Presentation is loading. Please wait.

Presentation is loading. Please wait.

MIS 5121: Real World Control Failures: USIS

Published byFerdinand Peters Modified over 5 years ago

Similar presentations

Presentation on theme: "MIS 5121: Real World Control Failures: USIS"— Presentation transcript:

1 MIS 5121: Real World Control Failures: USIS
By Lezlie Jiles

2 Control Failure: SAP Hacked
Background: The company was founded in 1996 during the privatization of the executive branch of United States Office of Personnel Management (OPM) USIS provided security-based service solutions to organizations as well as the government. In 2007 the Carlyle Group sold USIS to Providence Equity Partners, which was a private equity firm, for US $1.5 billion. A few years later USIS received a OPM contract for $253 million They became the US Government’s lead background check provider. Control Failures: 2013 to 2014 USIS employee claimed that USIS management formulated a strategy to intentionally circumvent OPM’s mandated processes and protocols with regards to conducting background investigations. In 2014 USIS was accused of not following all OPM-mandated procedures and protocols in its background investigation. In July of 2014 USIS reported that they were hacked via their SAP system, which was managed by a third party.

3 Control Failure: SAP Hacked
Control Failures continued:  Attackers gained to access to USIS SAP system and then pivot to their network. The breach may have been caused by SAP not fixing the loophole, or USIS failure to update the system. The breach on SAP left financial information, corporate trade secrets venerable, as well as the ability for the attackers to modify master data, steal money and create fictions vendors. Results: PII of more than 27,000 federal employees were stolen USIS’s reputation was destroyed USIS lost their governmental contract Ultimately filed for bankruptcy  

4 Control Failure: SAP Hacked
What Could / Should those in Authority Have Done Different?: They should have lockdown the SAP security system. USIS should have had better directive, detective and preventative controls. There should have also been a process in place to implement system updates regularly. Reference: USIS SAP failures: info security, ERP Scan, Forbes ever/#250b3e9da010

Download ppt "MIS 5121: Real World Control Failures: USIS"

Similar presentations

Eight Strategies to Reduce Your Risk in the Event of A Data Breach Sheryl Falk December 10, 2013.

Eight Strategies to Reduce Your Risk in the Event of A Data Breach Sheryl Falk December 10, 2013.
Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.

Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
7 Effective Habits when using the Internet Philip O’Kane 1.

7 Effective Habits when using the Internet Philip O’Kane 1.
AHCCCS SYSTEM SECURITY  Why is Security SO important?  Federal and State standards  Security breaches in the last year  What AHCCCS is doing  What.

AHCCCS SYSTEM SECURITY  Why is Security SO important?  Federal and State standards  Security breaches in the last year  What AHCCCS is doing  What.
Outside Business Activities and Selling Away

Outside Business Activities and Selling Away
Are Large Scale Data Breaches Inevitable? Douglas E. Salane Center for Cybercrime Studies John Jay College of Criminal Justice Cyber Infrastructure Protection.

Are Large Scale Data Breaches Inevitable? Douglas E. Salane Center for Cybercrime Studies John Jay College of Criminal Justice Cyber Infrastructure Protection.
Evolution of the Siemens Experience in its Effort to Test IT Controls on a Continuous Basis Rolf Haardörfer IT Audit Professional Siemens Corporation Tenth.

Evolution of the Siemens Experience in its Effort to Test IT Controls on a Continuous Basis Rolf Haardörfer IT Audit Professional Siemens Corporation Tenth.
Security expenditure should be determined by security risk. What is the financial risk to UNC of undetected modification of bioresearch data? theft and.

Security expenditure should be determined by security risk. What is the financial risk to UNC of undetected modification of bioresearch data? theft and.
SMARTER. TOGETHER. Skimming Prevention: Overview of Best Practices August 5, 2014.

SMARTER. TOGETHER. Skimming Prevention: Overview of Best Practices August 5, 2014.
Network security policy: best practices

Network security policy: best practices
Network Centric Enterprise Public Trust Information and Navy Enterprise Resource Planning Presented to the Small Business and Industry Outreach Initiative.

Network Centric Enterprise Public Trust Information and Navy Enterprise Resource Planning Presented to the Small Business and Industry Outreach Initiative.
Inspecting A Hedge Fund 2010 NASAA IA Training. Preparing for the Inspection  Getting over your fears  Treat as any other advisor  Preparation  Obtain.

Inspecting A Hedge Fund 2010 NASAA IA Training. Preparing for the Inspection  Getting over your fears  Treat as any other advisor  Preparation  Obtain.
External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.

External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.
The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask A publication of the American National Standards Institute and the Internet Security.

The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask A publication of the American National Standards Institute and the Internet Security.
Joseph Kummer Terri Berry Brad White.  1. Specific instances of employee hacking and the consequences which resulted therefrom.  2. How employees utilize.

Joseph Kummer Terri Berry Brad White.  1. Specific instances of employee hacking and the consequences which resulted therefrom.  2. How employees utilize.
Overview:  Different controls in an organization  Relationship between IT controls & financial controls  The Mega Process Leads  Application of COBIT.

Overview:  Different controls in an organization  Relationship between IT controls & financial controls  The Mega Process Leads  Application of COBIT.
Threat Assessment in a Logical Environment. 1865 U.S. Financial Infrastructure Physical to Logical environment Protection and Threat Assessment Safe School.

Threat Assessment in a Logical Environment U.S. Financial Infrastructure Physical to Logical environment Protection and Threat Assessment Safe School.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:

ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:

Similar presentations

Ads by Google