Presentation is loading. Please wait.

Presentation is loading. Please wait.

E-ID: are you (proven) in control? INFORMATION RISK MANAGEMENT DENNIS VAN HAM.

Similar presentations


Presentation on theme: "E-ID: are you (proven) in control? INFORMATION RISK MANAGEMENT DENNIS VAN HAM."— Presentation transcript:

1 e-ID: are you (proven) in control? INFORMATION RISK MANAGEMENT DENNIS VAN HAM

2 © 2006 KPMG EDP Auditors N.V., lid van KPMG International, een Zwitserse coöperatie. Alle rechten voorbehouden. 2 Introduction and setting the scene Identity: who are you? And how can we be sure its you? Access: what are you allowed to do? Business: protection of information is important but please dont bother me; Technology: lots of it available but how reliable is it really? Audit and compliance management: proven in control?

3 © 2006 KPMG EDP Auditors N.V., lid van KPMG International, een Zwitserse coöperatie. Alle rechten voorbehouden. 3 Impact on people – changing threats and fast Man-in-the-Middle Attacks Pharming And More … Trojan Horses Botnets Spyware Malware Keylogging Classic Phishing

4 © 2006 KPMG EDP Auditors N.V., lid van KPMG International, een Zwitserse coöperatie. Alle rechten voorbehouden. 4 People are different and have many e-IDs Hip, 20-something male Thinks hes immune to online fraud Freely gives away his personal information Has a firewall and antivirus Clicks on any link His motto: I grew up with the Internet. Im not afraid of it. Tentative mother of grown children Learning to navigate the Net Considering banking online, but hasnt taken the leap yet Afraid of hackers from news story about ID theft victims Her motto: The Web is complicated! Better to be safe than sorry. Young, traveling businessman with a family Juggles 30 passwords Uses two-factor authentication at work Wonders if its available for his personal accounts His motto: Internet security is key, but I cant carry one more thing Source: RSA Security

5 © 2006 KPMG EDP Auditors N.V., lid van KPMG International, een Zwitserse coöperatie. Alle rechten voorbehouden. 5 Impact on business Compliance SOX, HIPAA, Privacy, BASEL II, FDIC, etc Corporate or IT Governance Lack of clear strategy; Timely implementation of policies or resolutions; Policy enforcement and reporting; Security Protection of intellectual property; Rising administration and helpdesk costs; Complex technologies and application infrastructure.

6 © 2006 KPMG EDP Auditors N.V., lid van KPMG International, een Zwitserse coöperatie. Alle rechten voorbehouden. 6 IT-security survey: six important signals Technology remains very dynamic, proper risk analysis is key but not applied on a large-scale; Insufficient expertise most important motive for outsourcing IT-security; Hacking, viruses and worms significant threats, companies have little insight into the quality of their protection; Authorisation management is structured ineffectively and inefficiently; Continuity management is often organised on paper but it is usually not certain whether it also works well in practice; The growing use of mobile devices requires attention.

7 © 2006 KPMG EDP Auditors N.V., lid van KPMG International, een Zwitserse coöperatie. Alle rechten voorbehouden. 7 Compliance – but not a goal in itself

8 © 2006 KPMG EDP Auditors N.V., lid van KPMG International, een Zwitserse coöperatie. Alle rechten voorbehouden. 8 Complex and getting management attention is difficult

9 © 2006 KPMG EDP Auditors N.V., lid van KPMG International, een Zwitserse coöperatie. Alle rechten voorbehouden. 9 Reality bites – identity and access information everywhere

10 © 2006 KPMG EDP Auditors N.V., lid van KPMG International, een Zwitserse coöperatie. Alle rechten voorbehouden. 10 How does an auditor think?

11 © 2006 KPMG EDP Auditors N.V., lid van KPMG International, een Zwitserse coöperatie. Alle rechten voorbehouden. 11 Identity & Access Management – in a nutshell Significant Integration Effort Required APIs and protocols Frameworks OS and infrastructure Processing Networking Storage Security J2SE/J2EE APIs and protocols Frameworks OS and infrastructure Processing Networking Storage Security Windows/.NET APIs and protocols Frameworks OS and infrastructure Processing Networking Storage Security UNIX/LAMP Authentication Authorization Provisioning Audit Management Meta-Directory Cross Platform Federation

12 © 2006 KPMG EDP Auditors N.V., lid van KPMG International, een Zwitserse coöperatie. Alle rechten voorbehouden. 12 More information? Dennis van Ham Consultant KPMG Information Risk Management Burgemeester Rijnderslaan 20, 1185 MC Amstelveen Postbus 74105, 1070 BC Amsterdam Telefoon +31(0) , Telefax +31 (0) Internet: KPMG Information Risk Management


Download ppt "E-ID: are you (proven) in control? INFORMATION RISK MANAGEMENT DENNIS VAN HAM."

Similar presentations


Ads by Google