Kevin Casady Hanna Short BJ Rollinson.  Centralized and Structured collection of data stored in a computer system  An electronic filing system  Easy.

Slides:

Advertisements

Similar presentations

Presented by Nikita Shah 5th IT ( )

Advertisements

CLEARSPACE Digital Document Archiving system INTRODUCTION Digital Document Archiving is the process of capturing paper documents through scanning and.

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

Enabling Responsible International Workplaces New FFC Partnership Model.

Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

8 - 1 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Audit Planning and Analytical Procedures Chapter 8.

Auditing Computer Systems

Information Systems Audit Program. Benefit Audit programs are necessary to perform an effective and efficient audit. Audit programs are essentially checklists.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Security Controls – What Works

Course ILT Security overview Unit objectives Discuss network security Discuss security threat trends and their ramifications Determine the factors involved.

SECURITY What does this word mean to you? The sum of all measures taken to prevent loss of any kind.

Changing the Economics of Innovation

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

Risks, Controls and Security Measures

Chapter 10 Information Systems Management. Agenda Information Systems Department Plan the Use of IT Manage Computing Infrastructure Manage Enterprise.

Steps to Compliance: Risk Assessment PRESENTED BY.

Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.

Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

New Data Regulation Law 201 CMR TJX Video.

E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

Information Security Technological Security Implementation and Privacy Protection.

Solution Overview for NIPDEC- CDAP July 15, 2005.

General Awareness Training

1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.

MnSCU Audit Reports Presentation to the MnSCU Audit Committee Office of the Legislative Auditor September 21, 2004.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Database  A database is an organized collection of data for one or more purposes, usually in digital form. The data are typically organized to model.

Information Systems Security Computer System Life Cycle Security.

DATABASE UTILITIES. D ATABASE S YSTEM U TILITIES In addition to possessing the software modules most DBMSs have database utilities that help the DBA in.

Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #6 Forensics Services September 10, 2007.

Computing Essentials 2014 Privacy, Security and Ethics © 2014 by McGraw-Hill Education. This proprietary material solely for authorized instructor use.

Security Architecture

Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.

OVERVIEW OF INFORMATION SYSTEM (IS) AUDITING NORHAFIZAH BINTI ABDUL MUDALIP YAP YONG TECK TAN YUAN JUE TAY QIU JIE GROUP MEMBER:

Security considerations for mobile devices in GoRTT

Chapter 6 of the Executive Guide manual Technology.

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.

H UMAN R ESOURCES M ANAGEMENT Beki Webster Director, HR, Intelligence Systems Division Northrop Grumman Information Systems July 31, 2009.

OCTAVE-S on TradeSolution Inc.. Introduction Phase 1: Critical Assets and threats Phase 2: Critical IT Components Phase 3: Changes Required in current.

The State of Computer & Data Security in Corporations Independent Survey.

Cloud Computing Presented by Alicia Wallis and Kerri Warf.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.

By Stephanie Wood And Nedziba Bubregovic.  A very large collection of data  A database management system is a software package designed to store and.

Chapter 2 Securing Network Server and User Workstations.

IT Security Policy: Case Study March 2008 Copyright , All Rights Reserved.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.

Understand Audit Policies LESSON Security Fundamentals.

Woodland Hills School District Computer Network Acceptable Use Policy.

WESTERN PA CHAPTER OF THE AMERICAN PAYROLL ASSOCIATION – NOVEMBER 4, 2015 Risk Management for Payroll.

Computer Security Sample security policy Dr Alexei Vernitski.

Managed IT Services JND Consulting Group LLC

1© Copyright 2012 EMC Corporation. All rights reserved. Next Generation Authentication Bring Your Own security impact Tim Dumas – Technology Consultant.

IT Audit for non-IT auditors Cornell Dover Assistant Auditor General 31 March 2013.

Information Security and Privacy in HRIS

EAST AFRICAN DATA HANDLERS DATA SECURITY/MOBILITY

Password Escrow Service

BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT

Answer the questions to reveal the blocks and guess the picture.

INFORMATION SYSTEMS SECURITY and CONTROL

Reengineering the Audit with Blockchain and Smart Contracts

PLANNING A SECURE BASELINE INSTALLATION

Securely run and grow your business

Protect data in core business applications

Woodland Hills School District

Presentation transcript:

Kevin Casady Hanna Short BJ Rollinson

 Centralized and Structured collection of data stored in a computer system  An electronic filing system  Easy access to information

 Provide a convenient means of storing large amounts of data.  Quick access to information allowing for sorting, searching, viewing and manipulating.  Efficiency.

 Enterprise Resource Planning - ERP is an application system that integrates a company’s business processes and financial data in one platform.  Massive Database that encompasses the entire business operations.

 There is a shortage of staff members trained in ERP security.  Implementers pay inadequate attention to ERP security during deployment.  ERP tools for security audit are inadequate.  The customization of ERP systems to firms inhibits the development of standardized security solutions.

 Data loss can cost a company significant losses in revenue, integrity, and bring on unwanted litigation.  As noted in a 2007 survey, 85 percent of businesses have experienced a data security breach.  The estimated breaches have cost US $182 per compromised record.  Data breaches remain the leading cause of financial losses.  A survey conducted in 2007 revealed that 40 percent of companies are not monitoring their databases for suspicious activity.  Privacy Rights Clearinghouse.

 External ◦ Gaining access from outside the company.  Internal ◦ Employee who should not have access, gains access ◦ Employee abuses their access privileges Computer Crime and Security Survey: ◦ Insider abuse of net access- 59 percent ◦ Unauthorized access to information- 25 percent ◦ Theft of customer or employee data- 17 percent

 Perimeter Controls ◦ Keep people on the outside from gaining access.  User identity and access management ◦ Who is allowed to do what. ◦ Ensure things are as they are supposed to be.  Application systems ◦ Independent audit software tools.  Privileged Users ◦ Physical and logical controls within and outside their sphere of operational control are needed to provide evidence of their actions.

 Review prior report if there is one.  Obtain important information from database environment  Talk to database administrators  Identify significant risks and key controls that mitigate these risks.

 Security patches are applied in a timely manner.  Processes are in place to regularly monitor security on the system.  Operating system is secured and database files are protected (passwords, permissions, encryption)  The database server is physically protected (located in a secure location)

 Users are restricted to information required to perform job.  Assure that backup and recovery strategies exist.  Controls are in place to keep database information secure over the network.

 After testing, the auditor may send out a questionnaire to ensure that their test results are aligned the internal auditor findings.

 Nair, Sushila. The Art of Database Monitoring  Le Grand, Charles & Sarel, Dan. Database Security, Compliance, and Audit  Musaji, Yusuf. ERP Post Implementation Problems  ISACA. Oracle Database Security, Audit and Control Features.  Stephens, Richard. Importance of Database Uptime. July hop/citmla.htm