SlideShare a Scribd company logo

Internal Audit’s Contribution to the Effectiveness of Information Security Management in Bakirkoy Municipality

G
Gokhan Polat

This presentation was released as a speech by Gokhan POLAT in "3rd. Annual Internal Audit Event in Thessaloniki/Greece" on 19.05.2017.

Business
1 of 34
Download to read offline
INTERNAL AUDIT’S CONTRIBUTION TOTHE EFFECTIVENESS OF INFORMATION SECURITY MANAGEMENT IN BAKIRKOY MUNICIPALITY Gokhan POLAT Head of Internal Audit in Bakirkoy Municipality/TURKEY
TOPICS TO BE COVERED 1. Information Security 2. Information Security Efforts in Bakirkoy Municipality 3. Internal Audit’s Contribution toThe Information Security Efforts
The Institute of Internal Auditors ofTurkey (TIDE) • founded in 1995, • member of IIA and ECIIA, • carries out activities for recognition of profession and assuring professional development.
Bakirkoy Municipality
Bakirkoy Municipality • 32 square kilometers land area • 223.300 citizens • consists of 24 directorates • 2080 labours • 2017 budget 106.882.000 $
INFORMATION • Technology has become integral to the organization’s operations and plays a key role in these actions.
• …information technology functions as an enabler to achieve e-government or e-business, and to avoid or reduce relevant risks.
'Information is an asset which, like other important business assets, has value to an organization and consequently needs to be suitably protected’ BS ISO 27002:2005
Information security is the protection of information from a wide range of threats in order to ensure; - business continuity, - minimize business risk, - and maximize return on investments and business opportunities.
ISO 27002:2005 defines information security as the preservation of…
FAILURE TO SECURE INFORMATION COULD RESULT IN; • Security breaches, both detected and undetected, • Breach of trust with other organizations, • Violations of legal and regulatory requirements, • Damage to the enterprise’s reputation, • Financial loss.
• Information Security Management System (ISMS) is a systematic and structured approach to managing information and keeping it secure.
Information security frameworks  ISO/IEC 27001:2013 Information Security Management System  Security and Privacy Controls for Federal Information Systems and Organizations NIST Special Publication 800-53  The IIA GTAG 15: Information Security Governance (2010)  ISACA Cybersecurity Nexus
ISO/IEC 27001:2013 14 Control Categories (Domain/ Control Area)
Activities for INFOSEC in Bakirkoy Municipality • ISMS, • Sustainability Project, • Continues vulnerability scanning.
• Bakirkoy Municipality is the first public agency that gained ISO/IEC 27001:2013 certification. • ISO/IEC 27001:2013 certificate was gained for;  managing operational risks,  achieving high levels of legislative and regulatory compliance,  and managing vulnerabilities and threats.
Activities conducted in the scope of ISO/IEC 27001:2013 • Determination of the information security risks. • Designing and implementation a coherent and comprehensive suite of information security controls • Conducting audits at planned intervals (every three monthes) • External audit once in a year • Information security awareness programs for personnel
SUSTAINABILITY PROJECT • Currently a «Sustainability Project» has begun in March 2017. • This project aimed to ensure Bakirkoy municipality to produce one combined financial, environmental and governance report that can illustrate how it is creating value over time.
APPLICATIONS USED BY CITIZENS AND LABOURS • TERACITY • TERADESK • NETCAD
Internal Audit Function CONSULTING ASSURANCE INTERNAL AUDIT
2017 Audit Universe • 330 processes to audit 2015 Audit Universe • 74 processes to audit In 2017 Audit Plan; • Focused on IT processes • In all audit missions, tests exist to check information security controls
INTERNAL AUDIT DEPARTMENT • taking part in developing of the information security strategy and policy. • conducting training activities on the roles and responsibilities of senior management. • preparing reports on risks of current regulatory changes.
INTERNAL AUDIT DEPARTMENT Audits in information security need;  integrated audit approach.  internal auditors with updated skills.
SPECIAL EMPHASIS OF IT AUDITING;  Uniform processing of transactions systemic effect  High percentage of key internal controls relied upon by the organization are likely to be technology driven.  Absence of segregation of functions in IT environment  Potential for errors/frauds – no visible trace  Necessisates increased management supervision  Effectiveness of manual controls depends on controls over computer processing  Transaction trails in digital form
INTERNAL AUDIT DEPARTMENT Currently ‘Management of Enterprise Information Technology Sources’ audit is continuing with the scope of;  Database management  User access management  Backup management  Business continuity planning
INTERNAL AUDIT DEPARTMENT Facilitating awareness programs for the personnel.  Two awareness programs in 2016  One awareness program in 2017
INTERNAL AUDIT DEPARTMENT Monitoring the audits of ISO/IEC 27001:2013 via;  Accompanying to the auditors,  Checking audit reports,  Checking follow-ups on the action plans for nonconformities.
INTERNAL AUDIT DEPARTMENT Monitoring the activities of consulting firms on;  ISMS,  Sustainability Project.
THE BOTTOM LINE For an effective information security, these should be exist;  executive and senior management support.  visible and consistent actions.  employee education and awareness  a culture for protection of organizational value,  independent review of security measures and performance by the internal audit function.
THANKYOUFORLISTENING…

Recommended

Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...
Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...
Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...
IT Governance Ltd
 
IS and IT Auditor Roles in Today's New Economy
IS and IT Auditor Roles in Today's New EconomyIS and IT Auditor Roles in Today's New Economy
IS and IT Auditor Roles in Today's New Economy
Goutama Bachtiar
 
GDPR compliance: getting everyone in the organisation on board
GDPR compliance: getting everyone in the organisation on boardGDPR compliance: getting everyone in the organisation on board
GDPR compliance: getting everyone in the organisation on board
IT Governance Ltd
 
Creating an effective cyber security awareness programme
Creating an effective cyber security awareness programmeCreating an effective cyber security awareness programme
Creating an effective cyber security awareness programme
IT Governance Ltd
 
Business Continuity Management: How to get started
Business Continuity Management: How to get startedBusiness Continuity Management: How to get started
Business Continuity Management: How to get started
IT Governance Ltd
 
ITHI Update
ITHI UpdateITHI Update
ITHI Update
APNIC
 
IT_Governance iia uganda_presentation_ruyooka_2011
IT_Governance iia uganda_presentation_ruyooka_2011IT_Governance iia uganda_presentation_ruyooka_2011
IT_Governance iia uganda_presentation_ruyooka_2011
Ambrose Ruyooka,PMP,CGEIT, CRISC
 
Itir oct0714-network security-en
Itir oct0714-network security-enItir oct0714-network security-en
Itir oct0714-network security-en
KBIZEAU
 

Recommended

Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...
Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...
Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...
IT Governance Ltd
 
IS and IT Auditor Roles in Today's New Economy
IS and IT Auditor Roles in Today's New EconomyIS and IT Auditor Roles in Today's New Economy
IS and IT Auditor Roles in Today's New Economy
Goutama Bachtiar
 
GDPR compliance: getting everyone in the organisation on board
GDPR compliance: getting everyone in the organisation on boardGDPR compliance: getting everyone in the organisation on board
GDPR compliance: getting everyone in the organisation on board
IT Governance Ltd
 
Creating an effective cyber security awareness programme
Creating an effective cyber security awareness programmeCreating an effective cyber security awareness programme
Creating an effective cyber security awareness programme
IT Governance Ltd
 
Business Continuity Management: How to get started
Business Continuity Management: How to get startedBusiness Continuity Management: How to get started
Business Continuity Management: How to get started
IT Governance Ltd
 
ITHI Update
ITHI UpdateITHI Update
ITHI Update
APNIC
 
IT_Governance iia uganda_presentation_ruyooka_2011
IT_Governance iia uganda_presentation_ruyooka_2011IT_Governance iia uganda_presentation_ruyooka_2011
IT_Governance iia uganda_presentation_ruyooka_2011
Ambrose Ruyooka,PMP,CGEIT, CRISC
 
Itir oct0714-network security-en
Itir oct0714-network security-enItir oct0714-network security-en
Itir oct0714-network security-en
KBIZEAU
 
The Business Case for Iot and IIoT for the Manufacturer
The Business Case for Iot and IIoT for the ManufacturerThe Business Case for Iot and IIoT for the Manufacturer
The Business Case for Iot and IIoT for the Manufacturer
USA Firmware, LLC
 
New Security Legislation and its Implications for OSS Management
New Security Legislation and its Implications for OSS ManagementNew Security Legislation and its Implications for OSS Management
New Security Legislation and its Implications for OSS Management
Black Duck by Synopsys
 
New Security Legislation & Its Implications for OSS Management
New Security Legislation & Its Implications for OSS Management New Security Legislation & Its Implications for OSS Management
New Security Legislation & Its Implications for OSS Management
Jerika Phelps
 
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
PECB
 
21. Government, technologies' audit and information systems
21. Government, technologies' audit and information systems 21. Government, technologies' audit and information systems
21. Government, technologies' audit and information systems
Angie Cruz
 
IGF 2020 NRIs Virtual Meeting II
IGF 2020 NRIs Virtual Meeting IIIGF 2020 NRIs Virtual Meeting II
IGF 2020 NRIs Virtual Meeting II
ICT Frame Magazine Pvt. Ltd.
 
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
PECB
 
Reports on Industrial Control Systems’ Cyber Security
Reports on Industrial Control Systems’ Cyber SecurityReports on Industrial Control Systems’ Cyber Security
Reports on Industrial Control Systems’ Cyber Security
A. V. Rajabahadur
 
Resume: The Complete Guide to Cybersecurity Risks and Controls
Resume: The Complete Guide to Cybersecurity Risks and ControlsResume: The Complete Guide to Cybersecurity Risks and Controls
Resume: The Complete Guide to Cybersecurity Risks and Controls
Rd. R. Agung Trimanda
 
International Journal of Information Technologies & Intelligent Information S...
International Journal of Information Technologies & Intelligent Information S...International Journal of Information Technologies & Intelligent Information S...
International Journal of Information Technologies & Intelligent Information S...
ijfcst journal
 
Security as a Strategy
Security as a Strategy Security as a Strategy
Security as a Strategy
James Deiotte
 
AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014
KBIZEAU
 
The general data protection act overview
The general data protection act overviewThe general data protection act overview
The general data protection act overview
Roy Biakpara, MSc.,CISA,CISSP,CISM,ISO27KLA
 
Impacts of FITARA on IT Security & IT Spending
Impacts of FITARA on IT Security & IT SpendingImpacts of FITARA on IT Security & IT Spending
Impacts of FITARA on IT Security & IT Spending
V-Project Management Consulting, LLC
 
Web Application Hacking - The Art of Exploiting Vulnerable Web Application
Web Application Hacking - The Art of Exploiting Vulnerable Web ApplicationWeb Application Hacking - The Art of Exploiting Vulnerable Web Application
Web Application Hacking - The Art of Exploiting Vulnerable Web Application
Eryk Budi Pratama
 
Implementing ISO27001 2013
Implementing ISO27001 2013Implementing ISO27001 2013
Implementing ISO27001 2013
scttmcvy
 
Physical security information management market
Physical security information management marketPhysical security information management market
Physical security information management market
RishabhJain1113
 
williamholscher_03232007
williamholscher_03232007williamholscher_03232007
williamholscher_03232007
William A Holscher MBA PMP
 
CQI-IRCA 27001:2013 Lead Auditor Course
CQI-IRCA 27001:2013 Lead Auditor Course CQI-IRCA 27001:2013 Lead Auditor Course
CQI-IRCA 27001:2013 Lead Auditor Course
Desmond Muchetu
 
Accelerating Regulatory Compliance for IBM i Systems
Accelerating Regulatory Compliance for IBM i SystemsAccelerating Regulatory Compliance for IBM i Systems
Accelerating Regulatory Compliance for IBM i Systems
Precisely
 
PPT Latvia, SIGMA Workshop on Digital Auditing for SAIs, Skopje, November 2019
PPT Latvia, SIGMA Workshop on Digital Auditing for SAIs, Skopje, November 2019 PPT Latvia, SIGMA Workshop on Digital Auditing for SAIs, Skopje, November 2019
PPT Latvia, SIGMA Workshop on Digital Auditing for SAIs, Skopje, November 2019
Support for Improvement in Governance and Management SIGMA
 
National Cyber Security Strategy 2020 DSCI submission.pdf
National Cyber Security Strategy 2020 DSCI submission.pdfNational Cyber Security Strategy 2020 DSCI submission.pdf
National Cyber Security Strategy 2020 DSCI submission.pdf
sri_ias
 

More Related Content

What's hot

The Business Case for Iot and IIoT for the Manufacturer
The Business Case for Iot and IIoT for the ManufacturerThe Business Case for Iot and IIoT for the Manufacturer
The Business Case for Iot and IIoT for the Manufacturer
USA Firmware, LLC
 
New Security Legislation and its Implications for OSS Management
New Security Legislation and its Implications for OSS ManagementNew Security Legislation and its Implications for OSS Management
New Security Legislation and its Implications for OSS Management
Black Duck by Synopsys
 
New Security Legislation & Its Implications for OSS Management
New Security Legislation & Its Implications for OSS Management New Security Legislation & Its Implications for OSS Management
New Security Legislation & Its Implications for OSS Management
Jerika Phelps
 
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
PECB
 
21. Government, technologies' audit and information systems
21. Government, technologies' audit and information systems 21. Government, technologies' audit and information systems
21. Government, technologies' audit and information systems
Angie Cruz
 
IGF 2020 NRIs Virtual Meeting II
IGF 2020 NRIs Virtual Meeting IIIGF 2020 NRIs Virtual Meeting II
IGF 2020 NRIs Virtual Meeting II
ICT Frame Magazine Pvt. Ltd.
 
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
PECB
 
Reports on Industrial Control Systems’ Cyber Security
Reports on Industrial Control Systems’ Cyber SecurityReports on Industrial Control Systems’ Cyber Security
Reports on Industrial Control Systems’ Cyber Security
A. V. Rajabahadur
 
Resume: The Complete Guide to Cybersecurity Risks and Controls
Resume: The Complete Guide to Cybersecurity Risks and ControlsResume: The Complete Guide to Cybersecurity Risks and Controls
Resume: The Complete Guide to Cybersecurity Risks and Controls
Rd. R. Agung Trimanda
 
International Journal of Information Technologies & Intelligent Information S...
International Journal of Information Technologies & Intelligent Information S...International Journal of Information Technologies & Intelligent Information S...
International Journal of Information Technologies & Intelligent Information S...
ijfcst journal
 
Security as a Strategy
Security as a Strategy Security as a Strategy
Security as a Strategy
James Deiotte
 
AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014
KBIZEAU
 
The general data protection act overview
The general data protection act overviewThe general data protection act overview
The general data protection act overview
Roy Biakpara, MSc.,CISA,CISSP,CISM,ISO27KLA
 
Impacts of FITARA on IT Security & IT Spending
Impacts of FITARA on IT Security & IT SpendingImpacts of FITARA on IT Security & IT Spending
Impacts of FITARA on IT Security & IT Spending
V-Project Management Consulting, LLC
 
Web Application Hacking - The Art of Exploiting Vulnerable Web Application
Web Application Hacking - The Art of Exploiting Vulnerable Web ApplicationWeb Application Hacking - The Art of Exploiting Vulnerable Web Application
Web Application Hacking - The Art of Exploiting Vulnerable Web Application
Eryk Budi Pratama
 
Implementing ISO27001 2013
Implementing ISO27001 2013Implementing ISO27001 2013
Implementing ISO27001 2013
scttmcvy
 
Physical security information management market
Physical security information management marketPhysical security information management market
Physical security information management market
RishabhJain1113
 
williamholscher_03232007
williamholscher_03232007williamholscher_03232007
williamholscher_03232007
William A Holscher MBA PMP
 
CQI-IRCA 27001:2013 Lead Auditor Course
CQI-IRCA 27001:2013 Lead Auditor Course CQI-IRCA 27001:2013 Lead Auditor Course
CQI-IRCA 27001:2013 Lead Auditor Course
Desmond Muchetu
 
Accelerating Regulatory Compliance for IBM i Systems
Accelerating Regulatory Compliance for IBM i SystemsAccelerating Regulatory Compliance for IBM i Systems
Accelerating Regulatory Compliance for IBM i Systems
Precisely
 

What's hot (20)

The Business Case for Iot and IIoT for the Manufacturer
The Business Case for Iot and IIoT for the ManufacturerThe Business Case for Iot and IIoT for the Manufacturer
The Business Case for Iot and IIoT for the Manufacturer
 
New Security Legislation and its Implications for OSS Management
New Security Legislation and its Implications for OSS ManagementNew Security Legislation and its Implications for OSS Management
New Security Legislation and its Implications for OSS Management
 
New Security Legislation & Its Implications for OSS Management
New Security Legislation & Its Implications for OSS Management New Security Legislation & Its Implications for OSS Management
New Security Legislation & Its Implications for OSS Management
 
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
 
21. Government, technologies' audit and information systems
21. Government, technologies' audit and information systems 21. Government, technologies' audit and information systems
21. Government, technologies' audit and information systems
 
IGF 2020 NRIs Virtual Meeting II
IGF 2020 NRIs Virtual Meeting IIIGF 2020 NRIs Virtual Meeting II
IGF 2020 NRIs Virtual Meeting II
 
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
 
Reports on Industrial Control Systems’ Cyber Security
Reports on Industrial Control Systems’ Cyber SecurityReports on Industrial Control Systems’ Cyber Security
Reports on Industrial Control Systems’ Cyber Security
 
Resume: The Complete Guide to Cybersecurity Risks and Controls
Resume: The Complete Guide to Cybersecurity Risks and ControlsResume: The Complete Guide to Cybersecurity Risks and Controls
Resume: The Complete Guide to Cybersecurity Risks and Controls
 
International Journal of Information Technologies & Intelligent Information S...
International Journal of Information Technologies & Intelligent Information S...International Journal of Information Technologies & Intelligent Information S...
International Journal of Information Technologies & Intelligent Information S...
 
Security as a Strategy
Security as a Strategy Security as a Strategy
Security as a Strategy
 
AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014
 
The general data protection act overview
The general data protection act overviewThe general data protection act overview
The general data protection act overview
 
Impacts of FITARA on IT Security & IT Spending
Impacts of FITARA on IT Security & IT SpendingImpacts of FITARA on IT Security & IT Spending
Impacts of FITARA on IT Security & IT Spending
 
Web Application Hacking - The Art of Exploiting Vulnerable Web Application
Web Application Hacking - The Art of Exploiting Vulnerable Web ApplicationWeb Application Hacking - The Art of Exploiting Vulnerable Web Application
Web Application Hacking - The Art of Exploiting Vulnerable Web Application
 
Implementing ISO27001 2013
Implementing ISO27001 2013Implementing ISO27001 2013
Implementing ISO27001 2013
 
Physical security information management market
Physical security information management marketPhysical security information management market
Physical security information management market
 
williamholscher_03232007
williamholscher_03232007williamholscher_03232007
williamholscher_03232007
 
CQI-IRCA 27001:2013 Lead Auditor Course
CQI-IRCA 27001:2013 Lead Auditor Course CQI-IRCA 27001:2013 Lead Auditor Course
CQI-IRCA 27001:2013 Lead Auditor Course
 
Accelerating Regulatory Compliance for IBM i Systems
Accelerating Regulatory Compliance for IBM i SystemsAccelerating Regulatory Compliance for IBM i Systems
Accelerating Regulatory Compliance for IBM i Systems
 

Similar to Internal Audit’s Contribution to the Effectiveness of Information Security Management in Bakirkoy Municipality

PPT Latvia, SIGMA Workshop on Digital Auditing for SAIs, Skopje, November 2019
PPT Latvia, SIGMA Workshop on Digital Auditing for SAIs, Skopje, November 2019 PPT Latvia, SIGMA Workshop on Digital Auditing for SAIs, Skopje, November 2019
PPT Latvia, SIGMA Workshop on Digital Auditing for SAIs, Skopje, November 2019
Support for Improvement in Governance and Management SIGMA
 
National Cyber Security Strategy 2020 DSCI submission.pdf
National Cyber Security Strategy 2020 DSCI submission.pdfNational Cyber Security Strategy 2020 DSCI submission.pdf
National Cyber Security Strategy 2020 DSCI submission.pdf
sri_ias
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
itnewsafrica
 
COBIT Intor.pptx
COBIT Intor.pptxCOBIT Intor.pptx
COBIT Intor.pptx
cassimjuma08
 
NGN integrated information security v3 DetikNas
NGN integrated information security v3 DetikNasNGN integrated information security v3 DetikNas
NGN integrated information security v3 DetikNas
Emyana Ruth
 
Digital transformation luiss
Digital transformation luissDigital transformation luiss
Digital transformation luiss
Giuseppe Cardinale Ciccotti
 
WSO2CON 2024 - Building a Digital Government in Uganda
WSO2CON 2024 - Building a Digital Government in UgandaWSO2CON 2024 - Building a Digital Government in Uganda
WSO2CON 2024 - Building a Digital Government in Uganda
WSO2
 
CV of Mohan M
CV of Mohan MCV of Mohan M
CV of Mohan M
Mohan M
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
PECB
 
Bim tek 15 juni 2017 konsep iso27000-2016 smki
Bim tek 15 juni 2017 konsep iso27000-2016 smkiBim tek 15 juni 2017 konsep iso27000-2016 smki
Bim tek 15 juni 2017 konsep iso27000-2016 smki
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
02 sasaran kendali pencapaian tujuan v05
02 sasaran kendali pencapaian tujuan v0502 sasaran kendali pencapaian tujuan v05
02 sasaran kendali pencapaian tujuan v05
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
A Major Revision of the CISRCP Program
A Major Revision of the CISRCP ProgramA Major Revision of the CISRCP Program
A Major Revision of the CISRCP Program
GoogleNewsSubmit
 
Metamorfosis Menuju Auditor Millenial Handal
Metamorfosis Menuju Auditor Millenial HandalMetamorfosis Menuju Auditor Millenial Handal
Metamorfosis Menuju Auditor Millenial Handal
The Vision and Insight Corner
 
CV KMBundhoo, August 2016
CV KMBundhoo, August 2016CV KMBundhoo, August 2016
CV KMBundhoo, August 2016
Ramesh Bundhoo, PLC Senior, DMS, BSc(Hons), F.MIoD, MBCS
 
IT Risk assessment and Audit Planning
IT Risk assessment and Audit PlanningIT Risk assessment and Audit Planning
IT Risk assessment and Audit Planning
goreankush1
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101
Erick Kish, U.S. Commercial Service
 
It Governance in time of Covid-19
It Governance in time of Covid-19It Governance in time of Covid-19
It Governance in time of Covid-19
Rudy Shoushany
 
Professional Experience
Professional ExperienceProfessional Experience
Professional Experience
khurshed khair
 
CVARaikanya
CVARaikanyaCVARaikanya
CVARaikanya
Andrew Raikanya
 
Minnesota iGov a report by the State Chief Information Officer Gopal Khanna
Minnesota iGov a report by the State Chief Information Officer Gopal KhannaMinnesota iGov a report by the State Chief Information Officer Gopal Khanna
Minnesota iGov a report by the State Chief Information Officer Gopal Khanna
Gopal Khanna
 

Similar to Internal Audit’s Contribution to the Effectiveness of Information Security Management in Bakirkoy Municipality (20)

PPT Latvia, SIGMA Workshop on Digital Auditing for SAIs, Skopje, November 2019
PPT Latvia, SIGMA Workshop on Digital Auditing for SAIs, Skopje, November 2019 PPT Latvia, SIGMA Workshop on Digital Auditing for SAIs, Skopje, November 2019
PPT Latvia, SIGMA Workshop on Digital Auditing for SAIs, Skopje, November 2019
 
National Cyber Security Strategy 2020 DSCI submission.pdf
National Cyber Security Strategy 2020 DSCI submission.pdfNational Cyber Security Strategy 2020 DSCI submission.pdf
National Cyber Security Strategy 2020 DSCI submission.pdf
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
 
COBIT Intor.pptx
COBIT Intor.pptxCOBIT Intor.pptx
COBIT Intor.pptx
 
NGN integrated information security v3 DetikNas
NGN integrated information security v3 DetikNasNGN integrated information security v3 DetikNas
NGN integrated information security v3 DetikNas
 
Digital transformation luiss
Digital transformation luissDigital transformation luiss
Digital transformation luiss
 
WSO2CON 2024 - Building a Digital Government in Uganda
WSO2CON 2024 - Building a Digital Government in UgandaWSO2CON 2024 - Building a Digital Government in Uganda
WSO2CON 2024 - Building a Digital Government in Uganda
 
CV of Mohan M
CV of Mohan MCV of Mohan M
CV of Mohan M
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
 
Bim tek 15 juni 2017 konsep iso27000-2016 smki
Bim tek 15 juni 2017 konsep iso27000-2016 smkiBim tek 15 juni 2017 konsep iso27000-2016 smki
Bim tek 15 juni 2017 konsep iso27000-2016 smki
 
02 sasaran kendali pencapaian tujuan v05
02 sasaran kendali pencapaian tujuan v0502 sasaran kendali pencapaian tujuan v05
02 sasaran kendali pencapaian tujuan v05
 
A Major Revision of the CISRCP Program
A Major Revision of the CISRCP ProgramA Major Revision of the CISRCP Program
A Major Revision of the CISRCP Program
 
Metamorfosis Menuju Auditor Millenial Handal
Metamorfosis Menuju Auditor Millenial HandalMetamorfosis Menuju Auditor Millenial Handal
Metamorfosis Menuju Auditor Millenial Handal
 
CV KMBundhoo, August 2016
CV KMBundhoo, August 2016CV KMBundhoo, August 2016
CV KMBundhoo, August 2016
 
IT Risk assessment and Audit Planning
IT Risk assessment and Audit PlanningIT Risk assessment and Audit Planning
IT Risk assessment and Audit Planning
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101
 
It Governance in time of Covid-19
It Governance in time of Covid-19It Governance in time of Covid-19
It Governance in time of Covid-19
 
Professional Experience
Professional ExperienceProfessional Experience
Professional Experience
 
CVARaikanya
CVARaikanyaCVARaikanya
CVARaikanya
 
Minnesota iGov a report by the State Chief Information Officer Gopal Khanna
Minnesota iGov a report by the State Chief Information Officer Gopal KhannaMinnesota iGov a report by the State Chief Information Officer Gopal Khanna
Minnesota iGov a report by the State Chief Information Officer Gopal Khanna
 

Recently uploaded

Income Tax exemption for Start up : Section 80 IAC
Income Tax exemption for Start up : Section 80 IACIncome Tax exemption for Start up : Section 80 IAC
Income Tax exemption for Start up : Section 80 IAC
CA Dr. Prithvi Ranjan Parhi
 
Recruiting in the Digital Age: A Social Media Masterclass
Recruiting in the Digital Age: A Social Media MasterclassRecruiting in the Digital Age: A Social Media Masterclass
Recruiting in the Digital Age: A Social Media Masterclass
LuanWise
 
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
SOFTTECHHUB
 
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...
my Pandit
 
LA HUG - Video Testimonials with Chynna Morgan - June 2024
LA HUG - Video Testimonials with Chynna Morgan - June 2024LA HUG - Video Testimonials with Chynna Morgan - June 2024
LA HUG - Video Testimonials with Chynna Morgan - June 2024
Lital Barkan
 
Organizational Change Leadership Agile Tour Geneve 2024
Organizational Change Leadership Agile Tour Geneve 2024Organizational Change Leadership Agile Tour Geneve 2024
Organizational Change Leadership Agile Tour Geneve 2024
Kirill Klimov
 
BeMetals Investor Presentation_June 1, 2024.pdf
BeMetals Investor Presentation_June 1, 2024.pdfBeMetals Investor Presentation_June 1, 2024.pdf
BeMetals Investor Presentation_June 1, 2024.pdf
DerekIwanaka1
 
Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...
Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...
Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...
Lviv Startup Club
 
2024-6-01-IMPACTSilver-Corp-Presentation.pdf
2024-6-01-IMPACTSilver-Corp-Presentation.pdf2024-6-01-IMPACTSilver-Corp-Presentation.pdf
2024-6-01-IMPACTSilver-Corp-Presentation.pdf
hartfordclub1
 
Dpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta Matka
Dpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta MatkaDpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta Matka
Dpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta Matka
➒➌➎➏➑➐➋➑➐➐Dpboss Matka Guessing Satta Matka Kalyan Chart Indian Matka
 
Satta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel Chart
Satta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel ChartSatta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel Chart
Satta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel Chart
➒➌➎➏➑➐➋➑➐➐Dpboss Matka Guessing Satta Matka Kalyan Chart Indian Matka
 
Part 2 Deep Dive: Navigating the 2024 Slowdown
Part 2 Deep Dive: Navigating the 2024 SlowdownPart 2 Deep Dive: Navigating the 2024 Slowdown
Part 2 Deep Dive: Navigating the 2024 Slowdown
jeffkluth1
 
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challengesEvent Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
Holger Mueller
 
The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...
Adam Smith
 
Mastering B2B Payments Webinar from BlueSnap
Mastering B2B Payments Webinar from BlueSnapMastering B2B Payments Webinar from BlueSnap
Mastering B2B Payments Webinar from BlueSnap
Norma Mushkat Gaffin
 
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s DholeraTata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Avirahi City Dholera
 
Understanding User Needs and Satisfying Them
Understanding User Needs and Satisfying ThemUnderstanding User Needs and Satisfying Them
Understanding User Needs and Satisfying Them
Aggregage
 
ikea_woodgreen_petscharity_cat-alogue_digital.pdf
ikea_woodgreen_petscharity_cat-alogue_digital.pdfikea_woodgreen_petscharity_cat-alogue_digital.pdf
ikea_woodgreen_petscharity_cat-alogue_digital.pdf
agatadrynko
 
Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.
Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.
Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.
AnnySerafinaLove
 
Observation Lab PowerPoint Assignment for TEM 431
Observation Lab PowerPoint Assignment for TEM 431Observation Lab PowerPoint Assignment for TEM 431
Observation Lab PowerPoint Assignment for TEM 431
ecamare2
 

Recently uploaded (20)

Income Tax exemption for Start up : Section 80 IAC
Income Tax exemption for Start up : Section 80 IACIncome Tax exemption for Start up : Section 80 IAC
Income Tax exemption for Start up : Section 80 IAC
 
Recruiting in the Digital Age: A Social Media Masterclass
Recruiting in the Digital Age: A Social Media MasterclassRecruiting in the Digital Age: A Social Media Masterclass
Recruiting in the Digital Age: A Social Media Masterclass
 
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
 
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...
 
LA HUG - Video Testimonials with Chynna Morgan - June 2024
LA HUG - Video Testimonials with Chynna Morgan - June 2024LA HUG - Video Testimonials with Chynna Morgan - June 2024
LA HUG - Video Testimonials with Chynna Morgan - June 2024
 
Organizational Change Leadership Agile Tour Geneve 2024
Organizational Change Leadership Agile Tour Geneve 2024Organizational Change Leadership Agile Tour Geneve 2024
Organizational Change Leadership Agile Tour Geneve 2024
 
BeMetals Investor Presentation_June 1, 2024.pdf
BeMetals Investor Presentation_June 1, 2024.pdfBeMetals Investor Presentation_June 1, 2024.pdf
BeMetals Investor Presentation_June 1, 2024.pdf
 
Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...
Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...
Evgen Osmak: Methods of key project parameters estimation: from the shaman-in...
 
2024-6-01-IMPACTSilver-Corp-Presentation.pdf
2024-6-01-IMPACTSilver-Corp-Presentation.pdf2024-6-01-IMPACTSilver-Corp-Presentation.pdf
2024-6-01-IMPACTSilver-Corp-Presentation.pdf
 
Dpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta Matka
Dpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta MatkaDpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta Matka
Dpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta Matka
 
Satta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel Chart
Satta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel ChartSatta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel Chart
Satta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel Chart
 
Part 2 Deep Dive: Navigating the 2024 Slowdown
Part 2 Deep Dive: Navigating the 2024 SlowdownPart 2 Deep Dive: Navigating the 2024 Slowdown
Part 2 Deep Dive: Navigating the 2024 Slowdown
 
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challengesEvent Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
Event Report - SAP Sapphire 2024 Orlando - lots of innovation and old challenges
 
The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...
 
Mastering B2B Payments Webinar from BlueSnap
Mastering B2B Payments Webinar from BlueSnapMastering B2B Payments Webinar from BlueSnap
Mastering B2B Payments Webinar from BlueSnap
 
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s DholeraTata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
 
Understanding User Needs and Satisfying Them
Understanding User Needs and Satisfying ThemUnderstanding User Needs and Satisfying Them
Understanding User Needs and Satisfying Them
 
ikea_woodgreen_petscharity_cat-alogue_digital.pdf
ikea_woodgreen_petscharity_cat-alogue_digital.pdfikea_woodgreen_petscharity_cat-alogue_digital.pdf
ikea_woodgreen_petscharity_cat-alogue_digital.pdf
 
Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.
Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.
Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.
 
Observation Lab PowerPoint Assignment for TEM 431
Observation Lab PowerPoint Assignment for TEM 431Observation Lab PowerPoint Assignment for TEM 431
Observation Lab PowerPoint Assignment for TEM 431
 

Internal Audit’s Contribution to the Effectiveness of Information Security Management in Bakirkoy Municipality

  • 1. INTERNAL AUDIT’S CONTRIBUTION TOTHE EFFECTIVENESS OF INFORMATION SECURITY MANAGEMENT IN BAKIRKOY MUNICIPALITY Gokhan POLAT Head of Internal Audit in Bakirkoy Municipality/TURKEY
  • 2. TOPICS TO BE COVERED 1. Information Security 2. Information Security Efforts in Bakirkoy Municipality 3. Internal Audit’s Contribution toThe Information Security Efforts
  • 3. The Institute of Internal Auditors ofTurkey (TIDE) • founded in 1995, • member of IIA and ECIIA, • carries out activities for recognition of profession and assuring professional development.
  • 5. Bakirkoy Municipality • 32 square kilometers land area • 223.300 citizens • consists of 24 directorates • 2080 labours • 2017 budget 106.882.000 $
  • 6. INFORMATION • Technology has become integral to the organization’s operations and plays a key role in these actions.
  • 7. • …information technology functions as an enabler to achieve e-government or e-business, and to avoid or reduce relevant risks.
  • 8. 'Information is an asset which, like other important business assets, has value to an organization and consequently needs to be suitably protected’ BS ISO 27002:2005
  • 9. Information security is the protection of information from a wide range of threats in order to ensure; - business continuity, - minimize business risk, - and maximize return on investments and business opportunities.
  • 10. ISO 27002:2005 defines information security as the preservation of…
  • 11. FAILURE TO SECURE INFORMATION COULD RESULT IN; • Security breaches, both detected and undetected, • Breach of trust with other organizations, • Violations of legal and regulatory requirements, • Damage to the enterprise’s reputation, • Financial loss.
  • 12. • Information Security Management System (ISMS) is a systematic and structured approach to managing information and keeping it secure.
  • 13. Information security frameworks  ISO/IEC 27001:2013 Information Security Management System  Security and Privacy Controls for Federal Information Systems and Organizations NIST Special Publication 800-53  The IIA GTAG 15: Information Security Governance (2010)  ISACA Cybersecurity Nexus
  • 14. ISO/IEC 27001:2013 14 Control Categories (Domain/ Control Area)
  • 15. Activities for INFOSEC in Bakirkoy Municipality • ISMS, • Sustainability Project, • Continues vulnerability scanning.
  • 16. • Bakirkoy Municipality is the first public agency that gained ISO/IEC 27001:2013 certification. • ISO/IEC 27001:2013 certificate was gained for;  managing operational risks,  achieving high levels of legislative and regulatory compliance,  and managing vulnerabilities and threats.
  • 17. Activities conducted in the scope of ISO/IEC 27001:2013 • Determination of the information security risks. • Designing and implementation a coherent and comprehensive suite of information security controls • Conducting audits at planned intervals (every three monthes) • External audit once in a year • Information security awareness programs for personnel
  • 18. SUSTAINABILITY PROJECT • Currently a «Sustainability Project» has begun in March 2017. • This project aimed to ensure Bakirkoy municipality to produce one combined financial, environmental and governance report that can illustrate how it is creating value over time.
  • 19. APPLICATIONS USED BY CITIZENS AND LABOURS • TERACITY • TERADESK • NETCAD
  • 20.
  • 21.
  • 22.
  • 24.
  • 25. 2017 Audit Universe • 330 processes to audit 2015 Audit Universe • 74 processes to audit In 2017 Audit Plan; • Focused on IT processes • In all audit missions, tests exist to check information security controls
  • 26. INTERNAL AUDIT DEPARTMENT • taking part in developing of the information security strategy and policy. • conducting training activities on the roles and responsibilities of senior management. • preparing reports on risks of current regulatory changes.
  • 27. INTERNAL AUDIT DEPARTMENT Audits in information security need;  integrated audit approach.  internal auditors with updated skills.
  • 28. SPECIAL EMPHASIS OF IT AUDITING;  Uniform processing of transactions systemic effect  High percentage of key internal controls relied upon by the organization are likely to be technology driven.  Absence of segregation of functions in IT environment  Potential for errors/frauds – no visible trace  Necessisates increased management supervision  Effectiveness of manual controls depends on controls over computer processing  Transaction trails in digital form
  • 29. INTERNAL AUDIT DEPARTMENT Currently ‘Management of Enterprise Information Technology Sources’ audit is continuing with the scope of;  Database management  User access management  Backup management  Business continuity planning
  • 30. INTERNAL AUDIT DEPARTMENT Facilitating awareness programs for the personnel.  Two awareness programs in 2016  One awareness program in 2017
  • 31. INTERNAL AUDIT DEPARTMENT Monitoring the audits of ISO/IEC 27001:2013 via;  Accompanying to the auditors,  Checking audit reports,  Checking follow-ups on the action plans for nonconformities.
  • 32. INTERNAL AUDIT DEPARTMENT Monitoring the activities of consulting firms on;  ISMS,  Sustainability Project.
  • 33. THE BOTTOM LINE For an effective information security, these should be exist;  executive and senior management support.  visible and consistent actions.  employee education and awareness  a culture for protection of organizational value,  independent review of security measures and performance by the internal audit function.