ISO 27001 - information security user awareness training presentation -part 2

ISO 27001 - information security user awareness training presentation -part 2

• 1.
  iFour Consultancy Securityawareness seminar An introduction to ISO27k Part 2
• 2.
  Agenda  Securityincidents cause  What is risk?  Risk relationships  Threat agent  Motive  Threat type and Example  Compliance  Objectives of Compliance  SOX  Where SOX is Applicable  BASEL II http://www.ifour-consultancy.com Software outsourcing company in India
• 3.
  Security incidents cause • IT downtime, business interruption • Financial losses and costs • Devaluation of intellectual property • Breaking laws and regulations, leading to prosecutions, fines and penalties • Reputation and brand damage leading to loss of customer, market, business partner or owners’ confidence and lost business • Fear, uncertainty and doubt http://www.ifour-consultancy.com Software outsourcing company in India
• 4.
  What is risk? • Risk is the possibility that a threat exploits a vulnerability in an information asset, leading to an adverse impact on the organization • Threat: something that might cause harm • Vulnerability: a weakness that might be exploited • Impact: financial damage etc. http://www.ifour-consultancy.com Software outsourcing company in India
• 5.
  Risk relationships http://www.ifour-consultancy.comSoftware outsourcing company in India
• 6.
  Threat agent Theactor that represents, carries out or catalyzes the threat • Human • Machine • Nature http://www.ifour-consultancy.com Software outsourcing company in India
• 7.
  Motive • Somethingthat causes the threat agent to act • Implies intentional/deliberate attacks but some are accidental http://www.ifour-consultancy.com Software outsourcing company in India
• 8.
  Threat type andExample http://www.ifour-consultancy.com Software outsourcing company in India
• 9.
  So how dowe secure our information assets? http://www.ifour-consultancy.com Software outsourcing company in India 9
• 10.
  Compliance What isCompliance? Act or process of meeting specific standards with a desire, demand or proposal Compliance represents following in detail set of laws Regulations Rules Practices The role of the compliance in banks is to ensure that the rules/ regulations are appropriately incorporated in bank’s internal processes and that each functionary, right from the top to the bottom, appreciates the value of compliance http://www.ifour-consultancy.com Software outsourcing company in India
• 11.
  Compliance Internal compliance Banking Compliance Internal Policies Applicable to all employeesank Regulatory & Legal Compliance Laws and Standards Applicable to the bank as a whole http://www.ifour-consultancy.com Software outsourcing company in India
• 12.
  Objectives of Compliance Prudential—to reduce the level of risk to which clients are exposed Systemic risk reduction—to reduce the risk of disruption Avoid misuse of system—to reduce the risk of system being used for criminal purposes To protect confidentiality It may also include rules about treating customers fairly and having corporate social responsibility (CSR) http://www.ifour-consultancy.com Software outsourcing company in India
• 13.
  Objectives of Compliance Ensures orderliness Preventing chaos in systems Dedicated framework for overseeing the implementation of directions/guidelines issued by the Regulator/supervisor Ensure that there is a process to promptly respond to and redress the anomalies http://www.ifour-consultancy.com Software outsourcing company in India
• 14.
  SOX SOX: Sarbanes–OxleyAct also known as “Corporate and Auditing Accountability and Responsibility Act” SOX, is a United States federal law that set new or enhanced standards for all U.S. public company boards, management and public accounting firms Act Contains 11 Sections and Major Elements Corporate board responsibilities to criminal penalties, Auditor independence, Corporate governance, Fraud and Enhanced financial disclosure http://www.ifour-consultancy.com Software outsourcing company in India
• 15.
  Where SOX isApplicable • (a) All public companies in the US • (b) international companies that have registered equity or debt securities with SEC • The Accounting firms that provide auditing services to (a) and (b) • It does not apply to privately companies • Act is administered by the Securities and Exchange Commission (SEC) • SEC deals with compliance, rules and requirements • The Act also created The Public Company Accounting Oversight Board (PCAOB) http://www.ifour-consultancy.com Software outsourcing company in India
• 16.
  BASEL II “Aset of banking regulations put forth by the Basel Committee on Bank Supervision, which regulates finance and banking internationally.” http://www.ifour-consultancy.com Software outsourcing company in India
• 17.
  http://www.ifour-consultancy.com Software outsourcingcompany in India