Professional Documents
Culture Documents
Agenda
Real-world Case Studies
Lessons Learnt
Fraud Risk Management
Fraud Investigation
Conclusions
Q&A
Speaker Profile - K. K.
Mookhey
Certifications
Corporate Espionage
Case Study 1
It could be in your
backyard!
Shoulder surfing
Phishing
Fake Book
Solutions
Increasing user awareness
Strong policies against misuse of end-point
systems
Strong monitoring controls
Personnel security controls
Run social engineering tests as part of your
audits
Albert Gonzalez
a/k/a segvec,
a/k/a soupnazi,
a/k/a j4guar17
Ukraine
New Jersey
California
IRC chats
March 2007: Gonzalez planning my second phase against
Hannaford
December 2007: Hacker P.T. thats how [HACKER 2] hacked
Hannaford.
$41 million to
Visa
$24 million to
Mastercard
$200 million in
fines/penalties
Solutions
Leveraging Technology
Data Leakage Prevention
Information Rights Management
Email Gateway Filtering
Security & Controls by Design
Identity & Access Control Management
Encryption
Business Intelligence Solutions
Revenue Assurance & Fraud Management
Solutions
Corruption
Misuse of customer data Personnel within or outside
the organization can obtain employee or customer data and
use such information to obtain credit or for other fraudulent
purposes.
Principle 1
Principle 2
Principle 3
Principle 4
Principle 5
Takeaways &
Conclusions
Takeaways
Conclusions
Governances Policies, Procedures and
Organizational Framework
Application Controls
Infrastructure Controls
1.
2.
3.
4.
5.
6.
7.
Server
Network
End-point
Q&A
Thank you!
K. K. Mookhey
Founder & Principal Consultant
kkmookhey@niiconsulting.com
www.niiconsulting.com
@kkmookhey
http://in.linkedin.com/kkmookhey