Trust Relationships Meeting Notes September 26, 2003 Dartmouth College.

Slides:



Advertisements
Similar presentations
The Benefits and Challenges of Implementation of Basel II in Europe José María Roldán | 27 Sept 2005.
Advertisements

HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.
Audit Issues regarding Passwords on Elevated Privilege Accounts Gene Scheckel Global Internal Audit.
Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.
Learning Objectives LO1 Describe the finance and investment process: risk assessment, typical transactions, source documents, controls, and account balances.
Information Security Policies and Standards
Introduction to Audit & Other Assurance Services By David N. Ricchiute
Introduction and Overview “the grid” – a proposed distributed computing infrastructure for advanced science and engineering. Purpose: grid concept is motivated.
Copyright © 2006 Pearson Addison-Wesley. All rights reserved. 9-1 Chapter (1) An Overview Of Financial Management.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
Copyright 2004 Prentice Hall
Copyright © 2006 Pearson Addison-Wesley. All rights reserved. 9-1 Chapter (1) An Overview Of Financial Management.
Libraries and Institutional Content Management Systems
© 2012 McGladrey LLP. All Rights Reserved.© 2014 McGladrey LLP. All Rights Reserved. © 2012 McGladrey LLP. All Rights Reserved. © 2013 McGladrey LLP. All.
Chapter 3: Information Security Framework
Tan Jenny 23 September 2009 SESSION 4: Understanding Your IT Control Environment & Its Readiness.
Electronic Banking BY Bahaa Abas Noor abo han. Definition * e-banking is defined as: …the automated delivery of new and traditional banking products and.
Copyright Copyright Ian Taylor This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
Career Tracks and Opportunities in Finance. Different Finance Career Tracks  Corporate Finance  Investments  Banking and Financial Services  Insurance.
MIGRATING INTO A CLOUD P. Sai Kiran. 2 Cloud Computing Definition “It is a techno-business disruptive model of using distributed large-scale data centers.
The Importance of Compliant Identity & Access Management in Insurance Tuncay Küçüktaş - Aksigorta Assistant General Manager, CIO.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
INFORMATION SECURITY THE NEXT GENERATION 13 th World Electronics Forum Israel Christopher Joscelyne Board Member & Membership Chairman AEEMA November 2007.
SEC835 Database and Web application security Information Security Architecture.
Presenting The Broker-Dealer Certification Tool The Compliance Department Inc. Broker Dealer Compliance Consultants Compliance SCORE Powered by Keane BRMS.
Copyright © 2006 CyberRAVE LLC. All rights reserved. 1 Virtual Private Network Service Grid A Fixed-to-Mobile Secure Communications Framework Managed Security.
BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
Public Private Partnership formation challenges and criteria for success Workshop FDOV/Sustainable Enterpreneurship and Food Security Facility (18 and.
Looking beyond the obvious!! HOW SECURE IS BANKS’ CORE DATA? Prashant Pande Head Professional Services IDBI Intech Ltd.
April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.
DYNAMIC VALIDITY PERIOD CALCULATION OF DIGITAL CERTIFICATES BASED ON AGGREGATED SECURITY ASSESSMENT By Alexander Beck Jens Graupmann Frank Ortmeier.
Careers in Finance. The Field of Finance Involves the investing, accounting and managing of money.
Corporate Finance ​ ​ Mr. Long Sovang, MFI. 1.1 Introduction to Corporate Finance.
New Opportunities: Evolving and Emerging Technologies Leslie Maltz Columbia University.
Electronic Safety and Soundness in Colombia Financial Sector Policy Global Dialogue Series #19 Milton Quiroga
State of e-Authentication in Higher Education August 20, 2004.
CSCE 548 Secure Software Development Security Operations.
Record Authenticity as a Measure of Trust: A View Across Records Professions, Sectors, and Legal Systems Corinne Rogers University of British Columbia.
MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS © 2011 Wolf & Company, P.C. The Future of Technology in Financial Services Matt.
Visibility. Intelligence. response Information Security: Risk Management or Business Enablement? Mike Childs Vice President Rook Security.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
FINTECH – THE POLICY AGENDA Mick Mc Ateer, Co-Director, Financial Inclusion Centre Chair, EC Financial Services User Group (FSUG)
Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. CyberRAVE January 24, 2006 Strategic Approach to Developing Corporate Data Insurance.
The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.
From Data Analysis to Data Mining
Educause/Internet 2 Computer and Network Security Task Force
Investment Management
Overview of Market Participants and Financial Innovation
Module 22 Financial Sector
1-1 The Financial System and Competing Financial-Service Institutions (continued) Leading Competitors with Banks Financial-service providers are converging.
Repurchase Agreements
Session 11 Other Assurance Services
SESSION 1 COMPETITIVE IN THE GLOBAL MARKET
Dr Paul Lewis Chief Technology Officer
Corporate Overview.
Information Security: Risk Management or Business Enablement?
E-MARC Recommendations
Ethical questions on the use of big data in official statistics
Technical Approach Chris Louden Enspier
Copyright Copyright Ian Taylor This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
Sarbanes-Oxley Act (404) An IT Viewpoint
Career Cluster Finance.
Governance and Audit Oversight for Capital Market
Vulnerability Reporting Process
Technical Issues with Establishing Levels of Assurance
SIMULATION IN THE FINANCE INDUSTRY BY HARESH JANI
The future of financial infrastructure An ambitious look at how blockchain can reshape financial services An Industry Project of the Financial Services.
OU BATTLECARD: Oracle Identity Management Training
Starting Versus Buying a Business
Goddard Chamber September 12th, 2019 Hosts: John Ash & Jon Grover
Presentation transcript:

Trust Relationships Meeting Notes September 26, 2003 Dartmouth College

Concepts Trust Risk Liability I am going to draw a bit from experience from having been in charge of Info Security at Barclays Capital.

Explicit Trust (contractual relationship) Defined agreement Known bounds Understood ramifications if broken or abrogated Verifiable Example (financial) Terms on wire transaction (higher-ed) Network usage policy Very different motivations

Trust Implicit Trust Reputation based Unclear bounds Degree can change over time Difficult to verify Example (financial) FX, bonds (higher-ed) Most interactions

Trust in Computing is Getting Scarce... Hypothesis: Users feel they can’t trust their hosts with IT services and the service providers can’t trust the users’ hosts. Mail: Viruses, Spam, Scams Operating Systems: Vulnerabilities and Exploits Ephemeral Vendor Relationships The Source of Programs Quality of Applications/Coding P2P ... but Risk is still plentiful. Trust: Firm reliance on the integrity, ability, or character of a person or thing.

Risk Investment Banks and Risk Regular program of risk assessment and management. Defining assurance: information security practice, technology and audit was needed to mitigate risk sufficiently. Higher-Education and Information Risk Typically “defined” by IT organizations Generally no risk analysis is performed Not usually categorized by asset type Q. Can higher education get its head around Information Risk Management? Let me start by saying that I didn’t get into applied computing to sell insurance. IT shouldn’t be in the business of advising a company or a University how much they should buy or what to insure. That’s a Risk Management issue. Let’s make them do their job.

Liability Regulatory Compliance Civil Judgments

Why Work on Information Risk Management? Unknown and un-quantified risks don’t go away IT Professionals aren’t actuaries for digital assets Rise in the Complexity of Required Controls HIPAA TEACH Tracking DRM and IP Forensics Challenges coming to network authentication schemes and practices

Middleware Architecture Must be flexible to adapt to institutional policies that don’t exist yet. Powerful broker of institutional trust and interoperability. Should be applied in response to risk and audit requirements. The broader the adoption, the greater the risk.

Roles: Risk, Info. Security and Internal Audit Risk Management Quantifies risk Underwrites institution Information Security Responds to risk assessment with technology and practice Provides Audit Trail Real-Time Trust Broker Internal Audit Assesses information security response to risk and policy Verifies basis of trust Fosters confidence

Actions: Security Analyst Watch Engage Risk Management in Dialogue on Assessment Contribute to the Creation of Clear Policies Help Risk and Audit Understand Technology A word about identity “Ownership” of Institutional Identity and Root CA’s User, Service, Host Identity (end part I)

Trust and Authorization Audit’s Shaping of the Authority Registry Institutional identity has an owner thanks to HIPAA Risk Management and assessment at Stanford RBAC will need a representation of academic roles

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.