Presentation is loading. Please wait.

Presentation is loading. Please wait.

Kevin Casady Hanna Short BJ Rollinson.  Centralized and Structured collection of data stored in a computer system  An electronic filing system  Easy.

Published byPeter Payne Modified over 9 years ago

Similar presentations

Presentation on theme: "Kevin Casady Hanna Short BJ Rollinson.  Centralized and Structured collection of data stored in a computer system  An electronic filing system  Easy."— Presentation transcript:

1 Kevin Casady Hanna Short BJ Rollinson

2  Centralized and Structured collection of data stored in a computer system  An electronic filing system  Easy access to information

3  Provide a convenient means of storing large amounts of data.  Quick access to information allowing for sorting, searching, viewing and manipulating.  Efficiency.

4  Enterprise Resource Planning - ERP is an application system that integrates a company’s business processes and financial data in one platform.  Massive Database that encompasses the entire business operations.

5  There is a shortage of staff members trained in ERP security.  Implementers pay inadequate attention to ERP security during deployment.  ERP tools for security audit are inadequate.  The customization of ERP systems to firms inhibits the development of standardized security solutions.

6  Data loss can cost a company significant losses in revenue, integrity, and bring on unwanted litigation.  As noted in a 2007 survey, 85 percent of businesses have experienced a data security breach.  The estimated breaches have cost US $182 per compromised record.  Data breaches remain the leading cause of financial losses.  A survey conducted in 2007 revealed that 40 percent of companies are not monitoring their databases for suspicious activity.  Privacy Rights Clearinghouse. www.privacyrights.orgwww.privacyrights.org

7  External ◦ Gaining access from outside the company.  Internal ◦ Employee who should not have access, gains access ◦ Employee abuses their access privileges. 2007 Computer Crime and Security Survey: ◦ Insider abuse of net access- 59 percent ◦ Unauthorized access to information- 25 percent ◦ Theft of customer or employee data- 17 percent

8  Perimeter Controls ◦ Keep people on the outside from gaining access.  User identity and access management ◦ Who is allowed to do what. ◦ Ensure things are as they are supposed to be.  Application systems ◦ Independent audit software tools.  Privileged Users ◦ Physical and logical controls within and outside their sphere of operational control are needed to provide evidence of their actions.

9  Review prior report if there is one.  Obtain important information from database environment  Talk to database administrators  Identify significant risks and key controls that mitigate these risks.

10  Security patches are applied in a timely manner.  Processes are in place to regularly monitor security on the system.  Operating system is secured and database files are protected (passwords, permissions, encryption)  The database server is physically protected (located in a secure location)

11  Users are restricted to information required to perform job.  Assure that backup and recovery strategies exist.  Controls are in place to keep database information secure over the network.

12  After testing, the auditor may send out a questionnaire to ensure that their test results are aligned the internal auditor findings.

13  Nair, Sushila. The Art of Database Monitoring. 2008.  Le Grand, Charles & Sarel, Dan. Database Security, Compliance, and Audit. 2008.  Musaji, Yusuf. ERP Post Implementation Problems. 2005.  ISACA. Oracle Database Security, Audit and Control Features.  Stephens, Richard. Importance of Database Uptime. July 2007. http://www.liu.edu/cwis/cwp/library/works hop/citmla.htm

Download ppt "Kevin Casady Hanna Short BJ Rollinson.  Centralized and Structured collection of data stored in a computer system  An electronic filing system  Easy."

Similar presentations

Presented by Nikita Shah 5th IT ( )

Presented by Nikita Shah 5th IT ( )
CLEARSPACE Digital Document Archiving system INTRODUCTION Digital Document Archiving is the process of capturing paper documents through scanning and.

CLEARSPACE Digital Document Archiving system INTRODUCTION Digital Document Archiving is the process of capturing paper documents through scanning and.
CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Enabling Responsible International Workplaces New FFC Partnership Model.

Enabling Responsible International Workplaces New FFC Partnership Model.
Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.

Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
8 - 1 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Audit Planning and Analytical Procedures Chapter 8.

8 - 1 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder Audit Planning and Analytical Procedures Chapter 8.
Auditing Computer Systems

Auditing Computer Systems
Information Systems Audit Program. Benefit Audit programs are necessary to perform an effective and efficient audit. Audit programs are essentially checklists.

Information Systems Audit Program. Benefit Audit programs are necessary to perform an effective and efficient audit. Audit programs are essentially checklists.
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Security Controls – What Works

Security Controls – What Works
Course ILT Security overview Unit objectives Discuss network security Discuss security threat trends and their ramifications Determine the factors involved.

Course ILT Security overview Unit objectives Discuss network security Discuss security threat trends and their ramifications Determine the factors involved.
SECURITY What does this word mean to you? The sum of all measures taken to prevent loss of any kind.

SECURITY What does this word mean to you? The sum of all measures taken to prevent loss of any kind.
Changing the Economics of Innovation

Changing the Economics of Innovation
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Risks, Controls and Security Measures

Risks, Controls and Security Measures
Chapter 10 Information Systems Management. Agenda Information Systems Department Plan the Use of IT Manage Computing Infrastructure Manage Enterprise.

Chapter 10 Information Systems Management. Agenda Information Systems Department Plan the Use of IT Manage Computing Infrastructure Manage Enterprise.
Steps to Compliance: Risk Assessment PRESENTED BY.

Steps to Compliance: Risk Assessment PRESENTED BY.
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.

Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.

Similar presentations

Ads by Google