IT compliance
Upcoming SlideShare
Loading in...5
×
 

IT compliance

on

  • 493 views

 

Statistics

Views

Total Views
493
Views on SlideShare
493
Embed Views
0

Actions

Likes
0
Downloads
14
Comments
0

0 Embeds 0

No embeds

Accessibility

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • A successful E-commerce web-site in Vietnam. It provides the sales off, hotdeal of the different goods, services.
  • Four biggest Audit Firmthe need to generate some new legislation to prevent, detect and correct such aberrations appearsBest way to inspire trust to organizations’ stakeholders or governmental agenciesrequired for an organization to remain legal
  • Compliance: VN rule is Helmet when riding MotorbikeSecurity: Wearing strong helmet + jacket…
  • Regulations: working 9ham – 5hpm, VAT 10%, Laws: Killing people is against the law. Industry-specific: Food, pharmacy industry law suites.
  • Control Objectives for Information and Related Technology (COBIT) is a framework created by ISACA for information technology (IT) management and IT governance. It is a supporting toolset that allows managers to bridge the gap between control requirements, technical issues and business risks.Committee of Sponsoring Organizations (COSO): providing thought leadership to executive management and governance entities on critical aspects of organizational governance, business ethics, internal control, enterprise risk management, fraud, and financial reportingSarbanes–Oxley Act (SOX): Enhanced strandards for all U.S. public company boards, management and public accounting firms. Individually certify the accuracy of financial information. Increase the independence of the outside auditors
  • NIST: National Institute of Standards and Technology
  • Compliance policies: Activities creation and dissemination of policies, protection of confidential or sensitive information such as customer data, employee records, financial information, intellectual properties and others.Direct cost – the direct expense outlay to accomplish a given activity.Indirect cost – the amount of time, effort and other organizational resources spent, but not as a direct cash outlay.Opportunity cost – the cost resulting from lost business opportunities as a result of compliance infractions that diminish the organization’s reputation and goodwill.

IT compliance IT compliance Presentation Transcript

  • IT COMPLIANCE Group 8: - Phan Dinh Vuong - Vuong Tat Khang Instructor: Prof.Dr.Martin Knahl
  • Compliance means? Obey, follow the laws, rules, demands,etc.
  • Big Deal Source: hotdeal.vn 18/08/2013
  • Question mark Question 1: Can we export this successful model of “HOTDEAL” Service to Germany?
  • Question 2: If the “Hotdeal” service is at highest level of IT security (data protection, encryption, etc.). Would it be sufficient to export to Germany? Question mark
  • 1. Why IT Compliance. 2. What is IT Compliance. 3. Framework, standards, practices 4. How to Assess IT Compliance 5. Cost framework of IT Compliance 6. Compliance Vs Non-Compliance. 7. Practical Results from market research. Main Points
  • ENRON Scandal 2001
  • THE BIG FOURONCE WAS THE BIG FIVE Source: http://www.articula.us/blog/wp-content/uploads/2012/07/Big4Logos.jpg http://cdn.list25.com/wp-content/uploads/2013/01/Slide79.jpg http://static1.businessinsider.com/image/4ae49adf0000000000a1ac51-1200/enron-broadband.jpg
  • BIG FOUR’S SECURITY SURVEY (IN 2006) Source: Ernst & Young. 2006 Global Information Security Survey. Technical report, 2006. Available at http://www.ey.com/global/assets.nsf/International/TSRS_-_GISS_2006/$file/EY_GISS2006.pdf. Trend 4 Trend 5 Trend 6 The impact of compliance continues to grow. Compliance is promoting teaming between information security and other functional business groups. Compliance is improving information security.
  • - Laws, rules and regulations (could be industry specific) - Considered as mandatory Example: National Data Protection Acts, Informatic and liberty Law, Financial Security law, SOX, EUROSoX, Basel II, HIPPA, - Standards, Frameworks and Security Practices. - Optimization perspective Example: ISO 9000, ISO 13335, ISO 17799:2005, ISO 2700x, COBIT, COSO etc.
  • Source: http://www.j4vv4d.com/wp-content/uploads/2011/10/secVcomp.jpg http://www.redspin.com/blog/wp-content/uploads//2011/05/SECvsCOMP.png Focus on validating of following the Rules Static and slow to be updated Focus on protection Dynamic
  • IT Compliance types Regulation Compliance • E.g. working 9ham – 5hpm, VAT 10% Legal (Law) Compliance • E.g:Killing people is against the law Industry-specific Compliance • Food, pharmacy industry law suites
  • IT Compliance frameworks, standards, practices SOX • Enhanced standards certify accuracy of financial info COSO • Mgmt & governance critical aspects: risk mgmt, fraud,etc. COBIT • Best practice Framework for IT Mgmt & IT Governance ISO 9000, ISO 2700x, etc.
  • Typical Information Security Compliance Assessement Source: Tashi, Igli. (2009). Regulatory Compliance and Information
  • INTER-RELATIONSHIP
  • • Regulatory penalties. • Brand damages. • Loss of customer’s trust. Source: http://learnatvivid.files.wordpress.com/2012/07/non_compliance_costs.jpg
  • Findings from Market research - Conduct independent research on privacy, data protection and information security policy - Benchmark study 2011. - 46 multinational companies - 160 functional leaders (CFO, CIO, etc).
  • Framework Source: Ponemon Institute| Benchmark Study | January 2011
  • Cost comparison Compliance cost Vs Non-compliance cost?
  • Framework Source: Ponemon Institute| Benchmark Study | January 2011
  • IT Appliance Cost Framework Source: Ponemon Institute| Benchmark Study | January 2011
  • WHAT AFFECTS COST OF COMPLIANCE & NON- COMPLIANCE? •Industry & organizational size •Laws & regulations are main drivers for investment
  • COMPLIANCE & NON-COMPLIANCE SUPPORT •Effective security strategy  Lower cost of non-compliance •On-going internal Compliance audits  reduce total cost of Compliance.
  • GAP BETWEEN COMPLIANCE & NON-COMPLIANCE COST •Related to number of records lost or stolen in data breaches (break/compromise the laws)
  • 10 EFFECTIVENESS ATTRIBUTES 1. Appoint high-level individual to lead compliance 2. Ensure over-sight compliance activities 3. Budget to meet goals, objectives 4. Cross-functional committee oversee local requirements 5. Implement metrics. 6. Senior executives receive critical reports, crisis level. 7. Reduce risk in business & threats of change. 8. Keep pace between changing workforce & security.
  • Summary 1. Why IT Compliance. 2. What is IT Compliance. 3. Framework, standards, practices 4. How to Assess IT Compliance 5. Cost framework of IT Compliance 6. Compliance Vs Non-Compliance. 7. Practical Results from market research.
  • Q&A
  • THANK YOU!
  • REFERENCES • Tashi, Igli. (2009). Regulatory Compliance and Information Security. IEEE. • Ponemon Institute (2011). The True Cost of Compliance. Benchmark Study of Multinational Organizations. • Big Four’s Security Survey: Ernst & Young. Global Information Security Survey, Technical report, 2006.