SlideShare uma empresa Scribd logo

Enterprise Information Systems Security: A Case Study in the Banking Sector

CONFENIS 2012
CONFENIS 2012

Peggy Chaudhry, Sohail Chaudhry, Kevin Clark, Darryl Jones, Enterprise Information Systems Security: A Case Study in the Banking Sector

Negócios
1 de 24
Baixar para ler offline
ENTERPRISE INFORMATION SYSTEMS SECURITY: A CASE STUDY IN THE BANKING SECTOR SEPTEMBER 20TH, 2012 CONFENIS - GHENT, BELGIUM Sohail Chaudhry, Peggy Chaudhry, Kevin Clark and Darryl Jones Villanova School of Business, Villanova, PA USA
Agenda  Introduction  Research Approach  Conceptual Model  Phase I – Banking Sector  Results  Future Research
Current Events
Have you had any cases of insider sabotage or IT security fraud conducted at your workplace? Source: Cyber-Ark Snooping Survey, April 2011, p. 3.
Research Approach  Focus: Enterprise Information Systems Security – Internal threats.  Literature Review & Development of Model.  Phase 1: Model tested via personal interviews of 4 senior information officers in a highly regulated industry – the Banking Industry.
Information Security Officers Interviewed Bank A Bank B Bank C Bank D • Public • Private, • Private, • Private, 8 100 70 years 15 years years Years • 20 Mil • 1.8 Bil • 550 Mil • 1.1 Bil USD in USD in USD in USD Assets assets assets Assets •2 • 13 • 10 • 11 Branches Branches Branches Branches
Federal Financial Institutions Examination Council (FFIEC) Security Process (e.g., Governance issues) Information Security Risk Assessment (e.g., steps in gathering information) Information Security Strategy (e.g., architecture considerations) Security Controls Implementation (e.g., access control) Security Monitoring (e.g., network intrusion detection systems) Security Process Monitoring and Updating
The Gramm-Leach-Bliley Act Access controls on customer information systems Access restrictions at physical locations containing customer information Encryption of electronic customer information Procedures to ensure that system modifications do not affect security. Dual control procedures, segregation of duties, and employee background checks Monitoring Systems to detect actual attacks on or intrusions into customer information systems Response programs that specify actions to be taken when unauthorized access has occurred. Protection from physical destruction or damage to customer information
Conceptual Framework Enterprise Information System Security Implementation Security Policy Security Access Top Level Awareness Control Management Support Corporate Governance
Pillar 1: Security Policy  Set rules for behavior  Define consequences of violations  Procedure for dealing with breach  Authorize company to monitor and investigate  Legal and regulatory compliance
Excerpt from interview: “Information Security Policy is not an option, it’s demanded from the top of the house on down, it’s board approved, accepted by regulators, and executed throughout the organization. ”
Pillar 2: Security Awareness  Continued education  Collective and individual activities  Formal classes, emails, discussion groups  Employee compliance
Excerpt from interview: “In training, we tell employees that we are tracking them, when we are not. It’s a deterrent. The fact is we have to use implied security in addition to actual security. ”
Pillar 3: Access Control  Limit information  Access linked to job function  Restrict information not relevant to position  Management of access rule changes
Have you ever accessed information on a system that was not relevant to your role? EMEA % US % C-Level % Yes 250 44% 243 28% 21 30% No 313 56% 616 72% 50 70% Grand Total 563 100% 859 100% 71 100% Source: Cyber-Ark Snooping Survey, April 2011, p. 2.
Do you agree that majority of recent security attacks have involved the exploitation of privileged account access? 24% 12% Agree 64% Disagree Not Sure Source: Cyber-Ark 2012 TRUST, SECURITY & PASSWORDS SURVEY, June 2012
Pillar 4: Top Level Management Support (TLMS)  Transparent support for policies and procedures  Engrain information security into company culture  Effective Communications
 “IT governance is a mystery to key decision-makers at most companies and that only about one-third of the managers’ surveyed understood how IT is governed at his or her company.”  Source: Weill, P., and Ross, J., “A Matrixed Approach to Designing IT Governance,” Sloan Management Review, 46(2), 2005, p. 26.
Phase 1 – The Banking Sector
Results  Overall, the Information Security Officers confirmed the main issues proposed in the conceptual model.  The four pillars, security policy, security awareness, access control, and TLMS were rated as extremely important for each of the interviewees.
Interview Content Analysis – Agreement
Interview Content Analysis - Dissonance
Future Research Phase II  Developing and administering a survey to a larger sample.  Seeking advice on potential sponsorship, professional affiliations that may be interested in working with us.
Thank You! Dankje! Merci! Danke!

Recomendados

CISSP Prep: Ch 9. Software Development Security
CISSP Prep: Ch 9. Software Development SecurityCISSP Prep: Ch 9. Software Development Security
CISSP Prep: Ch 9. Software Development SecuritySam Bowne
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber securitySelf-employed
 
Meaningfull security metrics
Meaningfull security metricsMeaningfull security metrics
Meaningfull security metricsVladimir Jirasek
 
Application Security
Application SecurityApplication Security
Application SecurityReggie Niccolo Santos
 
Cloud Computing Integration Introduction
Cloud Computing Integration IntroductionCloud Computing Integration Introduction
Cloud Computing Integration Introductiontoryharis
 
Cloud Security: A New Perspective
Cloud Security: A New PerspectiveCloud Security: A New Perspective
Cloud Security: A New PerspectiveWen-Pai Lu
 
Data security and Integrity
Data security and IntegrityData security and Integrity
Data security and IntegrityZaid Shabbir
 
File Security System_2
File Security System_2File Security System_2
File Security System_2Dheeraj Kumar Singh
 

Recomendados

CISSP Prep: Ch 9. Software Development Security
CISSP Prep: Ch 9. Software Development SecurityCISSP Prep: Ch 9. Software Development Security
CISSP Prep: Ch 9. Software Development SecuritySam Bowne
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber securitySelf-employed
 
Meaningfull security metrics
Meaningfull security metricsMeaningfull security metrics
Meaningfull security metricsVladimir Jirasek
 
Application Security
Application SecurityApplication Security
Application SecurityReggie Niccolo Santos
 
Cloud Computing Integration Introduction
Cloud Computing Integration IntroductionCloud Computing Integration Introduction
Cloud Computing Integration Introductiontoryharis
 
Cloud Security: A New Perspective
Cloud Security: A New PerspectiveCloud Security: A New Perspective
Cloud Security: A New PerspectiveWen-Pai Lu
 
Data security and Integrity
Data security and IntegrityData security and Integrity
Data security and IntegrityZaid Shabbir
 
File Security System_2
File Security System_2File Security System_2
File Security System_2Dheeraj Kumar Singh
 
Cloud security - Auditing and Compliance
Cloud security - Auditing and ComplianceCloud security - Auditing and Compliance
Cloud security - Auditing and ComplianceJosh Tullo
 
Google App Engine ppt
Google App Engine pptGoogle App Engine ppt
Google App Engine pptOECLIB Odisha Electronics Control Library
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?btpsec
 
Proxy
ProxyProxy
ProxyTriad Square InfoSec
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityJamshidRaqi
 
C1 oracle's cloud computing strategy your strategy-your cloud_your choice
C1 oracle's cloud computing strategy your strategy-your cloud_your choiceC1 oracle's cloud computing strategy your strategy-your cloud_your choice
C1 oracle's cloud computing strategy your strategy-your cloud_your choiceDr. Wilfred Lin (Ph.D.)
 
Security on Cloud Computing
Security on Cloud Computing Security on Cloud Computing
Security on Cloud Computing Reza Pahlava
 
Cyber security landscape
Cyber security landscapeCyber security landscape
Cyber security landscapeJisc
 
Combating Cyber Security Using Artificial Intelligence
Combating Cyber Security Using Artificial IntelligenceCombating Cyber Security Using Artificial Intelligence
Combating Cyber Security Using Artificial IntelligenceInderjeet Singh
 
What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?Ulf Mattsson
 
DDoS Attack Detection and Botnet Prevention using Machine Learning
DDoS Attack Detection and Botnet Prevention using Machine LearningDDoS Attack Detection and Botnet Prevention using Machine Learning
DDoS Attack Detection and Botnet Prevention using Machine LearningIRJET Journal
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity frameworkShriya Rai
 
Authentication techniques
Authentication techniquesAuthentication techniques
Authentication techniquesIGZ Software house
 
Zero trust Architecture
Zero trust Architecture Zero trust Architecture
Zero trust Architecture AddWeb Solution Pvt. Ltd.
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing SecurityNinh Nguyen
 
Security Best Practices for Your Ignition System
Security Best Practices for Your Ignition SystemSecurity Best Practices for Your Ignition System
Security Best Practices for Your Ignition SystemInductive Automation
 
How I Learned to Stop Information Sharing and Love the DIKW
How I Learned to Stop Information Sharing and Love the DIKWHow I Learned to Stop Information Sharing and Love the DIKW
How I Learned to Stop Information Sharing and Love the DIKWSounil Yu
 
Cybersecurity
CybersecurityCybersecurity
CybersecurityEdwin A. Opare
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityThe Open Group SA
 
Identity and Access Management (IAM)
Identity and Access Management (IAM)Identity and Access Management (IAM)
Identity and Access Management (IAM)Identacor
 
Information Security in the Banking Sector. A Case Study on UserLock
Information Security in the Banking Sector. A Case Study on UserLockInformation Security in the Banking Sector. A Case Study on UserLock
Information Security in the Banking Sector. A Case Study on UserLockIS Decisions
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecuritylearnt
 

Mais conteúdo relacionado

Mais procurados

Cloud security - Auditing and Compliance
Cloud security - Auditing and ComplianceCloud security - Auditing and Compliance
Cloud security - Auditing and ComplianceJosh Tullo
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?btpsec
 
C1 oracle's cloud computing strategy your strategy-your cloud_your choice
C1 oracle's cloud computing strategy your strategy-your cloud_your choiceC1 oracle's cloud computing strategy your strategy-your cloud_your choice
C1 oracle's cloud computing strategy your strategy-your cloud_your choiceDr. Wilfred Lin (Ph.D.)
 
Security on Cloud Computing
Security on Cloud Computing Security on Cloud Computing
Security on Cloud Computing Reza Pahlava
 
Cyber security landscape
Cyber security landscapeCyber security landscape
Cyber security landscapeJisc
 
Combating Cyber Security Using Artificial Intelligence
Combating Cyber Security Using Artificial IntelligenceCombating Cyber Security Using Artificial Intelligence
Combating Cyber Security Using Artificial IntelligenceInderjeet Singh
 
What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?Ulf Mattsson
 
DDoS Attack Detection and Botnet Prevention using Machine Learning
DDoS Attack Detection and Botnet Prevention using Machine LearningDDoS Attack Detection and Botnet Prevention using Machine Learning
DDoS Attack Detection and Botnet Prevention using Machine LearningIRJET Journal
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity frameworkShriya Rai
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing SecurityNinh Nguyen
 
Security Best Practices for Your Ignition System
Security Best Practices for Your Ignition SystemSecurity Best Practices for Your Ignition System
Security Best Practices for Your Ignition SystemInductive Automation
 
How I Learned to Stop Information Sharing and Love the DIKW
How I Learned to Stop Information Sharing and Love the DIKWHow I Learned to Stop Information Sharing and Love the DIKW
How I Learned to Stop Information Sharing and Love the DIKWSounil Yu
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityThe Open Group SA
 
Identity and Access Management (IAM)
Identity and Access Management (IAM)Identity and Access Management (IAM)
Identity and Access Management (IAM)Identacor
 

Mais procurados (20)

Cloud security - Auditing and Compliance
Cloud security - Auditing and ComplianceCloud security - Auditing and Compliance
Cloud security - Auditing and Compliance
 
Google App Engine ppt
Google App Engine pptGoogle App Engine ppt
Google App Engine ppt
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?
 
Proxy
ProxyProxy
Proxy
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
C1 oracle's cloud computing strategy your strategy-your cloud_your choice
C1 oracle's cloud computing strategy your strategy-your cloud_your choiceC1 oracle's cloud computing strategy your strategy-your cloud_your choice
C1 oracle's cloud computing strategy your strategy-your cloud_your choice
 
Security on Cloud Computing
Security on Cloud Computing Security on Cloud Computing
Security on Cloud Computing
 
Cyber security landscape
Cyber security landscapeCyber security landscape
Cyber security landscape
 
Combating Cyber Security Using Artificial Intelligence
Combating Cyber Security Using Artificial IntelligenceCombating Cyber Security Using Artificial Intelligence
Combating Cyber Security Using Artificial Intelligence
 
What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?
 
DDoS Attack Detection and Botnet Prevention using Machine Learning
DDoS Attack Detection and Botnet Prevention using Machine LearningDDoS Attack Detection and Botnet Prevention using Machine Learning
DDoS Attack Detection and Botnet Prevention using Machine Learning
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity framework
 
Authentication techniques
Authentication techniquesAuthentication techniques
Authentication techniques
 
Zero trust Architecture
Zero trust Architecture Zero trust Architecture
Zero trust Architecture
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
 
Security Best Practices for Your Ignition System
Security Best Practices for Your Ignition SystemSecurity Best Practices for Your Ignition System
Security Best Practices for Your Ignition System
 
How I Learned to Stop Information Sharing and Love the DIKW
How I Learned to Stop Information Sharing and Love the DIKWHow I Learned to Stop Information Sharing and Love the DIKW
How I Learned to Stop Information Sharing and Love the DIKW
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber Security
 
Identity and Access Management (IAM)
Identity and Access Management (IAM)Identity and Access Management (IAM)
Identity and Access Management (IAM)
 

Destaque

Information Security in the Banking Sector. A Case Study on UserLock
Information Security in the Banking Sector. A Case Study on UserLockInformation Security in the Banking Sector. A Case Study on UserLock
Information Security in the Banking Sector. A Case Study on UserLockIS Decisions
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecuritylearnt
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 pptvasanthimuniasamy
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 
chapter 8- Management Information Systems Managing the Digital Firm
chapter 8- Management Information Systems Managing the Digital Firmchapter 8- Management Information Systems Managing the Digital Firm
chapter 8- Management Information Systems Managing the Digital FirmMohamad Fathi
 
Auth shield information security solution provider for banking sector in india
Auth shield information security solution provider for banking sector in indiaAuth shield information security solution provider for banking sector in india
Auth shield information security solution provider for banking sector in indiaAuthShield Labs
 
Data Protection: We\'re In This Together
Data Protection: We\'re In This TogetherData Protection: We\'re In This Together
Data Protection: We\'re In This Togethermyeaton
 
Force.Com Business Case Building The Case For Force.Com Presentation
Force.Com Business Case Building The Case For Force.Com PresentationForce.Com Business Case Building The Case For Force.Com Presentation
Force.Com Business Case Building The Case For Force.Com PresentationAndre Thouin
 
Build A Business Case For IT Security - Dhananjay Rokde (Hotel_Digital_Securi...
Build A Business Case For IT Security - Dhananjay Rokde (Hotel_Digital_Securi...Build A Business Case For IT Security - Dhananjay Rokde (Hotel_Digital_Securi...
Build A Business Case For IT Security - Dhananjay Rokde (Hotel_Digital_Securi...XEventsHospitality
 
Business case for Information Security program
Business case for Information Security programBusiness case for Information Security program
Business case for Information Security programWilliam Godwin
 
CHED Information System Strategic Plan (ISSP)
CHED Information System Strategic Plan (ISSP)CHED Information System Strategic Plan (ISSP)
CHED Information System Strategic Plan (ISSP)Charlie Calimlim
 
Information security challenges in today’s banking environment
Information security challenges in today’s banking environmentInformation security challenges in today’s banking environment
Information security challenges in today’s banking environmentEvan Francen
 
NORM for Banking Intro
NORM for Banking IntroNORM for Banking Intro
NORM for Banking IntroGeorge Colwell
 
Building cross platfrom solutions for enterprise - the mobileshow- may 2014
Building cross platfrom solutions for enterprise - the mobileshow- may 2014Building cross platfrom solutions for enterprise - the mobileshow- may 2014
Building cross platfrom solutions for enterprise - the mobileshow- may 2014Kareem ElSayyed
 
Prozone Enterprise Content Management
Prozone Enterprise Content ManagementProzone Enterprise Content Management
Prozone Enterprise Content ManagementJasna Komatovic
 
Conichiwa Banking Solutions
Conichiwa Banking SolutionsConichiwa Banking Solutions
Conichiwa Banking SolutionsFrederik Metz
 
Solix Corporate Overview
Solix Corporate OverviewSolix Corporate Overview
Solix Corporate OverviewKunal Grover
 

Destaque (20)

Information Security in the Banking Sector. A Case Study on UserLock
Information Security in the Banking Sector. A Case Study on UserLockInformation Security in the Banking Sector. A Case Study on UserLock
Information Security in the Banking Sector. A Case Study on UserLock
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecurity
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 ppt
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
 
chapter 8- Management Information Systems Managing the Digital Firm
chapter 8- Management Information Systems Managing the Digital Firmchapter 8- Management Information Systems Managing the Digital Firm
chapter 8- Management Information Systems Managing the Digital Firm
 
Auth shield information security solution provider for banking sector in india
Auth shield information security solution provider for banking sector in indiaAuth shield information security solution provider for banking sector in india
Auth shield information security solution provider for banking sector in india
 
Data Protection: We\'re In This Together
Data Protection: We\'re In This TogetherData Protection: We\'re In This Together
Data Protection: We\'re In This Together
 
Force.Com Business Case Building The Case For Force.Com Presentation
Force.Com Business Case Building The Case For Force.Com PresentationForce.Com Business Case Building The Case For Force.Com Presentation
Force.Com Business Case Building The Case For Force.Com Presentation
 
Build A Business Case For IT Security - Dhananjay Rokde (Hotel_Digital_Securi...
Build A Business Case For IT Security - Dhananjay Rokde (Hotel_Digital_Securi...Build A Business Case For IT Security - Dhananjay Rokde (Hotel_Digital_Securi...
Build A Business Case For IT Security - Dhananjay Rokde (Hotel_Digital_Securi...
 
Business case for Information Security program
Business case for Information Security programBusiness case for Information Security program
Business case for Information Security program
 
CHED Information System Strategic Plan (ISSP)
CHED Information System Strategic Plan (ISSP)CHED Information System Strategic Plan (ISSP)
CHED Information System Strategic Plan (ISSP)
 
Information security challenges in today’s banking environment
Information security challenges in today’s banking environmentInformation security challenges in today’s banking environment
Information security challenges in today’s banking environment
 
NORM for Banking Intro
NORM for Banking IntroNORM for Banking Intro
NORM for Banking Intro
 
Building cross platfrom solutions for enterprise - the mobileshow- may 2014
Building cross platfrom solutions for enterprise - the mobileshow- may 2014Building cross platfrom solutions for enterprise - the mobileshow- may 2014
Building cross platfrom solutions for enterprise - the mobileshow- may 2014
 
Enliven CEM Banking Brochure
Enliven CEM Banking BrochureEnliven CEM Banking Brochure
Enliven CEM Banking Brochure
 
Prozone Enterprise Content Management
Prozone Enterprise Content ManagementProzone Enterprise Content Management
Prozone Enterprise Content Management
 
Conichiwa Banking Solutions
Conichiwa Banking SolutionsConichiwa Banking Solutions
Conichiwa Banking Solutions
 
Tools used in climate risk management policies
Tools used in climate risk management policies Tools used in climate risk management policies
Tools used in climate risk management policies
 
Solix Corporate Overview
Solix Corporate OverviewSolix Corporate Overview
Solix Corporate Overview
 
Buildtrack Banking solutions
Buildtrack Banking solutionsBuildtrack Banking solutions
Buildtrack Banking solutions
 

Semelhante a Enterprise Information Systems Security: A Case Study in the Banking Sector

The Federal Information Security Management Act
The Federal Information Security Management ActThe Federal Information Security Management Act
The Federal Information Security Management ActMichelle Singh
 
I Series User Management
I Series User ManagementI Series User Management
I Series User ManagementSJeffrey23
 
information security management
information security managementinformation security management
information security managementGurpreetkaur838
 
Data Security: What Every Leader Needs to Know
Data Security: What Every Leader Needs to KnowData Security: What Every Leader Needs to Know
Data Security: What Every Leader Needs to KnowRoger Hagedorn
 
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptxTop_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptxinfosec train
 
2013 Data Protection Maturity Trends: How Do You Compare?
2013 Data Protection Maturity Trends: How Do You Compare?2013 Data Protection Maturity Trends: How Do You Compare?
2013 Data Protection Maturity Trends: How Do You Compare?Lumension
 
Information Security Background
Information Security BackgroundInformation Security Background
Information Security BackgroundNicholas Davis
 
Information security background
Information security backgroundInformation security background
Information security backgroundNicholas Davis
 
Proactive information security michael
Proactive information security michael Proactive information security michael
Proactive information security michael Priyanka Aash
 
The Role of Information Security Policy
The Role of Information Security PolicyThe Role of Information Security Policy
The Role of Information Security PolicyRobot Mode
 
3 guiding priciples to improve data security
3 guiding priciples to improve data security3 guiding priciples to improve data security
3 guiding priciples to improve data securityKeith Braswell
 
Information Security Assessment Offering
Information Security Assessment OfferingInformation Security Assessment Offering
Information Security Assessment Offeringeeaches
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network SecurityJohn Ely Masculino
 
Securing And Protecting Information
Securing And Protecting InformationSecuring And Protecting Information
Securing And Protecting InformationLaura Martin
 
Dancyrityshy 1foundatioieh
Dancyrityshy 1foundatioiehDancyrityshy 1foundatioieh
Dancyrityshy 1foundatioiehAnne Starr
 
MUSE 2015 Product Showcase v2
MUSE 2015 Product Showcase v2MUSE 2015 Product Showcase v2
MUSE 2015 Product Showcase v2Chris Baldwin
 
1. Respond to other student Discussion Board providing additional
1. Respond to other student Discussion Board providing additional 1. Respond to other student Discussion Board providing additional
1. Respond to other student Discussion Board providing additional TatianaMajor22
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk ManagementDMIMarketing
 

Semelhante a Enterprise Information Systems Security: A Case Study in the Banking Sector (20)

The Federal Information Security Management Act
The Federal Information Security Management ActThe Federal Information Security Management Act
The Federal Information Security Management Act
 
I Series User Management
I Series User ManagementI Series User Management
I Series User Management
 
information security management
information security managementinformation security management
information security management
 
Data Security: What Every Leader Needs to Know
Data Security: What Every Leader Needs to KnowData Security: What Every Leader Needs to Know
Data Security: What Every Leader Needs to Know
 
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptxTop_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
Top_10_Interview_Questions_That_You_Should_Know_as_an_Information.pptx
 
2013 Data Protection Maturity Trends: How Do You Compare?
2013 Data Protection Maturity Trends: How Do You Compare?2013 Data Protection Maturity Trends: How Do You Compare?
2013 Data Protection Maturity Trends: How Do You Compare?
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
Information Security Background
Information Security BackgroundInformation Security Background
Information Security Background
 
Information security background
Information security backgroundInformation security background
Information security background
 
Proactive information security michael
Proactive information security michael Proactive information security michael
Proactive information security michael
 
The Role of Information Security Policy
The Role of Information Security PolicyThe Role of Information Security Policy
The Role of Information Security Policy
 
3 guiding priciples to improve data security
3 guiding priciples to improve data security3 guiding priciples to improve data security
3 guiding priciples to improve data security
 
Information Security Assessment Offering
Information Security Assessment OfferingInformation Security Assessment Offering
Information Security Assessment Offering
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network Security
 
Securing And Protecting Information
Securing And Protecting InformationSecuring And Protecting Information
Securing And Protecting Information
 
Dancyrityshy 1foundatioieh
Dancyrityshy 1foundatioiehDancyrityshy 1foundatioieh
Dancyrityshy 1foundatioieh
 
MUSE 2015 Product Showcase v2
MUSE 2015 Product Showcase v2MUSE 2015 Product Showcase v2
MUSE 2015 Product Showcase v2
 
1. Respond to other student Discussion Board providing additional
1. Respond to other student Discussion Board providing additional 1. Respond to other student Discussion Board providing additional
1. Respond to other student Discussion Board providing additional
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
 
5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management
 

Mais de CONFENIS 2012

Enterprise systems in healthcare: leveraging what we know from other industr...
Enterprise systems in healthcare: leveraging what we know from other industr... Enterprise systems in healthcare: leveraging what we know from other industr...
Enterprise systems in healthcare: leveraging what we know from other industr...CONFENIS 2012
 
[Dutch] GeOS, het informatiehart van het dienstverleningscentrum Heilig Hart
[Dutch] GeOS, het informatiehart van het dienstverleningscentrum Heilig Hart [Dutch] GeOS, het informatiehart van het dienstverleningscentrum Heilig Hart
[Dutch] GeOS, het informatiehart van het dienstverleningscentrum Heilig Hart CONFENIS 2012
 
Understanding the role of knowledge management during the ERP implementation ...
Understanding the role of knowledge management during the ERP implementation ...Understanding the role of knowledge management during the ERP implementation ...
Understanding the role of knowledge management during the ERP implementation ...CONFENIS 2012
 
Effect of ERP implementation on the company efficiency - A Macedonian case
Effect of ERP implementation on the company efficiency - A Macedonian caseEffect of ERP implementation on the company efficiency - A Macedonian case
Effect of ERP implementation on the company efficiency - A Macedonian caseCONFENIS 2012
 
User perceptions, motivations and implications on ERP usage: An Indian Higher...
User perceptions, motivations and implications on ERP usage: An Indian Higher...User perceptions, motivations and implications on ERP usage: An Indian Higher...
User perceptions, motivations and implications on ERP usage: An Indian Higher...CONFENIS 2012
 
[Dutch] ICT & Ryhove: een geslaagd huwelijk?
[Dutch] ICT & Ryhove: een geslaagd huwelijk?[Dutch] ICT & Ryhove: een geslaagd huwelijk?
[Dutch] ICT & Ryhove: een geslaagd huwelijk?CONFENIS 2012
 
[Dutch] CRM en collaboration: een verstandshuwelijk of een LAT-relatie?
[Dutch] CRM en collaboration: een verstandshuwelijk of een LAT-relatie?[Dutch] CRM en collaboration: een verstandshuwelijk of een LAT-relatie?
[Dutch] CRM en collaboration: een verstandshuwelijk of een LAT-relatie?CONFENIS 2012
 
[Dutch] E-commerce en ERP
[Dutch] E-commerce en ERP[Dutch] E-commerce en ERP
[Dutch] E-commerce en ERPCONFENIS 2012
 
[Dutch] Sociale media en crisiscommunicatie
[Dutch] Sociale media en crisiscommunicatie[Dutch] Sociale media en crisiscommunicatie
[Dutch] Sociale media en crisiscommunicatieCONFENIS 2012
 
[Dutch] Zelf opstellen van bedrijfsprocessen - BPM & DMS: nieuwe manier van d...
[Dutch] Zelf opstellen van bedrijfsprocessen - BPM & DMS: nieuwe manier van d...[Dutch] Zelf opstellen van bedrijfsprocessen - BPM & DMS: nieuwe manier van d...
[Dutch] Zelf opstellen van bedrijfsprocessen - BPM & DMS: nieuwe manier van d...CONFENIS 2012
 
[Dutch] ICT-INSPIRATIEDAG - CONFENIS 2012
[Dutch] ICT-INSPIRATIEDAG - CONFENIS 2012[Dutch] ICT-INSPIRATIEDAG - CONFENIS 2012
[Dutch] ICT-INSPIRATIEDAG - CONFENIS 2012CONFENIS 2012
 
[Dutch] Van Enterprise Resource Planning (ERP) voor kmo’s naar Collectief Res...
[Dutch] Van Enterprise Resource Planning (ERP) voor kmo’s naar Collectief Res...[Dutch] Van Enterprise Resource Planning (ERP) voor kmo’s naar Collectief Res...
[Dutch] Van Enterprise Resource Planning (ERP) voor kmo’s naar Collectief Res...CONFENIS 2012
 
[Dutch] JIT 2.0. - een methode voor ondersteunen van proces-automatisatie en ...
[Dutch] JIT 2.0. - een methode voor ondersteunen van proces-automatisatie en ...[Dutch] JIT 2.0. - een methode voor ondersteunen van proces-automatisatie en ...
[Dutch] JIT 2.0. - een methode voor ondersteunen van proces-automatisatie en ...CONFENIS 2012
 
[Dutch] Software is een middel, geen doel!
[Dutch] Software is een middel, geen doel![Dutch] Software is een middel, geen doel!
[Dutch] Software is een middel, geen doel!CONFENIS 2012
 
What's beyond ERP? New normal ERP? by Ludo Van den Kerckhove
What's beyond ERP? New normal ERP? by Ludo Van den KerckhoveWhat's beyond ERP? New normal ERP? by Ludo Van den Kerckhove
What's beyond ERP? New normal ERP? by Ludo Van den KerckhoveCONFENIS 2012
 
[Dutch] Wat zijn sociale mediagebruikers, melkkoeien of onbetaalde werknemers...
[Dutch] Wat zijn sociale mediagebruikers, melkkoeien of onbetaalde werknemers...[Dutch] Wat zijn sociale mediagebruikers, melkkoeien of onbetaalde werknemers...
[Dutch] Wat zijn sociale mediagebruikers, melkkoeien of onbetaalde werknemers...CONFENIS 2012
 
Group preference aggregation based on ELECTRE methods for ERP system selection
Group preference aggregation based on ELECTRE methods for ERP system selectionGroup preference aggregation based on ELECTRE methods for ERP system selection
Group preference aggregation based on ELECTRE methods for ERP system selectionCONFENIS 2012
 
A Multicriteria Model for Strategic Implementation of Business Process Manage...
A Multicriteria Model for Strategic Implementation of Business Process Manage...A Multicriteria Model for Strategic Implementation of Business Process Manage...
A Multicriteria Model for Strategic Implementation of Business Process Manage...CONFENIS 2012
 
Some Considerations on Contracts ERP Buyer-Seller perspective
Some Considerations on Contracts ERP Buyer-Seller perspectiveSome Considerations on Contracts ERP Buyer-Seller perspective
Some Considerations on Contracts ERP Buyer-Seller perspectiveCONFENIS 2012
 
A Decision Support System Based on RCM Approach to Define Maintenance Strategies
A Decision Support System Based on RCM Approach to Define Maintenance StrategiesA Decision Support System Based on RCM Approach to Define Maintenance Strategies
A Decision Support System Based on RCM Approach to Define Maintenance StrategiesCONFENIS 2012
 

Mais de CONFENIS 2012 (20)

Enterprise systems in healthcare: leveraging what we know from other industr...
Enterprise systems in healthcare: leveraging what we know from other industr... Enterprise systems in healthcare: leveraging what we know from other industr...
Enterprise systems in healthcare: leveraging what we know from other industr...
 
[Dutch] GeOS, het informatiehart van het dienstverleningscentrum Heilig Hart
[Dutch] GeOS, het informatiehart van het dienstverleningscentrum Heilig Hart [Dutch] GeOS, het informatiehart van het dienstverleningscentrum Heilig Hart
[Dutch] GeOS, het informatiehart van het dienstverleningscentrum Heilig Hart
 
Understanding the role of knowledge management during the ERP implementation ...
Understanding the role of knowledge management during the ERP implementation ...Understanding the role of knowledge management during the ERP implementation ...
Understanding the role of knowledge management during the ERP implementation ...
 
Effect of ERP implementation on the company efficiency - A Macedonian case
Effect of ERP implementation on the company efficiency - A Macedonian caseEffect of ERP implementation on the company efficiency - A Macedonian case
Effect of ERP implementation on the company efficiency - A Macedonian case
 
User perceptions, motivations and implications on ERP usage: An Indian Higher...
User perceptions, motivations and implications on ERP usage: An Indian Higher...User perceptions, motivations and implications on ERP usage: An Indian Higher...
User perceptions, motivations and implications on ERP usage: An Indian Higher...
 
[Dutch] ICT & Ryhove: een geslaagd huwelijk?
[Dutch] ICT & Ryhove: een geslaagd huwelijk?[Dutch] ICT & Ryhove: een geslaagd huwelijk?
[Dutch] ICT & Ryhove: een geslaagd huwelijk?
 
[Dutch] CRM en collaboration: een verstandshuwelijk of een LAT-relatie?
[Dutch] CRM en collaboration: een verstandshuwelijk of een LAT-relatie?[Dutch] CRM en collaboration: een verstandshuwelijk of een LAT-relatie?
[Dutch] CRM en collaboration: een verstandshuwelijk of een LAT-relatie?
 
[Dutch] E-commerce en ERP
[Dutch] E-commerce en ERP[Dutch] E-commerce en ERP
[Dutch] E-commerce en ERP
 
[Dutch] Sociale media en crisiscommunicatie
[Dutch] Sociale media en crisiscommunicatie[Dutch] Sociale media en crisiscommunicatie
[Dutch] Sociale media en crisiscommunicatie
 
[Dutch] Zelf opstellen van bedrijfsprocessen - BPM & DMS: nieuwe manier van d...
[Dutch] Zelf opstellen van bedrijfsprocessen - BPM & DMS: nieuwe manier van d...[Dutch] Zelf opstellen van bedrijfsprocessen - BPM & DMS: nieuwe manier van d...
[Dutch] Zelf opstellen van bedrijfsprocessen - BPM & DMS: nieuwe manier van d...
 
[Dutch] ICT-INSPIRATIEDAG - CONFENIS 2012
[Dutch] ICT-INSPIRATIEDAG - CONFENIS 2012[Dutch] ICT-INSPIRATIEDAG - CONFENIS 2012
[Dutch] ICT-INSPIRATIEDAG - CONFENIS 2012
 
[Dutch] Van Enterprise Resource Planning (ERP) voor kmo’s naar Collectief Res...
[Dutch] Van Enterprise Resource Planning (ERP) voor kmo’s naar Collectief Res...[Dutch] Van Enterprise Resource Planning (ERP) voor kmo’s naar Collectief Res...
[Dutch] Van Enterprise Resource Planning (ERP) voor kmo’s naar Collectief Res...
 
[Dutch] JIT 2.0. - een methode voor ondersteunen van proces-automatisatie en ...
[Dutch] JIT 2.0. - een methode voor ondersteunen van proces-automatisatie en ...[Dutch] JIT 2.0. - een methode voor ondersteunen van proces-automatisatie en ...
[Dutch] JIT 2.0. - een methode voor ondersteunen van proces-automatisatie en ...
 
[Dutch] Software is een middel, geen doel!
[Dutch] Software is een middel, geen doel![Dutch] Software is een middel, geen doel!
[Dutch] Software is een middel, geen doel!
 
What's beyond ERP? New normal ERP? by Ludo Van den Kerckhove
What's beyond ERP? New normal ERP? by Ludo Van den KerckhoveWhat's beyond ERP? New normal ERP? by Ludo Van den Kerckhove
What's beyond ERP? New normal ERP? by Ludo Van den Kerckhove
 
[Dutch] Wat zijn sociale mediagebruikers, melkkoeien of onbetaalde werknemers...
[Dutch] Wat zijn sociale mediagebruikers, melkkoeien of onbetaalde werknemers...[Dutch] Wat zijn sociale mediagebruikers, melkkoeien of onbetaalde werknemers...
[Dutch] Wat zijn sociale mediagebruikers, melkkoeien of onbetaalde werknemers...
 
Group preference aggregation based on ELECTRE methods for ERP system selection
Group preference aggregation based on ELECTRE methods for ERP system selectionGroup preference aggregation based on ELECTRE methods for ERP system selection
Group preference aggregation based on ELECTRE methods for ERP system selection
 
A Multicriteria Model for Strategic Implementation of Business Process Manage...
A Multicriteria Model for Strategic Implementation of Business Process Manage...A Multicriteria Model for Strategic Implementation of Business Process Manage...
A Multicriteria Model for Strategic Implementation of Business Process Manage...
 
Some Considerations on Contracts ERP Buyer-Seller perspective
Some Considerations on Contracts ERP Buyer-Seller perspectiveSome Considerations on Contracts ERP Buyer-Seller perspective
Some Considerations on Contracts ERP Buyer-Seller perspective
 
A Decision Support System Based on RCM Approach to Define Maintenance Strategies
A Decision Support System Based on RCM Approach to Define Maintenance StrategiesA Decision Support System Based on RCM Approach to Define Maintenance Strategies
A Decision Support System Based on RCM Approach to Define Maintenance Strategies
 

Último

Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableDipal Arora
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANIlamathiKannappan
 
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Lviv Startup Club
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Neil Kimberley
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityEric T. Tung
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxWorkforce Group
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communicationskarancommunications
 
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...rajveerescorts2022
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Dipal Arora
 
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRavindra Nath Shukla
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Roland Driesen
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMRavindra Nath Shukla
 
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyThe Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyEthan lee
 
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...amitlee9823
 
HONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsHONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsMichael W. Hawkins
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756dollysharma2066
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...amitlee9823
 

Último (20)

Mifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pills
Mifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pillsMifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pills
Mifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pills
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMAN
 
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023
 
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabiunwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League City
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
 
Forklift Operations: Safety through Cartoons
Forklift Operations: Safety through CartoonsForklift Operations: Safety through Cartoons
Forklift Operations: Safety through Cartoons
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communications
 
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
 
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear Regression
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSM
 
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyThe Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
 
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
 
HONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsHONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael Hawkins
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
 

Enterprise Information Systems Security: A Case Study in the Banking Sector

  • 1. ENTERPRISE INFORMATION SYSTEMS SECURITY: A CASE STUDY IN THE BANKING SECTOR SEPTEMBER 20TH, 2012 CONFENIS - GHENT, BELGIUM Sohail Chaudhry, Peggy Chaudhry, Kevin Clark and Darryl Jones Villanova School of Business, Villanova, PA USA
  • 2. Agenda  Introduction  Research Approach  Conceptual Model  Phase I – Banking Sector  Results  Future Research
  • 4. Have you had any cases of insider sabotage or IT security fraud conducted at your workplace? Source: Cyber-Ark Snooping Survey, April 2011, p. 3.
  • 5. Research Approach  Focus: Enterprise Information Systems Security – Internal threats.  Literature Review & Development of Model.  Phase 1: Model tested via personal interviews of 4 senior information officers in a highly regulated industry – the Banking Industry.
  • 6. Information Security Officers Interviewed Bank A Bank B Bank C Bank D • Public • Private, • Private, • Private, 8 100 70 years 15 years years Years • 20 Mil • 1.8 Bil • 550 Mil • 1.1 Bil USD in USD in USD in USD Assets assets assets Assets •2 • 13 • 10 • 11 Branches Branches Branches Branches
  • 7. Federal Financial Institutions Examination Council (FFIEC) Security Process (e.g., Governance issues) Information Security Risk Assessment (e.g., steps in gathering information) Information Security Strategy (e.g., architecture considerations) Security Controls Implementation (e.g., access control) Security Monitoring (e.g., network intrusion detection systems) Security Process Monitoring and Updating
  • 8. The Gramm-Leach-Bliley Act Access controls on customer information systems Access restrictions at physical locations containing customer information Encryption of electronic customer information Procedures to ensure that system modifications do not affect security. Dual control procedures, segregation of duties, and employee background checks Monitoring Systems to detect actual attacks on or intrusions into customer information systems Response programs that specify actions to be taken when unauthorized access has occurred. Protection from physical destruction or damage to customer information
  • 9. Conceptual Framework Enterprise Information System Security Implementation Security Policy Security Access Top Level Awareness Control Management Support Corporate Governance
  • 10. Pillar 1: Security Policy  Set rules for behavior  Define consequences of violations  Procedure for dealing with breach  Authorize company to monitor and investigate  Legal and regulatory compliance
  • 11. Excerpt from interview: “Information Security Policy is not an option, it’s demanded from the top of the house on down, it’s board approved, accepted by regulators, and executed throughout the organization. ”
  • 12. Pillar 2: Security Awareness  Continued education  Collective and individual activities  Formal classes, emails, discussion groups  Employee compliance
  • 13. Excerpt from interview: “In training, we tell employees that we are tracking them, when we are not. It’s a deterrent. The fact is we have to use implied security in addition to actual security. ”
  • 14. Pillar 3: Access Control  Limit information  Access linked to job function  Restrict information not relevant to position  Management of access rule changes
  • 15. Have you ever accessed information on a system that was not relevant to your role? EMEA % US % C-Level % Yes 250 44% 243 28% 21 30% No 313 56% 616 72% 50 70% Grand Total 563 100% 859 100% 71 100% Source: Cyber-Ark Snooping Survey, April 2011, p. 2.
  • 16. Do you agree that majority of recent security attacks have involved the exploitation of privileged account access? 24% 12% Agree 64% Disagree Not Sure Source: Cyber-Ark 2012 TRUST, SECURITY & PASSWORDS SURVEY, June 2012
  • 17. Pillar 4: Top Level Management Support (TLMS)  Transparent support for policies and procedures  Engrain information security into company culture  Effective Communications
  • 18. “IT governance is a mystery to key decision-makers at most companies and that only about one-third of the managers’ surveyed understood how IT is governed at his or her company.”  Source: Weill, P., and Ross, J., “A Matrixed Approach to Designing IT Governance,” Sloan Management Review, 46(2), 2005, p. 26.
  • 19. Phase 1 – The Banking Sector
  • 20. Results  Overall, the Information Security Officers confirmed the main issues proposed in the conceptual model.  The four pillars, security policy, security awareness, access control, and TLMS were rated as extremely important for each of the interviewees.
  • 21. Interview Content Analysis – Agreement
  • 23. Future Research Phase II  Developing and administering a survey to a larger sample.  Seeking advice on potential sponsorship, professional affiliations that may be interested in working with us.
  • 24. Thank You! Dankje! Merci! Danke!