• Save
Antonio Ramos - ¿Y si la seguridad afectara al valor contable de la empresa? [Rooted CON 2013]
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share

Antonio Ramos - ¿Y si la seguridad afectara al valor contable de la empresa? [Rooted CON 2013]

  • 1,075 views
Uploaded on

La idea es explorar un escenario hipotético en el que, el valor en libros contables de los activos de una empresa se viera afectado por los resultados de las auditorías de seguridad. ¿Cómo actuaría......

La idea es explorar un escenario hipotético en el que, el valor en libros contables de los activos de una empresa se viera afectado por los resultados de las auditorías de seguridad. ¿Cómo actuaría el Consejero Delegado? ¿Cómo cambiaría el rol del auditor? ¿Cuál sería el régimen de responsabilidad de los auditores?

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
1,075
On Slideshare
1,075
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
0
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. ¿Y si la seguridad afectara alvalor contable de la empresa? Antonio Ramos antonio.ramos@leetsecurity.com @antonio_ramosga 0
  • 2. 1
  • 3. CFO (CxOs in general) does not desire to have any vulnerability inorganization’s corporate information systems 2
  • 4. An accountant is not a treasurer 3
  • 5. An accountant is not a financier 4
  • 6. 5
  • 7. This is a realaccountant… 6
  • 8. Although these days, look like this… 7
  • 9. 8
  • 10. “No hay deudor sin acreedor, ni acreedor sin deudor” 9
  • 11. DEBIT CREDIT 10
  • 12. Profit & Loss(P&L) 11
  • 13. BalanceSheet 12
  • 14. Financial audit is to verify anddetermine whether the annual accounts(accounting) express the true andfair picture of the financial position ofthe audited entity. 13
  • 15. 14
  • 16. 15
  • 17. Future Reality Tree 16
  • 18. Vulnerabilities not resolved in corporate’s information systemsreduce assets value proportionally to vulnerability severity 17
  • 19. 130 140 Losses affect to Shareholders loss value oforganization’s share value their shares /financing ability 110 120 Organizations have to Organizations have torecognize losses for asset reduce equity to balance depreciation accounts 100 Severe vulnerabilities reduce assets value 18
  • 20. Neither CFO (CxOs in general), nor sharleholders, do not desire to have any vulnerability in organization’s corporate information systems 150 160CxOs bonus depends on Shareholders hapiness shares values depends on shares values 130 140 Losses affect to Shareholders loss value oforganization’s share value their shares /financing ability 19
  • 21. 20
  • 22. 230 Auditors are liable for their opinions about organization’s systems security 220Auditors have to analyse the security of organization’ssystems prior to provide an opinion 200 210Auditors have to provide an Auditors are liable foropinion about organization’s their opinions assets value 21
  • 23. 22
  • 24. 23
  • 25. Exercise controland discipline ofauditing activity[…] and financialauditors, throughtechnical controlsand sanctioningpower…(R.D 302/1989,art. 2.d) 24
  • 26. Fuente: Memoria 2011 del ICAC 25
  • 27. Organization’s systems security becomes a subject of responsibility and auditors pay broader attention to the security assessments they perform. 240 ICAC (or equivalent) will 230 supervise auditor’s opinion Auditors are liable forabout security of information their opinions about systems and could sanction organization’s systemsthem if they do not achieved security minimum quality criteria. 26
  • 28. Thank you!! Antonio Ramos antonio.ramos@leetsecurity.com @antonio_ramosga 27