INFORMATION SECURITY TECHNOLOGY AND DATA INSURANCE (ISYS)

Size: px
Start display at page:

Download "INFORMATION SECURITY TECHNOLOGY AND DATA INSURANCE (ISYS)"

Transcription

1 INFORMATION SECURITY TECHNOLOGY AND DATA INSURANCE (ISYS) Duration of the project: Febr 2001 Dec 2003 Home page of the project: < Co-ordinator: KÜRT Computer Rendszerház Rt., Budapest Home page: < Address: H-1112 Budapest, Péterhegyi út 98. Phone.: (36-1) Project leader: KÜRTI Sándor dr. Team leader: REMZSŐ Tibor dr. Deputy project/team leader: PAPP Attila Consortium member(s): Computer and Automation Resarch Institute Hungarian Academy of Sciences (MTA SZTAKI), Budapest Home page: < Team leader: BENCZÚR András dr. Department of Mathematics and Computing University of Veszprém, Veszprém Home page: < Team leader: GYŐRI István dr. Keywords: (information security; data recovery; statistical analysis; insurance technology; data insurance; cryptography) 1. Introduction The primary aim of the project is to lay the foundation of an information technology risk management and data insurance system. As the value assessment in data insurance greatly differs from the evaluation of other property, an objective information technology value determination methodology is a vitally important research area. The Information Security Technology (ISyS ) to be created by this project shall provide the basis for a homogenous, simple and organized IT infrastructure, upon which we can start planning the introduction of procedures that can guarantee a higher level of information technology infrastructure security in the future. Based on its vast experience in data recovery, KÜRT has gathered a large amount of information about information technology catastrophes and the reasons of data loss. This reservoir of knowledge has not yet been scientifically analyzed before this project. In cooperation with the Computer and Automatization Research Institute (MTA SZTAKI) and the Department of Mathematics and Computing at the University of Veszprém, we intended to determine those factors, which constitute an information technology threat for companies or organizations. Research & Development Division, Ministry of Education, Hungary < 1

2 2. Main objectives of the project IT protection now concentrates on 2 basic functions: - prevention of information loss, and - prevention of information theft. The creation of secure IT systems requires substantial investment of both money and manpower, logically preceded by risk assessment. Today s situation, however, is that a large number of organizations don t even have a set of security regulations, security strategy, security manual. If the management of an organization can make a distinction between safe and unsafe, and it can assign a required degree of security to its business procedures, then IT security experts can create a protection system which can control the technical gateways and shut the door to intruders. IT and Security Objectives According to the above, the strategic aim of the consortium s IT development program, is to lay the foundation of international IT utilization which shall be a lot more efficient than it is today, enhancing progress in some important areas: - ensuring quality and security of IT activities, so that the systems quality and security requirements be met in a harmonized fashion; - securing the IT system components and their connections; - documented regulation of IT security systems; - a definition of the range and priorities of systems, files, and data intended for protection; - minimizing material damage in case of data loss; - minimizing damages resulting from human error or negligence; - creation and applicability analysis of mathematical solutions connected with IT security; - creation of the theoretical basis of data insurance activity; - analysis of the target areas and applicability of data insurance activity; - feasibility of risk management in the IT infrastructure of business organizations; - analysis of Hungarian IT infrastructure and IT literacy compared to EU requirements; assessment of deviations and deficiencies; promotion of bringing about the conditions necessary to the country s joining the EU; - preparation of the country for joining the EU, and contribution to IT elements of legal harmonization. ISyS The organic parts of Isys are the following: - Framework - Data protection modul - Data security modul - IT system procedures - IT Organizational procedures Research & Development Division, Ministry of Education, Hungary < 2

3 - Audit preparation - Emergency plan Data insurance KÜRT possesses a large amount of information (almost 10 thousand case histories) related with IT catastrophes, emergencies, data losses, and this treasury of information is yet scientifically unexplored. The projected Information Security Technology (ISyS ) will create the fundamentals of a homogenous, simple and organized IT infrastructure. However, due to the rapid progress of information technology and the limited resources available we have to realize that providing a complete and final solution for every conceivable risk and problem is next to impossible. There always may be unexpected problems, and the new solutions can bring about the emergence of new risks and problems. In our research aiming at the creation on company IT security, we intend to follow and study the trends of international assault cases, because whatever happens in the outside world can also happen in Hungary. During our research, we will attempt to assess the number and direction of potential attacks. For insurance risk assessment, we will specialists with expertise in cryptography systems. Relying on the theoretical and practical cryptography expertise of our researchers, our target is to explore the available literature and standards, in order to incorporate this expertise into our security technology directives and requirements, and also, in case of damage, to provide adequate means for finding the reasons, and detect insurance fraud attempts. On the above mathematical basis, within our research and development activity, we intend to examine primarily the practical applicability of mathematical methods (statistics, probabilities, game theory, risk analysis) suitable for modeling simple handling and analysis of large quantities of data, decision making based on insufficient information, and prognostication of future processes on the basis on current information, in order to practical utilization of these techniques in the industry. Data insurance is a brand new concept in insurance business, and it is very hard, in not impossible to grasp, mainly because value definition differs from value definition of other kinds of property. An important field of research shall be to examine how computer data can become an object of insurance in mass proportions, like automobiles. The intent of this consortium is to engage into this research project, making use of the vast experience available in information technology, data recovery, and mathematics. An insurance methodology that can be used simply, coherently and with the necessary automation, can only be created on two conditions. One that it guarantees adequate compensation for the client in case of damage, and on the other hand, the insurance companies can make a reasonable profit on this kind of service. The objective of this research and development project is to increase data security, to reduce the risk of data loss and unauthorized data access, and to outline the foundations Research & Development Division, Ministry of Education, Hungary < 3

4 of an IT insurance system which should provide a high quality risk management service for its clients. Both on the field of ISyS and in data insurance, the factors threatening the individual system components must be identified, the probability of their occurrence and estimated damage must be previously defined, the effects of the elements on each other have to be assessed, and an overall risk value has to be defined for the entire system. These values must not be the matter of intuitive guesswork; to get exact figures, a number of complex mathematical tools and methods must be applied. These tools are available at the Mathematics and Computing Department at the University of Veszprém, and also at the research base of MTA SZTAKI. The system to be realized by this project presents a number of theoretical problems on various fields of mathematics: mathematical statistics, risk analysis, database theory, combinatorics, image recognition, and cryptography. The range of phenomena commonly known as data loss also presents a number of questions we want to find the answer to in our research; such as, - Statistical examination of the damage process (the total sum of damages up to the given moment, as a function defined by time and chance). The data loss cases of KÜRT s data recovery experience can provide the causes (virus, operating system malfunction, human error, etc.) to prepare such statistics. - The distribution of (physical and intellectual) damages converted to financial terms. It must be determined which of the distribution patterns (Pareto, lognormal, etc.) described in insurance mathematical literature can be fitted to the data available. - The above models and results will provide a foundation to define net insurance charges, according to various theoretical principles, e. g. expected value principle, positive distribution principle, average value principle, etc. By studying public statistics of data file evaluation, credibility theory can also be utilized for assessing net charges. Completing this project will inevitably require tools from the area of data mining. The study and processing of KÜRT s data bank of damage cases and other public and relevant data collections can lead to such tasks to be fulfilled. Information extraction, characteristic of such activity, starts with data cleansing the handling of noisy, faulty, defective data. The next step is data integration and data selection to precisely define the range of data used for analysis, and convert the data into a unified form, independent of the source. The next move can then be the exploration of the regularities (patterns, association rules, etc.) within the data. The results of the statistical analysis can also be utilized on a shorter time span, within risk management. Based on the analysis and the connected research, KÜRT s ISyS technology can be improved by a new component which provides a finer and more exact risk assessment. 3. Utilization, expected economic results, direct and indirect effects of the project The whole world seems to be entangled in a network of information technology. Real life events and visions concerning Internet opportunities are the driving force for the quality improvement on IT devices. The concept of IT quality shall bring about a new product, information technology insurance. Traditional industries have gone through the same line of progress. Research & Development Division, Ministry of Education, Hungary < 4

5 The insurance technology in its current form primarily offers value-for money, optimized security solutions for large, multi-national organizations. In 2004, we intend to launch a subset of the whole technology (IT Protection Shield (ITPS)). IT Protection Shield is simpler than ISyS, providing efficient and cost-effective planning, modeling, execution, and regulation procedures for small and medium size enterprises. Generally speaking, data insurance is a sound investment for a company or organization if the elimination of the risks discovered in its system would cost a lot more than the damage in case of data loss. Future target groups of data insurance services can be found on both sides of the business sphere. Data insurance as a product shall undoubtedly be offered by insurance companies. Data insurance as a service will presumably be spreading among such clients, as - Internet service providers; - content providers; - banks and other financial institutions; - companies, organizations, and institutions which store large quantities of electronic data, considered valuable for business or personal right reasons; - companies and organizations which utilize massive IT support in business and production processes; - companies and organizations which utilize valuable business-to-business or business-toconsumer techniques; - companies and organizations which utilize valuable business-to-administration or consumer-to-administration techniques; - government organizations in which IT security and IT insurance measures should be mandatory in the near future. 4. European Dimensions In December 1999, the Europe Committee announced eeurope initiative for harvesting the fruits of available digital technologies and to create an overall Information Society in Europe. Europe Council s decision of Feira, made in June 2000, states that the action plan made there has to be executed by the end of This action plan puts extra emphasis on network security and the fight against network crime. Europe Committee shall initiate, among others, to establish a police force against international computer crime in countries where such units have not been set up, and support training courses and programs. On technology level, the Committee will support research and development in the field of exploration of methods for risk and vulnerability elimination, and the dissemination of pertaining know-how. The realization of this project may result in Hungary joining and playing a prominent role in this initiative. Besides direct home utilization, this project can also help Hungary to receive the appropriate position in European IT security research and development, a position appropriate to the country s reputation and intellectual capacity. Research & Development Division, Ministry of Education, Hungary < 5

Participants of the program Program history Internet research in Hungary The concept of the Future Internet Research

Participants of the program Program history Internet research in Hungary The concept of the Future Internet Research Hungarian Research Program for the Future Internet Peter Bakonyi Ph.D Computer and Automation ti Institute t Hungarian Academy of Sciences MTA SZTAKI Hungarnet Outline Participants of the program Program

More information

A Database Security Management White Paper: Securing the Information Business Relies On. November 2004

A Database Security Management White Paper: Securing the Information Business Relies On. November 2004 A Database Security Management White Paper: Securing the Information Business Relies On November 2004 IPLocks, Inc. 441-A W. Trimble Road, San Jose, CA 95131 USA A Database Security Management White Paper:

More information

Keynote. Professor Russ Davis Chairperson IC4MF & Work Shop Coordinator for Coordinator for Technology, Innovation and Exploitation.

Keynote. Professor Russ Davis Chairperson IC4MF & Work Shop Coordinator for Coordinator for Technology, Innovation and Exploitation. Keynote Professor Russ Davis Chairperson IC4MF & Work Shop Coordinator for Coordinator for Technology, Innovation and Exploitation 6 & 7 Nov 2013 So many of us now don t just work online but live part

More information

07/2013. Specific Terms and Conditions Mobile Device Management

07/2013. Specific Terms and Conditions Mobile Device Management 07/2013 Specific Terms and Conditions Mobile Device Management GENERAL PROVISIONS 1. Offer and Agreement 1.1 The present contractual terms and conditions (hereinafter referred to as Terms and Conditions

More information

Incident Response and the Role of External Services

Incident Response and the Role of External Services Incident Response and the Role of External Services Andrea Rigoni Business Development Manager - Government Sector Symantec Corp. Andrea_Rigoni@symantec.com Abstract: Managing security is a complex task

More information

Banking Application Modernization and Portfolio Management

Banking Application Modernization and Portfolio Management Banking Application Modernization and Portfolio Management Key Challenges and Success Factors As part of their long-term strategic plans, banks are seeking to capitalize on their legacy applications. Acquired

More information

Guideline for Quality Assurance of the Official Statistics

Guideline for Quality Assurance of the Official Statistics Guideline for Quality Assurance of the Official Statistics 1 Purpose "The quality of official statistics" is a concept build on the compatibility of the users needs, the timeliness of the dissemination,

More information

PARIS AGENDA OR 12 RECOMMENDATIONS FOR MEDIA EDUCATION

PARIS AGENDA OR 12 RECOMMENDATIONS FOR MEDIA EDUCATION PARIS AGENDA OR 12 RECOMMENDATIONS FOR MEDIA EDUCATION 25 years after the adoption of the Grünwald Declaration that paved the way for media education at the international level, experts, education policy-makers,

More information

Modern Fraud Prevention from a Bank s Point of View

Modern Fraud Prevention from a Bank s Point of View Modern Fraud Prevention from a Bank s Point of View Extract from an interview between Alexey Golenishev, Payment Schemes Relationships, Head of Department, Alfa-Bank and PLUS Magazine #8 [148] September

More information

GOVERNMENT OF THE REPUBLIC OF LITHUANIA

GOVERNMENT OF THE REPUBLIC OF LITHUANIA GOVERNMENT OF THE REPUBLIC OF LITHUANIA RESOLUTION NO 796 of 29 June 2011 ON THE APPROVAL OF THE PROGRAMME FOR THE DEVELOPMENT OF ELECTRONIC INFORMATION SECURITY (CYBER-SECURITY) FOR 20112019 Vilnius For

More information

21st Century Hungary as Regional Financial Centre

21st Century Hungary as Regional Financial Centre 21st Century Hungary as Regional Financial Centre Focus The new Hungarian government is firmly determined to make Hungary the 21st century financial services centre of Central Europe by the recently released,

More information

Level 1 Articulated Plan: The plan has established the mission, vision, goals, actions, and key

Level 1 Articulated Plan: The plan has established the mission, vision, goals, actions, and key S e s s i o n 2 S t r a t e g i c M a n a g e m e n t 1 Session 2 1.4 Levels of Strategic Planning After you ve decided that strategic management is the right tool for your organization, clarifying what

More information

Executive Master Program Financial Engineering. Technology + Management

Executive Master Program Financial Engineering. Technology + Management Executive Master Program Financial Engineering Technology + Management KIT University of the State of Baden-Wuerttemberg and National Research Center of the Helmholtz Association Accredited by Keyfacts

More information

Introduction. Corporate Investigation & Litigation Support

Introduction. Corporate Investigation & Litigation Support Introduction Established in 2014 two companies, Carratu and MLI came together to create CarratuMLI Risk Management. In the joining of these two companies, we have created one of the UK s premier providers

More information

SYMANTEC MANAGED SECURITY SERVICES. Superior information security delivered with exceptional value.

SYMANTEC MANAGED SECURITY SERVICES. Superior information security delivered with exceptional value. SYMANTEC MANAGED SECURITY SERVICES Superior information security delivered with exceptional value. A strong security posture starts with a smart business decision. In today s complex enterprise environments,

More information

SECURITY METRICS: MEASUREMENTS TO SUPPORT THE CONTINUED DEVELOPMENT OF INFORMATION SECURITY TECHNOLOGY

SECURITY METRICS: MEASUREMENTS TO SUPPORT THE CONTINUED DEVELOPMENT OF INFORMATION SECURITY TECHNOLOGY SECURITY METRICS: MEASUREMENTS TO SUPPORT THE CONTINUED DEVELOPMENT OF INFORMATION SECURITY TECHNOLOGY Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute

More information

CASE STUDY XAPT - HANSA

CASE STUDY XAPT - HANSA CASE STUDY XAPT - HANSA Microsoft Dynamics AX based warehouse management solution by Hungarian FMCG company improves its efficiency and competitiveness through Microsoft Dynamics AX based warehouse management

More information

AUTOMATED PENETRATION TESTING PRODUCTS

AUTOMATED PENETRATION TESTING PRODUCTS AUTOMATED PENETRATION TESTING PRODUCTS Justification and Return on Investment (ROI) EXECUTIVE SUMMARY This paper will help you justify the need for an automated penetration testing product and demonstrate

More information

Penetration Testing Service. By Comsec Information Security Consulting

Penetration Testing Service. By Comsec Information Security Consulting Penetration Testing Service By Consulting February, 2007 Background The number of hacking and intrusion incidents is increasing year by year as technology rolls out. Equally, there is no hiding place your

More information

Guideline on risk management and other aspects of internal control in central securities depository

Guideline on risk management and other aspects of internal control in central securities depository until further notice 1 (11) Applicable to central securities depositories Guideline on risk management and other aspects of internal control in central securities depository By virtue of section 4, paragraph

More information

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS)

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS) INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS) Revised: October 2012 i Table of contents Attribute Standards... 3 1000 Purpose, Authority, and Responsibility...

More information

Section VI Principles of Laboratory Biosecurity

Section VI Principles of Laboratory Biosecurity Section VI Principles of Laboratory Biosecurity Since the publication of the 4th edition of BMBL in 1999, significant events have brought national and international scrutiny to the area of laboratory security.

More information

analytics stone Automated Analytics and Predictive Modeling A White Paper by Stone Analytics

analytics stone Automated Analytics and Predictive Modeling A White Paper by Stone Analytics stone analytics Automated Analytics and Predictive Modeling A White Paper by Stone Analytics 3665 Ruffin Road, Suite 300 San Diego, CA 92123 (858) 503-7540 www.stoneanalytics.com Page 1 Automated Analytics

More information

Comprehensive Strategy on Information Security: Executive Summary

Comprehensive Strategy on Information Security: Executive Summary Comprehensive Strategy on Information Security: Executive Summary To enhance competitiveness and national security for Japan: Building economic and cultural power through realization of world-class "highly

More information

A CASE FOR INFORMATION OWNERSHIP IN ERP SYSTEMS TO ENHANCE SECURITY

A CASE FOR INFORMATION OWNERSHIP IN ERP SYSTEMS TO ENHANCE SECURITY A CASE FOR INFORMATION OWNERSHIP IN ERP SYSTEMS TO ENHANCE SECURITY Prof. S.H. von Solms, M.P. Hertenberger Rand Afrikaans University, Johannesburg, South Africa Prof. S.H. von Solms Email address: basie@rau.ac.za

More information

Advantages and Disadvantages of Quantitative and Qualitative Information Risk Approaches

Advantages and Disadvantages of Quantitative and Qualitative Information Risk Approaches Chinese Business Review, ISSN 1537-1506 December 2011, Vol. 10, No. 12, 1106-1110 D DAVID PUBLISHING Advantages and Disadvantages of Quantitative and Qualitative Information Risk Approaches Stroie Elena

More information

Business Continuity and Breach Protection: Why SSL Certificate Management Is Critical to Today s Enterprise

Business Continuity and Breach Protection: Why SSL Certificate Management Is Critical to Today s Enterprise Business Continuity and Breach Protection: Why SSL Certificate Management Is Critical to Today s Enterprise White Paper Business Continuity and Breach Protection: Why SSL Certificate Management Is Critical

More information

OCC 98-3 OCC BULLETIN

OCC 98-3 OCC BULLETIN To: Chief Executive Officers and Chief Information Officers of all National Banks, General Managers of Federal Branches and Agencies, Deputy Comptrollers, Department and Division Heads, and Examining Personnel

More information

Operational Risk Scenario Analysis. 17/03/2010 Michał Sapiński michal.sapinski@statconsulting.com.pl

Operational Risk Scenario Analysis. 17/03/2010 Michał Sapiński michal.sapinski@statconsulting.com.pl Operational Risk Scenario Analysis 17/03/2010 Michał Sapiński michal.sapinski@statconsulting.com.pl www.statconsulting.com.pl Copyright by StatConsulting Sp. z o.o. 2010 Operational Risk Tail Events Copyright

More information

Using Business Intelligence techniques to increase the safety of citizens The Tilburg case. Abstract

Using Business Intelligence techniques to increase the safety of citizens The Tilburg case. Abstract Using Business Intelligence techniques to increase the safety of citizens The Tilburg case Sérgio Pascoal 1, Jorge Barandela 2, Filipe Martins 3, Daniel Silva 4, Miguel Santos 5, Isabel Seruca 6 1) Universidade

More information

Cyber Security. CYBER SECURITY presents a major challenge for businesses of all shapes and sizes. Leaders ignore it at their peril.

Cyber Security. CYBER SECURITY presents a major challenge for businesses of all shapes and sizes. Leaders ignore it at their peril. Cyber Security Personal and commercial information is the new commodity of choice for the virtual thief, argues Adrian Leppard, Commissioner for City of London Police, as he sets out the challenges facing

More information

Module 2. Software Life Cycle Model. Version 2 CSE IIT, Kharagpur

Module 2. Software Life Cycle Model. Version 2 CSE IIT, Kharagpur Module 2 Software Life Cycle Model Lesson 3 Basics of Software Life Cycle and Waterfall Model Specific Instructional Objectives At the end of this lesson the student will be able to: Explain what is a

More information

The Danish Cyber and Information Security Strategy

The Danish Cyber and Information Security Strategy February 2015 The Danish Cyber and Information Security Strategy 1. Introduction In December 2014 the Government presented a National Cyber and Information Security Strategy containing 27 government initiatives

More information

Cyber Security Strategy for Germany

Cyber Security Strategy for Germany Cyber Security Strategy for Germany Contents Introduction 2 IT threat assessment 3 Framework conditions 4 Basic principles of the Cyber Security Strategy 4 Strategic objectives and measures 6 Sustainable

More information

Securing Critical Information Assets: A Business Case for Managed Security Services

Securing Critical Information Assets: A Business Case for Managed Security Services White Paper Securing Critical Information Assets: A Business Case for Managed Security Services Business solutions through information technology Entire contents 2004 by CGI Group Inc. All rights reserved.

More information

The background of the improvement of PISA results in Hungary the impact of the EU funded educational development programs 1

The background of the improvement of PISA results in Hungary the impact of the EU funded educational development programs 1 The background of the improvement of PISA results in Hungary the impact of the EU funded educational development programs 1 by Gábor Halász ELTE University Budapest (http://halaszg.ofi.hu) Hungary, similarly

More information

Security Basics: A Whitepaper

Security Basics: A Whitepaper Security Basics: A Whitepaper Todd Feinman, David Goldman, Ricky Wong and Neil Cooper PricewaterhouseCoopers LLP Resource Protection Services Introduction This paper will provide the reader with an overview

More information

Impact of Data Breaches

Impact of Data Breaches Research Note Impact of Data Breaches By: Divya Yadav Copyright 2014, ASA Institute for Risk & Innovation Applicable Sectors: IT, Retail Keywords: Hacking, Cyber security, Data breach, Malware Abstract:

More information

JOB ANNOUNCEMENT. Chief Security Officer, Cheniere Energy, Inc.

JOB ANNOUNCEMENT. Chief Security Officer, Cheniere Energy, Inc. JOB ANNOUNCEMENT Chief Security Officer, Cheniere Energy, Inc. Position Overview The Vice President and Chief Security Risk Officer (CSRO) reports to the Chairman, Chief Executive Officer and President

More information

5957/1/10 REV 1 GS/np 1 DG H 2 B LIMITE EN

5957/1/10 REV 1 GS/np 1 DG H 2 B LIMITE EN COUNCIL OF THE EUROPEAN UNION Brussels, 8 March 2010 5957/1/10 REV 1 LIMITE CRIMORG 22 ENFOPOL 32 NOTE from: to: Subject: Presidency Multidisciplinary Group on Organised Crime (MDG) Draft Council Conclusions

More information

Insurance as Operational Risk Management Tool

Insurance as Operational Risk Management Tool DOI: 10.7763/IPEDR. 2012. V54. 7 Insurance as Operational Risk Management Tool Milan Rippel 1, Lucie Suchankova 2 1 Charles University in Prague, Czech Republic 2 Charles University in Prague, Czech Republic

More information

Cyber Protection for Building Automation and Energy Management Systems

Cyber Protection for Building Automation and Energy Management Systems Cyber Protection for Building Automation and Energy Management Systems IT and Network Operations Managers Perspective PROTECT YOUR INVESTMENT Reinforcing the Integrity of Enterprise Networks The intersection

More information

An Introduction to SharePoint Governance

An Introduction to SharePoint Governance An Introduction to SharePoint Governance A Guide to Enabling Effective Collaboration within the Workplace Christopher Woodill Vice President, Solutions and Strategy christopherw@navantis.com 416-477-3945

More information

Information Technology Security Review April 16, 2012

Information Technology Security Review April 16, 2012 Information Technology Security Review April 16, 2012 The Office of the City Auditor conducted this project in accordance with the International Standards for the Professional Practice of Internal Auditing

More information

ENERGY CERTIFICATE, DISPLAY, LAKCÍMKE HOW CAN WE USE THE INFORMATION TOOLS SERVING

ENERGY CERTIFICATE, DISPLAY, LAKCÍMKE HOW CAN WE USE THE INFORMATION TOOLS SERVING Prepared by: Zsuzsanna Király, Nelli Tóth, Gyula Tóth April 2010 ENERGY CERTIFICATE, DISPLAY, LAKCÍMKE HOW CAN WE USE THE INFORMATION TOOLS SERVING THE ENERGY EFFICIENCY OF BUILDINGS? Introduction The

More information

2012 雲 端 資 安 報 告. 黃 建 榮 資 深 顧 問 - Verizon Taiwan. August 2012

2012 雲 端 資 安 報 告. 黃 建 榮 資 深 顧 問 - Verizon Taiwan. August 2012 2012 雲 端 資 安 報 告 黃 建 榮 資 深 顧 問 - Verizon Taiwan August 2012 1 It s All About Security Protecting assets from threats that could impact the business Protecting Assets... Stationary data Data in transit

More information

Information Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus

Information Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus Information Technology Engineers Examination Information Security Specialist Examination (Level 4) Syllabus Details of Knowledge and Skills Required for the Information Technology Engineers Examination

More information

ACTUAL PROBLEMS AND GOOD PRACTICES IN ACCOUNTANCY TEACHING TO STUDENTS IN ALBANIA

ACTUAL PROBLEMS AND GOOD PRACTICES IN ACCOUNTANCY TEACHING TO STUDENTS IN ALBANIA ACTUAL PROBLEMS AND GOOD PRACTICES IN ACCOUNTANCY TEACHING TO STUDENTS IN ALBANIA Alketa Pasholli (Zheku), PhD Head of Finance and Accounting - Department Faculty of Economy Fan S. Noli University,Korce,

More information

A STUDY OF DATA MINING ACTIVITIES FOR MARKET RESEARCH

A STUDY OF DATA MINING ACTIVITIES FOR MARKET RESEARCH 205 A STUDY OF DATA MINING ACTIVITIES FOR MARKET RESEARCH ABSTRACT MR. HEMANT KUMAR*; DR. SARMISTHA SARMA** *Assistant Professor, Department of Information Technology (IT), Institute of Innovation in Technology

More information

Using a decision support software in planning a waste management system in Hungary

Using a decision support software in planning a waste management system in Hungary Using a decision support software in planning a waste management system in Hungary ANGELIKA CSERNY, ANETT UTASI, ENDRE DOMOKOS Institute of Environmental Engineering University of Pannonia Veszprém, Egyetem

More information

CONNECTING DATA WITH BUSINESS

CONNECTING DATA WITH BUSINESS CONNECTING DATA WITH BUSINESS Big Data and Data Science consulting Business Value through Data Knowledge Synergic Partners is a specialized Big Data, Data Science and Data Engineering consultancy firm

More information

Review of the following PhD thesis:

Review of the following PhD thesis: ZRÍNYI MIKLÓS NATIONAL DEFENSE UNIVERSITY Review of the following PhD thesis: Evolution of economic-financial auditing system at defense sector, future trends in its evolution. Comparison of economic-financial

More information

CyberSecurity Solutions. Delivering

CyberSecurity Solutions. Delivering CyberSecurity Solutions Delivering Confidence Staying One Step Ahead Cyber attacks pose a real and growing threat to nations, corporations and individuals globally. As a trusted leader in cyber solutions

More information

Business Analytics, Big Data, and the Cloud

Business Analytics, Big Data, and the Cloud Strategy Business Analytics, Big Data, and the Cloud Regulatory requirements when mining information treasure 14 Detecon Management Report 3 / 2012 Business Analytics, Big Data, and the Cloud Björn Froese

More information

Implementing COBIT based Process Assessment Model for Evaluating IT Controls

Implementing COBIT based Process Assessment Model for Evaluating IT Controls Implementing COBIT based Process Assessment Model for Evaluating IT Controls By János Ivanyos, Memolux Ltd. (H) Introduction New generations of governance models referring to either IT or Internal Control

More information

State Agency Cyber Security Survey v 3.4 2 October 2014. State Agency Cybersecurity Survey v 3.4

State Agency Cyber Security Survey v 3.4 2 October 2014. State Agency Cybersecurity Survey v 3.4 State Agency Cybersecurity Survey v 3.4 The purpose of this survey is to identify your agencies current capabilities with respect to information systems/cyber security and any challenges and/or successes

More information

How To Monitor Your Business

How To Monitor Your Business IT as a Business Game Changer 7 Keys to Get You There 1 IT as a Business Game Changer may in Monitoring your 7 Keys find company. yourself network If you have systems recognized and applications the need

More information

Standard: Information Security Incident Management

Standard: Information Security Incident Management Standard: Information Security Incident Management Page 1 Executive Summary California State University Information Security Policy 8075.00 states security incidents involving loss, damage or misuse of

More information

Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained

Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained Performing Audit Procedures in Response to Assessed Risks 1781 AU Section 318 Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained (Supersedes SAS No. 55.)

More information

How To Help The War On Terror

How To Help The War On Terror NATO s Weapons of Mass Destruction Forensics Conference by Arne Thomas WgCdr Jonathan Archer Executive Summary NATO s Comprehensive Strategic Level Policy for Preventing the Proliferation of Weapons of

More information

Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np

Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np Meaning Why is Security Audit Important Framework Audit Process Auditing Application Security

More information

Analysis of the act on electronic signatures

Analysis of the act on electronic signatures Analysis of the act on electronic signatures Erika Fülöp Szilágyi and Péter Sasvári Department of Entrepreneurship, Institute of Business Sciences, University of Miskolc Introduction On the turn of the

More information

Internet Reputation Management Guidelines Building a Roadmap for Continued Success

Internet Reputation Management Guidelines Building a Roadmap for Continued Success Internet Reputation Management Guidelines Building a Roadmap for Continued Success Table of Contents Page INTERNET REPUTATION MANAGEMENT GUIDELINES 1. Background 3 2. Reputation Management Roadmap 5 3.

More information

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft) 1- A (firewall) is a computer program that permits a user on the internal network to access the internet but severely restricts transmissions from the outside 2- A (system failure) is the prolonged malfunction

More information

Information Security Specialist Training on the Basis of ISO/IEC 27002

Information Security Specialist Training on the Basis of ISO/IEC 27002 Information Security Specialist Training on the Basis of ISO/IEC 27002 Natalia Miloslavskaya, Alexander Tolstoy Moscow Engineering Physics Institute (State University), Russia, {milmur, ait}@mephi.edu

More information

Study of the Importance and Applicability of the Factor "Mark-up in the Budgeting of Construction

Study of the Importance and Applicability of the Factor Mark-up in the Budgeting of Construction Study of the Importance and Applicability of the Factor "Mark-up in the Budgeting of Construction Abstract Forming the price of a service and the subsequent finding of the value of the proposal is based

More information

WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY?

WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY? WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY? Contents Introduction.... 3 What Types of Network Security Services are Available?... 4 Penetration Testing and Vulnerability Assessment... 4 Cyber

More information

National Cyber Security Policy -2013

National Cyber Security Policy -2013 National Cyber Security Policy -2013 Preamble 1. Cyberspace 1 is a complex environment consisting of interactions between people, software and services, supported by worldwide distribution of information

More information

Information Technology Engineers Examination

Information Technology Engineers Examination Information Technology Engineers Examination Outline of ITEE Ver 2.1 November 30, 2015 The company and products names in this report are trademarks or registered trademarks of the respective companies.

More information

NICE MULTI-CHANNEL INTERACTION ANALYTICS

NICE MULTI-CHANNEL INTERACTION ANALYTICS NICE MULTI-CHANNEL INTERACTION ANALYTICS Revealing Customer Intent in Contact Center Communications CUSTOMER INTERACTIONS: The LIVE Voice of the Customer Every day, customer service departments handle

More information

A Workshop on Website Quality, Accessibility and Security April 2, 2009. Websites & web-enabled applications Hosting and Security

A Workshop on Website Quality, Accessibility and Security April 2, 2009. Websites & web-enabled applications Hosting and Security lq'kklu School of Good Governance And Policy Analysis A Workshop on Website Quality, Accessibility and Security April 2, 2009 Websites & web-enabled applications Hosting and Security Sanjay Hardikar, Technical

More information

CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS

CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS PREPARING FOR ADVANCED CYBER THREATS Cyber attacks are evolving faster than organizations

More information

CITIZENS' LABOR RIGHTS PROTECTION LEAGUE N.Narimanov street, 11 \ 16, Baku AZ1006, Azerbaijan

CITIZENS' LABOR RIGHTS PROTECTION LEAGUE N.Narimanov street, 11 \ 16, Baku AZ1006, Azerbaijan CITIZENS' LABOR RIGHTS PROTECTION LEAGUE N.Narimanov street, 11 \ 16, Baku AZ1006, Azerbaijan INTERNATIONAL COVENANT ON ECONOMIC, SOCIAL AND CULTURAL RIGHTS ANNEX TO THE ALTERNATIVE REPORT SUBMITTED BY

More information

PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES

PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES A CONSULTATION REPORT OF THE INTERNATIONAL ORGANIZATION OF SECURITIES COMMISSIONS STANDING COMMITTEE 3 ON MARKET INTERMEDIARIES

More information

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS)

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS) INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS) Introduction to the International Standards Internal auditing is conducted in diverse legal and cultural environments;

More information

Methods Commission CLUB DE LA SECURITE DE L INFORMATION FRANÇAIS. 30, rue Pierre Semard, 75009 PARIS

Methods Commission CLUB DE LA SECURITE DE L INFORMATION FRANÇAIS. 30, rue Pierre Semard, 75009 PARIS MEHARI 2007 Overview Methods Commission Mehari is a trademark registered by the Clusif CLUB DE LA SECURITE DE L INFORMATION FRANÇAIS 30, rue Pierre Semard, 75009 PARIS Tél.: +33 153 25 08 80 - Fax: +33

More information

Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com

Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com INDUSTRY DEVELOPMENTS AND MODELS Predictive Analytics and ROI: Lessons from IDC's Financial Impact

More information

PCI White Paper Series. Compliance driven security

PCI White Paper Series. Compliance driven security PCI White Paper Series Compliance driven security Table of contents Compliance driven security... 3 The threat... 3 The solution... 3 Why comply?... 3 The threat... 3 Benefits... 3 Efficiencies... 4 Meeting

More information

Government Decision No. 1139/2013 (21 March) on the National Cyber Security Strategy of Hungary

Government Decision No. 1139/2013 (21 March) on the National Cyber Security Strategy of Hungary Government Decision No. 1139/2013 (21 March) on the National Cyber Security Strategy of Hungary 1. The Government hereby approves the National Cyber Security Strategy of Hungary laid down in Annex No.

More information

OPERATIONAL PROTOCOL OF ACTIVITIES OF LAW ENFORCEMENT PSYCHOLOGY

OPERATIONAL PROTOCOL OF ACTIVITIES OF LAW ENFORCEMENT PSYCHOLOGY OPERATIONAL PROTOCOL OF ACTIVITIES OF LAW ENFORCEMENT PSYCHOLOGY 1. SUMMARY Objectives of the authors of the study were to conclude the psychological activities carried out at law enforcement agencies,

More information

White Paper. Business Continuity and Breach Protection: Why SSL Certificate Management is Critical to Today s Enterprise

White Paper. Business Continuity and Breach Protection: Why SSL Certificate Management is Critical to Today s Enterprise WHITE PAPER: BUSINESS CONTINUITY AND BREACH PROTECTION White Paper Business Continuity and Breach Protection: Why SSL Certificate Management is Critical to Today s Enterprise Business Continuity and Breach

More information

SECURITY AND PRIVACY ISSUES IN A KNOWLEDGE MANAGEMENT SYSTEM

SECURITY AND PRIVACY ISSUES IN A KNOWLEDGE MANAGEMENT SYSTEM SECURITY AND PRIVACY ISSUES IN A KNOWLEDGE MANAGEMENT SYSTEM Chandramohan Muniraman, Meledath Damodaran, Amanda Ryan University of Houston-Victoria Abstract As in any information management system security

More information

AUTOMATED PENETRATION TESTING PRODUCTS

AUTOMATED PENETRATION TESTING PRODUCTS AUTOMATED PENETRATION TESTING PRODUCTS Justification and Return on Investment (ROI) EXECUTIVE SUMMARY This paper will help you justify the need for automated penetration testing software and demonstrate

More information

Readiness Review The value of being prepared to carry out effective computer forensic activity.

Readiness Review The value of being prepared to carry out effective computer forensic activity. Readiness Review The value of being prepared to carry out effective computer forensic activity. This document outlines how being fully prepared to carry out computer forensic activity can benefit your

More information

Database and Data Mining Security

Database and Data Mining Security Database and Data Mining Security 1 Threats/Protections to the System 1. External procedures security clearance of personnel password protection controlling application programs Audit 2. Physical environment

More information

Do You Know Where Your Messages Are?

Do You Know Where Your Messages Are? Do You Know Where Your Messages Are? By Jason Sherry The need for message archiving In most organizations, an estimated 83 percent of all communications are electronic, with the vast majority of those

More information

Practical Aspects of Applying the Mandatory Compensation for Payment Recovery Costs Legal newsletter

Practical Aspects of Applying the Mandatory Compensation for Payment Recovery Costs Legal newsletter Practical Aspects of Applying the Mandatory Compensation for Payment Recovery Costs Legal newsletter 19 May 2014 Practical Aspects of Applying the Mandatory Compensation for Payment Recovery Costs Deloitte

More information

Information Technology Security Training Requirements APPENDIX A. Appendix A Learning Continuum A-1

Information Technology Security Training Requirements APPENDIX A. Appendix A Learning Continuum A-1 APPENDIX A Appendix A Learning Continuum A-1 Appendix A Learning Continuum A-2 APPENDIX A LEARNING CONTINUUM E D U C A T I O N Information Technology Security Specialists and Professionals Education and

More information

Guidelines 1 on Information Technology Security

Guidelines 1 on Information Technology Security Guidelines 1 on Information Technology Security Introduction The State Bank of Pakistan recognizes that financial industry is built around the sanctity of the financial transactions. Owing to the critical

More information

Project Management Software - Risk and Benefits

Project Management Software - Risk and Benefits Schedule, Jr.: Professional Scheduling in a Small Company Alex S. Brown, PMP Strategic Planning Office Manager, Mitsui Sumitomo Insurance Group, USA Introduction Most scheduling techniques were developed

More information

WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR

WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST Protecting Identities. Enhancing Reputations. IDT911 1 DATA BREACHES AND SUBSEQUENT IDENTITY THEFT AND FRAUD THREATEN YOUR ORGANIZATION

More information

Managed Security in the Enterprise (U.S. Enterprise)

Managed Security in the Enterprise (U.S. Enterprise) MANAGED SECURITY IN THE ENTERPRISE Managed Security in the Enterprise (U.S. Enterprise) March 2009 CONTENTS Executive overview... 3 Methodology... 4 Demographics... 5 Finding 1: Cyber Risk a Big Problem...

More information

GAO. INFORMATION SECURITY Persistent Weaknesses Highlight Need for Further Improvement

GAO. INFORMATION SECURITY Persistent Weaknesses Highlight Need for Further Improvement GAO For Release on Delivery Expected at time 1:00 p.m. EDT Thursday, April 19, 2007 United States Government Accountability Office Testimony Before the Subcommittee on Emerging Threats, Cybersecurity,

More information

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform Solution Brief Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform Finding

More information

European Commission Per email: CNECT-H4@ec.europa.eu

European Commission Per email: CNECT-H4@ec.europa.eu Post Bits of Freedom Bank 55 47 06 512 M +31(0)646282693 Postbus 10746 KvK 34 12 12 86 E simone.halink@bof.nl 1001 ES Amsterdam W https://www.bof.nl European Commission Per email: CNECT-H4@ec.europa.eu

More information

Guideline on risk management and other aspects of internal control in stock exchange

Guideline on risk management and other aspects of internal control in stock exchange until further notice 1 (11) Applicable to stock exchanges Guideline on risk management and other aspects of internal control in stock exchange By virtue of section 4, paragraph 2, of the Act on the Financial

More information

Part-time PhD program RESORG Nijmegen School of Management

Part-time PhD program RESORG Nijmegen School of Management Part-time PhD program RESORG Nijmegen School of Management First edition: start fall 2010 The Nijmegen School of Management (NSM) of the Radboud University Nijmegen will launch a dual PhD program entitled

More information

Chapter 7 Information System Security and Control

Chapter 7 Information System Security and Control Chapter 7 Information System Security and Control Essay Questions: 1. Hackers and their companion viruses are an increasing problem, especially on the Internet. What can a digital company do to protect

More information

How To Create An Intelligent Infrastructure Solution

How To Create An Intelligent Infrastructure Solution SYSTIMAX Solutions Intelligent Infrastructure & Security Using an Internet Protocol Architecture for Security Applications White Paper July 2009 www.commscope.com Contents I. Intelligent Building Infrastructure

More information

Bernardus. adventures in SEO land

Bernardus. adventures in SEO land Bernardus adventures in SEO land adventures in SEO land Page 2 of 7 the most asked question of my life? Why would anyone attend a SEO seminar? Just search for SEO tip and Google will return over 74 million

More information