Department of Revenue Lessons for Management by Department of Revenue Internal Audit.

Slides:



Advertisements
Similar presentations
Ethics, Privacy and Information Security
Advertisements

David Assee BBA, MCSE Florida International University
Security and Systems. Three tenets of security Confidentiality Integrity Availability.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.
1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.
Course ILT Security overview Unit objectives Discuss network security Discuss security threat trends and their ramifications Determine the factors involved.
Network Security Testing Techniques Presented By:- Sachin Vador.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
INFORMATION WARFARE Written by: Larry Druffel Presented by: Frank Dang TCOM 614 Introduction to Telecommunication University of Redlands.
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Computer Security: Principles and Practice
Controls for Information Security
Factors to be taken into account when designing ICT Security Policies
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
New Data Regulation Law 201 CMR TJX Video.
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.
Protecting ICT Systems
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Asset & Security Management Chapter 9. IT Asset Management (ITAM) Is the process of tracking information about technology assets through the entire asset.
Information System Security and Control
Health Insurance Portability and Accountability Act of 1996 (HIPAA) Proposed Rule: Security and Electronic Signature Standards.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.
Chapter 6 of the Executive Guide manual Technology.
Today’s Lecture Covers < Chapter 6 - IS Security
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,
Information Systems Security Operations Security Domain #9.
Lesson 5-Legal Issues in Information Security. Overview U.S. criminal law. State laws. Laws of other countries. Issues with prosecution. Civil issues.
AASSA Conference 2012 Quito, Ecuador March 16 th 2012 All the rights reserved.Instructor: Francisco Bolaños, Ing. InterAmerican Academy Ethical Hacking.
John Carpenter & lecture & Information Security 2008 Lecture 1: Subject Introduction and Security Fundamentals.
Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
SECURITY Professor Mona Mursi. ENVIRONMENT IT infrastructures are made up of many components, abstractly: IT infrastructures are made up of many components,
Module 11: Designing Security for Network Perimeters.
Security Policies. Threats to security and integrity  Threats to information systems include  Human error –keying errors, program errors, operator errors,
Chap1: Is there a Security Problem in Computing?.
In Depth Security Review Martin Rogers Computer Horizons Corp. © Copyright eB Networks All rights reserved. No part of this presentation may be reproduced,
Introduction to Security Dr. John P. Abraham Professor UTPA.
Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.
Protecting Data. Privacy Everyone has a right to privacy Data is held by many organisations –Employers –Shops –Banks –Insurance companies –etc.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
Dr. Mark Gaynor, Dr. Feliciano Yu, Bryan Duepner.
The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
LESSON 12 Business Internet. Electronic business, or e-business, is the application of information and communication technologies (ICT) in support of.
PRESENTED BY Raju. What is information security?  Information security is the process of protecting information. It protects its availability, privacy.
Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.
Seminar On Ethical Hacking Submitted To: Submitted By:
Add video notes to lecture
ISSeG Integrated Site Security for Grids WP2 - Methodology
Working at a Small-to-Medium Business or ISP – Chapter 8
Dinesh Mirchandani University of Missouri – St. Louis
Security Standard: “reasonable security”
Introduction to the Federal Defense Acquisition Regulation
INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.
NYBA 2017 Technology, Compliance &
Security in Networking
Prepared By : Binay Tiwari
Cybersecurity Threat Assessment
6. Application Software Security
Presentation transcript:

Department of Revenue Lessons for Management by Department of Revenue Internal Audit

Presentation Objectives b Identify Electronic Intruders b Demonstrate their methods b Propose a plan of defense

Systems involved b Unix/Linux Systems b Microsoft NT Networks b Novell Network b Mainframe Systems

Protection Methods b Login ID and Password. b Encryption b Secure transmission

Why secure systems/data? b Maintain Data Integrity by preventing: unauthorized modificationsunauthorized modifications data corruption (viruses, etc)data corruption (viruses, etc) b Prevent Theft privacy violationprivacy violation information theft (SS#, credit card#, etc)information theft (SS#, credit card#, etc) b Maintain Service

How is data accessible? b Internet b Dialup Access b Physical Connection (Network Outlet)

Identifying the Electronic Intruders b Disgruntled employees b Contractors b Hackers b Insufficiently trained employees

Forms of Attack b Sniffing b Password cracking b Syncflood b Ping of Death b “Feature” Exploitation b Port Scanning b Social Engineering

Demonstrations

Vulnerabilities b Passwords too short/simple/obvious b Login accounts of people no longer in the organization being left activated b Lack of Data Encryption b Lack of system monitoring tools b Insufficiently trained security/audit personnel

Vulnerabilities (continued) b Shared login accounts (passwords) b Dialup login password is a general password b Not using screen savers

Prevention: Management Perspective b Tone at the top b Organizational structure b Budgeting b External Review (Penetration Tests) b Recovery Plan

Prevention: Technical Perspective b Reliable data backup (including testing the backed-up data) b Hardware redundancy/clustering b System monitoring/sniffing b Diligent maintenance of accounts (user, admin, and system accounts) b Physically restrict core systems

Conclusion There is no such thing as 100% secure. However, it is important that we at least not carelessly “leave doors unlocked.” The greater importance is not how to keep an intruder out, but is to assume that an intruder can get in. Efforts should be focused on addressing all possible damages that an intruder can inflict. We need to develop an “Insurance Policy” that can restore anything lost or damaged. Then, we need to be able to say that we took reasonable precautions.

Thank you This has been a presentation by the Department of Revenue’s Internal Audit Section. We hope you found this presentation educational and insightful. Surf and be safe…

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.