Upload
tanmay-shinde
View
222
Download
2
Embed Size (px)
DESCRIPTION
ISO 27001 - information security user awareness training presentation -part 2.
Citation preview
iFour Consultancy
Security awareness seminar
An introduction to ISO27k
Part 2
Security incidents cause What is risk? Risk relationships Threat agent Motive Threat type and Example Compliance Objectives of Compliance SOX Where SOX is Applicable BASEL II
Agenda
http://www.ifour-consultancy.com Software outsourcing company in India
Security incidents cause
• IT downtime, business interruption• Financial losses and costs• Devaluation of intellectual property• Breaking laws and regulations, leading to prosecutions, fines and
penalties• Reputation and brand damage leading to loss of customer, market,
business partner or owners’ confidence and lost business• Fear, uncertainty and doubt
http://www.ifour-consultancy.com Software outsourcing company in India
What is risk?
• Risk is the possibility that a threat exploits a vulnerability in an information asset, leading to an adverse impact on the organization
• Threat: something that might cause harm• Vulnerability: a weakness that might be exploited• Impact: financial damage etc.
http://www.ifour-consultancy.com Software outsourcing company in India
Risk relationships
http://www.ifour-consultancy.com Software outsourcing company in India
Threat agent
The actor that represents, carries out or catalyzes the threat• Human• Machine• Nature
http://www.ifour-consultancy.com Software outsourcing company in India
Motive
• Something that causes the threat agent to act
• Implies intentional/deliberate attacks but some are accidental
http://www.ifour-consultancy.com Software outsourcing company in India
Threat type and Example
http://www.ifour-consultancy.com Software outsourcing company in India
So how do we secure our information assets?
9http://www.ifour-consultancy.com Software outsourcing company in India
Compliance
What is Compliance?Act or process of meeting specific standards with a desire, demand or proposalCompliance represents following in detail
set of lawsRegulationsRulesPractices
The role of the compliance in banks is to ensure that the rules/ regulations are appropriately incorporated in bank’s internal processes and that each functionary, right from the top to the bottom, appreciates the value of compliance
http://www.ifour-consultancy.com Software outsourcing company in India
Compliance
Banking Compliance
Internal compliance
Internal Policies
Applicable to all employeesank
Regulatory & Legal Compliance
Laws and Standards
Applicable to the bank as a whole
http://www.ifour-consultancy.com Software outsourcing company in India
Objectives of Compliance
Prudential—to reduce the level of risk to which clients are exposed
Systemic risk reduction—to reduce the risk of disruption
Avoid misuse of system—to reduce the risk of system being used for criminal purposes
To protect confidentiality
It may also include rules about treating customers fairly and having corporate social responsibility (CSR)
http://www.ifour-consultancy.com Software outsourcing company in India
Objectives of Compliance
Ensures orderliness
Preventing chaos in systems
Dedicated framework for overseeing the implementation of directions/guidelines issued by the Regulator/supervisor
Ensure that there is a process to promptly respond to and redress the anomalies
http://www.ifour-consultancy.com Software outsourcing company in India
SOX SOX: Sarbanes–Oxley Act also known as “Corporate and Auditing Accountability and Responsibility
Act”
SOX, is a United States federal law that set new or enhanced standards for all U.S. public company boards, management and public accounting firms
Act Contains 11 Sections and Major Elements Corporate board responsibilities to criminal penalties, Auditor independence, Corporate governance, Fraud and Enhanced financial disclosure
http://www.ifour-consultancy.com Software outsourcing company in India
Where SOX is Applicable
• (a) All public companies in the US
• (b) international companies that have registered equity or debt securities with SEC
• The Accounting firms that provide auditing services to (a) and (b)
• It does not apply to privately companies
• Act is administered by the Securities and Exchange Commission (SEC)
• SEC deals with compliance, rules and requirements
• The Act also created The Public Company Accounting Oversight Board (PCAOB)
http://www.ifour-consultancy.com Software outsourcing company in India
BASEL II
“A set of banking regulations put forth by the Basel Committee on Bank Supervision, which regulates
finance and banking internationally.”
http://www.ifour-consultancy.com Software outsourcing company in India
http://www.ifour-consultancy.com Software outsourcing company in India