¿Y si la seguridad afectara alvalor contable de la empresa?            Antonio Ramos   antonio.ramos@leetsecurity.com     ...
1
CFO (CxOs in general) does not desire     to have any vulnerability inorganization’s corporate information               s...
An accountant is not a treasurer                                   3
An accountant is not a financier                             4
5
This is a realaccountant…                 6
Although these days, look like this…                                       7
8
“No hay deudor sin acreedor, ni acreedor sin deudor”   9
DEBIT   CREDIT             10
Profit  & Loss(P&L)         11
BalanceSheet      12
Financial audit is to verify anddetermine whether the annual accounts(accounting) express the true andfair picture of the ...
14
15
Future Reality Tree                      16
Vulnerabilities not resolved in  corporate’s information systemsreduce assets value proportionally to        vulnerability...
130                                          140     Losses affect to                                Shareholders loss val...
Neither CFO (CxOs in general), nor        sharleholders, do not desire to have any        vulnerability in organization’s ...
20
230       Auditors are liable for their opinions about            organization’s systems security            220Auditors h...
22
23
Exercise controland discipline ofauditing activity[…] and financialauditors, throughtechnical controlsand sanctioningpower...
Fuente: Memoria 2011 del ICAC   25
Organization’s systems security becomes a       subject of responsibility and auditors pay           broader attention to ...
Thank you!!          Antonio Ramos antonio.ramos@leetsecurity.com       @antonio_ramosga                                  27
Upcoming SlideShare
Loading in …5
×

Antonio Ramos - ¿Y si la seguridad afectara al valor contable de la empresa? [Rooted CON 2013]

2,686 views

Published on

La idea es explorar un escenario hipotético en el que, el valor en libros contables de los activos de una empresa se viera afectado por los resultados de las auditorías de seguridad. ¿Cómo actuaría el Consejero Delegado? ¿Cómo cambiaría el rol del auditor? ¿Cuál sería el régimen de responsabilidad de los auditores?

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
2,686
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Antonio Ramos - ¿Y si la seguridad afectara al valor contable de la empresa? [Rooted CON 2013]

  1. 1. ¿Y si la seguridad afectara alvalor contable de la empresa? Antonio Ramos antonio.ramos@leetsecurity.com @antonio_ramosga 0
  2. 2. 1
  3. 3. CFO (CxOs in general) does not desire to have any vulnerability inorganization’s corporate information systems 2
  4. 4. An accountant is not a treasurer 3
  5. 5. An accountant is not a financier 4
  6. 6. 5
  7. 7. This is a realaccountant… 6
  8. 8. Although these days, look like this… 7
  9. 9. 8
  10. 10. “No hay deudor sin acreedor, ni acreedor sin deudor” 9
  11. 11. DEBIT CREDIT 10
  12. 12. Profit & Loss(P&L) 11
  13. 13. BalanceSheet 12
  14. 14. Financial audit is to verify anddetermine whether the annual accounts(accounting) express the true andfair picture of the financial position ofthe audited entity. 13
  15. 15. 14
  16. 16. 15
  17. 17. Future Reality Tree 16
  18. 18. Vulnerabilities not resolved in corporate’s information systemsreduce assets value proportionally to vulnerability severity 17
  19. 19. 130 140 Losses affect to Shareholders loss value oforganization’s share value their shares /financing ability 110 120 Organizations have to Organizations have torecognize losses for asset reduce equity to balance depreciation accounts 100 Severe vulnerabilities reduce assets value 18
  20. 20. Neither CFO (CxOs in general), nor sharleholders, do not desire to have any vulnerability in organization’s corporate information systems 150 160CxOs bonus depends on Shareholders hapiness shares values depends on shares values 130 140 Losses affect to Shareholders loss value oforganization’s share value their shares /financing ability 19
  21. 21. 20
  22. 22. 230 Auditors are liable for their opinions about organization’s systems security 220Auditors have to analyse the security of organization’ssystems prior to provide an opinion 200 210Auditors have to provide an Auditors are liable foropinion about organization’s their opinions assets value 21
  23. 23. 22
  24. 24. 23
  25. 25. Exercise controland discipline ofauditing activity[…] and financialauditors, throughtechnical controlsand sanctioningpower…(R.D 302/1989,art. 2.d) 24
  26. 26. Fuente: Memoria 2011 del ICAC 25
  27. 27. Organization’s systems security becomes a subject of responsibility and auditors pay broader attention to the security assessments they perform. 240 ICAC (or equivalent) will 230 supervise auditor’s opinion Auditors are liable forabout security of information their opinions about systems and could sanction organization’s systemsthem if they do not achieved security minimum quality criteria. 26
  28. 28. Thank you!! Antonio Ramos antonio.ramos@leetsecurity.com @antonio_ramosga 27

×