2. Securing the Enterprise
Information resources are distributed
throughout the organization and beyond
as Internet and wireless technologies
extend organizational boundaries.
Time-to-exploitation of sophisticated
spyware and worms has shrunk from
months to days.
3. Time-to-exploitation
It is the elapsed
time between when
a vulnerability is
discovered and the
time it is exploited.
4. Regulations
Industry Self-Regulations:
Payment Card Industry (PCI)
Data Security Standard.
• Visa
• Master Card
• American Express
• Discover
• It is required for all members, merchants,
or service providers that store, process, or
transmit cardholder data.
5. Small Business Regulations
• Visa
The Council USA
• Equifax
of Better • IBM
Business • Verizon
Bureaus. • eBay
8. Mistakes
Information • Human error
Security Forum • System malfunctioning
discovered that • Failure to understand the effect of
the mistakes adding a new piece of software to
caused due to: the rest of the system
Led to threats
for IT
9. IT Security & Internal Control Model
Senior Security
management procedures
commitment &
& support enforcement
Security Security
policies & tools :
training Hardware &
software
10. IS Vulnerabilities & Threats
Un-
international
Threats
Computer International
Crimes Threats
12. International Threats
Intentional threat
Theft of data
Inappropriate use of data
Theft of computers
Theft of equipments or programs
13. International Threats
Deliberate manipulation in handling, entering, processing, transferring or programming
data
Strikes, riots
Malicious damage to computer resources
Destruction from viruses and other attacks
Miscellaneous computer abuses
Internet fraud
14. Computer Crimes
Crime done on the
Internet, call cybercrimes.
• Hacker
• White-hat hackers
• Black-hat hackers
• Cracker
15. Methods of attack on computing
Data tampering
Programming attacks
Viruses
Worms
Zombies
Phishing
DoS
Botnets
16. Frauds and Computer Crimes
Fraud is a
serious financial
crime involving:
Deception Confidence Trickery
19. Other crimes
Crimes by
Flash MP3/MP4
Computer
drives players
20. Computer Crimes
Identity theft: worst and most prevalent crimes.
Thefts where individuals’ social security and credit
card numbers are stolen and used by thieves.
Obtaining information about other people
By stealing wallets
E-sharing and databases
21. Types of identity crimes
Stolen desktop
Online, by an ex-employee
Computer tapes lost in transit
Malicious users
Missing backup tapes
22. Internal control
Is the work atmosphere that a company sets for its
employees.
It is a process designed to achieve:
Reliability of financial reporting
Operational efficiency
Compliance with laws
Regulations and policies
Safeguarding of assets
23. Frauds to be controlled by ICS
Fraud committed against a company
Fraud committed for a company
24. Symptoms
Missing documents
Delayed bank deposits
Holes in accounting records
Numerous outstanding checks or bills
Disparity between accounts payable and
receivable
Employees who do not take vacations etc.
25. -cont..
A large drop in profits
Major increase in business with other particular
customers.
Customers complaining about double billing
Repeated duplicate payments
Employees with the same address or phone
numbers as a vendor
26. IC procedures and activities
Segregation of duties and dual custody
Independent checks
Proper system of authorization
Physical safeguard
Documents and records