Bad Hackers Turned GoodBy: Craig Vining, Margaret Shea,
& Karli Story
Knowledgeable Gatekeepers
Accountants should be knowledgeable of security threats & control techniques
Gatekeepers to financial data Users, managers, designers, & evaluators
Top Security Concerns for an AIS
Physical security Authentication Virus protection Backup
Physical Security & AIS Most important First line of defense Single point of entry Keys or access cards Equipment kept in
locked offices Wireless security
Authentication to AIS
Password management Incorrect attempts before lock out Using special characters Change password every x days
What kind of access should employee have?
Virus Protection & AIS Major threat that can bring down entire system Top 3 Antivirus Programs (PCWorld.com):
1. Symantec Norton Antivirus2. BitDefender Antivirus3. G-Data Antivius
Norton detected 98.7% malware
Backup & AIS
Make sure proper back up of accounting information
Can redeem correct data in emergency
Social Engineering Threats
Rather than attacking firewalls head on, breach by social engineering
Spear phishing All employees need education to avoid
theses attacks
Who is Responsible?
Ultimately it falls onto management Responsibilities:
Documentation, testing, and assessment of general IT controls Program development Program changes Computer operations Access to programs/data
New Trend
Management pushing HR to hire hackers Three types of hackers:
White hat hackers Black hat hackers And…..
Grey Hat Hackers
Bad hackers turned good or vice versa Able to think like a bad guy Preventative Countermeasure
Test physical security Authentication Virus protection Backup procedures
Jeff Moss (Dark Tangent) Black hat hacker throughout high school “You can only stand by and watch so many
people you know get busted. Sooner or later you catch onto that…there’s a limited life span to doing this kind of stuff”
Founder of Black Hat and DefCon Worked for Ernst & Young In 2009 was appointed by President Obama
to serve on the Homeland Security Advisory Council
Currently ICANN Chief Security Officer
Mixter Linked to the massively destructive and
effective DDoS attacks in early 2000 Shut down major websites (Yahoo!, Buy.com,
eBay, Amazon, and many more) His tool, the “Tribal Flood Network” was used
in the attacks causing an estimated $1.7 billion in damages
Currently a computer security specialist and author of Hacktivismo’s Six/Four System The software is a censorship resistant network proxy. Works by using “trusted peers” to relay network connections over SSL
encrypted links First product of a hacker group to receive approval from the US
Department of Commerce for export of strong encryption
Other Grey Hat Hackers
Florian Rohrweck- Google
Peter Hajas- Apple
Peiter Zatko- DARPA
Current Events
Lockheed Martin hack in 2011 Secure ID tags obtained by hackers Quick discovery to avoid disaster
New Laws and Regulations Payment Card Industry- Data Security
Sandard (PCI-DSS) TJX data breach
In Conclusion Accountants must be aware of security
threats and control strategies It is management’s responsibility to
achieve security More and more companies are hiring
hackers to keep up with security issues
“If you can’t beat them, join them.”
Top Related