Presentation is loading. Please wait.

Presentation is loading. Please wait.

Aramco Information Assurance Policy

Published byCharlene Singleton Modified over 7 years ago

Similar presentations

Presentation on theme: "Aramco Information Assurance Policy"— Presentation transcript:

1 Aramco Information Assurance Policy
Mohammad bin Fahd University College of Business Introduction to Information Assurance MISY3321 Sec 201 Aramco Information Assurance Policy Name: Doha J. AL-Mohsen ID #

2 Table of continent Type of organization and what type of information it keeps Organization Information Assurance Policy Any lost or miss use of Information Conclusion

3 Officially the Saudi Arabian Oil Company, is the state-owned national oil company of Saudi Arabia.
and 80% more valuable than ExxonMobil

4 Organization activities
Exploration Drilling Refining and Chemicals

5 Company principle (SoD Segregation of Duties) is the concept of having more than one person required to complete a task. In business the segregation by sharing of more than one individual in one single task shall prevent from fraud and error, The concept is alternatively called separation of duties

6 Biz Right ® … to maintain this principle the I.T department depend a software application Called “Biz Right ®” it is a software application that is report S.A.P (System Access Program ) roles of the organization, the places these roles access or “Try to access”, number of access attempts , if the software recognized a non-authorized access then the user will be subject to Investigation.

7 AP&SD Accounting operations Payroll operations
Payroll operations Financial systems divisions Pay roll & benefits Financial accounting Treasury Capital programs Treasury Services department. Banking operations divisions Cash management & Investments

8 Organization Information Assurance Policy
The organization policies: The organization policies strongly warns of password sharing among the members of the organization or to persons outside the organization, when violation is happened then investigation over the violator is due. Keeping the ID card in Usage restrict to and only for the employee, when losing the card employee may subject to termination from service. Shutting off the PCs after using as well as bringing non-authorized PCs is totally prohibited. Using Intranet and Internet for non-Business purposes is totally prohibited , it subject the violator to termination from duty.

9 Any lost or miss use of Information:
It happened that some manipulation of Information regarding to the employees financial-related accounts, In which resulted in sever misapprehension operations, using authorized access by employee or using USPs and CDs to extract information’s needed to manipulate cash position.

10 Conclusion The head of the Information securities unit in the AP&SD explicate that the Biz Right ® :” is not an efficient software to keep track of roles access “ he says , and the reason why “ All that application does is reporting the access of each role in terms of how many times and where the user to access, but there is no indicates of from where the user and it cannot prevent the unauthorized access of the user “

Download ppt "Aramco Information Assurance Policy"

Similar presentations

OPERATING EFFECTIVELY AT WESD. What is Internal Control? A process designed to provide reasonable assurance the organizations objectives are achieved.

OPERATING EFFECTIVELY AT WESD. What is Internal Control? A process designed to provide reasonable assurance the organizations objectives are achieved.
BUSINESS B2 Ethics.

BUSINESS B2 Ethics.
Woodland Hills School District Computer Network Acceptable Use Policy.

Woodland Hills School District Computer Network Acceptable Use Policy.
Chapter 4 Global Analysis

Chapter 4 Global Analysis
Government Databases and You or How I Learned to Stop Worrying and Love Information Loss. By Patrick Fahey Mis 304.

Government Databases and You or How I Learned to Stop Worrying and Love Information Loss. By Patrick Fahey Mis 304.
Module 2 Segregation of Duties Case Study Individual Assignment

Module 2 Segregation of Duties Case Study Individual Assignment
Internal Control Concepts A Guide for Deans, Directors, and Department Chairs.

Internal Control Concepts A Guide for Deans, Directors, and Department Chairs.
Chapter 10 Information Systems Management. Agenda Information Systems Department Plan the Use of IT Manage Computing Infrastructure Manage Enterprise.

Chapter 10 Information Systems Management. Agenda Information Systems Department Plan the Use of IT Manage Computing Infrastructure Manage Enterprise.
COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.

COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
What is it? A set of rules that restricts the ways in which a network, website or system may be used. New members are usually asked to sign an AUP before.

What is it? A set of rules that restricts the ways in which a network, website or system may be used. New members are usually asked to sign an AUP before.
Achieving our mission Presented to Line Staff. INTERNAL CONTROLS What are they?

Achieving our mission Presented to Line Staff. INTERNAL CONTROLS What are they?
The University of California Strengthening Business Practices: The Language of Our Control Environment Dan Sampson Assistant Vice President Financial Services.

The University of California Strengthening Business Practices: The Language of Our Control Environment Dan Sampson Assistant Vice President Financial Services.
INTERNET and CODE OF CONDUCT

INTERNET and CODE OF CONDUCT
Control and Accounting Information Systems

Control and Accounting Information Systems
PASBO Conference 3/14/2007 1 School District Business Operations – Efficiencies and Internal Controls Matthew J. Malinowski Business Manager Susquehanna.

PASBO Conference 3/14/ School District Business Operations – Efficiencies and Internal Controls Matthew J. Malinowski Business Manager Susquehanna.
EFFECT OF CORPORATE IT POLICIES ON OTHERWISE PRIVILEGED COMMUNICATIONS Prepared by Joel P. Hoxie of Snell & Wilmer November 2010 Presented by: Jon Barton.

EFFECT OF CORPORATE IT POLICIES ON OTHERWISE PRIVILEGED COMMUNICATIONS Prepared by Joel P. Hoxie of Snell & Wilmer November 2010 Presented by: Jon Barton.
WEEK 1 INTRODUCTION Interpret Financial Information.

WEEK 1 INTRODUCTION Interpret Financial Information.
Enterprise Risk Management Chapter One Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc. 2007.

Enterprise Risk Management Chapter One Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc
Management Advisory and Compliance Services Towson University Management Advisory and Compliance Services Internal Controls.

Management Advisory and Compliance Services Towson University Management Advisory and Compliance Services Internal Controls.

Similar presentations

Ads by Google