2. Agenda
Security incidents cause
What is risk?
Risk relationships
Threat agent
Motive
Threat type and Example
Compliance
Objectives of Compliance
SOX
Where SOX is Applicable
BASEL II
http://www.ifour-consultancy.com Software outsourcing company in India
3. Security incidents cause
• IT downtime, business interruption
• Financial losses and costs
• Devaluation of intellectual property
• Breaking laws and regulations, leading to prosecutions, fines and
penalties
• Reputation and brand damage leading to loss of customer, market,
business partner or owners’ confidence and lost business
• Fear, uncertainty and doubt
http://www.ifour-consultancy.com Software outsourcing company in India
4. What is risk?
• Risk is the possibility that a threat exploits a vulnerability in an
information asset, leading to an adverse impact on the organization
• Threat: something that might cause harm
• Vulnerability: a weakness that might be exploited
• Impact: financial damage etc.
http://www.ifour-consultancy.com Software outsourcing company in India
6. Threat agent
The actor that represents, carries out or catalyzes the threat
• Human
• Machine
• Nature
http://www.ifour-consultancy.com Software outsourcing company in India
7. Motive
• Something that causes the threat agent to act
• Implies intentional/deliberate attacks but some are
accidental
http://www.ifour-consultancy.com Software outsourcing company in India
8. Threat type and Example
http://www.ifour-consultancy.com Software outsourcing company in India
9. So how do we
secure our
information
assets?
http://www.ifour-consultancy.com Software outsourcing company in India
9
10. Compliance
What is Compliance?
Act or process of meeting specific standards with a desire, demand or proposal
Compliance represents following in detail
set of laws
Regulations
Rules
Practices
The role of the compliance in banks is to ensure that the rules/ regulations are
appropriately incorporated in bank’s internal processes and that each functionary,
right from the top to the bottom, appreciates the value of compliance
http://www.ifour-consultancy.com Software outsourcing company in India
11. Compliance
Internal
compliance
Banking Compliance
Internal Policies
Applicable to all
employeesank
Regulatory & Legal
Compliance
Laws and
Standards
Applicable to the
bank as a whole
http://www.ifour-consultancy.com Software outsourcing company in India
12. Objectives of Compliance
Prudential—to reduce the level of risk to which clients are exposed
Systemic risk reduction—to reduce the risk of disruption
Avoid misuse of system—to reduce the risk of system being used for
criminal purposes
To protect confidentiality
It may also include rules about treating customers fairly and having
corporate social responsibility (CSR)
http://www.ifour-consultancy.com Software outsourcing company in India
13. Objectives of Compliance
Ensures orderliness
Preventing chaos in systems
Dedicated framework for overseeing the implementation of
directions/guidelines issued by the Regulator/supervisor
Ensure that there is a process to promptly respond to and redress the
anomalies
http://www.ifour-consultancy.com Software outsourcing company in India
14. SOX
SOX: Sarbanes–Oxley Act also known as “Corporate and Auditing Accountability and Responsibility
Act”
SOX, is a United States federal law that set new or enhanced standards for all U.S. public
company boards, management and public accounting firms
Act Contains 11 Sections and Major Elements
Corporate board responsibilities to criminal penalties,
Auditor independence,
Corporate governance,
Fraud and
Enhanced financial disclosure
http://www.ifour-consultancy.com Software outsourcing company in India
15. Where SOX is Applicable
• (a) All public companies in the US
• (b) international companies that have registered equity or debt securities with SEC
• The Accounting firms that provide auditing services to (a) and (b)
• It does not apply to privately companies
• Act is administered by the Securities and Exchange Commission (SEC)
• SEC deals with compliance, rules and requirements
• The Act also created The Public Company Accounting Oversight Board (PCAOB)
http://www.ifour-consultancy.com Software outsourcing company in India
16. BASEL II
“A set of banking regulations put forth by the
Basel Committee on Bank Supervision, which regulates
finance and banking internationally.”
http://www.ifour-consultancy.com Software outsourcing company in India