Presentation is loading. Please wait.

Presentation is loading. Please wait.

Risk Management BUILD WALLS, I WILL GET AROUND THEM.

Published byAracely Twaddle Modified over 9 years ago

Similar presentations

Presentation on theme: "Risk Management BUILD WALLS, I WILL GET AROUND THEM."— Presentation transcript:

1 Risk Management BUILD WALLS, I WILL GET AROUND THEM

2 Abraham Lincoln THE ENEMY WITHIN “At what point then is the approach of danger to be expected? I answer, if it ever reach us, it must spring up amongst us. It cannot come from abroad. If destruction be our lot, we must ourselves be its author and finisher.” THE ENEMY WITHOUT “If I had eight hours to chop down a tree, I’d spend six hour sharpening my ax.”

3 Family of hackers HACKER? CRACKER? BLACK HAT? SCRIPT KIDDIE? INSIDER?

4 Our own survey 2013 - regulatory GOOD REASONS TO ORGANISE 2/3 + reported greater scrutiny from regulators in 2012 20% had faced an issue which led to a regulatory or internal investigation in the last twelve months. 1/3 anticipate will face greater risk in 2013 80% engaged a technology vendor to help identify instances of malfeasance and, in the event of an investigation, to allow them to efficiently retrieve and sift through data quickly and cost-effectively

5 CHINA

6 Greater China Risk Environment Traditionally, security risk in China is rated as “low” At a macro level, much of China is rated as a “medium” risk The medium operational and political risk environment is impacting on the security environment within China Aspects of the security environment therefore pose challenges to business Three significant operational issues that are having a direct impact on security: labour and commercial disputes during restructure information security and protection of intellectual property integrity risks that attract security risks These concerns appear alongside the on-going need to improve physical security, supply chain integrity and business resilience

7 China Corporate Restructuring –risks Government 1.Bureaucratic/regulatory delays and complications 2.Government retaliation 3.Inconsistent government support 4.Intellectual property theft Labour 5.Legal and procedural difficulties 6.Unrest and protests 7.Industrial action 8.Denial of access Direct threats 9.Illegal detention 10.Coercive bargaining 11.Physical intimidation and threats Extreme Major Moderate Minor Insignif. RareUnlikelycredibleLikelyAlmost certain 1 2 3 4 5 6 7 8 9 10 11

8 ENEMY WITHIN

9 Internal investigations - group 1Going covert 2Who to trust 3Where IT is in on it 4Going overt 5Business continuity

10 Internal investigations - individual 1Going covert 2Data privacy 3Using opportunity 4Joining the dots 5Business continuity

11 Pro-active Measures Broad Measures – Strategic Audit and review – Anti-corruption training and compliance – Due Diligence (on partners, agents, suppliers etc) – Compliance lines and whistleblowing – Risk assessment – Practical guidance on detecting ABC red flags and resisting bribery – Endorsements by the board/leadership from the top Electronic evidence Measures Email usage policies Social networking usage policies Data archiving and destruction policies Litigation hold measures Data identification and mapping

12 Vulnerabilities

13 Examples of keywords suggesting fraud??? How to get the evidence suggesting motivations?

14 PRESSURE KEYWORDS Meet the deadline, make sales quota, under the gun, problem, committing, creative, concern, not sure, spread, revise OPPORTUNITY KEYWORDS Override, write off, recognise revenue, correct, appropriate, reserve, misconduct, departing, discount, difficult, fail, critical RATIONALISATION It’s ok, sounds reasonable, I deserve, therefore, find out, get back, find it, figure out, catch, doesn’t make sense RED – worked from experience GREEN – second level Lexical analysis

15 15 Slack space – slack habits THE 3 GOOD “C”S – Care, control and chain of custody THE 3 BAD “C”S – People are candid, casual and careless from time to time Chain of custody – signed documentation that the evidence moved / changed hands Digital currency / IP Addresses / Deleted data / USB history – tell-tale signs

16 ENEMY WITHOUT

17 Four horsemen of the social apocalypse SOCIAL ENGINEERING – Ability to manipulate a person to give you personal and sensitive information FRAUD SCHEMES – using social media to advertise fraud schemes and investment vehicles. Either used as schemes that seem legitimate used to trap and entice potential investors. Another possibility is the use of a fraud scheme to offload counterfeit or stolen goods. PHISING SCHEMES – social media used to gather IDs and passwords to commit identity theft. Send fraudulent links across followers / friends of an account with the hope they will click on the links and be prompted to enter passwords DATA MINING – companies using vast amount of information which is sold either for advertising or market research purposes.

18 Smaller companies more likely than large to have policy 71% of mining, oil and gas industry employers prohibit any use of social media 70% of recruiters and hiring managers use social media to review online information about potential hires. Cisco produced a report stating that 64% of college students would ask about social media usage in a job interview 59% of companies in the media industry encourage the use of social media 53% have a formal policy on social media, of which 65% in retail, 62% manufacturing, 59% biz support, 31% real estate, 29% construction, 36% wholesale trade Social media

19 Social networking Destroy productivity Loss of confidential data Misuse of personal data and privacy concerns Damage to brand or reputation Casual manner of use Once disclosed hard to prevent dissemination Employees become publishers Burden of preservation for regulatory / legal purposes Spoliation of evidence once created Kill or control?

20 Sina Weibo Launched 14 Aug 2009 56.5% OF Microblogging market 300M registered users Similar penetration to Twitter in the US 100M msg / day English version to be further developed (subject to CN law) China

21 Sina 86% of blogging time in China Tencent may be catching up – stats unreliable Verification for “known person” user (similar to Twitter) Top 100 users have 485M followers 5,000 companies use 2,700 media organisations use Blocking of blacklisted terms (manual and automatic) China

22 Hide and follow Jan 5, 2012 Sina launch hide and follow function No longer show up as a follower, following secretly Cyber-stalking issue Sensitive words list Twitter proxy use (Several Regulations on Microblog Development and Administration Enacted by the Beijing Government exist)

23 Who is talking to who LEFT Top ten fans of one persons Weibo blog in any given week RIGHT Potential fans who commented and republished this blogger’s posts (some may be Zombies) Also by geography

24 “Real name” policy March 16, 2012 Sina, Sohu, Netease, Tencent Register name which corresponds to government ID card March 19, 2012 Rumoured “fake number generator” issues Information stored in the identity database for biometric ID cards documents information such as work history, educational background, religion, ethnicity, police record, medical insurance status, landlord's phone number and personal reproductive history.biometric

25 Unstoppable storm 围脖 Scarf around neck (or noose?)

26 People problems You + your top guys Your travellers Your help desk Sub-cons / distributors Social engineering Social media IT updates Aggressive reuse policy Lack of corporate education Move away from Blackberry (preference) Data storage / Cloud

27 Vulnerabilities USB Wifi Bluetooth VPN Mobile device Windows update / other user-installed updates Locally stored data Passwords (brute force attack) Identity theft / keylogging Spear phishing / whaling A security specialist recently said, “Interested in credit card theft? There’s an app for that.”

Download ppt "Risk Management BUILD WALLS, I WILL GET AROUND THEM."

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Red Flags Rule BAS Forum August 18, 2010. What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.

Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
John D. Gregory Ministry of the Attorney General (Ontario) October 29, 2012.

John D. Gregory Ministry of the Attorney General (Ontario) October 29, 2012.
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
1 Getting Beyond Standalone Antivirus to Advanced Threat Protection Eric Schwake Sr. Product Marketing

1 Getting Beyond Standalone Antivirus to Advanced Threat Protection Eric Schwake Sr. Product Marketing
Critical Data Management Indiana University HR Summit April 24, 2014.

Critical Data Management Indiana University HR Summit April 24, 2014.
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.

E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
1 © 2008 Venable LLP Top 5 Technology Legal Traps for Associations Venable LLP August 24, 2010 10:45 AM – 12:00 PM ASAE Annual Meeting Los Angeles, CA.

1 © 2008 Venable LLP Top 5 Technology Legal Traps for Associations Venable LLP August 24, :45 AM – 12:00 PM ASAE Annual Meeting Los Angeles, CA.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
EDiscovery and Records Management. Records Management- Historical Perspective- Paper Historically- Paper was the “Corporate Memory” – a physical entity.

EDiscovery and Records Management. Records Management- Historical Perspective- Paper Historically- Paper was the “Corporate Memory” – a physical entity.
Peter Brudenall & Caroline Evans- Simmons & Simmons Marsh Technology Conference 2005 Zurich, Switzerland. Managing the Security Landscape – Legal and Risk.

Peter Brudenall & Caroline Evans- Simmons & Simmons Marsh Technology Conference 2005 Zurich, Switzerland. Managing the Security Landscape – Legal and Risk.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 1 Introduction to Security.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 1 Introduction to Security.
FIT3105 Security and Identity Management Lecture 1.

FIT3105 Security and Identity Management Lecture 1.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Wonga example Register Question- What risks do you think businesses face due to IT developments?

Wonga example Register Question- What risks do you think businesses face due to IT developments?
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.

Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.
 Digital marketing: Uses digital media to develop communications and exchanges with customers  Electronic media (E-marketing): Refers to the strategic.

 Digital marketing: Uses digital media to develop communications and exchanges with customers  Electronic media (E-marketing): Refers to the strategic.

Similar presentations

Ads by Google