Presentation is loading. Please wait.

Presentation is loading. Please wait.

Nishidh, CISSP. To comply with Sarbanes oxley and other legislations To comply with industry standards and business partner requirements To protect.

Published byAlex Guthrie Modified over 10 years ago

Similar presentations

Presentation on theme: "Nishidh, CISSP. To comply with Sarbanes oxley and other legislations To comply with industry standards and business partner requirements To protect."— Presentation transcript:

1 Nishidh, CISSP

2

3 To comply with Sarbanes oxley and other legislations To comply with industry standards and business partner requirements To protect customer information To protect employee data To detect fraud To identify and correct any manual errors To identify hardware or software errors To proactive monitoring infrastructure For business continuity

4

5 Because?

6 People who enjoy our services and products – our customers People who give money to run business – our investors People who run business – our employees

7 Easy security controls for customer applications. Prevent unauthorized disclosure of customer data. Prevent unintended destruction of customer data. Promptly inform customers about security incidents Help customers in taking corrective actions.

8 Protect customers Accurate financial reporting ( Sarbanes Oxley Act ) Give good return on investment ( no over investment on security and effective use of control )

9 Employees require open environment Security control should not reduce productivity. Transparent monitoring Well informed Security Policies

10 We need to invest in security not to just comply with any legislation or meet any industry or partner requirements But We need to invest in security to protect customer, investor and employees. This is a TRUST business and if we loose TRUST, we will loose everything.

11 Top down approach Identify critical business goals Identify critical functions to meet business goals Identify risk to critical functions Effective Risk management Reduce Risk Transfer risk Accept Risk

12 Identify origin of risk ( 3Ps ) People Processes Products Identify and implement controls Verify effectiveness of controls ( Audit )

13 People are weakest link in any security system. People require policies, standards, guideline and procedure to react in predefined manner. Security Awareness Programs are mandatory for implementation of policies and standards. People should be able to report security incidents or threats and take guidance from incident response team.

14 Processes are key for smooth and secure business operations Processes implements Policies and Standards. Processes implements separation of duties and need to know concept to comply with any legislation requirements on security. It is require to monitor process deviation in order to identify suspicious activities or Fraud Continuous audit on processes is mandatory to verify compliance.

15 Products can be any hardware, third party package or custom applications. Products provides platform to implement processes. Products require to generate reports and audit trails to notify deviation in processes. It is required to analyze product based on policies and standards before integrating in environment. To develop applications, extra care of security reviews /testing are required. If product use cryptography, then key protection and data recovery are equally important.

16

17

Download ppt "Nishidh, CISSP. To comply with Sarbanes oxley and other legislations To comply with industry standards and business partner requirements To protect."

Similar presentations

OPERATING EFFECTIVELY AT WESD. What is Internal Control? A process designed to provide reasonable assurance the organizations objectives are achieved.

OPERATING EFFECTIVELY AT WESD. What is Internal Control? A process designed to provide reasonable assurance the organizations objectives are achieved.
IT Control Objectives for Sarbanes-Oxley Presented by Doug Moore, Jefferson Wells International and Christine Chaney, Continental Airlines.

IT Control Objectives for Sarbanes-Oxley Presented by Doug Moore, Jefferson Wells International and Christine Chaney, Continental Airlines.
IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….

IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Gramm-Leach-Bliley Act for Financial Aid Val Meyers Associate Director Michigan State University.

Gramm-Leach-Bliley Act for Financial Aid Val Meyers Associate Director Michigan State University.
BUDGET & TREASURY (FINANCE) Acting CFO: Mr RAMATU THOMAS MAKGALE 30 MAY 2011 1.

BUDGET & TREASURY (FINANCE) Acting CFO: Mr RAMATU THOMAS MAKGALE 30 MAY
Auditing Computer Systems

Auditing Computer Systems
Phone: (919) 573-6132 Fax: (919) 677-8470 21CFR Part 11 FDA Public Meeting Comments Presented by: M. Rita.

Phone: (919) Fax: (919) CFR Part 11 FDA Public Meeting Comments Presented by: M. Rita.
Peter Brudenall & Caroline Evans- Simmons & Simmons Marsh Technology Conference 2005 Zurich, Switzerland. Managing the Security Landscape – Legal and Risk.

Peter Brudenall & Caroline Evans- Simmons & Simmons Marsh Technology Conference 2005 Zurich, Switzerland. Managing the Security Landscape – Legal and Risk.
Security Controls – What Works

Security Controls – What Works
Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.

Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Pertemuan 16 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

Pertemuan 16 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
Financial Services Technology Consortium March 18, 2008, Yale University Dan Schutzer Executive Director FSTC CyberTrust – PI meeting Unsolved Problems.

Financial Services Technology Consortium March 18, 2008, Yale University Dan Schutzer Executive Director FSTC CyberTrust – PI meeting Unsolved Problems.
Information Systems Security Officer

Information Systems Security Officer
Securing Information Transfer in Distributed Computing Environments AbdulRahman A. Namankani.

Securing Information Transfer in Distributed Computing Environments AbdulRahman A. Namankani.
SOX & ISO 27001 Protect your data and be ready to be audited!!!

SOX & ISO Protect your data and be ready to be audited!!!
The University of California Strengthening Business Practices: The Language of Our Control Environment Dan Sampson Assistant Vice President Financial Services.

The University of California Strengthening Business Practices: The Language of Our Control Environment Dan Sampson Assistant Vice President Financial Services.

Similar presentations

Ads by Google