Scribd Logo
Upload

Welcome to Scribd!

  • Chapter 5 Wiley

    Uploaded by

    Blues
    23 views12 pages
    The document discusses data breaches, their causes, and cybersecurity challenges. It provides examples of some of the largest data breaches from 2013-2014 in terms of number of records breached. These include breaches at eBay, Korea Credit Bureau, Adobe, UbiSoft, and others. The document also outlines basic concepts in IT security including risks, threats, vulnerabilities, assets, and objectives of data security. It discusses why hackers carry out data breaches and how employee negligence can make stealing data easy. The impacts and costs of data breaches to businesses are described, as are methods for preventing IT security risks and financial crimes through tools, governance models, standards, and security models.

    Original Description:

    Original Title

    Chapter 5 wiley.pptx

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document discusses data breaches, their causes, and cybersecurity challenges. It provides examples of some of the largest data breaches from 2013-2014 in terms of number of records breached. These include breaches at eBay, Korea Credit Bureau, Adobe, UbiSoft, and others. The document also outlines basic concepts in IT security including risks, threats, vulnerabilities, assets, and objectives of data security. It discusses why hackers carry out data breaches and how employee negligence can make stealing data easy. The impacts and costs of data breaches to businesses are described, as are methods for preventing IT security risks and financial crimes through tools, governance models, standards, and security models.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    23 views12 pages

    Chapter 5 Wiley

    Uploaded by

    Blues
    The document discusses data breaches, their causes, and cybersecurity challenges. It provides examples of some of the largest data breaches from 2013-2014 in terms of number of records breached. These include breaches at eBay, Korea Credit Bureau, Adobe, UbiSoft, and others. The document also outlines basic concepts in IT security including risks, threats, vulnerabilities, assets, and objectives of data security. It discusses why hackers carry out data breaches and how employee negligence can make stealing data easy. The impacts and costs of data breaches to businesses are described, as are methods for preventing IT security risks and financial crimes through tools, governance models, standards, and security models.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    of 12

    Cybersecurity, Risk

    Management, and
    Financial Crime
    Andreas William
    Nico Nathanael
    Arya Gina Tarigan
    Data Breach
    • Data Breach: is the intentional or unintentional release of secure or
    private/confidential information to an untrusted environment. (source: wikipedia)
    • The main cause of a data breach is hacking.
    • Negligence: management not doing enough to defend againts cyberthreats.
    • Data Security must be treated as a key business issue and not simply the
    responsibility of the IT department.

    Data
    Negligence Hacking
    Breach
    Worst Data Breaches Worldwide, 2013-2014, in
    Terms of Number of Data Records Breached
    • eBay : 145 million
    • Korea Credit Bureau : 100 million
    • Adobe : 150 million
    • UbiSoft : 58 million
    • Turkish Government : 54 million
    • Evernote : 50 million
    Cybersecurity Challenges
    • Distributed denial-of-service (DDoS): attack bombards a network or
    website with traffic to crash it and leave it vulnerable to other threats.
    • Malware (viruses, trojans, worms, botnets, etc.)
    • Advanced persistent threats (APT): a stealth network attack in which an
    unauthorized entity (hacker or malware) gains access to a network and
    remains undetected for a long time.
    • Mobile computing and BYOD (Bring Your Own Device)
    • Social media for social engineering: users are tricked into revealing their
    log-in credentials or other confidential information, which can give
    cybercriminals access to corporate network accounts as authorized users.
    • Phishing
    Basic IT Security Concepts

    Risk: Probability of a threat Exploit: A program (code)


    exploiting a vulnerability that allows attackers to
    and the resulting cost of the automatically break into a
    loss, damage, disruption or system through a
    destruction vulnerability

    Threat: Someone or
    something that can cause
    loss, damage, or
    destruction

    Asset: Something of value


    Vulnerability: Weakness or that needs to be protected
    flaw in a system that allows (customer data, trade
    an attack to be successful secrets, propriate formulas,
    etc.)
    Objectives of Data and Information System
    Security

    • Confidentiality: No unauthorized data disclosure.


    • Integrity: Data, documents, messages, and other files have not been altered
    in any unauthorized way.
    • Availability: Data is accessible when needed by those authorized to do so.
    Why do hackers carry data breach out?

    • To shake down business and steal identities


    • Hacking is a profitable industry
    • Hackers feel untouched
    Why is stealing data easy for employee?

    • Ability to bypass physical and technical security


    • Defenses protect againts external threats
    What are the negative impacts and costs of
    data breach?

    • Lost sales and income


    • Delayed sales or income
    • Increased expenses (overtime labor, outsourcing, etc.)
    • Regulatory fines
    • Contractual penalties or loss of contractual bonuses
    • Customer dissatisfaction or defection
    • Delay of new business plans
    How Should IT security risks be prevented?

    • Tools:
    1. Antivirus software
    2. Intrusion detection systems
    3. Intrusion prevention systems
    • COBIT Governance Model
    1. Principle of economic use of resources
    2. Principle of legality
    3. Accounting principles
    • Industry data security standard
    • IT Security Model: People, Processes, and Technology
    1. Senior management commitment and support
    2. Acceptable use policies and IT security training
    3. IT security procedures and enforcement
    4. Up-to-date hardware and software
    Financial Crimes and Fraud Defences
    Type of Fraud:
    Crime 1. Operating Management Corruption
    2. Conflict of interest
    3. Bribery
    4. Embezzlement or “misappropriation”
    5. Senior Management financial reporting fraud
    Nonviolent Violent 6. Accounting Cycle Fraud

    Fraud Prevention:
    1. Effective corporate governance and fraud
    Fraud prevention measure
    2. Most cost-effective approach
    Fraud Detection:
    1. Intelligent Analysis
    Financial 2. Anomaly Detections
    Crimes
    Conclusion

    • Underestimating IT vulnerabilities and threats is the biggest mistakes


    managements made.
    • Data Security must be treated as a key business issue and not simply the
    responsibility of the IT department.

    You might also like