Presentation is loading. Please wait.

Presentation is loading. Please wait.

E-ID: are you (proven) in control? INFORMATION RISK MANAGEMENT DENNIS VAN HAM.

Published bySamantha Walsh Modified over 10 years ago

Similar presentations

Presentation on theme: "E-ID: are you (proven) in control? INFORMATION RISK MANAGEMENT DENNIS VAN HAM."— Presentation transcript:

1 e-ID: are you (proven) in control? INFORMATION RISK MANAGEMENT DENNIS VAN HAM

2 © 2006 KPMG EDP Auditors N.V., lid van KPMG International, een Zwitserse coöperatie. Alle rechten voorbehouden. 2 Introduction and setting the scene Identity: who are you? And how can we be sure its you? Access: what are you allowed to do? Business: protection of information is important but please dont bother me; Technology: lots of it available but how reliable is it really? Audit and compliance management: proven in control?

3 © 2006 KPMG EDP Auditors N.V., lid van KPMG International, een Zwitserse coöperatie. Alle rechten voorbehouden. 3 Impact on people – changing threats and fast Man-in-the-Middle Attacks Pharming And More … Trojan Horses Botnets Spyware Malware Keylogging Classic Phishing 2006200520042003

4 © 2006 KPMG EDP Auditors N.V., lid van KPMG International, een Zwitserse coöperatie. Alle rechten voorbehouden. 4 People are different and have many e-IDs Hip, 20-something male Thinks hes immune to online fraud Freely gives away his personal information Has a firewall and antivirus Clicks on any link His motto: I grew up with the Internet. Im not afraid of it. Tentative mother of grown children Learning to navigate the Net Considering banking online, but hasnt taken the leap yet Afraid of hackers from news story about ID theft victims Her motto: The Web is complicated! Better to be safe than sorry. Young, traveling businessman with a family Juggles 30 passwords Uses two-factor authentication at work Wonders if its available for his personal accounts His motto: Internet security is key, but I cant carry one more thing Source: RSA Security

5 © 2006 KPMG EDP Auditors N.V., lid van KPMG International, een Zwitserse coöperatie. Alle rechten voorbehouden. 5 Impact on business Compliance SOX, HIPAA, Privacy, BASEL II, FDIC, etc Corporate or IT Governance Lack of clear strategy; Timely implementation of policies or resolutions; Policy enforcement and reporting; Security Protection of intellectual property; Rising administration and helpdesk costs; Complex technologies and application infrastructure.

6 © 2006 KPMG EDP Auditors N.V., lid van KPMG International, een Zwitserse coöperatie. Alle rechten voorbehouden. 6 IT-security survey: six important signals Technology remains very dynamic, proper risk analysis is key but not applied on a large-scale; Insufficient expertise most important motive for outsourcing IT-security; Hacking, viruses and worms significant threats, companies have little insight into the quality of their protection; Authorisation management is structured ineffectively and inefficiently; Continuity management is often organised on paper but it is usually not certain whether it also works well in practice; The growing use of mobile devices requires attention.

7 © 2006 KPMG EDP Auditors N.V., lid van KPMG International, een Zwitserse coöperatie. Alle rechten voorbehouden. 7 Compliance – but not a goal in itself

8 © 2006 KPMG EDP Auditors N.V., lid van KPMG International, een Zwitserse coöperatie. Alle rechten voorbehouden. 8 Complex and getting management attention is difficult

9 © 2006 KPMG EDP Auditors N.V., lid van KPMG International, een Zwitserse coöperatie. Alle rechten voorbehouden. 9 Reality bites – identity and access information everywhere

10 © 2006 KPMG EDP Auditors N.V., lid van KPMG International, een Zwitserse coöperatie. Alle rechten voorbehouden. 10 How does an auditor think?

11 © 2006 KPMG EDP Auditors N.V., lid van KPMG International, een Zwitserse coöperatie. Alle rechten voorbehouden. 11 Identity & Access Management – in a nutshell Significant Integration Effort Required APIs and protocols Frameworks OS and infrastructure Processing Networking Storage Security J2SE/J2EE APIs and protocols Frameworks OS and infrastructure Processing Networking Storage Security Windows/.NET APIs and protocols Frameworks OS and infrastructure Processing Networking Storage Security UNIX/LAMP Authentication Authorization Provisioning Audit Management Meta-Directory Cross Platform Federation

12 © 2006 KPMG EDP Auditors N.V., lid van KPMG International, een Zwitserse coöperatie. Alle rechten voorbehouden. 12 More information? Dennis van Ham Consultant KPMG Information Risk Management Burgemeester Rijnderslaan 20, 1185 MC Amstelveen Postbus 74105, 1070 BC Amsterdam Telefoon +31(0)20 6568103, Telefax +31 (0)20 6568388 E-mail: vanham.dennis@kpmg.nl Internet: www.kpmg.nl/irm KPMG Information Risk Management

Download ppt "E-ID: are you (proven) in control? INFORMATION RISK MANAGEMENT DENNIS VAN HAM."

Similar presentations

Understanding the benefits and the risks. Presented by Corey Nachreiner, CISSP BYOD - Bring Your Own Device or Bring Your Own Danger?

Understanding the benefits and the risks. Presented by Corey Nachreiner, CISSP BYOD - Bring Your Own Device or Bring Your Own Danger?
© 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license.

© 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license.
George Tubin Senior Analyst Consumer Banking © 2005 The Tower Group, Inc. May not be reproduced by any means without express permission. All rights reserved.

George Tubin Senior Analyst Consumer Banking © 2005 The Tower Group, Inc. May not be reproduced by any means without express permission. All rights reserved.
Chapter 1  Introduction 1 Chapter 1: Introduction.

Chapter 1  Introduction 1 Chapter 1: Introduction.
4 Information Security.

4 Information Security.
Ethics, Privacy and Information Security

Ethics, Privacy and Information Security
7 Effective Habits when using the Internet Philip O’Kane 1.

7 Effective Habits when using the Internet Philip O’Kane 1.
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
Fundamentals of Information Systems, Second Edition 1 Security, Privacy, and Ethical Issues in Information Systems and the Internet Chapter 9.

Fundamentals of Information Systems, Second Edition 1 Security, Privacy, and Ethical Issues in Information Systems and the Internet Chapter 9.
Cyber check Do you work safely and responsibly online? Do you know about the risks to your cyber security? What are your online responsibilities ? How.

Cyber check Do you work safely and responsibly online? Do you know about the risks to your cyber security? What are your online responsibilities ? How.
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.

McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
January 23-26, 2007 Ft. Lauderdale, Florida IP Communications, Secure – By Design Roger W. Farnsworth.

January 23-26, 2007 Ft. Lauderdale, Florida IP Communications, Secure – By Design Roger W. Farnsworth.
Copyright© 2005-2006 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Tightening the Network: Network.

Copyright© Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Tightening the Network: Network.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.
Network Access Management Trends in IT Applications for Management Prepared by: Ahmed Ibrahim S09761197.

Network Access Management Trends in IT Applications for Management Prepared by: Ahmed Ibrahim S
Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.

Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.
E-Commerce Security and Fraud Issues and Protections

E-Commerce Security and Fraud Issues and Protections
Computer Security 1 Keeping your computer safe. Computer Security 1 Computer Security 1 includes two lessons:  Lesson 1: An overview of computer security.

Computer Security 1 Keeping your computer safe. Computer Security 1 Computer Security 1 includes two lessons:  Lesson 1: An overview of computer security.

Similar presentations

Ads by Google