Nishidh, CISSP. To comply with Sarbanes oxley and other legislations To comply with industry standards and business partner requirements To protect.

Slides:

Advertisements

Similar presentations

OPERATING EFFECTIVELY AT WESD. What is Internal Control? A process designed to provide reasonable assurance the organizations objectives are achieved.

Advertisements

IT Control Objectives for Sarbanes-Oxley Presented by Doug Moore, Jefferson Wells International and Christine Chaney, Continental Airlines.

IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Gramm-Leach-Bliley Act for Financial Aid Val Meyers Associate Director Michigan State University.

BUDGET & TREASURY (FINANCE) Acting CFO: Mr RAMATU THOMAS MAKGALE 30 MAY

Auditing Computer Systems

Phone: (919) Fax: (919) CFR Part 11 FDA Public Meeting Comments Presented by: M. Rita.

Peter Brudenall & Caroline Evans- Simmons & Simmons Marsh Technology Conference 2005 Zurich, Switzerland. Managing the Security Landscape – Legal and Risk.

Security Controls – What Works

Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Pertemuan 16 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

Financial Services Technology Consortium March 18, 2008, Yale University Dan Schutzer Executive Director FSTC CyberTrust – PI meeting Unsolved Problems.

Information Systems Security Officer

Securing Information Transfer in Distributed Computing Environments AbdulRahman A. Namankani.

SOX & ISO Protect your data and be ready to be audited!!!

The University of California Strengthening Business Practices: The Language of Our Control Environment Dan Sampson Assistant Vice President Financial Services.

Session 3 – Information Security Policies

Fraud Prevention and Risk Management

Elements of Internal Controls Preventing Fraud, Waste, and Abuse in Urban and Rural Transit Systems.

Internal Auditing and Outsourcing

SEC835 Database and Web application security Information Security Architecture.

Overview of Systems Audit

Evolving IT Framework Standards (Compliance and IT)

1 Chapter Three IT Risks and Controls. 2 The Risk Management Process Identify IT Risks Assess IT Risks Identify IT Controls Document IT Controls Monitor.

Compliance Management Platform ™. Compliance Management Platform Compliance is the New Marketing – Position yourself to thrive in the new regulatory and.

1 Today’s Presentation Sarbanes Oxley and Financial Reporting An NSTAR Perspective.

Chapter 7 Control and AIS. Threats to AIS Natural disasters –DSM flood (p. 249) Political disasters –Terrorism Cyber crime (as opposed to general terrorism)

ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:

Information Systems Security Operational Control for Information Security.

Risk Management. IT Controls Risk management process Risk management process IT controls IT controls IT Governance Frameworks IT Governance Frameworks.

April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.

Information Security Governance and Risk Chapter 2 Part 3 Pages 100 to 141.

Privacy and Security Risks to Rural Hospitals John Hoyt, Partner December 6, 2013.

OCTAVE-S on TradeSolution Inc.. Introduction Phase 1: Critical Assets and threats Phase 2: Critical IT Components Phase 3: Changes Required in current.

Security is not just… 1 A Compliance Exercise Certification and Accreditation FISMA.

Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.

IT Strategy for Business © Oxford University Press 2008 All rights reserved Chapter 12 IT Security Strategies.

Slides copyright 2010 by Paladin Group, LLC used with permission by UMBC Training Centers, LLC.

Features Governmental organization Critically important ICT objects Distributed infrastructure Three levels of confidentiality Dozens of subsidiary organizations.

RTI, Nagpur 1 Day 3- Session I  Role of audit in consideration of fraud.

ISO/IEC 27001:2013 Annex A.8 Asset management

International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.

Copyright © 2007 Pearson Education Canada 23-1 Chapter 23: Using Advanced Skills.

Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.

Risk Management for Small & Medium Sized Enterprises

IT-Secrurity Cookbook Enter your login: Enter your password:

Visibility. Intelligence. response Information Security: Risk Management or Business Enablement? Mike Childs Vice President Rook Security.

High Assurance Products in IT Security Rayford B. Vaughn, Mississippi State University Presented by: Nithin Premachandran.

Information Security Framework Regulatory Compliance and Reporting Auditing and Validation Metrics Definition and Collection Reporting (management, regulatory,

The Art of Information Security: A Strategy Brief Uday Ali Pabrai, CISSP, CHSS.

Deck 5 Accounting Information Systems Romney and Steinbart Linda Batch February 2012.

HOW TO AVOID COMMON DATA BREACH PITFALLS IAPP Privacy Academy 2014.

Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.

COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.

Service Design.

Welcome to the ICT Department Unit 3_5 Security Policies.

IT Audit for non-IT auditors Cornell Dover Assistant Auditor General 31 March 2013.

Security Management: Successes and Failures

Information Technology Controls

Errors, Fraud, Risk Management, and Internal Controls

Business Cointinmuit Framework

Speaker’s Name, SAP Month 00, 2017

Information Security: Risk Management or Business Enablement?

I have many checklists: how do I get started with cyber security?

IT Security and Controls

Presentation transcript:

Nishidh, CISSP

To comply with Sarbanes oxley and other legislations To comply with industry standards and business partner requirements To protect customer information To protect employee data To detect fraud To identify and correct any manual errors To identify hardware or software errors To proactive monitoring infrastructure For business continuity

Because?

People who enjoy our services and products – our customers People who give money to run business – our investors People who run business – our employees

Easy security controls for customer applications. Prevent unauthorized disclosure of customer data. Prevent unintended destruction of customer data. Promptly inform customers about security incidents Help customers in taking corrective actions.

Protect customers Accurate financial reporting ( Sarbanes Oxley Act ) Give good return on investment ( no over investment on security and effective use of control )

Employees require open environment Security control should not reduce productivity. Transparent monitoring Well informed Security Policies

We need to invest in security not to just comply with any legislation or meet any industry or partner requirements But We need to invest in security to protect customer, investor and employees. This is a TRUST business and if we loose TRUST, we will loose everything.

Top down approach Identify critical business goals Identify critical functions to meet business goals Identify risk to critical functions Effective Risk management Reduce Risk Transfer risk Accept Risk

Identify origin of risk ( 3Ps ) People Processes Products Identify and implement controls Verify effectiveness of controls ( Audit )

People are weakest link in any security system. People require policies, standards, guideline and procedure to react in predefined manner. Security Awareness Programs are mandatory for implementation of policies and standards. People should be able to report security incidents or threats and take guidance from incident response team.

Processes are key for smooth and secure business operations Processes implements Policies and Standards. Processes implements separation of duties and need to know concept to comply with any legislation requirements on security. It is require to monitor process deviation in order to identify suspicious activities or Fraud Continuous audit on processes is mandatory to verify compliance.

Products can be any hardware, third party package or custom applications. Products provides platform to implement processes. Products require to generate reports and audit trails to notify deviation in processes. It is required to analyze product based on policies and standards before integrating in environment. To develop applications, extra care of security reviews /testing are required. If product use cryptography, then key protection and data recovery are equally important.