• Like
2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)
Upcoming SlideShare
Loading in...5
×

2011 IIA Pittsburgh Grant Thornton LLP Presentation (Nov 2011)

  • 273 views
Uploaded on

Emerging Technology - Risks and Challenges

Emerging Technology - Risks and Challenges

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
273
On Slideshare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
1
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Emerging Technology Challenges and Solutions for Internal Audit and Compliance
    Danny Miller, CISA, CGEIT, CRISC, ITIL, QSA
    Principal
  • 2. Topics
    Current Technology Landscape
    Emerging Technology
    Cloud computing
    Mobile computing
    Cybersecurity
    Potential IA Complexities
    Solutions
    What’s Next?
  • 3. Current Technology Landscape
    On-premise hardware, software, and management
    Support may be on-shore, near-shore or off-shore
  • 4. Current Technology Landscape (continued)
    Localized processes and controls
    Prompt remediation when required
    Clear data ownership
    Straightforward compliance approach
  • 5. Current Technology Landscape (continued)
    Challenges/benefits
    It's expensive and requires a lot of overhead
    Difficult to scale and react quickly
    Significant embedded cost structure
    Inflexible to meet business need
    Easier to maintain audit trail
  • 6. Emerging Technology Trends
    Spending on public IT cloud services will grow at more than five times the rate of the IT industry in 2011-2012
    Enterprise IT planners begin to include cloud-computing expertise in some of their job searches to be prepared for the projects of the short-term and mid-term future
    Hosted private clouds will outnumber internal clouds 3:1…But service providers have been incrementally ready.
    Cloud management and monitoring will fuel enterprise cloud adoption
    32% of CIOs expect virtualization to be their top investment in 2011
  • 7. Emerging Technology
    Cloud computing
    Saas, PaaS, IaaS, DaaS
    Mobile computing
    Mobile platforms that are blurring the line between a hand-held and complex computing
    Data analytics
    Master Data Management
    Cybersecurity
    Trends
  • 8. Emerging Technology Platforms (continued)
    Models of Cloud:
    • Software as a Service(SaaS)
    • 9. Software applications delivered over the Internet
    • 10. Platform as a Service (PaaS)
    • 11. Full or partial operating system/development environment delivered over the Internet
    • 12. Infrastructure as a Service (IaaS)
    • 13. Computer infrastructure delivered over the Internet
    • 14. Desktop as a Service (DaaS)
    • 15. Virtualization of desktop systems serving thin clients, delivered over the Internet or a private Cloud
    Types of Clouds
    • Public
    • 16. Shared computer resources provided by an off-site third-party provider
    • 17. Private
    • 18. Dedicated computer resources provided by an off-site third-party or use of Cloud technologies on a private internal network
    • 19. Hybrid
    • 20. Consisting of multiple public and private Clouds
  • Emerging Technology Platforms (continued)
    Public Cloud
    Private Cloud
  • 21. Emerging Technology Platforms (continued)
    Cloud computing – Hybrid cloud
  • 22. Emerging Technology Platforms (continued)
    Mobile computing
  • 23. Emerging Technology Platforms (continued)
    Mobile computing is:
    Wireless
    Utilizes tablet platforms and smartphones
    Internet-based
    Communication via 4G and WiFi
    Scaled applications
  • 24. Potential New IA Complexity
    Cloud computing
    Availability & performance
    Business continuity
    Cybersecurity
    Data encryption
    Privacy (especially in Healthcare & Life Sciences)
  • 25. Potential New IA Complexity (continued)
    Cloud computing (continued)
    Compliance
    FISMA
    HIPAA
    SOX
    PCI DSS (card payments)
    EU Data Protection Directive, et al.
  • 26. Potential New IA Complexity (continued)
    Mobile computing
    Security (physical and virtual)
    Data ownership
    Service interruption and recovery
    Data archiving
    Availability
  • 27. Potential New IA Complexity (continued)
    Mobile computing
    WiFi/4G security
    Surveillance and access control
    Availability
    Data ownership and recovery
    Auditability
    Bluetooth “hijacking”
    AIDC
  • 28. Solutions
    Cloud computing
    Demand good security in the contract with provider
    Have a "return of data" plan at end of contract
    Know where the data is and who has access
    Deploy a layered security architecture
    Assess and inventory risks
    Conduct annual security policy audits
    Deploy and authenticate user credentials
    Encrypt all stored data (P2P encryption)
    Actively manage passwords and segregation of duties
    Implement layered firewalls
  • 29. Solutions (continued)
    Mobile computing
    Encrypt all WiFi access
    Clarify data ownership
    Implement service interruption plan
    Disable Bluetooth communications
    Deploy device specific security software
    Encrypt all communications
  • 30. What’s Next?
    Distributed computing (the Cloud)
    Cybersecurity & Privacy focus
    Virtualization
    Advanced IA tools
    Analytics
    Provenance engines
    Enhanced hardware firewalls
    Advanced encryption technology
    New data segregation and security standards
    Secure digital communications
    Standards such as ITIL, COBIT and PCI are integrating and are now complimentary
  • 31. What’s Next? (PCI Data Security Standards v2.0)
  • 32. What’s Next? (PCI Data Security Standards v2.0)
  • 33. What’s Next? (PCI Data Security Standards v2.0)
  • 34. What’s Next? (Enterprise Master Data Management)
    • Companies are awash in data, but which data is the right data to use? Data grows by 50%+ each year.
    • 35. Company leadership needs "one version of the truth" on dashboards, reports and in analytical datasets.
    • 36. Internal Audit and Compliance departments should be concerned about controls, availability, integrity and quality of data.
    • 37. Conceptually:
    • 38. Data and information are valuable corporate assets and should be treated as such
    • 39. Data must be managed carefully and should have quality, integrity, security and availability addressed.
  • What’s Next? (Enterprise Master Data Management)
    MDM is the management of an institution’s fundamental data that is shared across multiple business units, everything from project budgets to donor contacts to employee contact information. You can think of master data as all of the enterprise data (people, places, things and activities) that the institution needs to conduct its business.
    The goal of MDM, consequently, is to ensure the accuracy, consistency and availability of this data to the various business users.
    We believe that all organizations would benefit greatly from creating a strategy for MDM and implementing an MDM program in light of its current state and an organization's future data and information needs.
  • 40. What’s Next? (Enterprise Master Data Management)
    Table 1: Scope of Data Management
  • 41. What’s Next? (Data Governance Activities)
    • Establish institutional data standards
    • 42. Identify and resolve data disputes
    • 43. Implement necessary changes to data standards and policies
    • 44. Communicate actions to the organization as appropriate
    • 45. Ensure accountability of institutional data policies and standards
    • 46. Escalate issues to Governance Team as necessary
  • Questions?
  • 47. Emerging Technology Challenges for Internal Audit and Compliance
    Danny Miller, CISA, CGEIT, CRISC, ITIL, QSA
    National Solutions Lead – Cybersecurity
    Regional Solutions Lead – Business Consulting
    Principal, Grant Thornton LLP
    Danny.Miller@us.gt.com
    http://grantthornton.com/