1. Managing and Securing the Enterprise

2. Securing the EnterpriseInformation resources are distributedthroughout the organization and beyondas Internet and wireless technologiesextend organizational boundaries.Time-to-exploitation of sophisticatedspyware and worms has shrunk frommonths to days. 3. Time-to-exploitationIt is the elapsedtime between whena vulnerability isdiscovered and thetime it is exploited. 4. RegulationsIndustry Self-Regulations:Payment Card Industry (PCI)Data Security Standard. Visa Master Card American Express Discover It is required for all members, merchants,or service providers that store, process, ortransmit cardholder data. 5. Small Business Regulations Visa The CouncilUSA Equifaxof Better IBMBusiness VerizonBureaus. eBay 6. Cyber-Blackmail Trojan encrypts the data on users computer, then the attacker offers to decrypt it for $300 or more. 7. Why IT Security?? 8. Mistakes Information Human errorSecurity Forum System malfunctioningdiscovered that Failure to understand the effect of the mistakes adding a new piece of software tocaused due to:the rest of the system Led to threats for IT 9. IT Security & Internal Control ModelSeniorSecuritymanagement procedurescommitment & & supportenforcementSecurity Security policies & tools :trainingHardware & software 10. IS Vulnerabilities & ThreatsUn- internationalThreatsComputer International Crimes Threats 11. Un-International Threats Human errors Environmentalhazards Computer system failures 12. International Threats Intentional threat Theft of data Inappropriate use of dataTheft of computersTheft of equipments or programs 13. International ThreatsDeliberate manipulation in handling, entering, processing, transferring or programming dataStrikes, riots Malicious damage to computer resourcesDestruction from viruses and other attacks Miscellaneous computer abusesInternet fraud 14. Computer CrimesCrime done on theInternet, call cybercrimes. Hacker White-hat hackers Black-hat hackers Cracker 15. Methods of attack on computingData tamperingProgramming attacksVirusesWorms Zombies Phishing DoSBotnets 16. Frauds and Computer CrimesFraud is a serious financial crime involving: Deception ConfidenceTrickery 17. Types of Frauds Occupational Fraud Operating management fraud Conflict of interest Bribery Misappropriation Senior management financial reporting fraud Accounting cycle fraud 18. Fraud prevention and Detection Adelphia Globalcrossing Tyco 19. Other crimes Crimes by FlashMP3/MP4Computer drivesplayers 20. Computer Crimes Identity theft: worst and most prevalent crimes. Thefts where individuals social security and credit card numbers are stolen and used by thieves. Obtaining information about other people By stealing wallets E-sharing and databases 21. Types of identity crimes Stolen desktop Online, by an ex-employee Computer tapes lost in transit Malicious users Missing backup tapes 22. Internal control Is the work atmosphere that a company sets for itsemployees. It is a process designed to achieve: Reliability of financial reporting Operational efficiency Compliance with laws Regulations and policies Safeguarding of assets 23. Frauds to be controlled by ICS Fraud committed against a company Fraud committed for a company 24. Symptoms Missing documents Delayed bank deposits Holes in accounting records Numerous outstanding checks or bills Disparity between accounts payable and receivable Employees who do not take vacations etc. 25. -cont.. A large drop in profits Major increase in business with other particular customers. Customers complaining about double billing Repeated duplicate payments Employees with the same address or phone numbers as a vendor 26. IC procedures and activities Segregation of duties and dual custody Independent checks Proper system of authorization Physical safeguard Documents and records