SlideShare a Scribd company logo

Beat liver c-aise-2013_v1-0(final)

C
caise2013vlc
BusinessEconomy & Finance
1 of 19
Download to read offline
Integrity in Very Large Information Systems Dealing with Information Risk Black Swans Public, Presentation for CAiSE 2013 June 21, 2013 Beat Liver and Helmut Kaufmann
About Credit Suisse One of the world’s leading financial services providers Offers to clients its expertise in – Private Banking – Investment Banking – Asset Management Operates in over 50 countries – Around 550 locations 46,900 employees June 21, 2013Beat Liver and Helmut Kaufmann 2/19
Agenda Introduction − Business-critical failures − What is common? How to identify and prevent such failures? − Why is this challenging? Information risk − Integrity risk vs. integrity criticality − Levels of integrity criticality Integrity controls − Minimum bar integrity design standards Integrity controls enhancements − Minimum bar standards limitations − Independent controls (Proof-of-Concept) Experience Conclusions June 21, 2013Beat Liver and Helmut Kaufmann Risk Controls RatingDrivers 3/19
Business-critical Failures A trading software bug − generated wrong market orders − resulting in a loss of 440 million USD within 30 minutes After a software change − a payment order processing batch failed. − Around 7 million account holders were impacted. − Sorting out and restoring operations took several weeks A trader inadvertently entered − an order to sell 610'000 shares at 16 Yen a piece instead of 16 shares at 610'000 Yen. − resulting in a loss of up to 100 million USD Source: Risks Digest (see paper) June 21, 2013Beat Liver and Helmut Kaufmann Risk Controls RatingDrivers 4/19 Source WikiMedia, Uwe Kils and Wiska Bodo under Creative Commons license.
What is Common? How to identify and prevent business-critical integrity failures? Integrity failure – incorrect data processing − Correct modifications Business expectation − Authorized modifications Integrity understanding mostly used Business-critical impact − Huge financial loss − Enterprise at risk (sometimes) Black Swans characteristics − Unexpected events − Rationalized in hindsight − Hard to foresee June 21, 2013Beat Liver and Helmut Kaufmann Risk Controls RatingDrivers 5/19
Why is integrity challenging? Very Large Information Systems in the Financial Services Industry Size − Such as, for instance, more than 6’000 Applications (e.g., red dot) 100’000’000 lines of code 10’000 employees − globally distributed Complexity − Multiple business lines and entities − Functional dependences (e.g., blue lines) − Evolving requirements 24/7, low-latency and volume Regulation (Basle III) − Evolving technology − Economic factors Value-chain / vertical integration Resource constraints − Technical debts Tailor-made IT systems − Custom components June 21, 2013Beat Liver and Helmut Kaufmann Application landscape domain model with an Foreign Exchange (FX) client order application with selected up- and downstream dependencies (i.e., data flow). Risk Controls RatingDrivers 6/19
Integrity Risk vs. Integrity Criticality Risk equation assumptions − Statistical basis − History − Number of instances Airplanes, cars, etc. but, very large information systems − Unique, − Diverse − Rapidly evolving Risk assessment implications − Can you assess the probability? − Can you assess the impact? June 21, 2013Beat Liver and Helmut Kaufmann Which scenario is business-critical? a) 10 erroneous payments over 100 Million CHF each to banks b) 10 million erroneous payments over 100 CHF each to individuals on accounts with other banks Risks in above examples • In (a), bank’s return money but a counterparty might default • In (b), a recovery is possible but it costs too much Risk Controls RatingDrivers Probability Impact [CHF] Risk [P x I] Criticality 0.01 1’000.00 10 low 0.001 1’000’000.00 1’000 medium 0.000001 1’000’000’000.00 1’000 high 7/19
Medium vs. High Integrity-Criticality Probability (unsuitable parameter) − Rare events Impact defines integrity-criticality − Negative black swans (concave losses) − Possible Losses Recoverable (I-2, normal critical) – Cap on sum of residual possible loss and recovery costs Irrecoverable (I-1, business critical) – Cap on absorbable possible loss given Business Controls Assets at Risk – Business objects – Populations June 21, 2013Beat Liver and Helmut Kaufmann See also [Results from the 2008 Loss Data Collection Exercise, Bank for International Settlements (BIS), July 2009,Table ILD6 - Distribution of Loss Amount by Severity of Loss Risk Controls RatingDrivers Rare Events Possible Loss 0.00 0.10 0.20 0.30 0.40 0.50 0.60 I-2 I-1 Likelihood -6000.00 -5000.00 -4000.00 -3000.00 -2000.00 -1000.00 0.00 8/19
Integrity Design Standards Design to ensure that critical data is correctly modified Audience − Solution architects − Application owners Scope − Individual applications rated as normal and business critical differentiation in development, testing and operation In comparison − to industry standards ISO/IEC 17799:2005 practice guide − our standards are Concrete and specific* – Standards infrastructure – Compliance criteria Coherent and complete** Technology agnostic June 21, 2013Beat Liver and Helmut Kaufmann Integrity Design Standard Summary Data aspect, where critical data − Must be identified and defined ** − Must be uniquely identifiable, golden-sourced via services** − Sole identifiers in user interfaces must support validation * Processing aspects, where critical processing must − Log critical steps using standard infrastructure* − Perform a timely reconciliation for exchanged critical data − Use patterns of the standard consistency model* − Use idempotent operations, services and batches** Validation aspects, where applications must on critical data − Automatically validate the input/output plausibility − Use second validation according to the four-eye principle − Specify in service contracts authoritatively-validations** − Resolve plausibility exceptions by sign-off, degraded modes of operation or failure* Recovery aspects, where application must implement − Use backup procedure supporting a timely recovery − Idempotent and restart-able recovery procedures ensuring timely recovery including a integrity validation Risk Controls RatingDrivers Similar to IT Auditing and Controls - A look at Application Controls, Kenneth Magee (InfoSec Resources) 9/19
Integrity Controls Enhancements Are the controls effective and efficient? Integrity controls − Controls limitations Devil is in the details (post mortems) – No safety critical-systems methods Costs due to criticality propagation − 2nd version independent controls Abstraction – Critical data attributes only – Approximations are sufficient – Process boundaries only Independent Application landscape − Order business processes External process boundaries – Source (of external commitment) – Interface (to outside) Account booking External payment Internal process boundaries – Aggregation (e.g., position keeping) − Audit trail (design standard) Integrity Controls 2nd Controls I/O Validations Application Landscape Interface Source Order Management Settlement Messaging Gateway Payment Audit Trail Logging Infrastructure ControlsRisk Controls RatingDrivers June 21, 2013Beat Liver and Helmut Kaufmann 10/19
Application Landscape Independent Controls Proof-of-Concept Modeling − Application Finite State Machines (FSM) Business objects life-cycle state Business rules define transition conditions − Communications among FSMs Business rules define conditions − What are the benefits? Abstraction for a class of systems Reusability and modularity Automata facilitates criticality rating Validations Engine − Big Data analytics tool − Modular correlation rule sets FSM with its business rules − Tracking life-cycle state in data base Views based on deadlines Reduce log retention duration I/O ValidationInterface Source Order Management Settlemen t Messaging Gateway Payment Audit Trail Logging Infrastructure Communicating FSM Business Rules ControlsRisk Controls RatingDrivers June 21, 2013Beat Liver and Helmut Kaufmann 11/19
Experience – Lessons Learned Business/IT Alignment + Understanding (non-functional vs. functional) + Business controls and IT systems Rating and minimum bar standards + Clearer directives and narrower discretion - In-depth interdisciplinary understanding necessary - Challenging institutionalization (comfort zone) Independent controls Proof-of-Concept + Audit trails are suitable, but - Heterogeneous format, representations, etc. - Correlation identifiers segmented and directional + Standards infrastructure suitable with moderate response time requirements (~ 10 s) without automatic intervention (integrity gate) o But, a reliance on independent controls is undesirable! - Manual modeling costly and brittle – the killer criteria Large number of business rules Frequent modifications across the landscape Deliverables Information Risk Assessment Methodology Minimal Bar Design Standards Minimum Bar Standards compliance assessment of around 200 applications world- wide Independent Controls Proof-of-Concept with standard infrastructure and production audit trails ControlsRisk Controls RatingDrivers June 21, 2013Beat Liver and Helmut Kaufmann 12/19
Possible Loss I-1 Conclusions In ship fleet operations, watch icebergs. In banking IT, keep an eye on integrity. Very-large banking information systems − What is business-critical? Do business and IT mean the same? − What is integrity? Authorized vs. correct modifications − How to rate the integrity? What is the impact? What are the business controls? How to mange dependencies? − What integrity controls are necessary? How to reduce the effort and increase the assurance level? Are independent controls an option? Outlook − Institutionalization and revision − Research independent controls Independent Risk Controls RatingDrivers June 21, 2013Beat Liver and Helmut Kaufmann 13/19 Source WikiMedia, U. Kils and W. Bodo under Creative Commons license.
Appendix June 21, 2013Beat Liver and Helmut Kaufmann 14/19
Integrity Criticality Rating 1) Information assets in scope − Financial perspective − Compliance perspective − IT Risk Management perspective 2) Assets at Risk (financial values) − Population of data objects − Small and large attribute-value errors 3) Business controls (using other apps) − Possible financial losses Control check-points (time bounds) − Recoverability Capped residual loss + recovery costs 4) Application Business and IT criticality rating (alignment of understanding) 5) Manage decencies using services − Services offered/required integrity-criticality − Consume services meeting integrity-criticality − Application sub-systems differentiation June 21, 2013Beat Liver and Helmut Kaufmann Drivers Financial Compliance Information Risk Confidentiality Availability Integrity Operation Scope Modifications "Correct" Authorized Data Scope IT Risk Mgmt Compliance Financial Application, Service, ... Business vs. IT Rating Criticality Rating (Risk Assessment) Integrity-criticality Assets at Risk Recoverabilty Business Controls Application, Service, ... Business vs. IT Rating Risk Controls RatingDrivers 15/19
Risk-Adjusted Services In a SOA, direct dependencies are sufficient Service functionality − Data service EVENT publisher Read-only ACTION − Data Processing service EVENT consuming demon Write ACTION Note: EVENT/ACTION refer to semantics and not the transport! Service integrity-criticality rating − Determined by application sub-system Adequate service consumption − Service rating equal (or higher) to consumer's − Compensations Service-based dependency management June 21, 2013Beat Liver and Helmut Kaufmann getMarketData updatePosition FX Order Management CRUD Order createSettlement Risk Controls RatingDrivers 16/19
Order Example Foreign Exchange Spot Joe Smith buys 1'000'000.00 USD against CHF at a spot exchange rate of 0.9401 USD/CHF on 2013-04-05 07:45 UTC Business object with critical attributes − Order Type: FX Spot − State {new, modified, canceled, matured}: new − Counterparty: Joe Smith − Traded Amount: 1'000'0000.00 USD − Exchange rate: 0.9401 USD/CHF − Trade date: 2013-04-05 07:45 UTC FX Order Management Application − Generates quotes given market data − Order capture, modification and cancellation Create, Read, Update, Delta SOA Service Sends order life-cycle events down-stream − Settlement application − Position management application June 21, 2013Beat Liver and Helmut Kaufmann FX Order Management FX Position Keeping Market Data FX Hedging FX Settlement Payments Messaging Gateway Risk Controls RatingDrivers 17/19
Rating Example Foreign Exchange Spot Joe Smith buys 1'000'000.00 USD against CHF at a spot exchange rate of 0.9401 USD/CHF on 2013-04-05 07:45 UTC Business object with critical attributes − Order Type: FX Spot − State {new, modified, canceled, matured}: new − Counterparty: Joe Smith − Traded Amount: 1'000'0000.00 USD − Exchange rate: 0.9401 USD/CHF − Trade date: 2013-04-05 07:45 UTC Asset at Risk: Spot Order population − 1'000 new orders over 1'000'000 € per day − 1 pip markup, i.e., 100'000 € markup per day Data error scenarios - small vs. a few large − Mispricing exchange rate − Duplicate/ missing orders − Duplicate cash settlement payments Business Controls − Are they detective and corrective? − Are possible losses recoverable? June 21, 2013Beat Liver and Helmut Kaufmann Business Control FX Order Management population FX Position Keeping Market Data FX Hedging CRUD Order Volume Profit/Loss FX Settlement Payments Messaging Gateway What is required from consumed service? Risk Controls RatingDrivers 18/19
Disclaimer This document was produced for information purposes and is for the exclusive use of the recipient. No guarantee is made regarding reliability or completeness of this document, nor will any liability be accepted for losses that may arise from its use. This document may not be distributed in the United States or given to any US persons (within the meaning of Regulation S under the US Securities Act of 1933, as amended). The same applies in any other jurisdiction except where compliant with the applicable laws. Copyright © 2013 Credit Suisse Group AG and/or its affiliated companies. All rights reserved. June 21, 2013Beat Liver and Helmut Kaufmann 19/19

Recommended

Udream overview 1.0
Udream overview 1.0Udream overview 1.0
Udream overview 1.0cheenmoyprakash
 
VET4SBO Level 2 module 5 - unit 2 - v0.9 en
VET4SBO Level 2 module 5 - unit 2 - v0.9 enVET4SBO Level 2 module 5 - unit 2 - v0.9 en
VET4SBO Level 2 module 5 - unit 2 - v0.9 enKarel Van Isacker
 
E Commerce052503
E Commerce052503E Commerce052503
E Commerce052503ecommerce
 
CIO IT Audit Survival TNS07
CIO IT Audit Survival TNS07CIO IT Audit Survival TNS07
CIO IT Audit Survival TNS07Thomas Danford
 
Summary ganti 0313
Summary ganti 0313Summary ganti 0313
Summary ganti 0313C.S. Ganti
 
Nivethitha_Murex and Manual Testing_7 yrs
Nivethitha_Murex and Manual Testing_7 yrsNivethitha_Murex and Manual Testing_7 yrs
Nivethitha_Murex and Manual Testing_7 yrsNivethitha Balasubramanian
 
Book 2 chapter-12 manu & non-manufacturing
Book 2 chapter-12 manu & non-manufacturingBook 2 chapter-12 manu & non-manufacturing
Book 2 chapter-12 manu & non-manufacturingGTU
 
Mindtree's Murex service offerings.
Mindtree's Murex service offerings.Mindtree's Murex service offerings.
Mindtree's Murex service offerings.Mindtree Ltd.
 

Recommended

Udream overview 1.0
Udream overview 1.0Udream overview 1.0
Udream overview 1.0cheenmoyprakash
 
VET4SBO Level 2 module 5 - unit 2 - v0.9 en
VET4SBO Level 2 module 5 - unit 2 - v0.9 enVET4SBO Level 2 module 5 - unit 2 - v0.9 en
VET4SBO Level 2 module 5 - unit 2 - v0.9 enKarel Van Isacker
 
E Commerce052503
E Commerce052503E Commerce052503
E Commerce052503ecommerce
 
CIO IT Audit Survival TNS07
CIO IT Audit Survival TNS07CIO IT Audit Survival TNS07
CIO IT Audit Survival TNS07Thomas Danford
 
Summary ganti 0313
Summary ganti 0313Summary ganti 0313
Summary ganti 0313C.S. Ganti
 
Nivethitha_Murex and Manual Testing_7 yrs
Nivethitha_Murex and Manual Testing_7 yrsNivethitha_Murex and Manual Testing_7 yrs
Nivethitha_Murex and Manual Testing_7 yrsNivethitha Balasubramanian
 
Book 2 chapter-12 manu & non-manufacturing
Book 2 chapter-12 manu & non-manufacturingBook 2 chapter-12 manu & non-manufacturing
Book 2 chapter-12 manu & non-manufacturingGTU
 
Mindtree's Murex service offerings.
Mindtree's Murex service offerings.Mindtree's Murex service offerings.
Mindtree's Murex service offerings.Mindtree Ltd.
 
Sagar sen caise2013final
Sagar sen caise2013finalSagar sen caise2013final
Sagar sen caise2013finalcaise2013vlc
 
Scekic caise13-
Scekic caise13-Scekic caise13-
Scekic caise13-caise2013vlc
 
Henning agt talk-caise-semnet
Henning agt talk-caise-semnetHenning agt talk-caise-semnet
Henning agt talk-caise-semnetcaise2013vlc
 
David aguilera presentation
David aguilera presentationDavid aguilera presentation
David aguilera presentationcaise2013vlc
 
Sonja kabicher fuchs presentation-caise13_final
Sonja kabicher fuchs presentation-caise13_finalSonja kabicher fuchs presentation-caise13_final
Sonja kabicher fuchs presentation-caise13_finalcaise2013vlc
 
Peter sawyer caise
Peter sawyer caisePeter sawyer caise
Peter sawyer caisecaise2013vlc
 
Ferreira c ai-se2013-final-handouts
Ferreira c ai-se2013-final-handoutsFerreira c ai-se2013-final-handouts
Ferreira c ai-se2013-final-handoutscaise2013vlc
 
Chatzikonstantinou c ai-se2013_
Chatzikonstantinou c ai-se2013_Chatzikonstantinou c ai-se2013_
Chatzikonstantinou c ai-se2013_caise2013vlc
 
D. vandic caise 2013
D. vandic caise 2013D. vandic caise 2013
D. vandic caise 2013caise2013vlc
 
Andres jimenez c ai-se13 presentation
Andres jimenez c ai-se13 presentationAndres jimenez c ai-se13 presentation
Andres jimenez c ai-se13 presentationcaise2013vlc
 
Jian yu caise13-
Jian yu caise13-Jian yu caise13-
Jian yu caise13-caise2013vlc
 
Michael mrissa c aise
Michael mrissa c aiseMichael mrissa c aise
Michael mrissa c aisecaise2013vlc
 
Jelena zdravkovic c ai-se 2013 capability caas
Jelena zdravkovic c ai-se 2013 capability caasJelena zdravkovic c ai-se 2013 capability caas
Jelena zdravkovic c ai-se 2013 capability caascaise2013vlc
 
Fadila caise2013 vf
Fadila caise2013 vfFadila caise2013 vf
Fadila caise2013 vfcaise2013vlc
 
Kerrstin klemishc c-aise2013_
Kerrstin klemishc c-aise2013_Kerrstin klemishc c-aise2013_
Kerrstin klemishc c-aise2013_caise2013vlc
 
Sagar sen caise2013final
Sagar sen caise2013finalSagar sen caise2013final
Sagar sen caise2013finalcaise2013vlc
 
Tony clark caise 13-presentation
Tony clark caise 13-presentationTony clark caise 13-presentation
Tony clark caise 13-presentationcaise2013vlc
 
Aulas TSI32B - Estrutura, Pesquisa e Ordenação de Dados (TSI UTFPR-Toledo)
Aulas TSI32B - Estrutura, Pesquisa e Ordenação de Dados (TSI UTFPR-Toledo)Aulas TSI32B - Estrutura, Pesquisa e Ordenação de Dados (TSI UTFPR-Toledo)
Aulas TSI32B - Estrutura, Pesquisa e Ordenação de Dados (TSI UTFPR-Toledo)Federal University of Technology - Paraná/Brazil (UTFPR)
 
Aulas TSI33A - Banco de Dados I (TSI UTFPR-Toledo)
Aulas TSI33A - Banco de Dados I (TSI UTFPR-Toledo)Aulas TSI33A - Banco de Dados I (TSI UTFPR-Toledo)
Aulas TSI33A - Banco de Dados I (TSI UTFPR-Toledo)Federal University of Technology - Paraná/Brazil (UTFPR)
 
An introduction to automated analysis of feature models through propositional...
An introduction to automated analysis of feature models through propositional...An introduction to automated analysis of feature models through propositional...
An introduction to automated analysis of feature models through propositional...Federal University of Technology - Paraná/Brazil (UTFPR)
 
What if a hacker has already broken in when your IT auditor is at the door? H...
What if a hacker has already broken in when your IT auditor is at the door? H...What if a hacker has already broken in when your IT auditor is at the door? H...
What if a hacker has already broken in when your IT auditor is at the door? H...akquinet enterprise solutions GmbH
 
Insurance application modernisation
Insurance application modernisationInsurance application modernisation
Insurance application modernisationBrian Maguire
 

More Related Content

Viewers also liked

Sagar sen caise2013final
Sagar sen caise2013finalSagar sen caise2013final
Sagar sen caise2013finalcaise2013vlc
 
Henning agt talk-caise-semnet
Henning agt talk-caise-semnetHenning agt talk-caise-semnet
Henning agt talk-caise-semnetcaise2013vlc
 
David aguilera presentation
David aguilera presentationDavid aguilera presentation
David aguilera presentationcaise2013vlc
 
Sonja kabicher fuchs presentation-caise13_final
Sonja kabicher fuchs presentation-caise13_finalSonja kabicher fuchs presentation-caise13_final
Sonja kabicher fuchs presentation-caise13_finalcaise2013vlc
 
Peter sawyer caise
Peter sawyer caisePeter sawyer caise
Peter sawyer caisecaise2013vlc
 
Ferreira c ai-se2013-final-handouts
Ferreira c ai-se2013-final-handoutsFerreira c ai-se2013-final-handouts
Ferreira c ai-se2013-final-handoutscaise2013vlc
 
Chatzikonstantinou c ai-se2013_
Chatzikonstantinou c ai-se2013_Chatzikonstantinou c ai-se2013_
Chatzikonstantinou c ai-se2013_caise2013vlc
 
D. vandic caise 2013
D. vandic caise 2013D. vandic caise 2013
D. vandic caise 2013caise2013vlc
 
Andres jimenez c ai-se13 presentation
Andres jimenez c ai-se13 presentationAndres jimenez c ai-se13 presentation
Andres jimenez c ai-se13 presentationcaise2013vlc
 
Michael mrissa c aise
Michael mrissa c aiseMichael mrissa c aise
Michael mrissa c aisecaise2013vlc
 
Jelena zdravkovic c ai-se 2013 capability caas
Jelena zdravkovic c ai-se 2013 capability caasJelena zdravkovic c ai-se 2013 capability caas
Jelena zdravkovic c ai-se 2013 capability caascaise2013vlc
 
Fadila caise2013 vf
Fadila caise2013 vfFadila caise2013 vf
Fadila caise2013 vfcaise2013vlc
 
Kerrstin klemishc c-aise2013_
Kerrstin klemishc c-aise2013_Kerrstin klemishc c-aise2013_
Kerrstin klemishc c-aise2013_caise2013vlc
 
Sagar sen caise2013final
Sagar sen caise2013finalSagar sen caise2013final
Sagar sen caise2013finalcaise2013vlc
 
Tony clark caise 13-presentation
Tony clark caise 13-presentationTony clark caise 13-presentation
Tony clark caise 13-presentationcaise2013vlc
 

Viewers also liked (20)

Sagar sen caise2013final
Sagar sen caise2013finalSagar sen caise2013final
Sagar sen caise2013final
 
Scekic caise13-
Scekic caise13-Scekic caise13-
Scekic caise13-
 
Henning agt talk-caise-semnet
Henning agt talk-caise-semnetHenning agt talk-caise-semnet
Henning agt talk-caise-semnet
 
David aguilera presentation
David aguilera presentationDavid aguilera presentation
David aguilera presentation
 
Sonja kabicher fuchs presentation-caise13_final
Sonja kabicher fuchs presentation-caise13_finalSonja kabicher fuchs presentation-caise13_final
Sonja kabicher fuchs presentation-caise13_final
 
Peter sawyer caise
Peter sawyer caisePeter sawyer caise
Peter sawyer caise
 
Ferreira c ai-se2013-final-handouts
Ferreira c ai-se2013-final-handoutsFerreira c ai-se2013-final-handouts
Ferreira c ai-se2013-final-handouts
 
Chatzikonstantinou c ai-se2013_
Chatzikonstantinou c ai-se2013_Chatzikonstantinou c ai-se2013_
Chatzikonstantinou c ai-se2013_
 
D. vandic caise 2013
D. vandic caise 2013D. vandic caise 2013
D. vandic caise 2013
 
Andres jimenez c ai-se13 presentation
Andres jimenez c ai-se13 presentationAndres jimenez c ai-se13 presentation
Andres jimenez c ai-se13 presentation
 
Jian yu caise13-
Jian yu caise13-Jian yu caise13-
Jian yu caise13-
 
Michael mrissa c aise
Michael mrissa c aiseMichael mrissa c aise
Michael mrissa c aise
 
Jelena zdravkovic c ai-se 2013 capability caas
Jelena zdravkovic c ai-se 2013 capability caasJelena zdravkovic c ai-se 2013 capability caas
Jelena zdravkovic c ai-se 2013 capability caas
 
Fadila caise2013 vf
Fadila caise2013 vfFadila caise2013 vf
Fadila caise2013 vf
 
Kerrstin klemishc c-aise2013_
Kerrstin klemishc c-aise2013_Kerrstin klemishc c-aise2013_
Kerrstin klemishc c-aise2013_
 
Sagar sen caise2013final
Sagar sen caise2013finalSagar sen caise2013final
Sagar sen caise2013final
 
Tony clark caise 13-presentation
Tony clark caise 13-presentationTony clark caise 13-presentation
Tony clark caise 13-presentation
 
Aulas TSI32B - Estrutura, Pesquisa e Ordenação de Dados (TSI UTFPR-Toledo)
Aulas TSI32B - Estrutura, Pesquisa e Ordenação de Dados (TSI UTFPR-Toledo)Aulas TSI32B - Estrutura, Pesquisa e Ordenação de Dados (TSI UTFPR-Toledo)
Aulas TSI32B - Estrutura, Pesquisa e Ordenação de Dados (TSI UTFPR-Toledo)
 
Aulas TSI33A - Banco de Dados I (TSI UTFPR-Toledo)
Aulas TSI33A - Banco de Dados I (TSI UTFPR-Toledo)Aulas TSI33A - Banco de Dados I (TSI UTFPR-Toledo)
Aulas TSI33A - Banco de Dados I (TSI UTFPR-Toledo)
 
An introduction to automated analysis of feature models through propositional...
An introduction to automated analysis of feature models through propositional...An introduction to automated analysis of feature models through propositional...
An introduction to automated analysis of feature models through propositional...
 

Similar to Beat liver c-aise-2013_v1-0(final)

What if a hacker has already broken in when your IT auditor is at the door? H...
What if a hacker has already broken in when your IT auditor is at the door? H...What if a hacker has already broken in when your IT auditor is at the door? H...
What if a hacker has already broken in when your IT auditor is at the door? H...akquinet enterprise solutions GmbH
 
Insurance application modernisation
Insurance application modernisationInsurance application modernisation
Insurance application modernisationBrian Maguire
 
BCSCI Rosenblatt 2017 - Mike Pinedo slides
BCSCI Rosenblatt 2017 - Mike Pinedo slidesBCSCI Rosenblatt 2017 - Mike Pinedo slides
BCSCI Rosenblatt 2017 - Mike Pinedo slidesThe Boeing Center
 
Accountant302018presentatie hs march122018
Accountant302018presentatie hs march122018Accountant302018presentatie hs march122018
Accountant302018presentatie hs march122018drs Pieter de Kok RA
 
Temenos Insight Risk
Temenos Insight RiskTemenos Insight Risk
Temenos Insight Riskahmedzafar
 
Bank Branch Statutory Audit
Bank Branch Statutory AuditBank Branch Statutory Audit
Bank Branch Statutory AuditQuadrisk
 
Business continuity planning guide
Business continuity planning guideBusiness continuity planning guide
Business continuity planning guideAstalapulosListestos
 
Business continuity planning guide
Business continuity planning guideBusiness continuity planning guide
Business continuity planning guideCenapSerdarolu
 
Operational Risk Management under BASEL era
Operational Risk Management under BASEL eraOperational Risk Management under BASEL era
Operational Risk Management under BASEL eraTreat Risk
 
The Good, the Bad and the Ugly: A Different Perspective on Identity Governance
The Good, the Bad and the Ugly: A Different Perspective on Identity GovernanceThe Good, the Bad and the Ugly: A Different Perspective on Identity Governance
The Good, the Bad and the Ugly: A Different Perspective on Identity GovernanceIBM Security
 
Nagios Conference 2013 - Jorge Higueros - Trust Management in Monitoring Fina...
Nagios Conference 2013 - Jorge Higueros - Trust Management in Monitoring Fina...Nagios Conference 2013 - Jorge Higueros - Trust Management in Monitoring Fina...
Nagios Conference 2013 - Jorge Higueros - Trust Management in Monitoring Fina...Nagios
 
Operational risk (by ms.sweta vijuraj)
Operational risk (by ms.sweta vijuraj)Operational risk (by ms.sweta vijuraj)
Operational risk (by ms.sweta vijuraj)Saras Singh
 
Trends in Economic Capital Modeling: Curt Burmeister, Head of Buy-Side Produc...
Trends in Economic Capital Modeling: Curt Burmeister, Head of Buy-Side Produc...Trends in Economic Capital Modeling: Curt Burmeister, Head of Buy-Side Produc...
Trends in Economic Capital Modeling: Curt Burmeister, Head of Buy-Side Produc...Graham Jones
 
SOC 2 presentation. Overview of SOC 2 assessment
SOC 2 presentation. Overview of SOC 2 assessmentSOC 2 presentation. Overview of SOC 2 assessment
SOC 2 presentation. Overview of SOC 2 assessmentModu9
 
Why your works council has nothing to fear from SAP security. [Webinar]
Why your works council has nothing to fear from SAP security. [Webinar]Why your works council has nothing to fear from SAP security. [Webinar]
Why your works council has nothing to fear from SAP security. [Webinar]akquinet enterprise solutions GmbH
 
Managed Resilience: Unparalleled Protection for Your IBM i System Availabilit...
Managed Resilience: Unparalleled Protection for Your IBM i System Availabilit...Managed Resilience: Unparalleled Protection for Your IBM i System Availabilit...
Managed Resilience: Unparalleled Protection for Your IBM i System Availabilit...Precisely
 
Assessing Obsolescence
Assessing ObsolescenceAssessing Obsolescence
Assessing ObsolescenceCognizant
 
Cards Performance Testing (Whitepaper)
Cards Performance Testing (Whitepaper)Cards Performance Testing (Whitepaper)
Cards Performance Testing (Whitepaper)Thinksoft Global
 
The programmable RegTech Eco System by Liv Apneseth Watson
The programmable RegTech Eco System by Liv Apneseth WatsonThe programmable RegTech Eco System by Liv Apneseth Watson
The programmable RegTech Eco System by Liv Apneseth WatsonWorkiva
 

Similar to Beat liver c-aise-2013_v1-0(final) (20)

What if a hacker has already broken in when your IT auditor is at the door? H...
What if a hacker has already broken in when your IT auditor is at the door? H...What if a hacker has already broken in when your IT auditor is at the door? H...
What if a hacker has already broken in when your IT auditor is at the door? H...
 
Insurance application modernisation
Insurance application modernisationInsurance application modernisation
Insurance application modernisation
 
BCSCI Rosenblatt 2017 - Mike Pinedo slides
BCSCI Rosenblatt 2017 - Mike Pinedo slidesBCSCI Rosenblatt 2017 - Mike Pinedo slides
BCSCI Rosenblatt 2017 - Mike Pinedo slides
 
Accountant302018presentatie hs march122018
Accountant302018presentatie hs march122018Accountant302018presentatie hs march122018
Accountant302018presentatie hs march122018
 
Temenos Insight Risk
Temenos Insight RiskTemenos Insight Risk
Temenos Insight Risk
 
Bank Branch Statutory Audit
Bank Branch Statutory AuditBank Branch Statutory Audit
Bank Branch Statutory Audit
 
Business continuity planning guide
Business continuity planning guideBusiness continuity planning guide
Business continuity planning guide
 
Business continuity planning guide
Business continuity planning guideBusiness continuity planning guide
Business continuity planning guide
 
Operational Risk Management under BASEL era
Operational Risk Management under BASEL eraOperational Risk Management under BASEL era
Operational Risk Management under BASEL era
 
The Good, the Bad and the Ugly: A Different Perspective on Identity Governance
The Good, the Bad and the Ugly: A Different Perspective on Identity GovernanceThe Good, the Bad and the Ugly: A Different Perspective on Identity Governance
The Good, the Bad and the Ugly: A Different Perspective on Identity Governance
 
Nagios Conference 2013 - Jorge Higueros - Trust Management in Monitoring Fina...
Nagios Conference 2013 - Jorge Higueros - Trust Management in Monitoring Fina...Nagios Conference 2013 - Jorge Higueros - Trust Management in Monitoring Fina...
Nagios Conference 2013 - Jorge Higueros - Trust Management in Monitoring Fina...
 
Operational risk (by ms.sweta vijuraj)
Operational risk (by ms.sweta vijuraj)Operational risk (by ms.sweta vijuraj)
Operational risk (by ms.sweta vijuraj)
 
Trends in Economic Capital Modeling: Curt Burmeister, Head of Buy-Side Produc...
Trends in Economic Capital Modeling: Curt Burmeister, Head of Buy-Side Produc...Trends in Economic Capital Modeling: Curt Burmeister, Head of Buy-Side Produc...
Trends in Economic Capital Modeling: Curt Burmeister, Head of Buy-Side Produc...
 
Agile on Wall Street
Agile on Wall StreetAgile on Wall Street
Agile on Wall Street
 
SOC 2 presentation. Overview of SOC 2 assessment
SOC 2 presentation. Overview of SOC 2 assessmentSOC 2 presentation. Overview of SOC 2 assessment
SOC 2 presentation. Overview of SOC 2 assessment
 
Why your works council has nothing to fear from SAP security. [Webinar]
Why your works council has nothing to fear from SAP security. [Webinar]Why your works council has nothing to fear from SAP security. [Webinar]
Why your works council has nothing to fear from SAP security. [Webinar]
 
Managed Resilience: Unparalleled Protection for Your IBM i System Availabilit...
Managed Resilience: Unparalleled Protection for Your IBM i System Availabilit...Managed Resilience: Unparalleled Protection for Your IBM i System Availabilit...
Managed Resilience: Unparalleled Protection for Your IBM i System Availabilit...
 
Assessing Obsolescence
Assessing ObsolescenceAssessing Obsolescence
Assessing Obsolescence
 
Cards Performance Testing (Whitepaper)
Cards Performance Testing (Whitepaper)Cards Performance Testing (Whitepaper)
Cards Performance Testing (Whitepaper)
 
The programmable RegTech Eco System by Liv Apneseth Watson
The programmable RegTech Eco System by Liv Apneseth WatsonThe programmable RegTech Eco System by Liv Apneseth Watson
The programmable RegTech Eco System by Liv Apneseth Watson
 

More from caise2013vlc

Markus keuneke partial data-models
Markus keuneke partial data-modelsMarkus keuneke partial data-models
Markus keuneke partial data-modelscaise2013vlc
 
Suriadi caise2013 slides
Suriadi caise2013 slidesSuriadi caise2013 slides
Suriadi caise2013 slidescaise2013vlc
 
Razvan petrusel presentation caise 2013
Razvan petrusel presentation caise 2013Razvan petrusel presentation caise 2013
Razvan petrusel presentation caise 2013caise2013vlc
 
Ramezani taghiabadi temporal compliance checking 2
Ramezani taghiabadi temporal compliance checking 2Ramezani taghiabadi temporal compliance checking 2
Ramezani taghiabadi temporal compliance checking 2caise2013vlc
 
Sonja meyer caise 2013
Sonja meyer caise 2013Sonja meyer caise 2013
Sonja meyer caise 2013caise2013vlc
 
Miguel goulao 2013 c-aise
Miguel goulao 2013 c-aiseMiguel goulao 2013 c-aise
Miguel goulao 2013 c-aisecaise2013vlc
 
Jorge cardoso caise-usdl-tosca-2013-06-18c
Jorge cardoso caise-usdl-tosca-2013-06-18cJorge cardoso caise-usdl-tosca-2013-06-18c
Jorge cardoso caise-usdl-tosca-2013-06-18ccaise2013vlc
 
Ignacio panach ormeño et-al_caise2013
Ignacio panach ormeño et-al_caise2013Ignacio panach ormeño et-al_caise2013
Ignacio panach ormeño et-al_caise2013caise2013vlc
 
Malinda scalability c_ai_se_2013_v3
Malinda scalability c_ai_se_2013_v3Malinda scalability c_ai_se_2013_v3
Malinda scalability c_ai_se_2013_v3caise2013vlc
 
Maurino andrea coopetitivecaise2013
Maurino andrea coopetitivecaise2013Maurino andrea coopetitivecaise2013
Maurino andrea coopetitivecaise2013caise2013vlc
 
Moe wynn caise13 presentation
Moe wynn caise13 presentationMoe wynn caise13 presentation
Moe wynn caise13 presentationcaise2013vlc
 
Tommi kramer 2013-06-21-caise-re2-kramer
Tommi kramer 2013-06-21-caise-re2-kramerTommi kramer 2013-06-21-caise-re2-kramer
Tommi kramer 2013-06-21-caise-re2-kramercaise2013vlc
 
Canovas cabot topublish-caise2013-
Canovas cabot topublish-caise2013-Canovas cabot topublish-caise2013-
Canovas cabot topublish-caise2013-caise2013vlc
 
Christoph scuetz caise bmo-olap_2013
Christoph scuetz caise bmo-olap_2013Christoph scuetz caise bmo-olap_2013
Christoph scuetz caise bmo-olap_2013caise2013vlc
 
Christian gierds 2013-06-20-c ai-se
Christian gierds 2013-06-20-c ai-seChristian gierds 2013-06-20-c ai-se
Christian gierds 2013-06-20-c ai-secaise2013vlc
 

More from caise2013vlc (16)

Caise panel
Caise panelCaise panel
Caise panel
 
Markus keuneke partial data-models
Markus keuneke partial data-modelsMarkus keuneke partial data-models
Markus keuneke partial data-models
 
Suriadi caise2013 slides
Suriadi caise2013 slidesSuriadi caise2013 slides
Suriadi caise2013 slides
 
Razvan petrusel presentation caise 2013
Razvan petrusel presentation caise 2013Razvan petrusel presentation caise 2013
Razvan petrusel presentation caise 2013
 
Ramezani taghiabadi temporal compliance checking 2
Ramezani taghiabadi temporal compliance checking 2Ramezani taghiabadi temporal compliance checking 2
Ramezani taghiabadi temporal compliance checking 2
 
Sonja meyer caise 2013
Sonja meyer caise 2013Sonja meyer caise 2013
Sonja meyer caise 2013
 
Miguel goulao 2013 c-aise
Miguel goulao 2013 c-aiseMiguel goulao 2013 c-aise
Miguel goulao 2013 c-aise
 
Jorge cardoso caise-usdl-tosca-2013-06-18c
Jorge cardoso caise-usdl-tosca-2013-06-18cJorge cardoso caise-usdl-tosca-2013-06-18c
Jorge cardoso caise-usdl-tosca-2013-06-18c
 
Ignacio panach ormeño et-al_caise2013
Ignacio panach ormeño et-al_caise2013Ignacio panach ormeño et-al_caise2013
Ignacio panach ormeño et-al_caise2013
 
Malinda scalability c_ai_se_2013_v3
Malinda scalability c_ai_se_2013_v3Malinda scalability c_ai_se_2013_v3
Malinda scalability c_ai_se_2013_v3
 
Maurino andrea coopetitivecaise2013
Maurino andrea coopetitivecaise2013Maurino andrea coopetitivecaise2013
Maurino andrea coopetitivecaise2013
 
Moe wynn caise13 presentation
Moe wynn caise13 presentationMoe wynn caise13 presentation
Moe wynn caise13 presentation
 
Tommi kramer 2013-06-21-caise-re2-kramer
Tommi kramer 2013-06-21-caise-re2-kramerTommi kramer 2013-06-21-caise-re2-kramer
Tommi kramer 2013-06-21-caise-re2-kramer
 
Canovas cabot topublish-caise2013-
Canovas cabot topublish-caise2013-Canovas cabot topublish-caise2013-
Canovas cabot topublish-caise2013-
 
Christoph scuetz caise bmo-olap_2013
Christoph scuetz caise bmo-olap_2013Christoph scuetz caise bmo-olap_2013
Christoph scuetz caise bmo-olap_2013
 
Christian gierds 2013-06-20-c ai-se
Christian gierds 2013-06-20-c ai-seChristian gierds 2013-06-20-c ai-se
Christian gierds 2013-06-20-c ai-se
 

Recently uploaded

Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessSeta Wicaksana
 
India Consumer 2024 Redacted Sample Report
India Consumer 2024 Redacted Sample ReportIndia Consumer 2024 Redacted Sample Report
India Consumer 2024 Redacted Sample ReportMintel Group
 
Future Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted VersionFuture Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted VersionMintel Group
 
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...ictsugar
 
8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCRashishs7044
 
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort ServiceCall US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Servicecallgirls2057
 
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City GurgaonCall Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaoncallgirls2057
 
Kenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby AfricaKenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby Africaictsugar
 
2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis UsageNeil Kimberley
 
Annual General Meeting Presentation Slides
Annual General Meeting Presentation SlidesAnnual General Meeting Presentation Slides
Annual General Meeting Presentation SlidesKeppelCorporation
 
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCRashishs7044
 
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptxContemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptxMarkAnthonyAurellano
 
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607dollysharma2066
 
Buy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy Verified Accounts
 
International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...ssuserf63bd7
 
APRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfAPRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfRbc Rbcua
 
Kenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith PereraKenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith Pereraictsugar
 
Ms Motilal Padampat Sugar Mills vs. State of Uttar Pradesh & Ors. - A Milesto...
Ms Motilal Padampat Sugar Mills vs. State of Uttar Pradesh & Ors. - A Milesto...Ms Motilal Padampat Sugar Mills vs. State of Uttar Pradesh & Ors. - A Milesto...
Ms Motilal Padampat Sugar Mills vs. State of Uttar Pradesh & Ors. - A Milesto...ShrutiBose4
 

Recently uploaded (20)

Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful Business
 
India Consumer 2024 Redacted Sample Report
India Consumer 2024 Redacted Sample ReportIndia Consumer 2024 Redacted Sample Report
India Consumer 2024 Redacted Sample Report
 
Future Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted VersionFuture Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted Version
 
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
 
8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR
 
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort ServiceCall US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
 
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City GurgaonCall Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
 
Kenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby AfricaKenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby Africa
 
2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage
 
Annual General Meeting Presentation Slides
Annual General Meeting Presentation SlidesAnnual General Meeting Presentation Slides
Annual General Meeting Presentation Slides
 
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
 
Corporate Profile 47Billion Information Technology
Corporate Profile 47Billion Information TechnologyCorporate Profile 47Billion Information Technology
Corporate Profile 47Billion Information Technology
 
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptxContemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
 
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
 
Call Us ➥9319373153▻Call Girls In North Goa
Call Us ➥9319373153▻Call Girls In North GoaCall Us ➥9319373153▻Call Girls In North Goa
Call Us ➥9319373153▻Call Girls In North Goa
 
Buy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail Accounts
 
International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...
 
APRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfAPRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdf
 
Kenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith PereraKenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith Perera
 
Ms Motilal Padampat Sugar Mills vs. State of Uttar Pradesh & Ors. - A Milesto...
Ms Motilal Padampat Sugar Mills vs. State of Uttar Pradesh & Ors. - A Milesto...Ms Motilal Padampat Sugar Mills vs. State of Uttar Pradesh & Ors. - A Milesto...
Ms Motilal Padampat Sugar Mills vs. State of Uttar Pradesh & Ors. - A Milesto...
 

Beat liver c-aise-2013_v1-0(final)

  • 1. Integrity in Very Large Information Systems Dealing with Information Risk Black Swans Public, Presentation for CAiSE 2013 June 21, 2013 Beat Liver and Helmut Kaufmann
  • 2. About Credit Suisse One of the world’s leading financial services providers Offers to clients its expertise in – Private Banking – Investment Banking – Asset Management Operates in over 50 countries – Around 550 locations 46,900 employees June 21, 2013Beat Liver and Helmut Kaufmann 2/19
  • 3. Agenda Introduction − Business-critical failures − What is common? How to identify and prevent such failures? − Why is this challenging? Information risk − Integrity risk vs. integrity criticality − Levels of integrity criticality Integrity controls − Minimum bar integrity design standards Integrity controls enhancements − Minimum bar standards limitations − Independent controls (Proof-of-Concept) Experience Conclusions June 21, 2013Beat Liver and Helmut Kaufmann Risk Controls RatingDrivers 3/19
  • 4. Business-critical Failures A trading software bug − generated wrong market orders − resulting in a loss of 440 million USD within 30 minutes After a software change − a payment order processing batch failed. − Around 7 million account holders were impacted. − Sorting out and restoring operations took several weeks A trader inadvertently entered − an order to sell 610'000 shares at 16 Yen a piece instead of 16 shares at 610'000 Yen. − resulting in a loss of up to 100 million USD Source: Risks Digest (see paper) June 21, 2013Beat Liver and Helmut Kaufmann Risk Controls RatingDrivers 4/19 Source WikiMedia, Uwe Kils and Wiska Bodo under Creative Commons license.
  • 5. What is Common? How to identify and prevent business-critical integrity failures? Integrity failure – incorrect data processing − Correct modifications Business expectation − Authorized modifications Integrity understanding mostly used Business-critical impact − Huge financial loss − Enterprise at risk (sometimes) Black Swans characteristics − Unexpected events − Rationalized in hindsight − Hard to foresee June 21, 2013Beat Liver and Helmut Kaufmann Risk Controls RatingDrivers 5/19
  • 6. Why is integrity challenging? Very Large Information Systems in the Financial Services Industry Size − Such as, for instance, more than 6’000 Applications (e.g., red dot) 100’000’000 lines of code 10’000 employees − globally distributed Complexity − Multiple business lines and entities − Functional dependences (e.g., blue lines) − Evolving requirements 24/7, low-latency and volume Regulation (Basle III) − Evolving technology − Economic factors Value-chain / vertical integration Resource constraints − Technical debts Tailor-made IT systems − Custom components June 21, 2013Beat Liver and Helmut Kaufmann Application landscape domain model with an Foreign Exchange (FX) client order application with selected up- and downstream dependencies (i.e., data flow). Risk Controls RatingDrivers 6/19
  • 7. Integrity Risk vs. Integrity Criticality Risk equation assumptions − Statistical basis − History − Number of instances Airplanes, cars, etc. but, very large information systems − Unique, − Diverse − Rapidly evolving Risk assessment implications − Can you assess the probability? − Can you assess the impact? June 21, 2013Beat Liver and Helmut Kaufmann Which scenario is business-critical? a) 10 erroneous payments over 100 Million CHF each to banks b) 10 million erroneous payments over 100 CHF each to individuals on accounts with other banks Risks in above examples • In (a), bank’s return money but a counterparty might default • In (b), a recovery is possible but it costs too much Risk Controls RatingDrivers Probability Impact [CHF] Risk [P x I] Criticality 0.01 1’000.00 10 low 0.001 1’000’000.00 1’000 medium 0.000001 1’000’000’000.00 1’000 high 7/19
  • 8. Medium vs. High Integrity-Criticality Probability (unsuitable parameter) − Rare events Impact defines integrity-criticality − Negative black swans (concave losses) − Possible Losses Recoverable (I-2, normal critical) – Cap on sum of residual possible loss and recovery costs Irrecoverable (I-1, business critical) – Cap on absorbable possible loss given Business Controls Assets at Risk – Business objects – Populations June 21, 2013Beat Liver and Helmut Kaufmann See also [Results from the 2008 Loss Data Collection Exercise, Bank for International Settlements (BIS), July 2009,Table ILD6 - Distribution of Loss Amount by Severity of Loss Risk Controls RatingDrivers Rare Events Possible Loss 0.00 0.10 0.20 0.30 0.40 0.50 0.60 I-2 I-1 Likelihood -6000.00 -5000.00 -4000.00 -3000.00 -2000.00 -1000.00 0.00 8/19
  • 9. Integrity Design Standards Design to ensure that critical data is correctly modified Audience − Solution architects − Application owners Scope − Individual applications rated as normal and business critical differentiation in development, testing and operation In comparison − to industry standards ISO/IEC 17799:2005 practice guide − our standards are Concrete and specific* – Standards infrastructure – Compliance criteria Coherent and complete** Technology agnostic June 21, 2013Beat Liver and Helmut Kaufmann Integrity Design Standard Summary Data aspect, where critical data − Must be identified and defined ** − Must be uniquely identifiable, golden-sourced via services** − Sole identifiers in user interfaces must support validation * Processing aspects, where critical processing must − Log critical steps using standard infrastructure* − Perform a timely reconciliation for exchanged critical data − Use patterns of the standard consistency model* − Use idempotent operations, services and batches** Validation aspects, where applications must on critical data − Automatically validate the input/output plausibility − Use second validation according to the four-eye principle − Specify in service contracts authoritatively-validations** − Resolve plausibility exceptions by sign-off, degraded modes of operation or failure* Recovery aspects, where application must implement − Use backup procedure supporting a timely recovery − Idempotent and restart-able recovery procedures ensuring timely recovery including a integrity validation Risk Controls RatingDrivers Similar to IT Auditing and Controls - A look at Application Controls, Kenneth Magee (InfoSec Resources) 9/19
  • 10. Integrity Controls Enhancements Are the controls effective and efficient? Integrity controls − Controls limitations Devil is in the details (post mortems) – No safety critical-systems methods Costs due to criticality propagation − 2nd version independent controls Abstraction – Critical data attributes only – Approximations are sufficient – Process boundaries only Independent Application landscape − Order business processes External process boundaries – Source (of external commitment) – Interface (to outside) Account booking External payment Internal process boundaries – Aggregation (e.g., position keeping) − Audit trail (design standard) Integrity Controls 2nd Controls I/O Validations Application Landscape Interface Source Order Management Settlement Messaging Gateway Payment Audit Trail Logging Infrastructure ControlsRisk Controls RatingDrivers June 21, 2013Beat Liver and Helmut Kaufmann 10/19
  • 11. Application Landscape Independent Controls Proof-of-Concept Modeling − Application Finite State Machines (FSM) Business objects life-cycle state Business rules define transition conditions − Communications among FSMs Business rules define conditions − What are the benefits? Abstraction for a class of systems Reusability and modularity Automata facilitates criticality rating Validations Engine − Big Data analytics tool − Modular correlation rule sets FSM with its business rules − Tracking life-cycle state in data base Views based on deadlines Reduce log retention duration I/O ValidationInterface Source Order Management Settlemen t Messaging Gateway Payment Audit Trail Logging Infrastructure Communicating FSM Business Rules ControlsRisk Controls RatingDrivers June 21, 2013Beat Liver and Helmut Kaufmann 11/19
  • 12. Experience – Lessons Learned Business/IT Alignment + Understanding (non-functional vs. functional) + Business controls and IT systems Rating and minimum bar standards + Clearer directives and narrower discretion - In-depth interdisciplinary understanding necessary - Challenging institutionalization (comfort zone) Independent controls Proof-of-Concept + Audit trails are suitable, but - Heterogeneous format, representations, etc. - Correlation identifiers segmented and directional + Standards infrastructure suitable with moderate response time requirements (~ 10 s) without automatic intervention (integrity gate) o But, a reliance on independent controls is undesirable! - Manual modeling costly and brittle – the killer criteria Large number of business rules Frequent modifications across the landscape Deliverables Information Risk Assessment Methodology Minimal Bar Design Standards Minimum Bar Standards compliance assessment of around 200 applications world- wide Independent Controls Proof-of-Concept with standard infrastructure and production audit trails ControlsRisk Controls RatingDrivers June 21, 2013Beat Liver and Helmut Kaufmann 12/19
  • 13. Possible Loss I-1 Conclusions In ship fleet operations, watch icebergs. In banking IT, keep an eye on integrity. Very-large banking information systems − What is business-critical? Do business and IT mean the same? − What is integrity? Authorized vs. correct modifications − How to rate the integrity? What is the impact? What are the business controls? How to mange dependencies? − What integrity controls are necessary? How to reduce the effort and increase the assurance level? Are independent controls an option? Outlook − Institutionalization and revision − Research independent controls Independent Risk Controls RatingDrivers June 21, 2013Beat Liver and Helmut Kaufmann 13/19 Source WikiMedia, U. Kils and W. Bodo under Creative Commons license.
  • 14. Appendix June 21, 2013Beat Liver and Helmut Kaufmann 14/19
  • 15. Integrity Criticality Rating 1) Information assets in scope − Financial perspective − Compliance perspective − IT Risk Management perspective 2) Assets at Risk (financial values) − Population of data objects − Small and large attribute-value errors 3) Business controls (using other apps) − Possible financial losses Control check-points (time bounds) − Recoverability Capped residual loss + recovery costs 4) Application Business and IT criticality rating (alignment of understanding) 5) Manage decencies using services − Services offered/required integrity-criticality − Consume services meeting integrity-criticality − Application sub-systems differentiation June 21, 2013Beat Liver and Helmut Kaufmann Drivers Financial Compliance Information Risk Confidentiality Availability Integrity Operation Scope Modifications "Correct" Authorized Data Scope IT Risk Mgmt Compliance Financial Application, Service, ... Business vs. IT Rating Criticality Rating (Risk Assessment) Integrity-criticality Assets at Risk Recoverabilty Business Controls Application, Service, ... Business vs. IT Rating Risk Controls RatingDrivers 15/19
  • 16. Risk-Adjusted Services In a SOA, direct dependencies are sufficient Service functionality − Data service EVENT publisher Read-only ACTION − Data Processing service EVENT consuming demon Write ACTION Note: EVENT/ACTION refer to semantics and not the transport! Service integrity-criticality rating − Determined by application sub-system Adequate service consumption − Service rating equal (or higher) to consumer's − Compensations Service-based dependency management June 21, 2013Beat Liver and Helmut Kaufmann getMarketData updatePosition FX Order Management CRUD Order createSettlement Risk Controls RatingDrivers 16/19
  • 17. Order Example Foreign Exchange Spot Joe Smith buys 1'000'000.00 USD against CHF at a spot exchange rate of 0.9401 USD/CHF on 2013-04-05 07:45 UTC Business object with critical attributes − Order Type: FX Spot − State {new, modified, canceled, matured}: new − Counterparty: Joe Smith − Traded Amount: 1'000'0000.00 USD − Exchange rate: 0.9401 USD/CHF − Trade date: 2013-04-05 07:45 UTC FX Order Management Application − Generates quotes given market data − Order capture, modification and cancellation Create, Read, Update, Delta SOA Service Sends order life-cycle events down-stream − Settlement application − Position management application June 21, 2013Beat Liver and Helmut Kaufmann FX Order Management FX Position Keeping Market Data FX Hedging FX Settlement Payments Messaging Gateway Risk Controls RatingDrivers 17/19
  • 18. Rating Example Foreign Exchange Spot Joe Smith buys 1'000'000.00 USD against CHF at a spot exchange rate of 0.9401 USD/CHF on 2013-04-05 07:45 UTC Business object with critical attributes − Order Type: FX Spot − State {new, modified, canceled, matured}: new − Counterparty: Joe Smith − Traded Amount: 1'000'0000.00 USD − Exchange rate: 0.9401 USD/CHF − Trade date: 2013-04-05 07:45 UTC Asset at Risk: Spot Order population − 1'000 new orders over 1'000'000 € per day − 1 pip markup, i.e., 100'000 € markup per day Data error scenarios - small vs. a few large − Mispricing exchange rate − Duplicate/ missing orders − Duplicate cash settlement payments Business Controls − Are they detective and corrective? − Are possible losses recoverable? June 21, 2013Beat Liver and Helmut Kaufmann Business Control FX Order Management population FX Position Keeping Market Data FX Hedging CRUD Order Volume Profit/Loss FX Settlement Payments Messaging Gateway What is required from consumed service? Risk Controls RatingDrivers 18/19
  • 19. Disclaimer This document was produced for information purposes and is for the exclusive use of the recipient. No guarantee is made regarding reliability or completeness of this document, nor will any liability be accepted for losses that may arise from its use. This document may not be distributed in the United States or given to any US persons (within the meaning of Regulation S under the US Securities Act of 1933, as amended). The same applies in any other jurisdiction except where compliant with the applicable laws. Copyright © 2013 Credit Suisse Group AG and/or its affiliated companies. All rights reserved. June 21, 2013Beat Liver and Helmut Kaufmann 19/19