Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Managing and securing the enterprise

  • Be the first to comment

  • Be the first to like this

Managing and securing the enterprise

  1. 1. Managing and Securing the Enterprise
  2. 2. Securing the EnterpriseInformation resources are distributedthroughout the organization and beyondas Internet and wireless technologiesextend organizational boundaries.Time-to-exploitation of sophisticatedspyware and worms has shrunk frommonths to days.
  3. 3. Time-to-exploitation It is the elapsed time between when a vulnerability is discovered and the time it is exploited.
  4. 4. Regulations Industry Self-Regulations: Payment Card Industry (PCI) Data Security Standard. • Visa • Master Card • American Express • Discover • It is required for all members, merchants, or service providers that store, process, or transmit cardholder data.
  5. 5. Small Business Regulations • Visa The Council USA • Equifax of Better • IBM Business • Verizon Bureaus. • eBay
  6. 6. Cyber-Blackmail Trojan encrypts the data on user’s computer, then the attacker offers to decrypt it for $300 or more.
  7. 7. Why IT Security??
  8. 8. Mistakes Information • Human errorSecurity Forum • System malfunctioningdiscovered that • Failure to understand the effect of the mistakes adding a new piece of software tocaused due to: the rest of the system Led to threats for IT
  9. 9. IT Security & Internal Control Model Senior Securitymanagement procedurescommitment & & support enforcement Security Security policies & tools : training Hardware & software
  10. 10. IS Vulnerabilities & Threats Un- international Threats Computer International Crimes Threats
  11. 11. Un-International Threats Human errors Environmental hazards Computer system failures
  12. 12. International Threats Intentional threat Theft of data Inappropriate use of data Theft of computers Theft of equipments or programs
  13. 13. International ThreatsDeliberate manipulation in handling, entering, processing, transferring or programming data Strikes, riots Malicious damage to computer resources Destruction from viruses and other attacks Miscellaneous computer abuses Internet fraud
  14. 14. Computer CrimesCrime done on theInternet, call cybercrimes.• Hacker • White-hat hackers • Black-hat hackers• Cracker
  15. 15. Methods of attack on computing Data tampering Programming attacks Viruses Worms Zombies Phishing DoS Botnets
  16. 16. Frauds and Computer Crimes Fraud is a serious financial crime involving: Deception Confidence Trickery
  17. 17. Types of Frauds Occupational Fraud Operating management fraud Conflict of interest Bribery Misappropriation Senior management financial reporting fraud Accounting cycle fraud
  18. 18. Fraud prevention and Detection Adelphia Global crossing Tyco
  19. 19. Other crimes Crimes by Flash MP3/MP4Computer drives players
  20. 20. Computer Crimes Identity theft: worst and most prevalent crimes.  Thefts where individuals’ social security and credit card numbers are stolen and used by thieves.  Obtaining information about other people  By stealing wallets  E-sharing and databases
  21. 21. Types of identity crimes Stolen desktop Online, by an ex-employee Computer tapes lost in transit Malicious users Missing backup tapes
  22. 22. Internal control Is the work atmosphere that a company sets for its employees. It is a process designed to achieve:  Reliability of financial reporting  Operational efficiency  Compliance with laws  Regulations and policies  Safeguarding of assets
  23. 23. Frauds to be controlled by ICS Fraud committed against a company Fraud committed for a company
  24. 24. Symptoms Missing documents Delayed bank deposits Holes in accounting records Numerous outstanding checks or bills Disparity between accounts payable and receivable Employees who do not take vacations etc.
  25. 25. -cont.. A large drop in profits Major increase in business with other particular customers. Customers complaining about double billing Repeated duplicate payments Employees with the same address or phone numbers as a vendor
  26. 26. IC procedures and activities Segregation of duties and dual custody Independent checks Proper system of authorization Physical safeguard Documents and records