fraud. • Remain independent of management.
• Review legal company obligations and pending litigation. • Review company insurance coverage. • Review compliance reports to regulatory agencies. • Review company budgets and executive expenses. • Participate in the selection of external auditors to enhance their independence. • Review external auditors’ findings and communicate with external auditors on financial issues. • Monitor management responses to external auditors.
IS auditor • Analyze a system or component to formulate the best approach for performing the audit. • Prepare audit work-plans for each system or component. • Review the system’s processes and documentation to determine compliance with stated data processing standards. • Review the system’s input and output to verify the correctness of the transaction processing and reports.
• Ensure that systems produce the desired information. • Evaluate and review proposed applications to provide input into the design of new systems regarding internal controls and adaptability. • Periodically review data processing facilities to ascertain organizational and operational effectiveness. • Provide audit support to other audit staff. • Coordinate the use of IS audit procedures for operational and financial audits. • Examine computer systems documentation and output to ensure the presence of adequate controls. • Develop audit reports and recommendations to IS and business management that identify irregularities or deviations from established policies and procedures.
External Audit • External auditor :- financial statement auditor • Auditors perform procedures to obtain sufficient evidence to express an opinion as to whether an entity has maintained, in all material respects, effective internal control over financial reporting as of a point in time based on “control criteria.”
Control criteria includes • The control environment • Risk assessment • Control activities • Information and communication • Monitoring
Control criteria categories • Effectiveness and efficiency of operations • Compliance with laws and regulations, and • Reliability of financial reporting.

Recommended

Cyber Security For Organization Proposal Powerpoint Presentation Slides
Cyber Security For Organization Proposal Powerpoint Presentation SlidesCyber Security For Organization Proposal Powerpoint Presentation Slides
Cyber Security For Organization Proposal Powerpoint Presentation SlidesSlideTeam
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 
Security Training Incident Investigation And Report Writing.Ppt
Security Training Incident Investigation And Report Writing.PptSecurity Training Incident Investigation And Report Writing.Ppt
Security Training Incident Investigation And Report Writing.PptFaheem Ul Hasan
 
Integrating Physical And Logical Security
Integrating Physical And Logical SecurityIntegrating Physical And Logical Security
Integrating Physical And Logical SecurityJorge Sebastiao
 
Raising information security awareness
Raising information security awarenessRaising information security awareness
Raising information security awarenessTerranovatraining
 
Workplace Security Awareness-Part 1
Workplace Security Awareness-Part 1Workplace Security Awareness-Part 1
Workplace Security Awareness-Part 1David Santiago
 
CISSP Cheatsheet.pdf
CISSP Cheatsheet.pdfCISSP Cheatsheet.pdf
CISSP Cheatsheet.pdfshyedshahriar
 
Physical security
Physical securityPhysical security
Physical securityTariq Mahmood
 

Recommended

Cyber Security For Organization Proposal Powerpoint Presentation Slides
Cyber Security For Organization Proposal Powerpoint Presentation SlidesCyber Security For Organization Proposal Powerpoint Presentation Slides
Cyber Security For Organization Proposal Powerpoint Presentation SlidesSlideTeam
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 
Security Training Incident Investigation And Report Writing.Ppt
Security Training Incident Investigation And Report Writing.PptSecurity Training Incident Investigation And Report Writing.Ppt
Security Training Incident Investigation And Report Writing.PptFaheem Ul Hasan
 
Integrating Physical And Logical Security
Integrating Physical And Logical SecurityIntegrating Physical And Logical Security
Integrating Physical And Logical SecurityJorge Sebastiao
 
Raising information security awareness
Raising information security awarenessRaising information security awareness
Raising information security awarenessTerranovatraining
 
Workplace Security Awareness-Part 1
Workplace Security Awareness-Part 1Workplace Security Awareness-Part 1
Workplace Security Awareness-Part 1David Santiago
 
CISSP Cheatsheet.pdf
CISSP Cheatsheet.pdfCISSP Cheatsheet.pdf
CISSP Cheatsheet.pdfshyedshahriar
 
Physical security
Physical securityPhysical security
Physical securityTariq Mahmood
 
Physical Security In The Workplace
Physical Security In The WorkplacePhysical Security In The Workplace
Physical Security In The Workplacedougfarre
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDaniel P Wallace
 
Physical security roi
Physical security roi Physical security roi
Physical security roi Kevin Schmidt, LPC
 
Domain 2 - Asset Security
Domain 2 - Asset SecurityDomain 2 - Asset Security
Domain 2 - Asset SecurityMaganathin Veeraragaloo
 
Unit 6
Unit 6Unit 6
Unit 6Alanda Fuller
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023PECB
 
Physical Security Presentation
Physical Security PresentationPhysical Security Presentation
Physical Security PresentationWajahat Rajab
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingWilliam Mann
 
Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overviewJulia Urbina-Pineda
 
Chapter 11: Information Security Incident Management
Chapter 11: Information Security Incident ManagementChapter 11: Information Security Incident Management
Chapter 11: Information Security Incident ManagementNada G.Youssef
 
7. physical sec
7. physical sec7. physical sec
7. physical sec7wounders
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
Domain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementDomain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementMaganathin Veeraragaloo
 
Unit3
Unit3Unit3
Unit3Alanda Fuller
 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk ManagementSam Bowne
 
Security and personnel bp11521
Security and personnel bp11521Security and personnel bp11521
Security and personnel bp11521Merlin Florrence
 
Workplace Security practices
Workplace Security practicesWorkplace Security practices
Workplace Security practicesRusselSmith Nigeria
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@R_Yanus
 
Cybersecurity Audit
Cybersecurity AuditCybersecurity Audit
Cybersecurity AuditEC-Council
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessSirius
 
Understanding the security_organization
Understanding the security_organizationUnderstanding the security_organization
Understanding the security_organizationDan Morrill
 
Cyber security for an organization
Cyber security for an organizationCyber security for an organization
Cyber security for an organizationTejas Wasule
 

More Related Content

What's hot

Physical Security In The Workplace
Physical Security In The WorkplacePhysical Security In The Workplace
Physical Security In The Workplacedougfarre
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDaniel P Wallace
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023PECB
 
Physical Security Presentation
Physical Security PresentationPhysical Security Presentation
Physical Security PresentationWajahat Rajab
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingWilliam Mann
 
Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overviewJulia Urbina-Pineda
 
Chapter 11: Information Security Incident Management
Chapter 11: Information Security Incident ManagementChapter 11: Information Security Incident Management
Chapter 11: Information Security Incident ManagementNada G.Youssef
 
7. physical sec
7. physical sec7. physical sec
7. physical sec7wounders
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
Domain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementDomain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementMaganathin Veeraragaloo
 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk ManagementSam Bowne
 
Security and personnel bp11521
Security and personnel bp11521Security and personnel bp11521
Security and personnel bp11521Merlin Florrence
 
Workplace Security practices
Workplace Security practicesWorkplace Security practices
Workplace Security practicesRusselSmith Nigeria
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@R_Yanus
 
Cybersecurity Audit
Cybersecurity AuditCybersecurity Audit
Cybersecurity AuditEC-Council
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessSirius
 

What's hot (20)

Physical Security In The Workplace
Physical Security In The WorkplacePhysical Security In The Workplace
Physical Security In The Workplace
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Physical security roi
Physical security roi Physical security roi
Physical security roi
 
Domain 2 - Asset Security
Domain 2 - Asset SecurityDomain 2 - Asset Security
Domain 2 - Asset Security
 
Unit 6
Unit 6Unit 6
Unit 6
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
 
Physical Security Presentation
Physical Security PresentationPhysical Security Presentation
Physical Security Presentation
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overview
 
Chapter 11: Information Security Incident Management
Chapter 11: Information Security Incident ManagementChapter 11: Information Security Incident Management
Chapter 11: Information Security Incident Management
 
7. physical sec
7. physical sec7. physical sec
7. physical sec
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
 
Domain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementDomain 1 - Security and Risk Management
Domain 1 - Security and Risk Management
 
Unit3
Unit3Unit3
Unit3
 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk Management
 
Security and personnel bp11521
Security and personnel bp11521Security and personnel bp11521
Security and personnel bp11521
 
Workplace Security practices
Workplace Security practicesWorkplace Security practices
Workplace Security practices
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@
 
Cybersecurity Audit
Cybersecurity AuditCybersecurity Audit
Cybersecurity Audit
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to Success
 

Viewers also liked

Understanding the security_organization
Understanding the security_organizationUnderstanding the security_organization
Understanding the security_organizationDan Morrill
 
Cyber security for an organization
Cyber security for an organizationCyber security for an organization
Cyber security for an organizationTejas Wasule
 
II Security At Microsoft
II Security At MicrosoftII Security At Microsoft
II Security At MicrosoftMark J. Feldman
 
Professional Security Organization ASIS Offers Bootcamp Training
Professional Security Organization ASIS Offers Bootcamp TrainingProfessional Security Organization ASIS Offers Bootcamp Training
Professional Security Organization ASIS Offers Bootcamp TrainingEmblez Longoria
 
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...Keynote Presentation "Building a Culture of Privacy and Security into Your Or...
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...Health IT Conference – iHT2
 
Losing battles, winning wars
Losing battles, winning warsLosing battles, winning wars
Losing battles, winning warsRafal Los
 
Understanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationUnderstanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationPECB
 
Information Security Cost Effective Managed Services
Information Security Cost Effective Managed ServicesInformation Security Cost Effective Managed Services
Information Security Cost Effective Managed ServicesJorge Sebastiao
 
Making Executives Accountable for IT Security
Making Executives Accountable for IT SecurityMaking Executives Accountable for IT Security
Making Executives Accountable for IT SecuritySeccuris Inc.
 
The New Security - Post "9/11"
The New Security - Post "9/11"The New Security - Post "9/11"
The New Security - Post "9/11"Wivenhoe Management Group
 
Fadi Mutlak - Information security governance
Fadi Mutlak - Information security governanceFadi Mutlak - Information security governance
Fadi Mutlak - Information security governancenooralmousa
 
EU GDPR: The role of the data protection officer
EU GDPR: The role of the data protection officer EU GDPR: The role of the data protection officer
EU GDPR: The role of the data protection officer IT Governance Ltd
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness SnapComms
 
Building a Modern Security Engineering Organization
Building a Modern Security Engineering OrganizationBuilding a Modern Security Engineering Organization
Building a Modern Security Engineering OrganizationZane Lackey
 
Physical security.ppt
Physical security.pptPhysical security.ppt
Physical security.pptFaheem Ul Hasan
 

Viewers also liked (16)

Understanding the security_organization
Understanding the security_organizationUnderstanding the security_organization
Understanding the security_organization
 
Cyber security for an organization
Cyber security for an organizationCyber security for an organization
Cyber security for an organization
 
II Security At Microsoft
II Security At MicrosoftII Security At Microsoft
II Security At Microsoft
 
Professional Security Organization ASIS Offers Bootcamp Training
Professional Security Organization ASIS Offers Bootcamp TrainingProfessional Security Organization ASIS Offers Bootcamp Training
Professional Security Organization ASIS Offers Bootcamp Training
 
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...Keynote Presentation "Building a Culture of Privacy and Security into Your Or...
Keynote Presentation "Building a Culture of Privacy and Security into Your Or...
 
Losing battles, winning wars
Losing battles, winning warsLosing battles, winning wars
Losing battles, winning wars
 
Understanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationUnderstanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for Organization
 
Information Security Cost Effective Managed Services
Information Security Cost Effective Managed ServicesInformation Security Cost Effective Managed Services
Information Security Cost Effective Managed Services
 
Making Executives Accountable for IT Security
Making Executives Accountable for IT SecurityMaking Executives Accountable for IT Security
Making Executives Accountable for IT Security
 
The New Security - Post "9/11"
The New Security - Post "9/11"The New Security - Post "9/11"
The New Security - Post "9/11"
 
Fadi Mutlak - Information security governance
Fadi Mutlak - Information security governanceFadi Mutlak - Information security governance
Fadi Mutlak - Information security governance
 
EU GDPR: The role of the data protection officer
EU GDPR: The role of the data protection officer EU GDPR: The role of the data protection officer
EU GDPR: The role of the data protection officer
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness
 
Building a Modern Security Engineering Organization
Building a Modern Security Engineering OrganizationBuilding a Modern Security Engineering Organization
Building a Modern Security Engineering Organization
 
Indonesia National Cyber Security Strategy
Indonesia National Cyber Security StrategyIndonesia National Cyber Security Strategy
Indonesia National Cyber Security Strategy
 
Physical security.ppt
Physical security.pptPhysical security.ppt
Physical security.ppt
 

Similar to Security Organization/ Infrastructure

crisc_wk_2a.pptx
crisc_wk_2a.pptxcrisc_wk_2a.pptx
crisc_wk_2a.pptxdotco
 
Internal financial control - how ready are you - Webinar
Internal financial control - how ready are you - WebinarInternal financial control - how ready are you - Webinar
Internal financial control - how ready are you - WebinarAli Zeeshan
 
Planning for security and security audit process
Planning for security and security audit processPlanning for security and security audit process
Planning for security and security audit processDivya Tiwari
 
Human Factors_MODULE_2.pptx
Human Factors_MODULE_2.pptxHuman Factors_MODULE_2.pptx
Human Factors_MODULE_2.pptxShreeveni
 
Assuring Digital Strategic Initiatives by
Assuring Digital Strategic Initiatives by Assuring Digital Strategic Initiatives by
Assuring Digital Strategic Initiatives by FirstMutualHoldings
 
Security Architecture
Security ArchitectureSecurity Architecture
Security ArchitecturePriyank Hada
 
Controls in Audit.pptx
Controls in Audit.pptxControls in Audit.pptx
Controls in Audit.pptxHardikKundra
 
Jeremy Rich-Resume
Jeremy Rich-ResumeJeremy Rich-Resume
Jeremy Rich-ResumeJeremy Rich
 
Fehmida Sayed - IT Head, Senior Manager-Infra and Infosec
Fehmida Sayed - IT Head, Senior Manager-Infra and InfosecFehmida Sayed - IT Head, Senior Manager-Infra and Infosec
Fehmida Sayed - IT Head, Senior Manager-Infra and InfosecFehmida Sayed
 
Security Baselines and Risk Assessments
Security Baselines and Risk AssessmentsSecurity Baselines and Risk Assessments
Security Baselines and Risk AssessmentsPriyank Hada
 
L13 SDLC and Risk Management.pptx
L13 SDLC and Risk Management.pptxL13 SDLC and Risk Management.pptx
L13 SDLC and Risk Management.pptxStevenTharp2
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationMcKonly & Asbury, LLP
 
Risk management & compliance with xyea october 2012
Risk management & compliance with xyea october 2012Risk management & compliance with xyea october 2012
Risk management & compliance with xyea october 2012Xyea
 
CISM_WK_2.pptx
CISM_WK_2.pptxCISM_WK_2.pptx
CISM_WK_2.pptxdotco
 
Information system audit 2
Information system audit 2 Information system audit 2
Information system audit 2 Jayant Dalvi
 
Information Security Blueprint
Information Security BlueprintInformation Security Blueprint
Information Security BlueprintZefren Edior
 
CISM_WK_1.pptx
CISM_WK_1.pptxCISM_WK_1.pptx
CISM_WK_1.pptxdotco
 
The Importance of Security within the Computer Environment
The Importance of Security within the Computer EnvironmentThe Importance of Security within the Computer Environment
The Importance of Security within the Computer EnvironmentAdetula Bunmi
 

Similar to Security Organization/ Infrastructure (20)

crisc_wk_2a.pptx
crisc_wk_2a.pptxcrisc_wk_2a.pptx
crisc_wk_2a.pptx
 
Compliance
ComplianceCompliance
Compliance
 
Internal financial control - how ready are you - Webinar
Internal financial control - how ready are you - WebinarInternal financial control - how ready are you - Webinar
Internal financial control - how ready are you - Webinar
 
Planning for security and security audit process
Planning for security and security audit processPlanning for security and security audit process
Planning for security and security audit process
 
Human Factors_MODULE_2.pptx
Human Factors_MODULE_2.pptxHuman Factors_MODULE_2.pptx
Human Factors_MODULE_2.pptx
 
Assuring Digital Strategic Initiatives by
Assuring Digital Strategic Initiatives by Assuring Digital Strategic Initiatives by
Assuring Digital Strategic Initiatives by
 
Security Architecture
Security ArchitectureSecurity Architecture
Security Architecture
 
Controls in Audit.pptx
Controls in Audit.pptxControls in Audit.pptx
Controls in Audit.pptx
 
Jeremy Rich-Resume
Jeremy Rich-ResumeJeremy Rich-Resume
Jeremy Rich-Resume
 
Fehmida Sayed - IT Head, Senior Manager-Infra and Infosec
Fehmida Sayed - IT Head, Senior Manager-Infra and InfosecFehmida Sayed - IT Head, Senior Manager-Infra and Infosec
Fehmida Sayed - IT Head, Senior Manager-Infra and Infosec
 
Security Baselines and Risk Assessments
Security Baselines and Risk AssessmentsSecurity Baselines and Risk Assessments
Security Baselines and Risk Assessments
 
L13 SDLC and Risk Management.pptx
L13 SDLC and Risk Management.pptxL13 SDLC and Risk Management.pptx
L13 SDLC and Risk Management.pptx
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your Organization
 
Risk management & compliance with xyea october 2012
Risk management & compliance with xyea october 2012Risk management & compliance with xyea october 2012
Risk management & compliance with xyea october 2012
 
CISM_WK_2.pptx
CISM_WK_2.pptxCISM_WK_2.pptx
CISM_WK_2.pptx
 
Information system audit 2
Information system audit 2 Information system audit 2
Information system audit 2
 
Information Security Blueprint
Information Security BlueprintInformation Security Blueprint
Information Security Blueprint
 
CISM_WK_1.pptx
CISM_WK_1.pptxCISM_WK_1.pptx
CISM_WK_1.pptx
 
The Importance of Security within the Computer Environment
The Importance of Security within the Computer EnvironmentThe Importance of Security within the Computer Environment
The Importance of Security within the Computer Environment
 
Soc
SocSoc
Soc
 

Recently uploaded

My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
WhatsApp 9892124323 âś“Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 âś“Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 âś“Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 âś“Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 

Recently uploaded (20)

My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
WhatsApp 9892124323 âś“Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 âś“Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 âś“Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 âś“Call Girls In Kalyan ( Mumbai ) secure service
 

Security Organization/ Infrastructure

  • 2. The size of security team depends on • Size of the enterprise • Systems environment (distributed versus centralized) • Number of components in the operating environment • Organizational and management structure of the enterprise • Number and locations of operational sites (i.e., national versus international) • How the sites are interconnected • Assessed risk • IT Strategic Plan • IT budget
  • 3. Key challenges • Migration of the security function from a centralized, mainframe-based function to an effective governing body in the distributed systems environment. • Understanding the different security requirements for all of the technology implementations within the enterprise. • Obtaining adequately budgeted resources. • Overutilization of employees.
  • 4. Who are the key players of the security organization? • The Chief Information Officer (CIO), the Chief Financial Officer (CFO), the Security Officer, security coordinators or liaisons, application coordinators, Human Resources, Legal Counsel, help desk, department management, and all system and information users.
  • 5.
  • 6. The Executive Committee for Security • Responsible for ensuring that the objective of a secure operating environment, through the establishment of an ISA, is clearly defined in the enterprise strategic plans. • Include the CEO, the CFO, the COO, the CIO, the Security Officer, department or business unit directors, advisors to executive management, and/or members of the Board of Directors
  • 7. The Chief Information Officer • IT policy and aligning IT strategy with business strategies • Business technology planning process, including the sponsorship of collaborative planning processes • New and existing applications development for enterprise initiatives and overall coordination for business unit or divisional initiatives
  • 8. • IT infrastructure and architecture (e.g., computers and networks) operations and investment decisions • Sourcing and purchase decisions, which include make versus buy decisions relative to outsourcing, versus in-house provisioning of IT services and skills • Establishing partnerships, including strategic relationships with key IT suppliers and consultants • Technology transfer by providing enabling technologies that make it easier for customers and suppliers to do business with the enterprise as well as increase revenue and profitability
  • 9. • Customer satisfaction with internal and external clients to ensure continuous customer satisfaction • Implementation of security initiatives related to all IT components to protect the infrastructure and reduce risk to a manageable and acceptable level • Providing training for all IT users to ensure productive use of existing and new systems
  • 10. The Chief Financial Officer • Determining and maintaining the adequacy of internal controls to ensure that enterprise assets are safeguarded and liabilities are appropriately minimized • Ensuring the adequacy of accounting systems and procedures to enable the accurate reporting of the company’s financial position and operating results, and the proper recording of corporate transactions • Directing the preparation of internal monthly, quarterly, and annual financial and operating results
  • 11. • Ensuring the accurate and timely preparation of external SEC and shareholder reports, as well as those required by other institutions • Overseeing the development of financial information systems enterprise wide to promote the timely and accurate assimilation, consolidation, and reporting of financial results and position • Supporting the ongoing IS projects and improving the strategic capabilities of the Controller’s function to balance its existing tactical strength
  • 12. The Security Officer • Communicate with executive management on the risks and controls related to the business and operational systems environment • Ensure that appropriate user access and authentication controls are in place • Ensure that the documented security policies, standards, and procedures are reviewed, updated, and maintained periodically by appropriate individuals • Evaluate security exposures, misuse, or noncompliance situations, and ensure implementation of security controls to address those incidences • Ensure that all business unit/department Security Coordinators understand and execute their security responsibilities in accordance with related policies, standards, and procedures
  • 13. • Organize and conduct periodic Security Team meetings • Research security Web sites, CERT advisories, publications, vendor correspondence on application patches, updates, and version releases, and the media for recent exposures and their fixes in operating systems and networks • Develop and implement the Security Awareness Program with assistance from Security Team members • Develop and implement the Review and Compliance Program with assistance from Security Team members
  • 15. • When the ISA in the enterprise has become mature through several cycles of assessment, mitigation, audit, and effective compliance Security Officer Placement (Mature Security Life Cycle)
  • 16.
  • 17. The Security Team • Represent particular security and business continuation issues and concerns within each enterprise location • Identify risks within each member’s area of concentration and ensure that appropriate controls are implemented to address these risks • Develop, review, and recommend all security policies, standards, and procedures that will be implemented across sites • Develop and implement an Information Security Awareness Program for all information technology administrators, development personnel, users, and their management, and administer the implementation of this program within their area • Create and maintain the security architecture as well as champion the implementation process
  • 18.
  • 19. Security Coordinators or Liaisons • The coordinator’s primary responsibility is to ensure that appropriate user access within the scope of their business function is maintained. • Ensuring that application access forms are initiated for existing and new users within the respective departmental area • Ensuring that access is modified or deleted when employees and non-employees (i.e., consultants, contractors, business partners) operating within their business function or site are transferred or terminated
  • 20. • Conducting user security awareness within their departmental function • Ensuring that the enterprise Confidentiality Agreement and exit interview forms are signed by all users operating within their department or area of responsibility • Actively participating as a member of the Security Team • Coordinating with the Security Officer on all security-related matters
  • 21. Departmental Management • Departmental management is responsible for establishing the overall security strategy for department information. • Classification of information owned by the department. • Classifications will indicate the level of sensitivity and availability required for the information.
  • 22. Network and Application Administrators • Network and application administrators are technically responsible for the operation of the network or application. • Risk assessment and the identification of vulnerabilities • These administrators are responsible for assisting the departmental manager in implementing and managing information technology policies, procedures, standards, and departmental guidelines for a particular component of the operating environment.
  • 23. • The difference between the security coordinator (liaison) and the network administrator is that the security coordinator works within the business unit and is aware of the appropriate access policies for each employee within that department or business unit. • The network and application administrators actually implement the access control policies for each individual but may have no knowledge if the access is appropriate.
  • 24. Human Resources • Human Resources and departmental management are responsible for providing timely information to the enterprise LAN managers and application administrators about employee termination or transfers so that appropriate steps can be taken to revoke or change access to systems and information. • New hires will be given the opportunity to read the Security Policy and Confidentiality Agreement and sign an acknowledgment form.
  • 25. Legal Counsel • Responsible for reviewing all security policies and procedures for enforceability. • Breach of confidentiality, misuse of information, or destruction of information, files, or programs are often cause for termination or the subject of legal liability. • The law indicates that monitoring procedures will be disclosed to the users of the application or resource.
  • 26. Audit • Four levels of audit functions: – Internal audit function, including electronic data processing (EDP) auditing – External audit function required by the SEC, NYSE, NASDAQ, and AMEX and performed by public accounting and auditing firms – Component audits performed by the system administrators and security liaisons; and – Compliance audits performed by the Security Officer and Security Team.
  • 27. Internal Audit • Primary responsibility it is to assess risk, measure compliance to policy, validate financial reporting, and provide corporate governance.
  • 28. • Understand the organization’s business, the accounting process, and internal control concepts. • Assess risk at the account and potential error levels. • Plan the audit approach and test of controls. • Test controls and ensure that adequate internal controls are in place. • Review the corporate code of conduct and monitor compliance with it.
  • 29. • Ensure integrity and objectivity of financial statements. • Review financial statements and recommend their approval to the board. • Oversee the company quarterly reporting process. • Consider selection, implementation, and impact of significant accounting policies. • Review management judgment of accounting methods and estimates. • Understand financial and operational issues. • Participate in activities designed to prevent and detect fraud. • Remain independent of management.
  • 30. • Review legal company obligations and pending litigation. • Review company insurance coverage. • Review compliance reports to regulatory agencies. • Review company budgets and executive expenses. • Participate in the selection of external auditors to enhance their independence. • Review external auditors’ findings and communicate with external auditors on financial issues. • Monitor management responses to external auditors.
  • 31. IS auditor • Analyze a system or component to formulate the best approach for performing the audit. • Prepare audit work-plans for each system or component. • Review the system’s processes and documentation to determine compliance with stated data processing standards. • Review the system’s input and output to verify the correctness of the transaction processing and reports.
  • 32. • Ensure that systems produce the desired information. • Evaluate and review proposed applications to provide input into the design of new systems regarding internal controls and adaptability. • Periodically review data processing facilities to ascertain organizational and operational effectiveness. • Provide audit support to other audit staff. • Coordinate the use of IS audit procedures for operational and financial audits. • Examine computer systems documentation and output to ensure the presence of adequate controls. • Develop audit reports and recommendations to IS and business management that identify irregularities or deviations from established policies and procedures.
  • 33. External Audit • External auditor :- financial statement auditor • Auditors perform procedures to obtain sufficient evidence to express an opinion as to whether an entity has maintained, in all material respects, effective internal control over financial reporting as of a point in time based on “control criteria.”
  • 34. Control criteria includes • The control environment • Risk assessment • Control activities • Information and communication • Monitoring
  • 35. Control criteria categories • Effectiveness and efficiency of operations • Compliance with laws and regulations, and • Reliability of financial reporting.