Professional Documents
Culture Documents
by
K. Atique e- Rabbani, B Tech (Hons), UK, FCA
Information Security
Issues that impact an Accountant
Information Security
Issues that impact an Accountant
Preamble
Information Security
Issues that impact an Accountant
Index
The best Security cant help the most nave
user (1 slide)
For Information Security one cannot also
completely lock away information Obama
gets to keep his blackberry (2 slides)
Information Security (InfoSec) breach stories
(Obama, Bank of New York Mellon) (4 slides)
Introduction to Information Security (3 slides)
4
Information Security
Issues that impact an Accountant
Index -2
Core Principles of Information Security CIA
(1 slide)
Confidentiality (1 slide)
Integrity (2 slides)
Availability - (2 slides)
Information Security
Issues that impact an Accountant
Index -3
Information Security
Information Security
Information Security
Information Security
Issues that impact an Accountant
Stories/ Facts
An embarrassed State Department admitted
that the passport files of all three presidential
candidates Sens. John McCain, Barack
Obama and Hillary Clinton have been
breached by its employees.
The bombshell announcement came within
hours of the admission that Obamas personal
file was improperly accessed several times in
2008 and no one was notified of the breach.
10
Information Security
Issues that impact an Accountant
Stories/ Facts -2
Criminal hackers are part of a very mature and
multi-billion dollar industry that reaches
around the world. No organization is immune
to the threat.
The Aug 2008 arrest of 11 alleged hackers
accused of stealing more than 40 million credit
and debit cards is still the largest hack ever.
US Dept of Justice brought charges against 11
alleged hackers from around the globe.
11
Information Security
Issues that impact an Accountant
Stories/Facts -3
An unencrypted backup tape with 4.5 million
customers of the Bank of New York Mellon
went missing on Feb. 27, 2008 after it was sent
to a storage facility.
The missing tape contained social security
numbers and bank account information on 4.5
million customers.
12
Information Security
Issues that impact an Accountant
Stories/Facts -4
In Aug 08, a former Countrywide Financial
Corp Senior Financial Analyst was arrested
and charged by the FBI for stealing and selling
sensitive personal information of an estd 2
million mortgage loan applicants.
He did it over a 2 yr period by downloading
20,000 customer profiles each week onto flash
drives, working on Sunday nights, when no
one else was in the office.
13
Information Security
Issues that impact an Accountant
Introduction
Information Security is not new.
Julius Caesar invented Caesar Cipher in c50 BC
to prevent his messages from falling into
wrong hands
What is new? - The ICT rock star has jumped in
with multitude of tentacles and promises of
nirvana, the heaven and the earth.
And as an aside also brought Information
Security nightmare.
14
Information Security
Issues that impact an Accountant
Introduction -2
Highly networked business environment is the
order of the day. This has pushed Information
Security to preeminence today.
Information is arguably among an enterprise's
most valuable assets.
Its protection from predators from both within
and outside has taken center stage as an IT
priority and indeed a business priority.
15
Information Security
Issues that impact an Accountant
Introduction -3
As a Finance Controller, as an Auditor, as a
CEO we breathe, live, rise and fall with
information.
The organizations we serve also breathe, live,
rise and fall with information ofcourse
secure, untampered, authentic information.
But the paradox is we need greater, more
convenient, from anywhere, on the fly access
to more and more secure information.
16
Information Security
Issues that impact an Accountant
17
Information Security
Issues that impact an Accountant
Confidentiality
Permitting someone to look over your
shoulder at your computer screen while you
have confidential data displayed on it could be
a breach of confidentiality.
Giving out confidential information over the
telephone is a breach of confidentiality if the
caller is not authorized to have the
information.
18
Information Security
Issues that impact an Accountant
Integrity
Integrity is compromised when an employee is
able to modify his own salary in a payroll
database or say when an unauthorized user
vandalizes a web site.
There are many ways in which integrity could
be violated without malicious intent.
In the simplest case, a user on a system could
mistype someone's address.
19
Information Security
Issues that impact an Accountant
Integrity -2
On a larger scale, if an automated process is
not written and tested correctly, bulk updates
to a database could alter data in an incorrect
way, leaving the integrity of the data
compromised.
Information security professionals are tasked
with finding ways to implement controls that
prevent errors of integrity.
20
Information Security
Issues that impact an Accountant
Availability
For any information system to serve its
purpose, the information must be available
when it is needed.
This means that the computing systems used
to store and process the information, the
security controls used to protect it, and the
communication channels used to access it
must be functioning correctly.
21
Information Security
Issues that impact an Accountant
Availability -2
High availability systems aim to remain
available at all times, preventing service
disruptions due to power outages, hardware
failures, and system upgrades.
Ensuring availability also involves preventing
denial-of-service attacks.
Some add possession, authenticity and utility
to CIA as three more atomic elements of
information.
22
Information Security
Issues that impact an Accountant
23
Information Security
Issues that impact an Accountant
24
Information Security
Issues that impact an Accountant
Information Security
Issues that impact an Accountant
Information Security
Issues that impact an Accountant
27
Information Security
Issues that impact an Accountant
Information Security
Issues that impact an Accountant
Information Security
Issues that impact an Accountant
Information Security
Issues that impact an Accountant
Information Security
Issues that impact an Accountant
Certifications
CISSP (Certified Information Systems Security
Professional), an international gold standard, is
given by ISC2 (International Information System
Security Certificate Consortium)
ISACA (www.isaca.org) introduced the Certified
Information Security Manager (CISM)
certification in 2002 for those who manage an
enterprises information security program.
There are other Information Security
certifications too see Appendix
32
Information Security
Issues that impact an Accountant
Certifications -2
We have included some part of what people
taking such certification learn about in
Appendix 2
ICT obviously constantly changes and these
certifications also has a two to three year shelf
life.
Such certification holders will need to be in
practice and always remain current
We need not all become InfoSec professionals
33
What is it?
An information security audit is an audit on the
level of information security in an organization.
Such audit can be of various types and with
various objectives
Audit focuses on physical, technical and
administrative controls of Information Security
Audit may be on physical security of data and
on logical security of databases
34
37
38
41
43
45
Information Security
Issues that impact an Accountant
Access Control
Application Security
46
Information Security
Issues that impact an Accountant
Cryptography
47
Information Security
Issues that impact an Accountant
Operations Security
Information Security
Issues that impact an Accountant
49
Information Security
Issues that impact an Accountant
50
Information Security
Issues that impact an Accountant
Cryptography
Appendix 3
Information Security
Issues that impact an Accountant
PKI
Appendix 4
Information Security
Issues that impact an Accountant
Appendix 5-1
Sl Certification
No Name
1
Certified
Information
Systems
Security
Professional
(CISSP)
Global
Information
Assurance
Certification
(GIAC)
Website
www.isc2.org
Information Security
Issues that impact an Accountant
Appendix 5-2
Sl Certification
No Name
3
The Certified
Information
Security
Manager
(CISM)
CompTIA
Security+
Certification
Website
www.isaca.org
54
Information Security
Issues that impact an Accountant
Appendix 5-3
Sl Certification
No Name
Website
Cisco
Certified
Security
Professional
(CCSP)
SEI
Certificate in
Information
Security
http://www.sei.cm
u.edu/training/certi
ficates/security/inf
osecurity.cfm
M Sc in Info
Security
www.cisco.com
www.mscinfosec.ad
astral.ucl.ac.uk 55
Information Security
Issues that impact an Accountant
56
Information Security
Issues that impact an Accountant
57
Information Security
Issues that impact an Accountant
The End
58