Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 SOFTWARE & IT’S SECURITY ISSUES & PROFESSIONAL OPPORTUNITIES ____________________ CA. RAMESHA SHETTY FCA, MBA, DISA, CISA(USA)

Published byShon Watson Modified over 9 years ago

Similar presentations

Presentation on theme: "1 SOFTWARE & IT’S SECURITY ISSUES & PROFESSIONAL OPPORTUNITIES ____________________ CA. RAMESHA SHETTY FCA, MBA, DISA, CISA(USA)"— Presentation transcript:

1 1 SOFTWARE & IT’S SECURITY ISSUES & PROFESSIONAL OPPORTUNITIES ____________________ CA. RAMESHA SHETTY FCA, MBA, DISA, CISA(USA)

2 AREAS 2 - Back up of Data - Anti Virus - Blue tooth Security - MS Outlook - Password Rules - Security Awareness & Training - Mobile Computing - PDF - Digital Signatures - CAAT’s - Benefits of Tally - Internet Security - Websites

3 BACKING UP DATA 3  Loss due to-  Physical Failure  Floppy disks, CD’s  Power failure or spikes  Virus Attacks  Why you should back up of data  Back up of data from Phone

4 4

5 Anti Virus 5  Viruses can spoil - Functionality of your machines Precautions – - Faulty configuration - update all time  Helps to provide-  Data Confidential and secure  Surf uptodate information  Real time virus updates  Scan you PC’s and systems, etc.

6 Bluetooth Security 6  WIRELESS TECHNOLOGY  Merits –  Ease of Access  Security & Control  Free Access(capability)  Speed – 1mb ps rate  Risks-  Bluejacking  Bluesnarfing

7 PDF 7  Printer Drivers  Choose to create a PDF document  Printed Electronically  Digital Signatures  Reconvert back into Word, Excel or PPT

8 8

9 DIGITAL SIGNATURES 9  An electronic signature  Cannot be repudiate  Cannot be altered  Integrity  Legally Enforceable

10 CAATs 10  CAATs are computer programs and data that the auditor uses as part of the audit procedures to process data of audit significance, contained in an entity's information systems.  Important tools for auditor in performing audits.  Used in performing various auditing procedures  CAATs allow the auditor to:  Gain access to data without dependence on the client  Test reliability of client software, and  Perform audit tests more efficiently

11 Impracticability of Manual Tests 11  Some audit procedures may not be possible to perform manually because they rely on complex processing (for example, volumnious transactions/analysis) or involve amounts of data that would overwhelm any manual procedure.  Many computer information systems perform tasks for which no hard copy evidence is available  Lack of hard copy evidence may occur at different stages in the business cycle.

12 Impracticability of Manual Tests 12  Some transactions, such as discounts and interest calculations, may be generated directly by computer programs with no specific authorization of individual transactions.  System may not produce a visible audit trail providing assurance as to completeness and accuracy of transactions processed.  For example, a computer program might match delivery notes and suppliers’ invoices.  Programmed controlled procedures, such as checking customer credit limits, may provide hard copy evidence only on an exception basis.  System may not produce hard copy reports.  Printed report may contain only summary totals while computer files retain the supporting details

13 Usage of CAATs 13  Tests of details of transactions/balances  Example: Use of audit software for recalculating interest or the extraction of invoices over a certain value from computer records;  Tests of general controls  Example: Testing set-up or configuration of operating system or access procedures to program libraries or by using code comparison software to check that version of the program in use is version approved by management

14 Usage of CAATs 14  Analytical procedures  Example: Identifying inconsistencies or significant fluctuations  Sampling programs to extract data for audit testing  Example: identifying specific invoices for vouching based on random sample/value  Re-performing calculations performed by the entity’s accounting systems  Example: Re-computation of Income tax, interest, balancing

15 Considerations in Use of CAATs 15  IT knowledge, expertise and experience of the audit team  Availability of CAATs and suitable computer facilities and data  Impracticability of manual tests  Effectiveness and efficiency and  Time constraints

16 Effectiveness and Efficiency 16  Effectiveness and efficiency of auditing procedures may be improved by using CAATs to obtain and evaluate audit evidence. CAATs are often an efficient means of testing a large number of transactions or controls over large populations by:  Analyzing and selecting samples from a large volume of transactions  Applying analytical procedures; and  Performing substantive procedures.

17 MS Outlook 17  You should create a logical folder structure in which to store your messages  One method for keeping messages organized and the Inbox uncluttered is to move a message out of the Inbox as soon as you have dealt with it  Rather than manually filing messages, you can create rules that specify how Outlook should process and organize them  Each rule includes three parts: the conditions that determine if a message is to be acted on, the actions that should be applied to qualifying messages, and any exceptions that remove a message from the qualifying group

18 MS Outlook 18  Back up

19 19

20 20

21 21

22 22

23 Password – Better Way  One-way encrypted using a strong algorithm  Never displayed (except ***)  Never written down and retained near terminal or in desk  Passwords should be changed every 30 days, by notifying user in advance  A history of passwords should prevent user from using same password in 1 year  Passwords should be >= 8 characters, including 3 of: alpha, numeric, upper/lower case, and special characters  Passwords should not be identifiable with user, e.g., family member or pet name 23

24 Security Awareness & Training  Training covers what is expected of employees  Why policy & procedures  How is policy enforced?  New employee orientation  Determine effectiveness by interviewing employees 24

25 Mobile Computing  Engrave a serial number and company name/logo on laptop using engraver or tamper-resistant tags  Back up critical/sensitive data  Use cable locking system  Encrypt sensitive files  Allocate passwords to individual files  Consider if password forgotten or person leaves company…?  Establish a theft response team for when a laptop is stolen.  Report loss of laptop to police  Determine effect of lost or compromised data on company, clients, third parties 25

26 Internet Fraud – Bank A/c 26 PhishingVishing Thru e-mail:- -Unsuspecting customers are sent e- mails that look similar to the authentic e-mails sent by their bank -The customers are asked to click on a link in these e-mails, which takes them to fake website that resembles their bank’s website -They are then asked to key in their confidential banking details like use id’s, pw, etc on the fake website Thru phone:- -Fraudsters posing as bank officials call up customers and ask them for their confidential banking details under some pretext. -The customers part with the details, believing that the call is from a genuine bank official

27 Internet Fraud - Bank A/c 27 Once the requested information is received, the fraudster uses it to carry out online financial transactions on the customers account Precautions- - Change your internet banking password immediately -Call your customer care and inform -Lodge complaint Remember no bank ask for your confidential information thru email, SMS or phone

28 Security - Good tips… 28  If you shop online:  Look for the padlock.  Look for https.www (website address) this indicates a secure site.  Don’t enter personal information if you don’t know the site is secure.

29 Important Internet Facts  Anyone can publish information on the Internet.  You are responsible for evaluating the information you find. 29

30 Tips for Evaluating Websites 30 Ask yourself these two questions:  Who wrote or published the information?  Is this author or publisher a reliable source of information?

31 TALLY - Remote Access 31

32 Remote Access 32  Connect to clients data from your office or anywhere  Use Audit Features at clients office also  Use full audit capabilities from any system – even on an evaluation version of Tally  No risk of data theft – both systems are Internet clients  Both user’s Tally data is hack proof  Use your local printer for printing any report  Customisations and changes done by client automatically reflect on your system

33 TALLY – Audit Tools 33  Tax Audit  44AB Audit  Form 3CD  Statutory Audit  Data Analysis  Auditing  Schedule VI reports  Statutory Compliance

34 34 Tax Audit - 44AB Audit Clause 16: Bonus, PF, ESI Recoveries Clause 17(h): Amounts inadmissible u/s 40A(3) Clause 18 Payments to Specified Persons Clause 21: Payment under section 43B Employer’s Contribution TDS Service tax VAT Clause 24(a): Loans/Deposits accepted Clause 24(b) Loans/Deposits Repaid Clause 27: Tax Deducted at source Annexure II - Fringe Benefit Tax Form 3CD – create, save, print Complete Form as approved by the IT Department Annexure to Form 3CD

35 TALLY 35  Statutory Compliance tool  VAT/CST  Verification of Ledgers  Verification of Vouchers  Service Tax  Verification of Ledgers  Verification of Vouchers  TCS  Verification of Ledgers  Verification of Vouchers

36 36 PROFESSIONAL OPPORTUNITIES

37 A. Process Review/Audit: 37  IT / Security Policy /Procedures  System administration  Database Administration  Security Administration  Change management  Backup & Restoration procedures  BCP/DR  Alternate delivery channels like ATM, Internet banking  Vendor management/SLA  Inventory management  Help Desk Function

38 B. Security review/Audit 38  Application security  Network Security  Database security  Vulnerability assessment of Critical servers  External non intrusive Penetration Testing of critical equipments-  Physical & Environment controls

39 Others 39 C. Concurrent audit & Systems Audit:  Migration audit  Physical & Environment controls D. Data Mining: Analysis – bank what is the no. of accounts/warehouse facilities across the country E. Fraud & Forensic accounting E. XBRL

40 Empanelment Opportunities 40  All Nationalised and other banks  Due Diligence  ERP – SAP/Peoplesoft Consultants  Tally Consultants – There are reports available for tax audit, etc  Sarbanes Oxley Act and Clause 49 of the listing requirements  Business Process Re-engineering - ERP Consulting, IT Governance  Systems Audit of Stock Brokers of NSE/ BSE.  Computer Emergency Response Team of India (CERT-In) has recognized the D.I.S.A. (ICAI) qualification for empanelment of IS Auditors.  SEBI – Mutual fund audits  IRDA

41 COURSES 41 Course Available after DISA:  CISA  CISM  CEGEIT  CISSP  CFE  G-SEC

Download ppt "1 SOFTWARE & IT’S SECURITY ISSUES & PROFESSIONAL OPPORTUNITIES ____________________ CA. RAMESHA SHETTY FCA, MBA, DISA, CISA(USA)"

Similar presentations

Computer and Mobile Device Equipment Security Brief May 29, 2008 Presented by: Kevin G. Sutton, Chief, Information Technology Unit.

Computer and Mobile Device Equipment Security Brief May 29, 2008 Presented by: Kevin G. Sutton, Chief, Information Technology Unit.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Audit Features on Tally9.ERP Together we Can. Work of Audit at Chartered Accountants Office  Audit Planning  Co-ordination with the Client for Start.

Audit Features on Tally9.ERP Together we Can. Work of Audit at Chartered Accountants Office  Audit Planning  Co-ordination with the Client for Start.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA.

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
ITAuditing Using GAS & CAATs

ITAuditing Using GAS & CAATs
BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.

BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.
Auditing Concepts.

Auditing Concepts.
Auditing Computer-Based Information Systems

Auditing Computer-Based Information Systems
Discussion on SA-500 – AUDIT EVIDENCE

Discussion on SA-500 – AUDIT EVIDENCE
Auditing Computer Systems

Auditing Computer Systems
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
The Islamic University of Gaza

The Islamic University of Gaza
©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 1 - 1 The Demand for Audit and Other Assurance Services Chapter 1.

©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder The Demand for Audit and Other Assurance Services Chapter 1.
Chapter 10: Auditing the Expenditure Cycle

Chapter 10: Auditing the Expenditure Cycle
Security Controls – What Works

Security Controls – What Works
Secure Electronic Data Communications and Transactions.

Secure Electronic Data Communications and Transactions.
Developing a Records & Information Retention & Disposition Program:

Developing a Records & Information Retention & Disposition Program:
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.

1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.
Network security policy: best practices

Network security policy: best practices

Similar presentations

Ads by Google