E-ID: are you (proven) in control? INFORMATION RISK MANAGEMENT DENNIS VAN HAM.

Slides:



Advertisements
Similar presentations
Understanding the benefits and the risks. Presented by Corey Nachreiner, CISSP BYOD - Bring Your Own Device or Bring Your Own Danger?
Advertisements

© 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license.
George Tubin Senior Analyst Consumer Banking © 2005 The Tower Group, Inc. May not be reproduced by any means without express permission. All rights reserved.
Chapter 1  Introduction 1 Chapter 1: Introduction.
4 Information Security.
Ethics, Privacy and Information Security
7 Effective Habits when using the Internet Philip O’Kane 1.
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
Fundamentals of Information Systems, Second Edition 1 Security, Privacy, and Ethical Issues in Information Systems and the Internet Chapter 9.
Cyber check Do you work safely and responsibly online? Do you know about the risks to your cyber security? What are your online responsibilities ? How.
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
January 23-26, 2007 Ft. Lauderdale, Florida IP Communications, Secure – By Design Roger W. Farnsworth.
Copyright© Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Tightening the Network: Network.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.
Network Access Management Trends in IT Applications for Management Prepared by: Ahmed Ibrahim S
Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.
E-Commerce Security and Fraud Issues and Protections
Computer Security 1 Keeping your computer safe. Computer Security 1 Computer Security 1 includes two lessons:  Lesson 1: An overview of computer security.
Identity-Theft is the fastest growing crime in America; 9.9 MILLION victims were reported last year, according to a Federal Trade Commission survey!
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.
Information Security Information Technology and Computing Services Information Technology and Computing Services
Viruses & Security Threats Unit 1 – Understanding Computer Systems JMW 2012.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Securing Information Systems
© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.
CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.
SWAMI Threats, vulnerabilities & safeguards in a World of Ambient Intelligence David Wright Trilateral Research & Consulting 21 March 2006.
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
CHAPTER 4 Information Security. CHAPTER OUTLINE 4.1 Introduction to Information Security 4.2 Unintentional Threats to Information Security 4.3 Deliberate.
© 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license.
Kholoud AlSafadi Ethical Issues in Information Systems and the Internet.
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.
1 Brett Roberts Director of Innovation | Microsoft NZ | 28 Aug 07 Technology and Privacy.
CHAPTER 4 Information Security. Key Information Security Terms Information Security refers to all of the processes and policies designed to protect an.
Unify and Simplify: Security Management
IT security Sherana Kousar 11a/ib1  A virus is a file written with the intention of doing harm, or for criminal activity  Example of viruses are: 
IT security By Tilly Gerlack.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Thomas Jenkins.
Chapter 12 by Lisa Reeves Bertin Securing Information in a Network.
8.1 © 2007 by Prentice Hall Minggu ke 6 Chapter 8 Securing Information Systems Chapter 8 Securing Information Systems.
© 2009 PGP Corporation Confidential State of Key Management Brian Tokuyoshi Solution Manager.
Chapter 13 Understanding E-Security. 2 OBJECTIVES What are security concerns (examples)? What are two types of threats (client/server) Virus – Computer.
Network problems Last week, we talked about 3 disadvantages of networks. What are they?
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Rebecca Pritchard.
Phishing scams Phishing is the fraudulent practice of sending s purporting to be from reputable companies in order to induce individuals to reveal.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.
Computer Crime crime accomplished through knowledge or use of computer technology. Computers are tools – we choose how to use / apply the technology.
INGOTs Computer Security Name: Elliot Haran. Introduction  Staying safe on the internet  Learning to deal with Cyber Bullying, Stalking and grooming.
Small Business Security Keith Slagle April 24, 2007.
Get Safe Online Expert advice for everyone In association with.
LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.
Protecting Yourself from Fraud including Identity Theft Personal Finance.
Virus Assignment JESS D. How viruses affect people and businesses  What is a virus? A computer virus is a code or a program that is loaded onto your.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Delivering Assured Services John Weigelt National Technology Officer Microsoft Canada.
1 Integrated Site Security Project Denise Heagerty CERN 22 May 2007.
Information Management System Ali Saeed Khan 29 th April, 2016.
Information Technology Security Office of the Vice President for Information Technology New Employee Orientation II.
Securing Information Systems
CHAPTER 4 Information Security.
Securing Information Systems
Risk of the Internet At Home
Staying safe on the internet
E-Commerce Security and Fraud Issues and Protections
Prepared By : Binay Tiwari
Protecting Yourself from Fraud including Identity Theft
Unit 1 Fundamentals of IT
ONLINE SECURITY, ETHICS AND ETIQUETTES EMPOWERMENT TECHNOLOGY.
Presentation transcript:

e-ID: are you (proven) in control? INFORMATION RISK MANAGEMENT DENNIS VAN HAM

© 2006 KPMG EDP Auditors N.V., lid van KPMG International, een Zwitserse coöperatie. Alle rechten voorbehouden. 2 Introduction and setting the scene Identity: who are you? And how can we be sure its you? Access: what are you allowed to do? Business: protection of information is important but please dont bother me; Technology: lots of it available but how reliable is it really? Audit and compliance management: proven in control?

© 2006 KPMG EDP Auditors N.V., lid van KPMG International, een Zwitserse coöperatie. Alle rechten voorbehouden. 3 Impact on people – changing threats and fast Man-in-the-Middle Attacks Pharming And More … Trojan Horses Botnets Spyware Malware Keylogging Classic Phishing

© 2006 KPMG EDP Auditors N.V., lid van KPMG International, een Zwitserse coöperatie. Alle rechten voorbehouden. 4 People are different and have many e-IDs Hip, 20-something male Thinks hes immune to online fraud Freely gives away his personal information Has a firewall and antivirus Clicks on any link His motto: I grew up with the Internet. Im not afraid of it. Tentative mother of grown children Learning to navigate the Net Considering banking online, but hasnt taken the leap yet Afraid of hackers from news story about ID theft victims Her motto: The Web is complicated! Better to be safe than sorry. Young, traveling businessman with a family Juggles 30 passwords Uses two-factor authentication at work Wonders if its available for his personal accounts His motto: Internet security is key, but I cant carry one more thing Source: RSA Security

© 2006 KPMG EDP Auditors N.V., lid van KPMG International, een Zwitserse coöperatie. Alle rechten voorbehouden. 5 Impact on business Compliance SOX, HIPAA, Privacy, BASEL II, FDIC, etc Corporate or IT Governance Lack of clear strategy; Timely implementation of policies or resolutions; Policy enforcement and reporting; Security Protection of intellectual property; Rising administration and helpdesk costs; Complex technologies and application infrastructure.

© 2006 KPMG EDP Auditors N.V., lid van KPMG International, een Zwitserse coöperatie. Alle rechten voorbehouden. 6 IT-security survey: six important signals Technology remains very dynamic, proper risk analysis is key but not applied on a large-scale; Insufficient expertise most important motive for outsourcing IT-security; Hacking, viruses and worms significant threats, companies have little insight into the quality of their protection; Authorisation management is structured ineffectively and inefficiently; Continuity management is often organised on paper but it is usually not certain whether it also works well in practice; The growing use of mobile devices requires attention.

© 2006 KPMG EDP Auditors N.V., lid van KPMG International, een Zwitserse coöperatie. Alle rechten voorbehouden. 7 Compliance – but not a goal in itself

© 2006 KPMG EDP Auditors N.V., lid van KPMG International, een Zwitserse coöperatie. Alle rechten voorbehouden. 8 Complex and getting management attention is difficult

© 2006 KPMG EDP Auditors N.V., lid van KPMG International, een Zwitserse coöperatie. Alle rechten voorbehouden. 9 Reality bites – identity and access information everywhere

© 2006 KPMG EDP Auditors N.V., lid van KPMG International, een Zwitserse coöperatie. Alle rechten voorbehouden. 10 How does an auditor think?

© 2006 KPMG EDP Auditors N.V., lid van KPMG International, een Zwitserse coöperatie. Alle rechten voorbehouden. 11 Identity & Access Management – in a nutshell Significant Integration Effort Required APIs and protocols Frameworks OS and infrastructure Processing Networking Storage Security J2SE/J2EE APIs and protocols Frameworks OS and infrastructure Processing Networking Storage Security Windows/.NET APIs and protocols Frameworks OS and infrastructure Processing Networking Storage Security UNIX/LAMP Authentication Authorization Provisioning Audit Management Meta-Directory Cross Platform Federation

© 2006 KPMG EDP Auditors N.V., lid van KPMG International, een Zwitserse coöperatie. Alle rechten voorbehouden. 12 More information? Dennis van Ham Consultant KPMG Information Risk Management Burgemeester Rijnderslaan 20, 1185 MC Amstelveen Postbus 74105, 1070 BC Amsterdam Telefoon +31(0) , Telefax +31 (0) Internet: KPMG Information Risk Management

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.