Joseph Kummer Terri Berry Brad White.  1. Specific instances of employee hacking and the consequences which resulted therefrom.  2. How employees utilize.

Slides:

Advertisements

Similar presentations

Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.

Advertisements

PRESENTATION ON MONDAY 7 TH AUGUST, 2006 BY SUDHIR VARMA FCA; CIA(USA) FOR THE INSTITUTE OF INTERNAL AUDITORS – INDIA, DELHI CHAPTER.

Αθανάσιος Θ. Κοσμόπουλος Νομικός Προϊστάμενος Μονάδας Δ ’ Ειδική Υπηρεσία ΕΠ Ψηφιακή Σύγκλιση.

Unit 4- Assignment 3 P5, P6, M2 BTEC Business Level 3.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

What is Insider Threat? “Potential damage to the interests of an organization by a person(s) who is regarded, falsely, as loyally working for or on behalf.

Identity Management In A Federated Environment Identity Protection and Management Conference Presented by Samuel P. Jenkins, Director Defense Privacy and.

SIU School of Medicine Identity Protection Act and Associated SIU Policy.

2012, Team-Tiger- Northwestern McCormick MSIT 2013 Confidential 1 ©2011, Cognizant Northwestern McCormick MSIT October 20 th, 2012 Information Security.

The Office of Information Technology Information Security Administrator Kenneth Pierce, Vice Provost for IT and Chief Information Officer.

Auditing Computer-Based Information Systems

1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.

Security Controls – What Works

WELCOME Annual Meeting & Compliance Seminar. Code of Conduct - Impact on Corporate Culture by Andy Greenstein Knight Capital Group, Inc.

Access to Electronic Media Acceptable Use Policy August 8, 2011 Meece Middle School.

Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.

January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Session 3 – Information Security Policies

© 2003, EDUCAUSE Information Privacy: Public Policy and Institutional Policies Rodney J. Petersen Policy Analyst, EDUCAUSE EDUCAUSE/Internet2 Security.

HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.

Information Systems Controls for System Reliability -Information Security-

Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.

Fraud Detection McGraw-Hill/Irwin Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.

Security Policies University of Sunderland CSEM02 Harry R. Erwin, PhD.

Think management system Personnel Management System Financial Management System Risk Management System Environmental Management System.

Physical Security By: Christian Hudson. Overview Definition and importance Components Layers Physical Security Briefs Zones Implementation.

Chapter 07 Internal Control McGraw-Hill/IrwinCopyright © 2014 by The McGraw-Hill Companies, Inc. All rights reserved.

Introduction to Internal Control Systems

Principle of Protection By C’Les Jensema About ARMA International and the Generally Accepted Recordkeeping Principles® ARMA International (

ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:

C HAPTER 4 A UTHENTICATION POLICY C YBER S ECURITY FOR E DUCATIONAL L EADERS : A G UIDE TO U NDERSTANDING AND I MPLEMENTING T ECHNOLOGY P OLICIES © Routledge.

CODE OF CONDUCT TRAINING. We conduct our global business honestly, ethically and legally, believing that good ethics is good business. The Company’s Philosophy.

Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:

IT Strategy for Business © Oxford University Press 2008 All rights reserved Chapter 12 IT Security Strategies.

Roadmap For An Effective Compliance And Ethics Program The Top Ten Things the Board Must Know [Name of Presenter] [Title] [Date]

1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester

Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin.

Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.

Data Governance 101. Agenda  Purpose  Presentation (Elijah J. Bell) Data Governance Data Policy Security Privacy Contracts  FERPA—The Law  Q & A.

IT Risks and Controls Revised on Content Internal Control  What is internal control?  Objectives of internal controls  Types of internal controls.

A Guide for Management. Overview Benefits of entity-level controls Nature of entity-level controls Types of entity-level controls, control objectives,

T.A 2013/2014. Wake Up Call! Malware hijacks your , sends death threats. Found in Japan (Oct 2012) Standford University Recent Network Hack May Cost.

ISO/IEC 27001:2013 Annex A.8 Asset management

International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.

IS 630 : Accounting Information Systems Auditing Computer-based Information Systems Lecture 10.

Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.

Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.

Providing access to your data: Handling sensitive data Robert R. Downs, PhD NASA Socioeconomic Data and Applications Center (SEDAC) Center for International.

Overview of Database Security Introduction Security Problems Security Controls Designing Database Security.

Chapter 3-Auditing Computer-based Information Systems.

Access Control for Security Management BY: CONNOR TYGER.

Dial-in Access Policy By Matt Lynott. Reasoning The reason for this policy is to define appropriate dial-in access and its use by authorized personnel.

Advanced System Security Dr. Wayne Summers Department of Computer Science Columbus State University

Classification September 2003© Peltier and Associates, all rights reserved Creating an Asset Classification Methodology ISIG & ISSA September, 2003.

By: Taysha Johnson. What is an insider threat? 1.A current or former employee, contractor, or other business partner who has or had authorized access.

Law Firm Data Security: What In-house Counsel Need to Know

Audit Trail LIS 4776 Advanced Health Informatics Week 14

Roadmap For An Effective Compliance And Ethics Program

Introduction to the Federal Defense Acquisition Regulation

Information Security 101 Richard Davis, Rob Laltrello.

Red Flags Rule An Introduction County College of Morris

Spencer County Public Schools Responsible Use Policy for Technology and Related Devices Spencer County Public Schools has access to and use of the Internet.

OBSERVE ETHICAL PRACTICES

Chapter 8 Developing an Effective Ethics Program

Cyber security Policy development and implementation

Presentation transcript:

Joseph Kummer Terri Berry Brad White

 1. Specific instances of employee hacking and the consequences which resulted therefrom.  2. How employees utilize their positions within an organization to obtain sensitive information and then briefly discuss their various motivations for doing so.

 3. Various methods and techniques for preventing employee hacking and potential modifications to accounting laws and regulations relating to internal controls and IT security that would assist in ensuring that businesses allocate sufficient resources for the protection sensitive information from their own employees.

 1. Gucci America Inc.  2. U.S. State Department  3. Education Logistics  4. Akimbo Systems (f/k/a Blue Falcon Networks),

 Extensive knowledge of the system and the company  Possess necessary access credentials  Understand the security systems in place and related control mechanisms and know how to avoid controls and detection  TRUST!!!

 Intentionally cause damage to the company  Recklessly cause damage to the company  Personal financial gain  Sale of trade secrets  Sale of financial or other insider information  Sale of authorization/access codes and/or knowledge of the system

 Promote information security as an organizational goal  Obtain top level support for making information security a priority  Implement proper access and authorization controls  Change access and authorization controls on a regularly scheduled basis  Monitor employee access records  Deprovision user access as appropriate

 Federal and state governments protect 3 rd parties  Require implementation of security and confidentiality procedures and technology  Require strict access control policies, including deprovisioning policies  Require monitoring of employee access  Require reporting of unauthorized disclosures, access and/or breach