1 / 12

9. Preventing and Responding to Computer Fraud

9. Preventing and Responding to Computer Fraud. IT Security Ranked #2. Preventing and Responding Computer Fraud Ranked #9. Preventing Involves:. Effective Risk Management Proper Design and Operation of Controls Effective Monitoring Event Identification Event Escalation

tybalt
Download Presentation

9. Preventing and Responding to Computer Fraud

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 9. Preventing and Responding to Computer Fraud IT Security Ranked #2 Preventing and Responding Computer Fraud Ranked #9 Preventing Involves: • Effective Risk Management • Proper Design and Operation of Controls • Effective Monitoring • Event Identification • Event Escalation • Effective Response Program

  2. 9. Preventing and Responding to Computer Fraud Crisis Response: • Planning and Preparation • Incident Identification • Incident Stabilization and Containment • Incident Remediation • Incident Communications • Incident Recovery • Incident Monitoring Reporting Communication Is Key to Ensuring Stakeholders are Informed and “On-side”

  3. 9. Preventing and Responding to Computer Fraud Has appropriate policies in place to detect management override abuse 42% 47% Knows what to do should a fraud-related incident occur 51% Has adequately designed our systems to meet regulatory and legislative requirements to prevent fraud from occurring 56% Appropriately designed policies and internal controls to reduce IT-related fraud risks to an appropriate level v Has considered the fraud risks associated with Information Technology (IT) 60%

  4. 10. Managing Vendors and Service Providers Outsourcing and Offshoring are Not New Outsourced Service Offerings are Not New What is New is the Technology - Specifically Cloud Computing • SaaS (Software as a Service) provides users with application software .. SaaS facilitates deployment of applications without the cost and complexity of buying and maintaining the software. • PaaS (Platform as a Service)provides users with a computing platform or solution stack. • IaaS (Infrastructure as a Service) a virtualized platform combined with storage and a network. Billing of services is based on the amount of resources consumed. The cost will typically reflect the level of activity

  5. 10. Managing Vendors and Service Providers Issues & Risks - Security, Privacy, Availability and Continuity Security – Cloud providers’ security practices, co-mingling of data from other users, cloud service providers' business practices, SSAE 16/3416 Privacy – Cloud providers’ privacy practices, location of data, possible breach of Canadian/Provincial laws (e.g. PHI) Availability – Cloud providers’ financial stability, robustness of infrastructure, redundancy of critical components, up-time record Continuity – Business continuity and disaster recovery plans, incident response plans/history Compliance – Ability to comply with legislative, regulatory and industry requirements, e.g. privacy, (PIPEDA) security (ISO 27002), financial (GLB, PCI), Health Care, HIPPA, HiTech, PHIPA

  6. 10. Managing Vendors and Service Providers All the old outsourcing risks exist; plus some new ones

  7. 10. Managing Vendors and Service Providers KPMG survey reveals state of IT outsourcing Karl Flinder - 18 September 2012 Survey Population £14bn worth of UK IT services contacts ($21 Cdn) Total IT budget of £30bn ($45 Cdn) Survey Results 76% of organisations will continue to outsource IT at the same level Only 19% said they will outsource more Savings is still cited as a key factor for 76% of respondents 90% of public sector organisations outsourcing IT Only 29% have it provided from offshore This compares with 66% of organisations across all sectors Source:: http://www.computerweekly.com/news/2240163409/KPMG-survey-reveals-state-of-IT-outsourcing

  8. 10. Managing Vendors and Service Providers Able to negotiate a sufficiently flexible contract that will allow the entity to reasonably adjust/exit the contract as needed 30% Knows when a Vendor/Service Provider is complying or not-complying with its service level agreement (SLA) 38% v Follows a specific process that enables the organization to easily identify a reliable Vendor/Service Provider 40% v Is performing the appropriate due diligence before engaging a Vendor/Service Provider 40%

  9. 10. Managing Vendors and Service Providers v Able to validate the sufficiency and completeness of terms & conditions within a service level agreement (SLA) 41% v Able to analyze the cost implications of starting to use/switching to a Vendor/Service Provider 48% v Understands and has adequately assessed the risk of using a Vendor/Service Provider 51% With Responses to 6 out of the 7 Questions at Less Than 50% Confidence Level There is Need for Extensive Changes to Management and Governance Knowledge, Skills and Resources

  10. What Messages Did You Obtain From The Survey? 1. Managing and Retaining Data 2. Securing the IT Environment • 3. Enabling Decision Support and Analytics 4. Managing IT Risk and Compliance • 5. Governing and Managing IT Investment and Spending 6. Ensuring Privacy 7. Managing Systems Implementation 8. Leveraging Emerging Technologies 9. Preventing and Responding to Computer Fraud 10. Managing Vendors and Service Providers

  11. Thank You for Your Interest and Participation Robert G Parker MBA, FCA, CPA•CA, CISA, CRISC, CMC

More Related