The Hunt for Fraud. September 25, Seminar / Training. September 26, 2014

Transcription

1 BYOD and Securing Mobile Devices September 25, 2014 The Hunt for Fraud September 26, 2014 Seminar / Training Central Arkansas Chapter Information Systems Audit and Control Association, Arkansas Division of Legislative Audit & Business Automation Consultants Instructor: Albert Marcella Jr., Ph.D., CISA, CISM Victory Building (Capitol & Victory Streets) Room 445 Little Rock, AR Cost $350 Per person both days $175 Per person one day CPE Credit (Qualifies for CPA continuing education) 8 hours CPE BYOD 7 hours CPE Fraud 15 Hours Total September 25 and 26, 2014 Further information please contact: Kurt Cover Ext 4111 Kurt.cover@arklegaudit.gov Registration form below

2 CPE Credits 8 BYOD & Securing Mobile Technologies Description: As the world becomes more interconnected, integrated and intelligent, mobile devices are playing an ever-increasing role in changing the way people live, work and communicate. Personal computing devices are becoming more and more portable laptops, tablets, smart phones, USB thumb drives, etc., securing the sensitive information stored on those devices is more important than ever. The small size and portability of these devices mean they can be easily lost or stolen, placing both personal as well as corporate data at risk. This program will address the challenges in securing data and processing, limiting communication to designated parties, protecting sensitive data from the loss of a mobile device and methodologies for designing and implementing a viable, controlled and sustainable enterprise-wide BYOD policy. Audience: IT Managers, auditors, and system administrators, managers of telecommunications, info security professionals, HR managers, financial officers (CEO, CFO, COO), senior management (CIO, CXO, CSO) and IT professionals who through their involvement in managing or directing the IT infrastructure have responsibility for mobile technology management. This particular two-day program would also be of value to financial and operational audit professionals as well as non-it audit professionals tasked with the responsibility for assessing their organization's BYOD and mobile technology strategies. Prerequisites: There is no prerequisite for this seminar. Learning Level: Basic to Intermediate Instructional Method: Group-live Objectives: After completing this course, participants will: 1. Identify the unique risks associated with mobile technologies and the necessity of a viable mobile risk management initiative. 2. Recognize the essential elements in a comprehensive, enterprise-wide, BBYOD policy, the importance of protecting end user privacy and securing enterprise data. 3. Understand the critical importance for security and controls over employee and enterprise devices accessing sensitive systems and protected data. 4. Be better prepared to assist their organization in securing its operations, minimizing its security exposure, and mitigating the possibility of data loss via mobile devices. 5. Identify existing exposures and weaknesses within their organization's mobile communication operations, which would make the organization a potential target for cyber terrorists, cyber criminals, data thieves. 6. Have a better appreciation of the steps and elements required to develop an audit ICQ and program for assessing BYOD and mobile technology internal controls. Course Outline: Introduction Mobile Technologies Are Evolving BYOD Network and Productivity Concerns Securing Mobile Technology

3 BYOD Program Goals BYOD Issues & Concerns Policy and Guidelines Mobile Security Policy Mobile Risk Management BYOD Risk Mitigation Objectives Who s Responsible for Mobile Risk Management? Implementing Mobile Risk Management Mobile Technology - Risk Assessment BYOD & Compliance with Regulations Compliance & Social Media Websites and the Use of Personal Devices for Business Communications The Cost Of Compliance Network Access Control Secure Access BYOD to Company Networks And Data Network Security DHCP/DNS Management and Monitoring Tracking Down Rogue or Suspicious BYOD Devices Mobile Wireless Technologies Quick Response Codes Augmented Reality Near Field Communication Mobile Device Management Key Core Features of an MDM System MDM Issues Jailbreaking ios Android: Rooting Technical Risks General Mobile Technical Risks ios Technical Risks Android Mobile Device Management Security Controls Mobile Device Application Development Why Mobile? What are Apps? The Five Considerations for App Evaluation What Is A Good Mobile Application? Mobile application metrics What is Mobile Social Networking? What Is A Good Mobile Application?

4 Securing Mobile Technologies Security & Controls Overview Mobile Security Six Security Essentials Mobile Security - Bonus Security Essentials Security Baselines Key Issues to Consider When Evaluating the Security of Wireless Solutions Mobile Security Resources Summary Keys to a Successful BYOD Implementation Best Practices Supplemental Materials Available as Course Takeaways : 1. Mobile Technologies ICQ - Mobile Content Management 2. Mobile Technologies ICQ - Mobile Application Management 3. Mobile Technologies ICQ - Mobile Device Management 4. Mobile Technologies ICQ Security 5. Mobile Technologies ICQ BYOD General Policies The Hunt for Fraud: Prevention and Detection Techniques CPE Credits: 7 Description: This seminar provides attendees with a general overview of basic fraud concepts, as well as a review of specific areas such as statutes and standards related to the recording, reporting, and prosecution of fraudulent activities, internal auditor responsibilities in the audit for fraud, and fraud detection and prevention techniques. Also addressed during this seminar is the classification of frauds, investigation techniques, and fraud within information technology. The seminar will incorporate several case analyses of frauds perpetrated by employees and how such frauds were identified and investigated. The seminar will also introduce and incorporate the basic concepts of forensic analysis as a means of further investigating fraudulent activities by organization personnel, third party providers, and contractors. Audience: This seminar is intended for internal and external audit professionals, security investigators, General Counsels, Chief Security Officers, Controllers, InfoSec professionals, and anyone interested in obtaining a better understanding of and general introduction to auditing and controlling fraud with workplace environments. Prerequisites: There is no prerequisite for this seminar. Learning Level: Basic to Intermediate Instructional Method: Group-live

5 Objectives: After completing this seminar, participants will be able to: Provide organization decision-makers with enough information so that a business decision, consistent with policy and the entity's best interests, can be made regarding the identification and prevention of fraud Define and explain the differences among several kinds of errors frauds and illegal acts that might occur in an organization Increase individual fraud awareness within ongoing operations on how to minimize potential fraudulent activities from occurring Explain the various auditing standards related to fraud and illegal acts List and explain some conditions that can lead to frauds Comprehend basic aspects of fraud detection Obtain insight on fraud prevention and identifying weaknesses in internal control systems Describe some extended procedures for finding fraud Identify the importance of and differences between interviews and interrogations Describe forensic accounting techniques Identify evidence and documentary evidence Understand the roles which people, physical environment, and observation play in the investigation of fraud Course Outline: Conditions & Reasons Leading to Fraud Business circumstances requiring fraud auditing Conditions Which Create an Opportunity to Commit Fraud Reasons for Committing Fraud Fraud by the Numbers Fraud Statutes & Standards General Definition of Fraud and Applicable Law Federal Statutes Major Codified Standards on Fraud Auditing Fraud Audit Standards Overview Reducing Organizational Risk Fraud Policy Compliance Program to Reduce Organizational Risk Deterrence of Fraud - Audit Considerations Auditor s Role in Auditing for Fraud Detection of Fraud - Auditor Responsibilities Reporting of Fraud - Auditor Responsibilities Reasons Why Auditors Fail to Detect Fraud Pitfalls for Auditors Engaged in Auditing for Fraud Fraud - Warning Signs Personality Characteristics Organizational Characteristics Transactional Characteristics

6 Fraud Related Activities for Auditors High-Risk Areas for Fraud Health Care Advance Fee Scheme Impersonation Fraud Receipts Payables Payroll Inventories Purchasing Letter of Credit Fraud "Ponzi" Scheme Pyramid Scheme Retail Operations Web-based Fraud Telephone Fraud Auditing for Fraud: Tips & Techniques General Fraud Audit Checklist Fraud Detection Methods Checklist The Fraud Audit Process Reasons for Investigations How IT Can Spot Accounting Fraud Computerized Fraud Auditing: Crunching the Data How to Lock Out Fraud The Environment for Fraud Elements to Commit Fraud Factors that Change Nature of Risks

7 INSTRUCTOR Albert J. Marcella Jr., Ph.D., CISA, CISM President, Business Automation Consultants, LLC An internationally recognized public speaker, researcher, workshop and seminar leader with 36 years of experience in IT audit, security and assessing internal controls, Dr. Marcella, has authored numerous articles and 28 books on various IT, audit and security related subjects. Dr. Marcella s most recent book, Cyber Forensics: From Data to Digital Evidence, provides the reader with insights into how data are stored, processed, identified, analyzed, and eventually end up as evidential matter. This leading to a more thorough and detailed understanding of which data are relevant, significant, and most critical in a cyber-forensic investigation, and why. Which ultimately is the basis for and foundation of a comprehensive, well executed cyber forensic investigation. Research conducted by Dr. Marcella on cyber extortion, workplace violence, personal privacy, Electronic Stored Information (ESI), privacy risks in multifunctional devices (MFDs), cyber forensics, disaster and incident management planning and ethics, has appeared in the ISACA Journal, Disaster Recovery Journal, Journal of Forensic & Investigative Accounting, EDPACS, ISSA Journal, Continuity Insights, and the Internal Auditor Magazine. Dr. Marcella is the Institute of Internal Auditors Leon R. Radde Educator of the Year, 2000, Award recipient. Dr. Marcella has taught IT audit seminar courses for the Institute of Internal Auditors (IIA), continues to teach for the Information Systems Audit and Control Association (ISACA), and has been recognized by the IIA as a Distinguished Adjunct Faculty Member.

8 BYOD and Securing Mobile Devices The Hunt for Fraud Registration Form Date: September 25, 2014 BYOD 8:00 5:00pm September 26, 2014 Fraud 8:00 4:00 pm Place: Victory Building, Room 445, Capitol and Victory Streets, Little Rock, Arkansas Cost: Two days $ per person One day $175 per person (please check) BYOD Fraud Please make check payable to Central Arkansas ISACA (if payment by credit card please contact individual at bottom of form for instructions) Remit to: Central Arkansas ISACA, P.O. Box 2305, Little Rock, AR Registration form can be ed to: Lunch will be provided both days Please contact name at bottom of application if your organization requires to be billed. Name: Job Title: Organization/Company: address: Address: City: State & Zip Code: Phone: CPE credit hours: BYOD 8 Hours; Fraud 7 Hours (Does qualify for Certified Public Accountant CPE) Cancelation Policy: Registration ends September 19, Cancelations can be made until September 23, Full refunds will be given until September 12, If cancelling after September 12, a $65 administration fee will apply to the refund. Parking: We will reimburse for covered parking in the Victory Building deck. Daily fee is $5. Please request parking fee reimbursement at the seminar. Parking deck entrance on 6 th street (one way west). Turn right at the entrance gates in the deck, park in daily fee parking. Sky bridge to building is on the 2 nd level. If you need any further information or have special dietary requirements please contact: Kurt Cover at ext 4111 or kurt.cover@arklegaudit.gov