SlideShare una empresa de Scribd logo

Enterprise Information Systems Security: A Case Study in the Banking Sector

CONFENIS 2012
CONFENIS 2012

Peggy Chaudhry, Sohail Chaudhry, Kevin Clark, Darryl Jones, Enterprise Information Systems Security: A Case Study in the Banking Sector

Empresariales
1 de 24
Descargar para leer sin conexión
ENTERPRISE INFORMATION SYSTEMS SECURITY: A CASE STUDY IN THE BANKING SECTOR SEPTEMBER 20TH, 2012 CONFENIS - GHENT, BELGIUM Sohail Chaudhry, Peggy Chaudhry, Kevin Clark and Darryl Jones Villanova School of Business, Villanova, PA USA
Agenda  Introduction  Research Approach  Conceptual Model  Phase I – Banking Sector  Results  Future Research
Current Events
Have you had any cases of insider sabotage or IT security fraud conducted at your workplace? Source: Cyber-Ark Snooping Survey, April 2011, p. 3.
Research Approach  Focus: Enterprise Information Systems Security – Internal threats.  Literature Review & Development of Model.  Phase 1: Model tested via personal interviews of 4 senior information officers in a highly regulated industry – the Banking Industry.
Information Security Officers Interviewed Bank A Bank B Bank C Bank D • Public • Private, • Private, • Private, 8 100 70 years 15 years years Years • 20 Mil • 1.8 Bil • 550 Mil • 1.1 Bil USD in USD in USD in USD Assets assets assets Assets •2 • 13 • 10 • 11 Branches Branches Branches Branches
Federal Financial Institutions Examination Council (FFIEC) Security Process (e.g., Governance issues) Information Security Risk Assessment (e.g., steps in gathering information) Information Security Strategy (e.g., architecture considerations) Security Controls Implementation (e.g., access control) Security Monitoring (e.g., network intrusion detection systems) Security Process Monitoring and Updating
The Gramm-Leach-Bliley Act Access controls on customer information systems Access restrictions at physical locations containing customer information Encryption of electronic customer information Procedures to ensure that system modifications do not affect security. Dual control procedures, segregation of duties, and employee background checks Monitoring Systems to detect actual attacks on or intrusions into customer information systems Response programs that specify actions to be taken when unauthorized access has occurred. Protection from physical destruction or damage to customer information
Conceptual Framework Enterprise Information System Security Implementation Security Policy Security Access Top Level Awareness Control Management Support Corporate Governance
Pillar 1: Security Policy  Set rules for behavior  Define consequences of violations  Procedure for dealing with breach  Authorize company to monitor and investigate  Legal and regulatory compliance
Excerpt from interview: “Information Security Policy is not an option, it’s demanded from the top of the house on down, it’s board approved, accepted by regulators, and executed throughout the organization. ”
Pillar 2: Security Awareness  Continued education  Collective and individual activities  Formal classes, emails, discussion groups  Employee compliance
Excerpt from interview: “In training, we tell employees that we are tracking them, when we are not. It’s a deterrent. The fact is we have to use implied security in addition to actual security. ”
Pillar 3: Access Control  Limit information  Access linked to job function  Restrict information not relevant to position  Management of access rule changes
Have you ever accessed information on a system that was not relevant to your role? EMEA % US % C-Level % Yes 250 44% 243 28% 21 30% No 313 56% 616 72% 50 70% Grand Total 563 100% 859 100% 71 100% Source: Cyber-Ark Snooping Survey, April 2011, p. 2.
Do you agree that majority of recent security attacks have involved the exploitation of privileged account access? 24% 12% Agree 64% Disagree Not Sure Source: Cyber-Ark 2012 TRUST, SECURITY & PASSWORDS SURVEY, June 2012
Pillar 4: Top Level Management Support (TLMS)  Transparent support for policies and procedures  Engrain information security into company culture  Effective Communications
 “IT governance is a mystery to key decision-makers at most companies and that only about one-third of the managers’ surveyed understood how IT is governed at his or her company.”  Source: Weill, P., and Ross, J., “A Matrixed Approach to Designing IT Governance,” Sloan Management Review, 46(2), 2005, p. 26.
Phase 1 – The Banking Sector
Results  Overall, the Information Security Officers confirmed the main issues proposed in the conceptual model.  The four pillars, security policy, security awareness, access control, and TLMS were rated as extremely important for each of the interviewees.
Interview Content Analysis – Agreement
Interview Content Analysis - Dissonance
Future Research Phase II  Developing and administering a survey to a larger sample.  Seeking advice on potential sponsorship, professional affiliations that may be interested in working with us.
Thank You! Dankje! Merci! Danke!

Recomendados

Software security engineering
Software security engineeringSoftware security engineering
Software security engineeringaizazhussain234
 
IBM Security QRadar
IBM Security QRadar IBM Security QRadar
IBM Security QRadarVirginia Fernandez
 
Understanding das-nas-san
Understanding das-nas-sanUnderstanding das-nas-san
Understanding das-nas-sanAshwin Pawar
 
Cloud Security
Cloud SecurityCloud Security
Cloud SecurityAWS User Group Bengaluru
 
Cyberark training ppt
Cyberark training pptCyberark training ppt
Cyberark training pptAkhil Kumar
 
Server virtualization
Server virtualizationServer virtualization
Server virtualizationofsorganizer
 
Security Transformation Services
Security Transformation ServicesSecurity Transformation Services
Security Transformation Servicesxband
 
Cloud Computing - Introduction
Cloud Computing - IntroductionCloud Computing - Introduction
Cloud Computing - IntroductionDr. Sunil Kr. Pandey
 

Recomendados

Software security engineering
Software security engineeringSoftware security engineering
Software security engineeringaizazhussain234
 
IBM Security QRadar
IBM Security QRadar IBM Security QRadar
IBM Security QRadarVirginia Fernandez
 
Understanding das-nas-san
Understanding das-nas-sanUnderstanding das-nas-san
Understanding das-nas-sanAshwin Pawar
 
Cloud Security
Cloud SecurityCloud Security
Cloud SecurityAWS User Group Bengaluru
 
Cyberark training ppt
Cyberark training pptCyberark training ppt
Cyberark training pptAkhil Kumar
 
Server virtualization
Server virtualizationServer virtualization
Server virtualizationofsorganizer
 
Security Transformation Services
Security Transformation ServicesSecurity Transformation Services
Security Transformation Servicesxband
 
Cloud Computing - Introduction
Cloud Computing - IntroductionCloud Computing - Introduction
Cloud Computing - IntroductionDr. Sunil Kr. Pandey
 
CLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYCLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYMaganathin Veeraragaloo
 
Getting the most out of the Aruba Policy Enforcement Firewall
Getting the most out of the Aruba Policy Enforcement FirewallGetting the most out of the Aruba Policy Enforcement Firewall
Getting the most out of the Aruba Policy Enforcement FirewallAruba, a Hewlett Packard Enterprise company
 
Virtualization security threats in cloud computing
Virtualization security threats in cloud computingVirtualization security threats in cloud computing
Virtualization security threats in cloud computingNitish Awasthi (anitish_225)
 
The seminar report on cloud computing
The seminar report on cloud computingThe seminar report on cloud computing
The seminar report on cloud computingDivyesh Shah
 
Building a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsBuilding a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsShah Sheikh
 
Disaster Recovery using Azure Services
Disaster Recovery using Azure ServicesDisaster Recovery using Azure Services
Disaster Recovery using Azure ServicesAnoop Nair
 
SentinelOne XDR - Protección Endpoint-Cloud-identity.pdf
SentinelOne XDR - Protección Endpoint-Cloud-identity.pdfSentinelOne XDR - Protección Endpoint-Cloud-identity.pdf
SentinelOne XDR - Protección Endpoint-Cloud-identity.pdfWilber Edilson Coronado Loayza
 
Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Zscaler
 
CISSP Cheatsheet.pdf
CISSP Cheatsheet.pdfCISSP Cheatsheet.pdf
CISSP Cheatsheet.pdfshyedshahriar
 
VMware Presentation
VMware PresentationVMware Presentation
VMware PresentationEmirates Computers
 
Fortigate Training
Fortigate TrainingFortigate Training
Fortigate TrainingNCS Computech Ltd.
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
Building a Highly available messaging hub using the IBM MQ Appliance
Building a Highly available messaging hub using the IBM MQ ApplianceBuilding a Highly available messaging hub using the IBM MQ Appliance
Building a Highly available messaging hub using the IBM MQ ApplianceAnthony Beardsmore
 
SEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptxSEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptxAmrMousa51
 
Chapter 06: cloud computing trends
Chapter 06: cloud computing trendsChapter 06: cloud computing trends
Chapter 06: cloud computing trendsSsendiSamuel
 
Intro to Security in SDLC
Intro to Security in SDLCIntro to Security in SDLC
Intro to Security in SDLCTjylen Veselyj
 
Threat Modeling In 2021
Threat Modeling In 2021Threat Modeling In 2021
Threat Modeling In 2021Adam Shostack
 
Cloud computing
Cloud computingCloud computing
Cloud computingDebrajKarmakar
 
Cloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud ComputingCloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud ComputingJim Geovedi
 
Data Center Security
Data Center SecurityData Center Security
Data Center Securitydevalnaik
 
Information Security in the Banking Sector. A Case Study on UserLock
Information Security in the Banking Sector. A Case Study on UserLockInformation Security in the Banking Sector. A Case Study on UserLock
Information Security in the Banking Sector. A Case Study on UserLockIS Decisions
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecuritylearnt
 

Más contenido relacionado

La actualidad más candente

Virtualization security threats in cloud computing
Virtualization security threats in cloud computingVirtualization security threats in cloud computing
Virtualization security threats in cloud computingNitish Awasthi (anitish_225)
 
The seminar report on cloud computing
The seminar report on cloud computingThe seminar report on cloud computing
The seminar report on cloud computingDivyesh Shah
 
Building a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsBuilding a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsShah Sheikh
 
Disaster Recovery using Azure Services
Disaster Recovery using Azure ServicesDisaster Recovery using Azure Services
Disaster Recovery using Azure ServicesAnoop Nair
 
SentinelOne XDR - Protección Endpoint-Cloud-identity.pdf
SentinelOne XDR - Protección Endpoint-Cloud-identity.pdfSentinelOne XDR - Protección Endpoint-Cloud-identity.pdf
SentinelOne XDR - Protección Endpoint-Cloud-identity.pdfWilber Edilson Coronado Loayza
 
Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Zscaler
 
CISSP Cheatsheet.pdf
CISSP Cheatsheet.pdfCISSP Cheatsheet.pdf
CISSP Cheatsheet.pdfshyedshahriar
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
Building a Highly available messaging hub using the IBM MQ Appliance
Building a Highly available messaging hub using the IBM MQ ApplianceBuilding a Highly available messaging hub using the IBM MQ Appliance
Building a Highly available messaging hub using the IBM MQ ApplianceAnthony Beardsmore
 
SEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptxSEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptxAmrMousa51
 
Chapter 06: cloud computing trends
Chapter 06: cloud computing trendsChapter 06: cloud computing trends
Chapter 06: cloud computing trendsSsendiSamuel
 
Intro to Security in SDLC
Intro to Security in SDLCIntro to Security in SDLC
Intro to Security in SDLCTjylen Veselyj
 
Threat Modeling In 2021
Threat Modeling In 2021Threat Modeling In 2021
Threat Modeling In 2021Adam Shostack
 
Cloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud ComputingCloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud ComputingJim Geovedi
 
Data Center Security
Data Center SecurityData Center Security
Data Center Securitydevalnaik
 

La actualidad más candente (20)

CLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYCLOUD NATIVE SECURITY
CLOUD NATIVE SECURITY
 
Getting the most out of the Aruba Policy Enforcement Firewall
Getting the most out of the Aruba Policy Enforcement FirewallGetting the most out of the Aruba Policy Enforcement Firewall
Getting the most out of the Aruba Policy Enforcement Firewall
 
Virtualization security threats in cloud computing
Virtualization security threats in cloud computingVirtualization security threats in cloud computing
Virtualization security threats in cloud computing
 
The seminar report on cloud computing
The seminar report on cloud computingThe seminar report on cloud computing
The seminar report on cloud computing
 
Building a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS EnvironmentsBuilding a Cyber Security Operations Center for SCADA/ICS Environments
Building a Cyber Security Operations Center for SCADA/ICS Environments
 
Disaster Recovery using Azure Services
Disaster Recovery using Azure ServicesDisaster Recovery using Azure Services
Disaster Recovery using Azure Services
 
SentinelOne XDR - Protección Endpoint-Cloud-identity.pdf
SentinelOne XDR - Protección Endpoint-Cloud-identity.pdfSentinelOne XDR - Protección Endpoint-Cloud-identity.pdf
SentinelOne XDR - Protección Endpoint-Cloud-identity.pdf
 
Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?
 
CISSP Cheatsheet.pdf
CISSP Cheatsheet.pdfCISSP Cheatsheet.pdf
CISSP Cheatsheet.pdf
 
VMware Presentation
VMware PresentationVMware Presentation
VMware Presentation
 
Fortigate Training
Fortigate TrainingFortigate Training
Fortigate Training
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence Overview
 
Building a Highly available messaging hub using the IBM MQ Appliance
Building a Highly available messaging hub using the IBM MQ ApplianceBuilding a Highly available messaging hub using the IBM MQ Appliance
Building a Highly available messaging hub using the IBM MQ Appliance
 
SEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptxSEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptx
 
Chapter 06: cloud computing trends
Chapter 06: cloud computing trendsChapter 06: cloud computing trends
Chapter 06: cloud computing trends
 
Intro to Security in SDLC
Intro to Security in SDLCIntro to Security in SDLC
Intro to Security in SDLC
 
Threat Modeling In 2021
Threat Modeling In 2021Threat Modeling In 2021
Threat Modeling In 2021
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Cloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud ComputingCloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud Computing
 
Data Center Security
Data Center SecurityData Center Security
Data Center Security
 

Destacado

Information Security in the Banking Sector. A Case Study on UserLock
Information Security in the Banking Sector. A Case Study on UserLockInformation Security in the Banking Sector. A Case Study on UserLock
Information Security in the Banking Sector. A Case Study on UserLockIS Decisions
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecuritylearnt
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 pptvasanthimuniasamy
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 
chapter 8- Management Information Systems Managing the Digital Firm
chapter 8- Management Information Systems Managing the Digital Firmchapter 8- Management Information Systems Managing the Digital Firm
chapter 8- Management Information Systems Managing the Digital FirmMohamad Fathi
 
Auth shield information security solution provider for banking sector in india
Auth shield information security solution provider for banking sector in indiaAuth shield information security solution provider for banking sector in india
Auth shield information security solution provider for banking sector in indiaAuthShield Labs
 
Data Protection: We\'re In This Together
Data Protection: We\'re In This TogetherData Protection: We\'re In This Together
Data Protection: We\'re In This Togethermyeaton
 
Force.Com Business Case Building The Case For Force.Com Presentation
Force.Com Business Case Building The Case For Force.Com PresentationForce.Com Business Case Building The Case For Force.Com Presentation
Force.Com Business Case Building The Case For Force.Com PresentationAndre Thouin
 
Build A Business Case For IT Security - Dhananjay Rokde (Hotel_Digital_Securi...
Build A Business Case For IT Security - Dhananjay Rokde (Hotel_Digital_Securi...Build A Business Case For IT Security - Dhananjay Rokde (Hotel_Digital_Securi...
Build A Business Case For IT Security - Dhananjay Rokde (Hotel_Digital_Securi...XEventsHospitality
 
Business case for Information Security program
Business case for Information Security programBusiness case for Information Security program
Business case for Information Security programWilliam Godwin
 
CHED Information System Strategic Plan (ISSP)
CHED Information System Strategic Plan (ISSP)CHED Information System Strategic Plan (ISSP)
CHED Information System Strategic Plan (ISSP)Charlie Calimlim
 
Information security challenges in today’s banking environment
Information security challenges in today’s banking environmentInformation security challenges in today’s banking environment
Information security challenges in today’s banking environmentEvan Francen
 
NORM for Banking Intro
NORM for Banking IntroNORM for Banking Intro
NORM for Banking IntroGeorge Colwell
 
Building cross platfrom solutions for enterprise - the mobileshow- may 2014
Building cross platfrom solutions for enterprise - the mobileshow- may 2014Building cross platfrom solutions for enterprise - the mobileshow- may 2014
Building cross platfrom solutions for enterprise - the mobileshow- may 2014Kareem ElSayyed
 
Prozone Enterprise Content Management
Prozone Enterprise Content ManagementProzone Enterprise Content Management
Prozone Enterprise Content ManagementJasna Komatovic
 
Conichiwa Banking Solutions
Conichiwa Banking SolutionsConichiwa Banking Solutions
Conichiwa Banking SolutionsFrederik Metz
 
Solix Corporate Overview
Solix Corporate OverviewSolix Corporate Overview
Solix Corporate OverviewKunal Grover
 

Destacado (20)

Information Security in the Banking Sector. A Case Study on UserLock
Information Security in the Banking Sector. A Case Study on UserLockInformation Security in the Banking Sector. A Case Study on UserLock
Information Security in the Banking Sector. A Case Study on UserLock
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecurity
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 ppt
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
 
chapter 8- Management Information Systems Managing the Digital Firm
chapter 8- Management Information Systems Managing the Digital Firmchapter 8- Management Information Systems Managing the Digital Firm
chapter 8- Management Information Systems Managing the Digital Firm
 
Auth shield information security solution provider for banking sector in india
Auth shield information security solution provider for banking sector in indiaAuth shield information security solution provider for banking sector in india
Auth shield information security solution provider for banking sector in india
 
Data Protection: We\'re In This Together
Data Protection: We\'re In This TogetherData Protection: We\'re In This Together
Data Protection: We\'re In This Together
 
Force.Com Business Case Building The Case For Force.Com Presentation
Force.Com Business Case Building The Case For Force.Com PresentationForce.Com Business Case Building The Case For Force.Com Presentation
Force.Com Business Case Building The Case For Force.Com Presentation
 
Build A Business Case For IT Security - Dhananjay Rokde (Hotel_Digital_Securi...
Build A Business Case For IT Security - Dhananjay Rokde (Hotel_Digital_Securi...Build A Business Case For IT Security - Dhananjay Rokde (Hotel_Digital_Securi...
Build A Business Case For IT Security - Dhananjay Rokde (Hotel_Digital_Securi...
 
Business case for Information Security program
Business case for Information Security programBusiness case for Information Security program
Business case for Information Security program
 
CHED Information System Strategic Plan (ISSP)
CHED Information System Strategic Plan (ISSP)CHED Information System Strategic Plan (ISSP)
CHED Information System Strategic Plan (ISSP)
 
Information security challenges in today’s banking environment
Information security challenges in today’s banking environmentInformation security challenges in today’s banking environment
Information security challenges in today’s banking environment
 
NORM for Banking Intro
NORM for Banking IntroNORM for Banking Intro
NORM for Banking Intro
 
Building cross platfrom solutions for enterprise - the mobileshow- may 2014
Building cross platfrom solutions for enterprise - the mobileshow- may 2014Building cross platfrom solutions for enterprise - the mobileshow- may 2014
Building cross platfrom solutions for enterprise - the mobileshow- may 2014
 
Enliven CEM Banking Brochure
Enliven CEM Banking BrochureEnliven CEM Banking Brochure
Enliven CEM Banking Brochure
 
Prozone Enterprise Content Management
Prozone Enterprise Content ManagementProzone Enterprise Content Management
Prozone Enterprise Content Management
 
Conichiwa Banking Solutions
Conichiwa Banking SolutionsConichiwa Banking Solutions
Conichiwa Banking Solutions
 
Tools used in climate risk management policies
Tools used in climate risk management policies Tools used in climate risk management policies
Tools used in climate risk management policies
 
Solix Corporate Overview
Solix Corporate OverviewSolix Corporate Overview
Solix Corporate Overview
 
Buildtrack Banking solutions
Buildtrack Banking solutionsBuildtrack Banking solutions
Buildtrack Banking solutions
 

Similar a Enterprise Information Systems Security: A Case Study in the Banking Sector

The Federal Information Security Management Act
The Federal Information Security Management ActThe Federal Information Security Management Act
The Federal Information Security Management ActMichelle Singh
 
I Series User Management
I Series User ManagementI Series User Management
I Series User ManagementSJeffrey23
 
information security management
information security managementinformation security management
information security managementGurpreetkaur838
 
Data Security: What Every Leader Needs to Know
Data Security: What Every Leader Needs to KnowData Security: What Every Leader Needs to Know
Data Security: What Every Leader Needs to KnowRoger Hagedorn
 
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptxTop_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptxinfosec train
 
2013 Data Protection Maturity Trends: How Do You Compare?
2013 Data Protection Maturity Trends: How Do You Compare?2013 Data Protection Maturity Trends: How Do You Compare?
2013 Data Protection Maturity Trends: How Do You Compare?Lumension
 
Information Security Background
Information Security BackgroundInformation Security Background
Information Security BackgroundNicholas Davis
 
Information security background
Information security backgroundInformation security background
Information security backgroundNicholas Davis
 
Proactive information security michael
Proactive information security michael Proactive information security michael
Proactive information security michael Priyanka Aash
 
The Role of Information Security Policy
The Role of Information Security PolicyThe Role of Information Security Policy
The Role of Information Security PolicyRobot Mode
 
3 guiding priciples to improve data security
3 guiding priciples to improve data security3 guiding priciples to improve data security
3 guiding priciples to improve data securityKeith Braswell
 
Information Security Assessment Offering
Information Security Assessment OfferingInformation Security Assessment Offering
Information Security Assessment Offeringeeaches
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network SecurityJohn Ely Masculino
 
Securing And Protecting Information
Securing And Protecting InformationSecuring And Protecting Information
Securing And Protecting InformationLaura Martin
 
Dancyrityshy 1foundatioieh
Dancyrityshy 1foundatioiehDancyrityshy 1foundatioieh
Dancyrityshy 1foundatioiehAnne Starr
 
MUSE 2015 Product Showcase v2
MUSE 2015 Product Showcase v2MUSE 2015 Product Showcase v2
MUSE 2015 Product Showcase v2Chris Baldwin
 
1. Respond to other student Discussion Board providing additional
1. Respond to other student Discussion Board providing additional 1. Respond to other student Discussion Board providing additional
1. Respond to other student Discussion Board providing additional TatianaMajor22
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk ManagementDMIMarketing
 

Similar a Enterprise Information Systems Security: A Case Study in the Banking Sector (20)

The Federal Information Security Management Act
The Federal Information Security Management ActThe Federal Information Security Management Act
The Federal Information Security Management Act
 
I Series User Management
I Series User ManagementI Series User Management
I Series User Management
 
information security management
information security managementinformation security management
information security management
 
Data Security: What Every Leader Needs to Know
Data Security: What Every Leader Needs to KnowData Security: What Every Leader Needs to Know
Data Security: What Every Leader Needs to Know
 
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptxTop_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
 
2013 Data Protection Maturity Trends: How Do You Compare?
2013 Data Protection Maturity Trends: How Do You Compare?2013 Data Protection Maturity Trends: How Do You Compare?
2013 Data Protection Maturity Trends: How Do You Compare?
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
Information Security Background
Information Security BackgroundInformation Security Background
Information Security Background
 
Information security background
Information security backgroundInformation security background
Information security background
 
Proactive information security michael
Proactive information security michael Proactive information security michael
Proactive information security michael
 
The Role of Information Security Policy
The Role of Information Security PolicyThe Role of Information Security Policy
The Role of Information Security Policy
 
3 guiding priciples to improve data security
3 guiding priciples to improve data security3 guiding priciples to improve data security
3 guiding priciples to improve data security
 
Information Security Assessment Offering
Information Security Assessment OfferingInformation Security Assessment Offering
Information Security Assessment Offering
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network Security
 
Securing And Protecting Information
Securing And Protecting InformationSecuring And Protecting Information
Securing And Protecting Information
 
Dancyrityshy 1foundatioieh
Dancyrityshy 1foundatioiehDancyrityshy 1foundatioieh
Dancyrityshy 1foundatioieh
 
MUSE 2015 Product Showcase v2
MUSE 2015 Product Showcase v2MUSE 2015 Product Showcase v2
MUSE 2015 Product Showcase v2
 
1. Respond to other student Discussion Board providing additional
1. Respond to other student Discussion Board providing additional 1. Respond to other student Discussion Board providing additional
1. Respond to other student Discussion Board providing additional
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
 
5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management
 

Más de CONFENIS 2012

Enterprise systems in healthcare: leveraging what we know from other industr...
Enterprise systems in healthcare: leveraging what we know from other industr... Enterprise systems in healthcare: leveraging what we know from other industr...
Enterprise systems in healthcare: leveraging what we know from other industr...CONFENIS 2012
 
[Dutch] GeOS, het informatiehart van het dienstverleningscentrum Heilig Hart
[Dutch] GeOS, het informatiehart van het dienstverleningscentrum Heilig Hart [Dutch] GeOS, het informatiehart van het dienstverleningscentrum Heilig Hart
[Dutch] GeOS, het informatiehart van het dienstverleningscentrum Heilig Hart CONFENIS 2012
 
Understanding the role of knowledge management during the ERP implementation ...
Understanding the role of knowledge management during the ERP implementation ...Understanding the role of knowledge management during the ERP implementation ...
Understanding the role of knowledge management during the ERP implementation ...CONFENIS 2012
 
Effect of ERP implementation on the company efficiency - A Macedonian case
Effect of ERP implementation on the company efficiency - A Macedonian caseEffect of ERP implementation on the company efficiency - A Macedonian case
Effect of ERP implementation on the company efficiency - A Macedonian caseCONFENIS 2012
 
User perceptions, motivations and implications on ERP usage: An Indian Higher...
User perceptions, motivations and implications on ERP usage: An Indian Higher...User perceptions, motivations and implications on ERP usage: An Indian Higher...
User perceptions, motivations and implications on ERP usage: An Indian Higher...CONFENIS 2012
 
[Dutch] ICT & Ryhove: een geslaagd huwelijk?
[Dutch] ICT & Ryhove: een geslaagd huwelijk?[Dutch] ICT & Ryhove: een geslaagd huwelijk?
[Dutch] ICT & Ryhove: een geslaagd huwelijk?CONFENIS 2012
 
[Dutch] CRM en collaboration: een verstandshuwelijk of een LAT-relatie?
[Dutch] CRM en collaboration: een verstandshuwelijk of een LAT-relatie?[Dutch] CRM en collaboration: een verstandshuwelijk of een LAT-relatie?
[Dutch] CRM en collaboration: een verstandshuwelijk of een LAT-relatie?CONFENIS 2012
 
[Dutch] E-commerce en ERP
[Dutch] E-commerce en ERP[Dutch] E-commerce en ERP
[Dutch] E-commerce en ERPCONFENIS 2012
 
[Dutch] Sociale media en crisiscommunicatie
[Dutch] Sociale media en crisiscommunicatie[Dutch] Sociale media en crisiscommunicatie
[Dutch] Sociale media en crisiscommunicatieCONFENIS 2012
 
[Dutch] Zelf opstellen van bedrijfsprocessen - BPM & DMS: nieuwe manier van d...
[Dutch] Zelf opstellen van bedrijfsprocessen - BPM & DMS: nieuwe manier van d...[Dutch] Zelf opstellen van bedrijfsprocessen - BPM & DMS: nieuwe manier van d...
[Dutch] Zelf opstellen van bedrijfsprocessen - BPM & DMS: nieuwe manier van d...CONFENIS 2012
 
[Dutch] ICT-INSPIRATIEDAG - CONFENIS 2012
[Dutch] ICT-INSPIRATIEDAG - CONFENIS 2012[Dutch] ICT-INSPIRATIEDAG - CONFENIS 2012
[Dutch] ICT-INSPIRATIEDAG - CONFENIS 2012CONFENIS 2012
 
[Dutch] Van Enterprise Resource Planning (ERP) voor kmo’s naar Collectief Res...
[Dutch] Van Enterprise Resource Planning (ERP) voor kmo’s naar Collectief Res...[Dutch] Van Enterprise Resource Planning (ERP) voor kmo’s naar Collectief Res...
[Dutch] Van Enterprise Resource Planning (ERP) voor kmo’s naar Collectief Res...CONFENIS 2012
 
[Dutch] JIT 2.0. - een methode voor ondersteunen van proces-automatisatie en ...
[Dutch] JIT 2.0. - een methode voor ondersteunen van proces-automatisatie en ...[Dutch] JIT 2.0. - een methode voor ondersteunen van proces-automatisatie en ...
[Dutch] JIT 2.0. - een methode voor ondersteunen van proces-automatisatie en ...CONFENIS 2012
 
[Dutch] Software is een middel, geen doel!
[Dutch] Software is een middel, geen doel![Dutch] Software is een middel, geen doel!
[Dutch] Software is een middel, geen doel!CONFENIS 2012
 
What's beyond ERP? New normal ERP? by Ludo Van den Kerckhove
What's beyond ERP? New normal ERP? by Ludo Van den KerckhoveWhat's beyond ERP? New normal ERP? by Ludo Van den Kerckhove
What's beyond ERP? New normal ERP? by Ludo Van den KerckhoveCONFENIS 2012
 
[Dutch] Wat zijn sociale mediagebruikers, melkkoeien of onbetaalde werknemers...
[Dutch] Wat zijn sociale mediagebruikers, melkkoeien of onbetaalde werknemers...[Dutch] Wat zijn sociale mediagebruikers, melkkoeien of onbetaalde werknemers...
[Dutch] Wat zijn sociale mediagebruikers, melkkoeien of onbetaalde werknemers...CONFENIS 2012
 
Group preference aggregation based on ELECTRE methods for ERP system selection
Group preference aggregation based on ELECTRE methods for ERP system selectionGroup preference aggregation based on ELECTRE methods for ERP system selection
Group preference aggregation based on ELECTRE methods for ERP system selectionCONFENIS 2012
 
A Multicriteria Model for Strategic Implementation of Business Process Manage...
A Multicriteria Model for Strategic Implementation of Business Process Manage...A Multicriteria Model for Strategic Implementation of Business Process Manage...
A Multicriteria Model for Strategic Implementation of Business Process Manage...CONFENIS 2012
 
Some Considerations on Contracts ERP Buyer-Seller perspective
Some Considerations on Contracts ERP Buyer-Seller perspectiveSome Considerations on Contracts ERP Buyer-Seller perspective
Some Considerations on Contracts ERP Buyer-Seller perspectiveCONFENIS 2012
 
A Decision Support System Based on RCM Approach to Define Maintenance Strategies
A Decision Support System Based on RCM Approach to Define Maintenance StrategiesA Decision Support System Based on RCM Approach to Define Maintenance Strategies
A Decision Support System Based on RCM Approach to Define Maintenance StrategiesCONFENIS 2012
 

Más de CONFENIS 2012 (20)

Enterprise systems in healthcare: leveraging what we know from other industr...
Enterprise systems in healthcare: leveraging what we know from other industr... Enterprise systems in healthcare: leveraging what we know from other industr...
Enterprise systems in healthcare: leveraging what we know from other industr...
 
[Dutch] GeOS, het informatiehart van het dienstverleningscentrum Heilig Hart
[Dutch] GeOS, het informatiehart van het dienstverleningscentrum Heilig Hart [Dutch] GeOS, het informatiehart van het dienstverleningscentrum Heilig Hart
[Dutch] GeOS, het informatiehart van het dienstverleningscentrum Heilig Hart
 
Understanding the role of knowledge management during the ERP implementation ...
Understanding the role of knowledge management during the ERP implementation ...Understanding the role of knowledge management during the ERP implementation ...
Understanding the role of knowledge management during the ERP implementation ...
 
Effect of ERP implementation on the company efficiency - A Macedonian case
Effect of ERP implementation on the company efficiency - A Macedonian caseEffect of ERP implementation on the company efficiency - A Macedonian case
Effect of ERP implementation on the company efficiency - A Macedonian case
 
User perceptions, motivations and implications on ERP usage: An Indian Higher...
User perceptions, motivations and implications on ERP usage: An Indian Higher...User perceptions, motivations and implications on ERP usage: An Indian Higher...
User perceptions, motivations and implications on ERP usage: An Indian Higher...
 
[Dutch] ICT & Ryhove: een geslaagd huwelijk?
[Dutch] ICT & Ryhove: een geslaagd huwelijk?[Dutch] ICT & Ryhove: een geslaagd huwelijk?
[Dutch] ICT & Ryhove: een geslaagd huwelijk?
 
[Dutch] CRM en collaboration: een verstandshuwelijk of een LAT-relatie?
[Dutch] CRM en collaboration: een verstandshuwelijk of een LAT-relatie?[Dutch] CRM en collaboration: een verstandshuwelijk of een LAT-relatie?
[Dutch] CRM en collaboration: een verstandshuwelijk of een LAT-relatie?
 
[Dutch] E-commerce en ERP
[Dutch] E-commerce en ERP[Dutch] E-commerce en ERP
[Dutch] E-commerce en ERP
 
[Dutch] Sociale media en crisiscommunicatie
[Dutch] Sociale media en crisiscommunicatie[Dutch] Sociale media en crisiscommunicatie
[Dutch] Sociale media en crisiscommunicatie
 
[Dutch] Zelf opstellen van bedrijfsprocessen - BPM & DMS: nieuwe manier van d...
[Dutch] Zelf opstellen van bedrijfsprocessen - BPM & DMS: nieuwe manier van d...[Dutch] Zelf opstellen van bedrijfsprocessen - BPM & DMS: nieuwe manier van d...
[Dutch] Zelf opstellen van bedrijfsprocessen - BPM & DMS: nieuwe manier van d...
 
[Dutch] ICT-INSPIRATIEDAG - CONFENIS 2012
[Dutch] ICT-INSPIRATIEDAG - CONFENIS 2012[Dutch] ICT-INSPIRATIEDAG - CONFENIS 2012
[Dutch] ICT-INSPIRATIEDAG - CONFENIS 2012
 
[Dutch] Van Enterprise Resource Planning (ERP) voor kmo’s naar Collectief Res...
[Dutch] Van Enterprise Resource Planning (ERP) voor kmo’s naar Collectief Res...[Dutch] Van Enterprise Resource Planning (ERP) voor kmo’s naar Collectief Res...
[Dutch] Van Enterprise Resource Planning (ERP) voor kmo’s naar Collectief Res...
 
[Dutch] JIT 2.0. - een methode voor ondersteunen van proces-automatisatie en ...
[Dutch] JIT 2.0. - een methode voor ondersteunen van proces-automatisatie en ...[Dutch] JIT 2.0. - een methode voor ondersteunen van proces-automatisatie en ...
[Dutch] JIT 2.0. - een methode voor ondersteunen van proces-automatisatie en ...
 
[Dutch] Software is een middel, geen doel!
[Dutch] Software is een middel, geen doel![Dutch] Software is een middel, geen doel!
[Dutch] Software is een middel, geen doel!
 
What's beyond ERP? New normal ERP? by Ludo Van den Kerckhove
What's beyond ERP? New normal ERP? by Ludo Van den KerckhoveWhat's beyond ERP? New normal ERP? by Ludo Van den Kerckhove
What's beyond ERP? New normal ERP? by Ludo Van den Kerckhove
 
[Dutch] Wat zijn sociale mediagebruikers, melkkoeien of onbetaalde werknemers...
[Dutch] Wat zijn sociale mediagebruikers, melkkoeien of onbetaalde werknemers...[Dutch] Wat zijn sociale mediagebruikers, melkkoeien of onbetaalde werknemers...
[Dutch] Wat zijn sociale mediagebruikers, melkkoeien of onbetaalde werknemers...
 
Group preference aggregation based on ELECTRE methods for ERP system selection
Group preference aggregation based on ELECTRE methods for ERP system selectionGroup preference aggregation based on ELECTRE methods for ERP system selection
Group preference aggregation based on ELECTRE methods for ERP system selection
 
A Multicriteria Model for Strategic Implementation of Business Process Manage...
A Multicriteria Model for Strategic Implementation of Business Process Manage...A Multicriteria Model for Strategic Implementation of Business Process Manage...
A Multicriteria Model for Strategic Implementation of Business Process Manage...
 
Some Considerations on Contracts ERP Buyer-Seller perspective
Some Considerations on Contracts ERP Buyer-Seller perspectiveSome Considerations on Contracts ERP Buyer-Seller perspective
Some Considerations on Contracts ERP Buyer-Seller perspective
 
A Decision Support System Based on RCM Approach to Define Maintenance Strategies
A Decision Support System Based on RCM Approach to Define Maintenance StrategiesA Decision Support System Based on RCM Approach to Define Maintenance Strategies
A Decision Support System Based on RCM Approach to Define Maintenance Strategies
 

Último

Financial-Statement-Analysis-of-Coca-cola-Company.pptx
Financial-Statement-Analysis-of-Coca-cola-Company.pptxFinancial-Statement-Analysis-of-Coca-cola-Company.pptx
Financial-Statement-Analysis-of-Coca-cola-Company.pptxsaniyaimamuddin
 
Appkodes Tinder Clone Script with Customisable Solutions.pptx
Appkodes Tinder Clone Script with Customisable Solutions.pptxAppkodes Tinder Clone Script with Customisable Solutions.pptx
Appkodes Tinder Clone Script with Customisable Solutions.pptxappkodes
 
8447779800, Low rate Call girls in Dwarka mor Delhi NCR
8447779800, Low rate Call girls in Dwarka mor Delhi NCR8447779800, Low rate Call girls in Dwarka mor Delhi NCR
8447779800, Low rate Call girls in Dwarka mor Delhi NCRashishs7044
 
International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...ssuserf63bd7
 
Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Kirill Klimov
 
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfNewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfKhaled Al Awadi
 
Innovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfInnovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfrichard876048
 
Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737Riya Pathan
 
APRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfAPRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfRbc Rbcua
 
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607dollysharma2066
 
Darshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfDarshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfShashank Mehta
 
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607dollysharma2066
 
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckPitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckHajeJanKamps
 
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCRashishs7044
 
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptxThe-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptxmbikashkanyari
 
Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...Americas Got Grants
 
Investment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy CheruiyotInvestment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy Cheruiyotictsugar
 
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City GurgaonCall Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaoncallgirls2057
 

Último (20)

Financial-Statement-Analysis-of-Coca-cola-Company.pptx
Financial-Statement-Analysis-of-Coca-cola-Company.pptxFinancial-Statement-Analysis-of-Coca-cola-Company.pptx
Financial-Statement-Analysis-of-Coca-cola-Company.pptx
 
Appkodes Tinder Clone Script with Customisable Solutions.pptx
Appkodes Tinder Clone Script with Customisable Solutions.pptxAppkodes Tinder Clone Script with Customisable Solutions.pptx
Appkodes Tinder Clone Script with Customisable Solutions.pptx
 
8447779800, Low rate Call girls in Dwarka mor Delhi NCR
8447779800, Low rate Call girls in Dwarka mor Delhi NCR8447779800, Low rate Call girls in Dwarka mor Delhi NCR
8447779800, Low rate Call girls in Dwarka mor Delhi NCR
 
International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...
 
Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024
 
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfNewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
 
Innovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfInnovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdf
 
Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737
 
APRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfAPRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdf
 
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
 
Darshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfDarshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdf
 
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
 
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckPitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
 
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
 
Corporate Profile 47Billion Information Technology
Corporate Profile 47Billion Information TechnologyCorporate Profile 47Billion Information Technology
Corporate Profile 47Billion Information Technology
 
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptxThe-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
 
Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...
 
Japan IT Week 2024 Brochure by 47Billion (English)
Japan IT Week 2024 Brochure by 47Billion (English)Japan IT Week 2024 Brochure by 47Billion (English)
Japan IT Week 2024 Brochure by 47Billion (English)
 
Investment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy CheruiyotInvestment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy Cheruiyot
 
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City GurgaonCall Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
 

Enterprise Information Systems Security: A Case Study in the Banking Sector

  • 1. ENTERPRISE INFORMATION SYSTEMS SECURITY: A CASE STUDY IN THE BANKING SECTOR SEPTEMBER 20TH, 2012 CONFENIS - GHENT, BELGIUM Sohail Chaudhry, Peggy Chaudhry, Kevin Clark and Darryl Jones Villanova School of Business, Villanova, PA USA
  • 2. Agenda  Introduction  Research Approach  Conceptual Model  Phase I – Banking Sector  Results  Future Research
  • 4. Have you had any cases of insider sabotage or IT security fraud conducted at your workplace? Source: Cyber-Ark Snooping Survey, April 2011, p. 3.
  • 5. Research Approach  Focus: Enterprise Information Systems Security – Internal threats.  Literature Review & Development of Model.  Phase 1: Model tested via personal interviews of 4 senior information officers in a highly regulated industry – the Banking Industry.
  • 6. Information Security Officers Interviewed Bank A Bank B Bank C Bank D • Public • Private, • Private, • Private, 8 100 70 years 15 years years Years • 20 Mil • 1.8 Bil • 550 Mil • 1.1 Bil USD in USD in USD in USD Assets assets assets Assets •2 • 13 • 10 • 11 Branches Branches Branches Branches
  • 7. Federal Financial Institutions Examination Council (FFIEC) Security Process (e.g., Governance issues) Information Security Risk Assessment (e.g., steps in gathering information) Information Security Strategy (e.g., architecture considerations) Security Controls Implementation (e.g., access control) Security Monitoring (e.g., network intrusion detection systems) Security Process Monitoring and Updating
  • 8. The Gramm-Leach-Bliley Act Access controls on customer information systems Access restrictions at physical locations containing customer information Encryption of electronic customer information Procedures to ensure that system modifications do not affect security. Dual control procedures, segregation of duties, and employee background checks Monitoring Systems to detect actual attacks on or intrusions into customer information systems Response programs that specify actions to be taken when unauthorized access has occurred. Protection from physical destruction or damage to customer information
  • 9. Conceptual Framework Enterprise Information System Security Implementation Security Policy Security Access Top Level Awareness Control Management Support Corporate Governance
  • 10. Pillar 1: Security Policy  Set rules for behavior  Define consequences of violations  Procedure for dealing with breach  Authorize company to monitor and investigate  Legal and regulatory compliance
  • 11. Excerpt from interview: “Information Security Policy is not an option, it’s demanded from the top of the house on down, it’s board approved, accepted by regulators, and executed throughout the organization. ”
  • 12. Pillar 2: Security Awareness  Continued education  Collective and individual activities  Formal classes, emails, discussion groups  Employee compliance
  • 13. Excerpt from interview: “In training, we tell employees that we are tracking them, when we are not. It’s a deterrent. The fact is we have to use implied security in addition to actual security. ”
  • 14. Pillar 3: Access Control  Limit information  Access linked to job function  Restrict information not relevant to position  Management of access rule changes
  • 15. Have you ever accessed information on a system that was not relevant to your role? EMEA % US % C-Level % Yes 250 44% 243 28% 21 30% No 313 56% 616 72% 50 70% Grand Total 563 100% 859 100% 71 100% Source: Cyber-Ark Snooping Survey, April 2011, p. 2.
  • 16. Do you agree that majority of recent security attacks have involved the exploitation of privileged account access? 24% 12% Agree 64% Disagree Not Sure Source: Cyber-Ark 2012 TRUST, SECURITY & PASSWORDS SURVEY, June 2012
  • 17. Pillar 4: Top Level Management Support (TLMS)  Transparent support for policies and procedures  Engrain information security into company culture  Effective Communications
  • 18. “IT governance is a mystery to key decision-makers at most companies and that only about one-third of the managers’ surveyed understood how IT is governed at his or her company.”  Source: Weill, P., and Ross, J., “A Matrixed Approach to Designing IT Governance,” Sloan Management Review, 46(2), 2005, p. 26.
  • 19. Phase 1 – The Banking Sector
  • 20. Results  Overall, the Information Security Officers confirmed the main issues proposed in the conceptual model.  The four pillars, security policy, security awareness, access control, and TLMS were rated as extremely important for each of the interviewees.
  • 21. Interview Content Analysis – Agreement
  • 23. Future Research Phase II  Developing and administering a survey to a larger sample.  Seeking advice on potential sponsorship, professional affiliations that may be interested in working with us.
  • 24. Thank You! Dankje! Merci! Danke!