Aramco Information Assurance Policy

Slides:

Advertisements

Similar presentations

OPERATING EFFECTIVELY AT WESD. What is Internal Control? A process designed to provide reasonable assurance the organizations objectives are achieved.

Advertisements

BUSINESS B2 Ethics.

Woodland Hills School District Computer Network Acceptable Use Policy.

Chapter 4 Global Analysis

Government Databases and You or How I Learned to Stop Worrying and Love Information Loss. By Patrick Fahey Mis 304.

Module 2 Segregation of Duties Case Study Individual Assignment

Internal Control Concepts A Guide for Deans, Directors, and Department Chairs.

Chapter 10 Information Systems Management. Agenda Information Systems Department Plan the Use of IT Manage Computing Infrastructure Manage Enterprise.

COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

What is it? A set of rules that restricts the ways in which a network, website or system may be used. New members are usually asked to sign an AUP before.

Achieving our mission Presented to Line Staff. INTERNAL CONTROLS What are they?

The University of California Strengthening Business Practices: The Language of Our Control Environment Dan Sampson Assistant Vice President Financial Services.

INTERNET and CODE OF CONDUCT

Control and Accounting Information Systems

PASBO Conference 3/14/ School District Business Operations – Efficiencies and Internal Controls Matthew J. Malinowski Business Manager Susquehanna.

EFFECT OF CORPORATE IT POLICIES ON OTHERWISE PRIVILEGED COMMUNICATIONS Prepared by Joel P. Hoxie of Snell & Wilmer November 2010 Presented by: Jon Barton.

WEEK 1 INTRODUCTION Interpret Financial Information.

Enterprise Risk Management Chapter One Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc

Management Advisory and Compliance Services Towson University Management Advisory and Compliance Services Internal Controls.

1 ADB Grant 0133-CAM: Public Financial Management in Rural Development Ministries (Component 1) Effective Budget Delegation February 08, 2010.

McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved. 2-1 BUSINESS DRIVEN TECHNOLOGY Business Plug-In B2 Ethics.

Copyright © 2007 Pearson Education Canada 23-1 Chapter 23: Using Advanced Skills.

Woodland Hills School District Computer Network Acceptable Use Policy.

Access Control for Security Management BY: CONNOR TYGER.

INSIDER THREATS BY: DENZEL GAY COSC 356. ROAD MAP What makes the insider threat important Types of Threats Logic bombs Ways to prevent.

Effect of Corporate IT Policies on Otherwise Privileged Communication By: Jonathan T. Barton.

Risk Management Dr. Clive Vlieland-Boddy. Managements Responsibilities Strategy – Hopefully sustainable! Control – Hopefully maximising profits! Risk.

Prince Mohammad Bin Fahd University Spring MISY 3321 Intro to Information Assurance Mr. Muhammad Rafiq Group Presentation 1 10th March, 2013.

Information Security Policy

Rawabi Holding Company Information Assurance

Mechanical Engineering Facilities Engineering

Intro. Information Assurance (Assignment#1)

South Texas College Fraud Awareness and Internal Controls

IUP Travel Card Training

The Demand for Audit and Other Assurance Services

Citrix: Proactively Addressing Enterprise Wide Access Compliance with SAP® Access Violation Management Company Citrix Systems Inc. Headquarters Ft. Lauderdale,

Miznah A. AlMansour ID# COLLEGE OF BUSINESS ADMINISTRATION

Larry Brownfield, CPO, OHE – KOA, Inc.

Reconciliation Best Practices

Controlling Computer-Based Information Systems, Part II

Klynveld Peat Marwick Goerdeler

Name : lolowah Nasser al-naimi ID: Writing and research 201

Professor Eric Carstensen

Sarbanes-Oxley, Internal Control, and Cash

MIE Conference Session: Telling your Financial Story

Welcome To Our Presentation

Cash and Financial Investments

Managing the IT Function

Mohammad Abbas Alamdar Teacher of ICT STS Ajman – Boys School

FFMIA Systems Requirements Integrity - Service - Innovation

Internal Controls Towson University

Chapter 4 Global Analysis

Cash Handling Policies and Procedures

Module 2 Segregation of Duties Case Study Individual Assignment

Managing & Monitoring Activity With Supervisory Internal Controls

17-1 Banks and Other Financial Institutions

Internal controls 01-Nov-2017.

Banking and the Management of Financial Institutions

1/18/2019 4:57 AM Proposed Framework for Government Auditing Guidline of Oil Companies under service contract Meeting of INTOSAI Working Group on Audit.

Unit 11 October 22, 2017.

Internal control “According to The American Institute of Certified” Public Accountants Internal control comprises of the plan of the organisation and.

BACHELOR’S THESIS DEFENSE

BACHELOR’S THESIS DEFENSE

Databases and Information Management

Woodland Hills School District

Do You Have Multiple Amazon Seller Accounts? Amazon Knows it! By EsellersCare Contact : +1 (855)

Cash Handling Policies and Procedures

Presentation transcript:

Aramco Information Assurance Policy Mohammad bin Fahd University College of Business Introduction to Information Assurance MISY3321 Sec 201 Aramco Information Assurance Policy Name: Doha J. AL-Mohsen ID #200600346

Table of continent Type of organization and what type of information it keeps Organization Information Assurance Policy Any lost or miss use of Information Conclusion

Officially the Saudi Arabian Oil Company, is the state-owned national oil company of Saudi Arabia. and 80% more valuable than ExxonMobil

Organization activities Exploration Drilling Refining and Chemicals

Company principle (SoD Segregation of Duties) is the concept of having more than one person required to complete a task. In business the segregation by sharing of more than one individual in one single task shall prevent from fraud and error, The concept is alternatively called separation of duties

Biz Right ® … to maintain this principle the I.T department depend a software application Called “Biz Right ®” it is a software application that is report S.A.P (System Access Program ) roles of the organization, the places these roles access or “Try to access”, number of access attempts , if the software recognized a non-authorized access then the user will be subject to Investigation.

AP&SD Accounting operations Payroll operations Payroll operations Financial systems divisions Pay roll & benefits Financial accounting Treasury Capital programs Treasury Services department. Banking operations divisions Cash management & Investments

Organization Information Assurance Policy The organization policies: The organization policies strongly warns of password sharing among the members of the organization or to persons outside the organization, when violation is happened then investigation over the violator is due. Keeping the ID card in Usage restrict to and only for the employee, when losing the card employee may subject to termination from service. Shutting off the PCs after using as well as bringing non-authorized PCs is totally prohibited. Using Intranet and Internet for non-Business purposes is totally prohibited , it subject the violator to termination from duty.

Any lost or miss use of Information: It happened that some manipulation of Information regarding to the employees financial-related accounts, In which resulted in sever misapprehension operations, using authorized access by employee or using USPs and CDs to extract information’s needed to manipulate cash position.

Conclusion The head of the Information securities unit in the AP&SD explicate that the Biz Right ® :” is not an efficient software to keep track of roles access “ he says , and the reason why “ All that application does is reporting the access of each role in terms of how many times and where the user to access, but there is no indicates of from where the user and it cannot prevent the unauthorized access of the user “