Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

ISO 27001 - information security user awareness training presentation -part 2

ISO 27001 - information security user awareness training presentation -part 2.

  • Sé el primero en comentar

ISO 27001 - information security user awareness training presentation -part 2

  1. 1. iFour Consultancy Security awareness seminar An introduction to ISO27k Part 2
  2. 2. Agenda  Security incidents cause  What is risk?  Risk relationships  Threat agent  Motive  Threat type and Example  Compliance  Objectives of Compliance  SOX  Where SOX is Applicable  BASEL II http://www.ifour-consultancy.com Software outsourcing company in India
  3. 3. Security incidents cause • IT downtime, business interruption • Financial losses and costs • Devaluation of intellectual property • Breaking laws and regulations, leading to prosecutions, fines and penalties • Reputation and brand damage leading to loss of customer, market, business partner or owners’ confidence and lost business • Fear, uncertainty and doubt http://www.ifour-consultancy.com Software outsourcing company in India
  4. 4. What is risk? • Risk is the possibility that a threat exploits a vulnerability in an information asset, leading to an adverse impact on the organization • Threat: something that might cause harm • Vulnerability: a weakness that might be exploited • Impact: financial damage etc. http://www.ifour-consultancy.com Software outsourcing company in India
  5. 5. Risk relationships http://www.ifour-consultancy.com Software outsourcing company in India
  6. 6. Threat agent The actor that represents, carries out or catalyzes the threat • Human • Machine • Nature http://www.ifour-consultancy.com Software outsourcing company in India
  7. 7. Motive • Something that causes the threat agent to act • Implies intentional/deliberate attacks but some are accidental http://www.ifour-consultancy.com Software outsourcing company in India
  8. 8. Threat type and Example http://www.ifour-consultancy.com Software outsourcing company in India
  9. 9. So how do we secure our information assets? http://www.ifour-consultancy.com Software outsourcing company in India 9
  10. 10. Compliance What is Compliance? Act or process of meeting specific standards with a desire, demand or proposal Compliance represents following in detail set of laws Regulations Rules Practices The role of the compliance in banks is to ensure that the rules/ regulations are appropriately incorporated in bank’s internal processes and that each functionary, right from the top to the bottom, appreciates the value of compliance http://www.ifour-consultancy.com Software outsourcing company in India
  11. 11. Compliance Internal compliance Banking Compliance Internal Policies Applicable to all employeesank Regulatory & Legal Compliance Laws and Standards Applicable to the bank as a whole http://www.ifour-consultancy.com Software outsourcing company in India
  12. 12. Objectives of Compliance Prudential—to reduce the level of risk to which clients are exposed Systemic risk reduction—to reduce the risk of disruption Avoid misuse of system—to reduce the risk of system being used for criminal purposes To protect confidentiality It may also include rules about treating customers fairly and having corporate social responsibility (CSR) http://www.ifour-consultancy.com Software outsourcing company in India
  13. 13. Objectives of Compliance Ensures orderliness Preventing chaos in systems Dedicated framework for overseeing the implementation of directions/guidelines issued by the Regulator/supervisor Ensure that there is a process to promptly respond to and redress the anomalies http://www.ifour-consultancy.com Software outsourcing company in India
  14. 14. SOX SOX: Sarbanes–Oxley Act also known as “Corporate and Auditing Accountability and Responsibility Act” SOX, is a United States federal law that set new or enhanced standards for all U.S. public company boards, management and public accounting firms Act Contains 11 Sections and Major Elements Corporate board responsibilities to criminal penalties, Auditor independence, Corporate governance, Fraud and Enhanced financial disclosure http://www.ifour-consultancy.com Software outsourcing company in India
  15. 15. Where SOX is Applicable • (a) All public companies in the US • (b) international companies that have registered equity or debt securities with SEC • The Accounting firms that provide auditing services to (a) and (b) • It does not apply to privately companies • Act is administered by the Securities and Exchange Commission (SEC) • SEC deals with compliance, rules and requirements • The Act also created The Public Company Accounting Oversight Board (PCAOB) http://www.ifour-consultancy.com Software outsourcing company in India
  16. 16. BASEL II “A set of banking regulations put forth by the Basel Committee on Bank Supervision, which regulates finance and banking internationally.” http://www.ifour-consultancy.com Software outsourcing company in India
  17. 17. http://www.ifour-consultancy.com Software outsourcing company in India

×