SlideShare a Scribd company logo

Internal Audit’s Contribution to the Effectiveness of Information Security Management in Bakirkoy Municipality

G
Gokhan Polat

This presentation was released as a speech by Gokhan POLAT in "3rd. Annual Internal Audit Event in Thessaloniki/Greece" on 19.05.2017.

Business
1 of 34
Download to read offline
INTERNAL AUDIT’S CONTRIBUTION TOTHE EFFECTIVENESS OF INFORMATION SECURITY MANAGEMENT IN BAKIRKOY MUNICIPALITY Gokhan POLAT Head of Internal Audit in Bakirkoy Municipality/TURKEY
TOPICS TO BE COVERED 1. Information Security 2. Information Security Efforts in Bakirkoy Municipality 3. Internal Audit’s Contribution toThe Information Security Efforts
The Institute of Internal Auditors ofTurkey (TIDE) • founded in 1995, • member of IIA and ECIIA, • carries out activities for recognition of profession and assuring professional development.
Bakirkoy Municipality
Bakirkoy Municipality • 32 square kilometers land area • 223.300 citizens • consists of 24 directorates • 2080 labours • 2017 budget 106.882.000 $
INFORMATION • Technology has become integral to the organization’s operations and plays a key role in these actions.
• …information technology functions as an enabler to achieve e-government or e-business, and to avoid or reduce relevant risks.
'Information is an asset which, like other important business assets, has value to an organization and consequently needs to be suitably protected’ BS ISO 27002:2005
Information security is the protection of information from a wide range of threats in order to ensure; - business continuity, - minimize business risk, - and maximize return on investments and business opportunities.
ISO 27002:2005 defines information security as the preservation of…
FAILURE TO SECURE INFORMATION COULD RESULT IN; • Security breaches, both detected and undetected, • Breach of trust with other organizations, • Violations of legal and regulatory requirements, • Damage to the enterprise’s reputation, • Financial loss.
• Information Security Management System (ISMS) is a systematic and structured approach to managing information and keeping it secure.
Information security frameworks  ISO/IEC 27001:2013 Information Security Management System  Security and Privacy Controls for Federal Information Systems and Organizations NIST Special Publication 800-53  The IIA GTAG 15: Information Security Governance (2010)  ISACA Cybersecurity Nexus
ISO/IEC 27001:2013 14 Control Categories (Domain/ Control Area)
Activities for INFOSEC in Bakirkoy Municipality • ISMS, • Sustainability Project, • Continues vulnerability scanning.
• Bakirkoy Municipality is the first public agency that gained ISO/IEC 27001:2013 certification. • ISO/IEC 27001:2013 certificate was gained for;  managing operational risks,  achieving high levels of legislative and regulatory compliance,  and managing vulnerabilities and threats.
Activities conducted in the scope of ISO/IEC 27001:2013 • Determination of the information security risks. • Designing and implementation a coherent and comprehensive suite of information security controls • Conducting audits at planned intervals (every three monthes) • External audit once in a year • Information security awareness programs for personnel
SUSTAINABILITY PROJECT • Currently a «Sustainability Project» has begun in March 2017. • This project aimed to ensure Bakirkoy municipality to produce one combined financial, environmental and governance report that can illustrate how it is creating value over time.
APPLICATIONS USED BY CITIZENS AND LABOURS • TERACITY • TERADESK • NETCAD
Internal Audit Function CONSULTING ASSURANCE INTERNAL AUDIT
2017 Audit Universe • 330 processes to audit 2015 Audit Universe • 74 processes to audit In 2017 Audit Plan; • Focused on IT processes • In all audit missions, tests exist to check information security controls
INTERNAL AUDIT DEPARTMENT • taking part in developing of the information security strategy and policy. • conducting training activities on the roles and responsibilities of senior management. • preparing reports on risks of current regulatory changes.
INTERNAL AUDIT DEPARTMENT Audits in information security need;  integrated audit approach.  internal auditors with updated skills.
SPECIAL EMPHASIS OF IT AUDITING;  Uniform processing of transactions systemic effect  High percentage of key internal controls relied upon by the organization are likely to be technology driven.  Absence of segregation of functions in IT environment  Potential for errors/frauds – no visible trace  Necessisates increased management supervision  Effectiveness of manual controls depends on controls over computer processing  Transaction trails in digital form
INTERNAL AUDIT DEPARTMENT Currently ‘Management of Enterprise Information Technology Sources’ audit is continuing with the scope of;  Database management  User access management  Backup management  Business continuity planning
INTERNAL AUDIT DEPARTMENT Facilitating awareness programs for the personnel.  Two awareness programs in 2016  One awareness program in 2017
INTERNAL AUDIT DEPARTMENT Monitoring the audits of ISO/IEC 27001:2013 via;  Accompanying to the auditors,  Checking audit reports,  Checking follow-ups on the action plans for nonconformities.
INTERNAL AUDIT DEPARTMENT Monitoring the activities of consulting firms on;  ISMS,  Sustainability Project.
THE BOTTOM LINE For an effective information security, these should be exist;  executive and senior management support.  visible and consistent actions.  employee education and awareness  a culture for protection of organizational value,  independent review of security measures and performance by the internal audit function.
THANKYOUFORLISTENING…

Recommended

Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...
Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...
Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...IT Governance Ltd
 
IS and IT Auditor Roles in Today's New Economy
IS and IT Auditor Roles in Today's New EconomyIS and IT Auditor Roles in Today's New Economy
IS and IT Auditor Roles in Today's New EconomyGoutama Bachtiar
 
GDPR compliance: getting everyone in the organisation on board
GDPR compliance: getting everyone in the organisation on boardGDPR compliance: getting everyone in the organisation on board
GDPR compliance: getting everyone in the organisation on boardIT Governance Ltd
 
Creating an effective cyber security awareness programme
Creating an effective cyber security awareness programmeCreating an effective cyber security awareness programme
Creating an effective cyber security awareness programmeIT Governance Ltd
 
Business Continuity Management: How to get started
Business Continuity Management: How to get startedBusiness Continuity Management: How to get started
Business Continuity Management: How to get startedIT Governance Ltd
 
ITHI Update
ITHI UpdateITHI Update
ITHI UpdateAPNIC
 
IT_Governance iia uganda_presentation_ruyooka_2011
IT_Governance iia uganda_presentation_ruyooka_2011IT_Governance iia uganda_presentation_ruyooka_2011
IT_Governance iia uganda_presentation_ruyooka_2011Ambrose Ruyooka,PMP,CGEIT, CRISC
 
Itir oct0714-network security-en
Itir oct0714-network security-enItir oct0714-network security-en
Itir oct0714-network security-enKBIZEAU
 

Recommended

Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...
Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...
Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...IT Governance Ltd
 
IS and IT Auditor Roles in Today's New Economy
IS and IT Auditor Roles in Today's New EconomyIS and IT Auditor Roles in Today's New Economy
IS and IT Auditor Roles in Today's New EconomyGoutama Bachtiar
 
GDPR compliance: getting everyone in the organisation on board
GDPR compliance: getting everyone in the organisation on boardGDPR compliance: getting everyone in the organisation on board
GDPR compliance: getting everyone in the organisation on boardIT Governance Ltd
 
Creating an effective cyber security awareness programme
Creating an effective cyber security awareness programmeCreating an effective cyber security awareness programme
Creating an effective cyber security awareness programmeIT Governance Ltd
 
Business Continuity Management: How to get started
Business Continuity Management: How to get startedBusiness Continuity Management: How to get started
Business Continuity Management: How to get startedIT Governance Ltd
 
ITHI Update
ITHI UpdateITHI Update
ITHI UpdateAPNIC
 
IT_Governance iia uganda_presentation_ruyooka_2011
IT_Governance iia uganda_presentation_ruyooka_2011IT_Governance iia uganda_presentation_ruyooka_2011
IT_Governance iia uganda_presentation_ruyooka_2011Ambrose Ruyooka,PMP,CGEIT, CRISC
 
Itir oct0714-network security-en
Itir oct0714-network security-enItir oct0714-network security-en
Itir oct0714-network security-enKBIZEAU
 
The Business Case for Iot and IIoT for the Manufacturer
The Business Case for Iot and IIoT for the ManufacturerThe Business Case for Iot and IIoT for the Manufacturer
The Business Case for Iot and IIoT for the ManufacturerUSA Firmware, LLC
 
New Security Legislation and its Implications for OSS Management
New Security Legislation and its Implications for OSS ManagementNew Security Legislation and its Implications for OSS Management
New Security Legislation and its Implications for OSS ManagementBlack Duck by Synopsys
 
New Security Legislation & Its Implications for OSS Management
New Security Legislation & Its Implications for OSS Management New Security Legislation & Its Implications for OSS Management
New Security Legislation & Its Implications for OSS Management Jerika Phelps
 
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowPECB
 
21. Government, technologies' audit and information systems
21. Government, technologies' audit and information systems 21. Government, technologies' audit and information systems
21. Government, technologies' audit and information systems Angie Cruz
 
IGF 2020 NRIs Virtual Meeting II
IGF 2020 NRIs Virtual Meeting IIIGF 2020 NRIs Virtual Meeting II
IGF 2020 NRIs Virtual Meeting IIICT Frame Magazine Pvt. Ltd.
 
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...PECB
 
Reports on Industrial Control Systems’ Cyber Security
Reports on Industrial Control Systems’ Cyber SecurityReports on Industrial Control Systems’ Cyber Security
Reports on Industrial Control Systems’ Cyber SecurityA. V. Rajabahadur
 
Resume: The Complete Guide to Cybersecurity Risks and Controls
Resume: The Complete Guide to Cybersecurity Risks and ControlsResume: The Complete Guide to Cybersecurity Risks and Controls
Resume: The Complete Guide to Cybersecurity Risks and ControlsRd. R. Agung Trimanda
 
International Journal of Information Technologies & Intelligent Information S...
International Journal of Information Technologies & Intelligent Information S...International Journal of Information Technologies & Intelligent Information S...
International Journal of Information Technologies & Intelligent Information S...ijfcst journal
 
Security as a Strategy
Security as a Strategy Security as a Strategy
Security as a Strategy James Deiotte
 
AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014KBIZEAU
 
The general data protection act overview
The general data protection act overviewThe general data protection act overview
The general data protection act overviewRoy Biakpara, MSc.,CISA,CISSP,CISM,ISO27KLA
 
Impacts of FITARA on IT Security & IT Spending
Impacts of FITARA on IT Security & IT SpendingImpacts of FITARA on IT Security & IT Spending
Impacts of FITARA on IT Security & IT SpendingV-Project Management Consulting, LLC
 
Web Application Hacking - The Art of Exploiting Vulnerable Web Application
Web Application Hacking - The Art of Exploiting Vulnerable Web ApplicationWeb Application Hacking - The Art of Exploiting Vulnerable Web Application
Web Application Hacking - The Art of Exploiting Vulnerable Web ApplicationEryk Budi Pratama
 
Implementing ISO27001 2013
Implementing ISO27001 2013Implementing ISO27001 2013
Implementing ISO27001 2013scttmcvy
 
Physical security information management market
Physical security information management marketPhysical security information management market
Physical security information management marketRishabhJain1113
 
williamholscher_03232007
williamholscher_03232007williamholscher_03232007
williamholscher_03232007William A Holscher MBA PMP
 
CQI-IRCA 27001:2013 Lead Auditor Course
CQI-IRCA 27001:2013 Lead Auditor Course CQI-IRCA 27001:2013 Lead Auditor Course
CQI-IRCA 27001:2013 Lead Auditor Course Desmond Muchetu
 
Accelerating Regulatory Compliance for IBM i Systems
Accelerating Regulatory Compliance for IBM i SystemsAccelerating Regulatory Compliance for IBM i Systems
Accelerating Regulatory Compliance for IBM i SystemsPrecisely
 
PPT Latvia, SIGMA Workshop on Digital Auditing for SAIs, Skopje, November 2019
PPT Latvia, SIGMA Workshop on Digital Auditing for SAIs, Skopje, November 2019 PPT Latvia, SIGMA Workshop on Digital Auditing for SAIs, Skopje, November 2019
PPT Latvia, SIGMA Workshop on Digital Auditing for SAIs, Skopje, November 2019 Support for Improvement in Governance and Management SIGMA
 
National Cyber Security Strategy 2020 DSCI submission.pdf
National Cyber Security Strategy 2020 DSCI submission.pdfNational Cyber Security Strategy 2020 DSCI submission.pdf
National Cyber Security Strategy 2020 DSCI submission.pdfsri_ias
 

More Related Content

What's hot

The Business Case for Iot and IIoT for the Manufacturer
The Business Case for Iot and IIoT for the ManufacturerThe Business Case for Iot and IIoT for the Manufacturer
The Business Case for Iot and IIoT for the ManufacturerUSA Firmware, LLC
 
New Security Legislation and its Implications for OSS Management
New Security Legislation and its Implications for OSS ManagementNew Security Legislation and its Implications for OSS Management
New Security Legislation and its Implications for OSS ManagementBlack Duck by Synopsys
 
New Security Legislation & Its Implications for OSS Management
New Security Legislation & Its Implications for OSS Management New Security Legislation & Its Implications for OSS Management
New Security Legislation & Its Implications for OSS Management Jerika Phelps
 
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowPECB
 
21. Government, technologies' audit and information systems
21. Government, technologies' audit and information systems 21. Government, technologies' audit and information systems
21. Government, technologies' audit and information systems Angie Cruz
 
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...PECB
 
Reports on Industrial Control Systems’ Cyber Security
Reports on Industrial Control Systems’ Cyber SecurityReports on Industrial Control Systems’ Cyber Security
Reports on Industrial Control Systems’ Cyber SecurityA. V. Rajabahadur
 
Resume: The Complete Guide to Cybersecurity Risks and Controls
Resume: The Complete Guide to Cybersecurity Risks and ControlsResume: The Complete Guide to Cybersecurity Risks and Controls
Resume: The Complete Guide to Cybersecurity Risks and ControlsRd. R. Agung Trimanda
 
International Journal of Information Technologies & Intelligent Information S...
International Journal of Information Technologies & Intelligent Information S...International Journal of Information Technologies & Intelligent Information S...
International Journal of Information Technologies & Intelligent Information S...ijfcst journal
 
Security as a Strategy
Security as a Strategy Security as a Strategy
Security as a Strategy James Deiotte
 
AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014KBIZEAU
 
Web Application Hacking - The Art of Exploiting Vulnerable Web Application
Web Application Hacking - The Art of Exploiting Vulnerable Web ApplicationWeb Application Hacking - The Art of Exploiting Vulnerable Web Application
Web Application Hacking - The Art of Exploiting Vulnerable Web ApplicationEryk Budi Pratama
 
Implementing ISO27001 2013
Implementing ISO27001 2013Implementing ISO27001 2013
Implementing ISO27001 2013scttmcvy
 
Physical security information management market
Physical security information management marketPhysical security information management market
Physical security information management marketRishabhJain1113
 
CQI-IRCA 27001:2013 Lead Auditor Course
CQI-IRCA 27001:2013 Lead Auditor Course CQI-IRCA 27001:2013 Lead Auditor Course
CQI-IRCA 27001:2013 Lead Auditor Course Desmond Muchetu
 
Accelerating Regulatory Compliance for IBM i Systems
Accelerating Regulatory Compliance for IBM i SystemsAccelerating Regulatory Compliance for IBM i Systems
Accelerating Regulatory Compliance for IBM i SystemsPrecisely
 

What's hot (20)

The Business Case for Iot and IIoT for the Manufacturer
The Business Case for Iot and IIoT for the ManufacturerThe Business Case for Iot and IIoT for the Manufacturer
The Business Case for Iot and IIoT for the Manufacturer
 
New Security Legislation and its Implications for OSS Management
New Security Legislation and its Implications for OSS ManagementNew Security Legislation and its Implications for OSS Management
New Security Legislation and its Implications for OSS Management
 
New Security Legislation & Its Implications for OSS Management
New Security Legislation & Its Implications for OSS Management New Security Legislation & Its Implications for OSS Management
New Security Legislation & Its Implications for OSS Management
 
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
 
21. Government, technologies' audit and information systems
21. Government, technologies' audit and information systems 21. Government, technologies' audit and information systems
21. Government, technologies' audit and information systems
 
IGF 2020 NRIs Virtual Meeting II
IGF 2020 NRIs Virtual Meeting IIIGF 2020 NRIs Virtual Meeting II
IGF 2020 NRIs Virtual Meeting II
 
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
 
Reports on Industrial Control Systems’ Cyber Security
Reports on Industrial Control Systems’ Cyber SecurityReports on Industrial Control Systems’ Cyber Security
Reports on Industrial Control Systems’ Cyber Security
 
Resume: The Complete Guide to Cybersecurity Risks and Controls
Resume: The Complete Guide to Cybersecurity Risks and ControlsResume: The Complete Guide to Cybersecurity Risks and Controls
Resume: The Complete Guide to Cybersecurity Risks and Controls
 
International Journal of Information Technologies & Intelligent Information S...
International Journal of Information Technologies & Intelligent Information S...International Journal of Information Technologies & Intelligent Information S...
International Journal of Information Technologies & Intelligent Information S...
 
Security as a Strategy
Security as a Strategy Security as a Strategy
Security as a Strategy
 
AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014
 
The general data protection act overview
The general data protection act overviewThe general data protection act overview
The general data protection act overview
 
Impacts of FITARA on IT Security & IT Spending
Impacts of FITARA on IT Security & IT SpendingImpacts of FITARA on IT Security & IT Spending
Impacts of FITARA on IT Security & IT Spending
 
Web Application Hacking - The Art of Exploiting Vulnerable Web Application
Web Application Hacking - The Art of Exploiting Vulnerable Web ApplicationWeb Application Hacking - The Art of Exploiting Vulnerable Web Application
Web Application Hacking - The Art of Exploiting Vulnerable Web Application
 
Implementing ISO27001 2013
Implementing ISO27001 2013Implementing ISO27001 2013
Implementing ISO27001 2013
 
Physical security information management market
Physical security information management marketPhysical security information management market
Physical security information management market
 
williamholscher_03232007
williamholscher_03232007williamholscher_03232007
williamholscher_03232007
 
CQI-IRCA 27001:2013 Lead Auditor Course
CQI-IRCA 27001:2013 Lead Auditor Course CQI-IRCA 27001:2013 Lead Auditor Course
CQI-IRCA 27001:2013 Lead Auditor Course
 
Accelerating Regulatory Compliance for IBM i Systems
Accelerating Regulatory Compliance for IBM i SystemsAccelerating Regulatory Compliance for IBM i Systems
Accelerating Regulatory Compliance for IBM i Systems
 

Similar to Internal Audit’s Contribution to the Effectiveness of Information Security Management in Bakirkoy Municipality

National Cyber Security Strategy 2020 DSCI submission.pdf
National Cyber Security Strategy 2020 DSCI submission.pdfNational Cyber Security Strategy 2020 DSCI submission.pdf
National Cyber Security Strategy 2020 DSCI submission.pdfsri_ias
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...itnewsafrica
 
NGN integrated information security v3 DetikNas
NGN integrated information security v3 DetikNasNGN integrated information security v3 DetikNas
NGN integrated information security v3 DetikNasEmyana Ruth
 
CV of Mohan M
CV of Mohan MCV of Mohan M
CV of Mohan MMohan M
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...PECB
 
A Major Revision of the CISRCP Program
A Major Revision of the CISRCP ProgramA Major Revision of the CISRCP Program
A Major Revision of the CISRCP ProgramGoogleNewsSubmit
 
IT Risk assessment and Audit Planning
IT Risk assessment and Audit PlanningIT Risk assessment and Audit Planning
IT Risk assessment and Audit Planninggoreankush1
 
It Governance in time of Covid-19
It Governance in time of Covid-19It Governance in time of Covid-19
It Governance in time of Covid-19Rudy Shoushany
 
Professional Experience
Professional ExperienceProfessional Experience
Professional Experiencekhurshed khair
 
Minnesota iGov a report by the State Chief Information Officer Gopal Khanna
Minnesota iGov a report by the State Chief Information Officer Gopal KhannaMinnesota iGov a report by the State Chief Information Officer Gopal Khanna
Minnesota iGov a report by the State Chief Information Officer Gopal KhannaGopal Khanna
 
100531 it management dpa upload
100531 it management dpa upload100531 it management dpa upload
100531 it management dpa uploadplpictimatec
 

Similar to Internal Audit’s Contribution to the Effectiveness of Information Security Management in Bakirkoy Municipality (20)

PPT Latvia, SIGMA Workshop on Digital Auditing for SAIs, Skopje, November 2019
PPT Latvia, SIGMA Workshop on Digital Auditing for SAIs, Skopje, November 2019 PPT Latvia, SIGMA Workshop on Digital Auditing for SAIs, Skopje, November 2019
PPT Latvia, SIGMA Workshop on Digital Auditing for SAIs, Skopje, November 2019
 
National Cyber Security Strategy 2020 DSCI submission.pdf
National Cyber Security Strategy 2020 DSCI submission.pdfNational Cyber Security Strategy 2020 DSCI submission.pdf
National Cyber Security Strategy 2020 DSCI submission.pdf
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
 
COBIT Intor.pptx
COBIT Intor.pptxCOBIT Intor.pptx
COBIT Intor.pptx
 
NGN integrated information security v3 DetikNas
NGN integrated information security v3 DetikNasNGN integrated information security v3 DetikNas
NGN integrated information security v3 DetikNas
 
Digital transformation luiss
Digital transformation luissDigital transformation luiss
Digital transformation luiss
 
CV of Mohan M
CV of Mohan MCV of Mohan M
CV of Mohan M
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
 
Bim tek 15 juni 2017 konsep iso27000-2016 smki
Bim tek 15 juni 2017 konsep iso27000-2016 smkiBim tek 15 juni 2017 konsep iso27000-2016 smki
Bim tek 15 juni 2017 konsep iso27000-2016 smki
 
02 sasaran kendali pencapaian tujuan v05
02 sasaran kendali pencapaian tujuan v0502 sasaran kendali pencapaian tujuan v05
02 sasaran kendali pencapaian tujuan v05
 
A Major Revision of the CISRCP Program
A Major Revision of the CISRCP ProgramA Major Revision of the CISRCP Program
A Major Revision of the CISRCP Program
 
Metamorfosis Menuju Auditor Millenial Handal
Metamorfosis Menuju Auditor Millenial HandalMetamorfosis Menuju Auditor Millenial Handal
Metamorfosis Menuju Auditor Millenial Handal
 
CV KMBundhoo, August 2016
CV KMBundhoo, August 2016CV KMBundhoo, August 2016
CV KMBundhoo, August 2016
 
IT Risk assessment and Audit Planning
IT Risk assessment and Audit PlanningIT Risk assessment and Audit Planning
IT Risk assessment and Audit Planning
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101
 
It Governance in time of Covid-19
It Governance in time of Covid-19It Governance in time of Covid-19
It Governance in time of Covid-19
 
Professional Experience
Professional ExperienceProfessional Experience
Professional Experience
 
CVARaikanya
CVARaikanyaCVARaikanya
CVARaikanya
 
Minnesota iGov a report by the State Chief Information Officer Gopal Khanna
Minnesota iGov a report by the State Chief Information Officer Gopal KhannaMinnesota iGov a report by the State Chief Information Officer Gopal Khanna
Minnesota iGov a report by the State Chief Information Officer Gopal Khanna
 
100531 it management dpa upload
100531 it management dpa upload100531 it management dpa upload
100531 it management dpa upload
 

Recently uploaded

How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityEric T. Tung
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableDipal Arora
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...Aggregage
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with CultureSeta Wicaksana
 
RSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataRSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataExhibitors Data
 
John Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdfJohn Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdfAmzadHosen3
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayNZSG
 
HONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsHONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsMichael W. Hawkins
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Delhi Call girls
 
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒anilsa9823
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Neil Kimberley
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...lizamodels9
 
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...amitlee9823
 
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Lviv Startup Club
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdfRenandantas16
 
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLMONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLSeo
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Dipal Arora
 
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...Any kyc Account
 

Recently uploaded (20)

How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League City
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with Culture
 
Forklift Operations: Safety through Cartoons
Forklift Operations: Safety through CartoonsForklift Operations: Safety through Cartoons
Forklift Operations: Safety through Cartoons
 
RSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataRSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors Data
 
John Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdfJohn Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdf
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 May
 
HONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsHONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael Hawkins
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
 
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
 
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
 
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
 
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
 
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLMONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
 
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
 

Internal Audit’s Contribution to the Effectiveness of Information Security Management in Bakirkoy Municipality

  • 1. INTERNAL AUDIT’S CONTRIBUTION TOTHE EFFECTIVENESS OF INFORMATION SECURITY MANAGEMENT IN BAKIRKOY MUNICIPALITY Gokhan POLAT Head of Internal Audit in Bakirkoy Municipality/TURKEY
  • 2. TOPICS TO BE COVERED 1. Information Security 2. Information Security Efforts in Bakirkoy Municipality 3. Internal Audit’s Contribution toThe Information Security Efforts
  • 3. The Institute of Internal Auditors ofTurkey (TIDE) • founded in 1995, • member of IIA and ECIIA, • carries out activities for recognition of profession and assuring professional development.
  • 5. Bakirkoy Municipality • 32 square kilometers land area • 223.300 citizens • consists of 24 directorates • 2080 labours • 2017 budget 106.882.000 $
  • 6. INFORMATION • Technology has become integral to the organization’s operations and plays a key role in these actions.
  • 7. • …information technology functions as an enabler to achieve e-government or e-business, and to avoid or reduce relevant risks.
  • 8. 'Information is an asset which, like other important business assets, has value to an organization and consequently needs to be suitably protected’ BS ISO 27002:2005
  • 9. Information security is the protection of information from a wide range of threats in order to ensure; - business continuity, - minimize business risk, - and maximize return on investments and business opportunities.
  • 10. ISO 27002:2005 defines information security as the preservation of…
  • 11. FAILURE TO SECURE INFORMATION COULD RESULT IN; • Security breaches, both detected and undetected, • Breach of trust with other organizations, • Violations of legal and regulatory requirements, • Damage to the enterprise’s reputation, • Financial loss.
  • 12. • Information Security Management System (ISMS) is a systematic and structured approach to managing information and keeping it secure.
  • 13. Information security frameworks  ISO/IEC 27001:2013 Information Security Management System  Security and Privacy Controls for Federal Information Systems and Organizations NIST Special Publication 800-53  The IIA GTAG 15: Information Security Governance (2010)  ISACA Cybersecurity Nexus
  • 14. ISO/IEC 27001:2013 14 Control Categories (Domain/ Control Area)
  • 15. Activities for INFOSEC in Bakirkoy Municipality • ISMS, • Sustainability Project, • Continues vulnerability scanning.
  • 16. • Bakirkoy Municipality is the first public agency that gained ISO/IEC 27001:2013 certification. • ISO/IEC 27001:2013 certificate was gained for;  managing operational risks,  achieving high levels of legislative and regulatory compliance,  and managing vulnerabilities and threats.
  • 17. Activities conducted in the scope of ISO/IEC 27001:2013 • Determination of the information security risks. • Designing and implementation a coherent and comprehensive suite of information security controls • Conducting audits at planned intervals (every three monthes) • External audit once in a year • Information security awareness programs for personnel
  • 18. SUSTAINABILITY PROJECT • Currently a «Sustainability Project» has begun in March 2017. • This project aimed to ensure Bakirkoy municipality to produce one combined financial, environmental and governance report that can illustrate how it is creating value over time.
  • 19. APPLICATIONS USED BY CITIZENS AND LABOURS • TERACITY • TERADESK • NETCAD
  • 20.
  • 21.
  • 22.
  • 24.
  • 25. 2017 Audit Universe • 330 processes to audit 2015 Audit Universe • 74 processes to audit In 2017 Audit Plan; • Focused on IT processes • In all audit missions, tests exist to check information security controls
  • 26. INTERNAL AUDIT DEPARTMENT • taking part in developing of the information security strategy and policy. • conducting training activities on the roles and responsibilities of senior management. • preparing reports on risks of current regulatory changes.
  • 27. INTERNAL AUDIT DEPARTMENT Audits in information security need;  integrated audit approach.  internal auditors with updated skills.
  • 28. SPECIAL EMPHASIS OF IT AUDITING;  Uniform processing of transactions systemic effect  High percentage of key internal controls relied upon by the organization are likely to be technology driven.  Absence of segregation of functions in IT environment  Potential for errors/frauds – no visible trace  Necessisates increased management supervision  Effectiveness of manual controls depends on controls over computer processing  Transaction trails in digital form
  • 29. INTERNAL AUDIT DEPARTMENT Currently ‘Management of Enterprise Information Technology Sources’ audit is continuing with the scope of;  Database management  User access management  Backup management  Business continuity planning
  • 30. INTERNAL AUDIT DEPARTMENT Facilitating awareness programs for the personnel.  Two awareness programs in 2016  One awareness program in 2017
  • 31. INTERNAL AUDIT DEPARTMENT Monitoring the audits of ISO/IEC 27001:2013 via;  Accompanying to the auditors,  Checking audit reports,  Checking follow-ups on the action plans for nonconformities.
  • 32. INTERNAL AUDIT DEPARTMENT Monitoring the activities of consulting firms on;  ISMS,  Sustainability Project.
  • 33. THE BOTTOM LINE For an effective information security, these should be exist;  executive and senior management support.  visible and consistent actions.  employee education and awareness  a culture for protection of organizational value,  independent review of security measures and performance by the internal audit function.