SlideShare a Scribd company logo
1 of 31
Cyber Crimes and  IT Risk Management   Nandakumar Shamanna
 
What makes it  different form terrestrial Crime They are easy to learn how to commit They are  often not clearly illegal When done leaves no or less trace They require few resources relative to the  potential damage caused They can be committed in a jurisdiction without being physically present in it
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],to name a few
Cyber Crimes – Exploding Problem List of Top 20 Countries with the highest rate of Cybercrime (source: BusinessWeek/Symantec) Each country lists 6 contributing factors, share of malicious computer activity, malicious code rank, spam zombies rank, phishing web site hosts rank, bot rank and attack origin, to substantiate its cybercrime ranking. 11. India Share of malicious computer activity: 3% Malicious code rank: 3 Spam zombies rank: 11 Phishing web site hosts rank: 22 Bot rank: 20 Attack origin rank: 19
Extent of the Problem Source: National Crime Records Bureau, Statistics of Cyber Crimes, 2007
Extent of the Problem 2009 FBI-IC3 Internet Crime Report Friday, April 2nd, 2010
Extent of the Problem Ponemon Institute Research Report Publication Date: July 2010
Why Is Cyber Attack Possible? ,[object Object],[object Object],[object Object]
Information Technology – Risk Management
[object Object],[object Object],[object Object],[object Object],New risk reality
Definition of risk Risk is an event that occurs with a certain frequency/ probability and that has consequences towards one or more goals/objectives Risk Level =  Frequency/ Probability  combined with  Consequence x = DAMAGE ASSET PROBABILITY CONSEQUENCE RISK THREAT EXPLOIT VULNERABILITY
Approach - Work process and method Initiation  & focusing Uncertainty Identification Risk  Analysis Actions Planning Documentation Communication Implementation & follow-up The Risk Management Approach ensures that mapping of risk exposure, treatment of risks and follow-up are carried out in a structured manner
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Actions planning – handling strategy   2 Risk Avoidance Risk Reduction Risk Transfer Risk Acceptance
to combat Cyber Crimes Implement Security Systems
the solutions…. - Technology ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
the solutions…. - Processes ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Security Models and Frameworks
ISO 27000 Series - Published standards ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
ISO 27000 Series - In preparation ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
C OBI T ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Common Criteria (CC) ‏ ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],FISMA ,[object Object],[object Object],[object Object],[object Object],[object Object]
ITIL ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Information Security Forum (ISF) ‏ ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
NIST ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],PCI ,[object Object],[object Object],[object Object]
Securities and Financial ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],RFC 2196 Statement on Auditing Standards No. 70: Service Organizations  ,[object Object]
The CALDER-MOIR IT Governance Framework There are many IT-related management frameworks, standards and methodologies in use today. None of them, on their own, are complete IT governance frameworks, but they all have a useful role to play in assisting organizations manage and govern their IT operations more effectively. The CALDER-MOIR IT Governance Framework is designed to help you get maximum benefit from all these overlapping and competing frameworks and standards, and also to deploy the best practice guidance contained in the international standard for IT governance, ISO/IEC 38500. 
Governance & Cyber Crime -  Cost Comparison Ponemon Institute Research Report Publication Date: July 2010
Cyber Crimes and Law ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Cybercrime provisions under IT Act,2000   Offences & Relevant Sections under IT  Act Tampering with Computer source documents  Sec.65 Hacking with Computer systems, Data alteration Sec.66 Publishing obscene information Sec.67 Un-authorized access to protected system Sec.70  Breach of Confidentiality and Privacy Sec.72 Publishing false digital signature certificates Sec.73
Implications ,[object Object],[object Object],[object Object]
Conclusion ,[object Object],[object Object],[object Object],[object Object],[object Object]
Safeguarding life, property  and the environment www.dnv.com

More Related Content

What's hot

Protecting the Network From Yourself Using Defense in Depth
Protecting the Network From Yourself Using Defense in DepthProtecting the Network From Yourself Using Defense in Depth
Protecting the Network From Yourself Using Defense in DepthPECB
 
20100224 Presentation at RGIT Mumbai - Information Security Awareness
20100224 Presentation at RGIT Mumbai - Information Security Awareness20100224 Presentation at RGIT Mumbai - Information Security Awareness
20100224 Presentation at RGIT Mumbai - Information Security AwarenessDinesh O Bareja
 
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachAnchises Moraes
 
The importance of information security
The importance of information securityThe importance of information security
The importance of information securityethanBrownusa
 
Fadi Mutlak - Information security governance
Fadi Mutlak - Information security governanceFadi Mutlak - Information security governance
Fadi Mutlak - Information security governancenooralmousa
 
Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation Technology Society Nepal
 
Maloney Slides
Maloney SlidesMaloney Slides
Maloney Slidesecommerce
 
Information security governance
Information security governanceInformation security governance
Information security governanceKoen Maris
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...PECB
 
information security technology
information security technologyinformation security technology
information security technologygarimasagar
 
Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...padler01
 
How an ISO/IEC 27001 Based ISMS Will Support the EU GDPR
How an ISO/IEC 27001 Based ISMS Will Support the EU GDPRHow an ISO/IEC 27001 Based ISMS Will Support the EU GDPR
How an ISO/IEC 27001 Based ISMS Will Support the EU GDPRPECB
 
Top 20 Security Controls for a More Secure Infrastructure
Top 20 Security Controls for a More Secure InfrastructureTop 20 Security Controls for a More Secure Infrastructure
Top 20 Security Controls for a More Secure InfrastructureInfosec
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 
A guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityA guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityErnest Staats
 

What's hot (20)

Protecting the Network From Yourself Using Defense in Depth
Protecting the Network From Yourself Using Defense in DepthProtecting the Network From Yourself Using Defense in Depth
Protecting the Network From Yourself Using Defense in Depth
 
20100224 Presentation at RGIT Mumbai - Information Security Awareness
20100224 Presentation at RGIT Mumbai - Information Security Awareness20100224 Presentation at RGIT Mumbai - Information Security Awareness
20100224 Presentation at RGIT Mumbai - Information Security Awareness
 
Pindad iso27000 2016 smki
Pindad   iso27000 2016 smkiPindad   iso27000 2016 smki
Pindad iso27000 2016 smki
 
System of security controls
System of security controlsSystem of security controls
System of security controls
 
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data Breach
 
The importance of information security
The importance of information securityThe importance of information security
The importance of information security
 
Fadi Mutlak - Information security governance
Fadi Mutlak - Information security governanceFadi Mutlak - Information security governance
Fadi Mutlak - Information security governance
 
Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & process
 
Maloney Slides
Maloney SlidesMaloney Slides
Maloney Slides
 
Information security governance
Information security governanceInformation security governance
Information security governance
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
 
information security technology
information security technologyinformation security technology
information security technology
 
Information Security
Information SecurityInformation Security
Information Security
 
Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...
 
How an ISO/IEC 27001 Based ISMS Will Support the EU GDPR
How an ISO/IEC 27001 Based ISMS Will Support the EU GDPRHow an ISO/IEC 27001 Based ISMS Will Support the EU GDPR
How an ISO/IEC 27001 Based ISMS Will Support the EU GDPR
 
Top 20 Security Controls for a More Secure Infrastructure
Top 20 Security Controls for a More Secure InfrastructureTop 20 Security Controls for a More Secure Infrastructure
Top 20 Security Controls for a More Secure Infrastructure
 
SIEM in NIST Cyber Security Framework
SIEM in NIST Cyber Security FrameworkSIEM in NIST Cyber Security Framework
SIEM in NIST Cyber Security Framework
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
 
A guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityA guide to Sustainable Cyber Security
A guide to Sustainable Cyber Security
 
Information security.pptx
Information security.pptxInformation security.pptx
Information security.pptx
 

Viewers also liked

Iso 27001 i̇ç denetçi eğitimi
Iso 27001 i̇ç denetçi eğitimiIso 27001 i̇ç denetçi eğitimi
Iso 27001 i̇ç denetçi eğitiminbeksi
 
Novità della norma ISO/IEC 27001:2013
Novità della norma ISO/IEC 27001:2013Novità della norma ISO/IEC 27001:2013
Novità della norma ISO/IEC 27001:2013Andrea Praitano
 
Action Plan for the Central Delaware: 2008-2018
Action Plan for the Central Delaware: 2008-2018Action Plan for the Central Delaware: 2008-2018
Action Plan for the Central Delaware: 2008-2018Wallace Roberts & Todd
 
Iso 27001 E Iso 27004
Iso 27001 E Iso 27004Iso 27001 E Iso 27004
Iso 27001 E Iso 27004dcordova923
 
How to apply ISO 27001 using a top down, risk-based approach
How to apply ISO 27001 using a top down, risk-based approachHow to apply ISO 27001 using a top down, risk-based approach
How to apply ISO 27001 using a top down, risk-based approachPECB
 
ISO 27001 Certification: An All-Access Pass
ISO 27001 Certification: An All-Access PassISO 27001 Certification: An All-Access Pass
ISO 27001 Certification: An All-Access PassA-lign
 
Old Presentation on Security Metrics 2005
Old Presentation on Security Metrics 2005Old Presentation on Security Metrics 2005
Old Presentation on Security Metrics 2005Anton Chuvakin
 
Effective Security Metrics
Effective Security MetricsEffective Security Metrics
Effective Security MetricsInnoTech
 
Top management role to implement ISO 27001
Top management role to implement ISO 27001Top management role to implement ISO 27001
Top management role to implement ISO 27001PECB
 
Slum Improvement Action Plan (SIAP) NUSP2 Kota Semarang
Slum Improvement Action Plan (SIAP) NUSP2 Kota SemarangSlum Improvement Action Plan (SIAP) NUSP2 Kota Semarang
Slum Improvement Action Plan (SIAP) NUSP2 Kota SemarangBagus ardian
 
Presentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCMPresentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCMShantanu Rai
 
Forming deep relationships with your clients
Forming deep relationships with your clientsForming deep relationships with your clients
Forming deep relationships with your clientsIntuit Inc.
 
Key considerations for an appropriate scope for all management systems
Key considerations for an appropriate scope for all management systemsKey considerations for an appropriate scope for all management systems
Key considerations for an appropriate scope for all management systemsPECB
 
ISO 27001:2013 IS audit plan - by software outsourcing company in india
 ISO 27001:2013  IS audit plan - by software outsourcing company in india ISO 27001:2013  IS audit plan - by software outsourcing company in india
ISO 27001:2013 IS audit plan - by software outsourcing company in indiaiFour Consultancy
 
How to improve resilience and respond better to Cyber Attacks with ISO 22301?
How to improve resilience and respond better to Cyber Attacks with ISO 22301?How to improve resilience and respond better to Cyber Attacks with ISO 22301?
How to improve resilience and respond better to Cyber Attacks with ISO 22301?PECB
 
100% cloud: Your action plan for success
100% cloud: Your action plan for success 100% cloud: Your action plan for success
100% cloud: Your action plan for success Intuit Inc.
 
How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?PECB
 
Slum Improvement Action Plan (SIAP) NUSP2 Kota Batam
Slum Improvement Action Plan (SIAP) NUSP2 Kota BatamSlum Improvement Action Plan (SIAP) NUSP2 Kota Batam
Slum Improvement Action Plan (SIAP) NUSP2 Kota BatamBagus ardian
 

Viewers also liked (20)

Iso 27001 i̇ç denetçi eğitimi
Iso 27001 i̇ç denetçi eğitimiIso 27001 i̇ç denetçi eğitimi
Iso 27001 i̇ç denetçi eğitimi
 
Novità della norma ISO/IEC 27001:2013
Novità della norma ISO/IEC 27001:2013Novità della norma ISO/IEC 27001:2013
Novità della norma ISO/IEC 27001:2013
 
Action Plan for the Central Delaware: 2008-2018
Action Plan for the Central Delaware: 2008-2018Action Plan for the Central Delaware: 2008-2018
Action Plan for the Central Delaware: 2008-2018
 
Iso 27001 E Iso 27004
Iso 27001 E Iso 27004Iso 27001 E Iso 27004
Iso 27001 E Iso 27004
 
How to apply ISO 27001 using a top down, risk-based approach
How to apply ISO 27001 using a top down, risk-based approachHow to apply ISO 27001 using a top down, risk-based approach
How to apply ISO 27001 using a top down, risk-based approach
 
ISO 27001 Certification: An All-Access Pass
ISO 27001 Certification: An All-Access PassISO 27001 Certification: An All-Access Pass
ISO 27001 Certification: An All-Access Pass
 
Old Presentation on Security Metrics 2005
Old Presentation on Security Metrics 2005Old Presentation on Security Metrics 2005
Old Presentation on Security Metrics 2005
 
Effective Security Metrics
Effective Security MetricsEffective Security Metrics
Effective Security Metrics
 
Top management role to implement ISO 27001
Top management role to implement ISO 27001Top management role to implement ISO 27001
Top management role to implement ISO 27001
 
Role of compliance in security audits
Role of compliance in security auditsRole of compliance in security audits
Role of compliance in security audits
 
Slum Improvement Action Plan (SIAP) NUSP2 Kota Semarang
Slum Improvement Action Plan (SIAP) NUSP2 Kota SemarangSlum Improvement Action Plan (SIAP) NUSP2 Kota Semarang
Slum Improvement Action Plan (SIAP) NUSP2 Kota Semarang
 
Presentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCMPresentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCM
 
Forming deep relationships with your clients
Forming deep relationships with your clientsForming deep relationships with your clients
Forming deep relationships with your clients
 
Key considerations for an appropriate scope for all management systems
Key considerations for an appropriate scope for all management systemsKey considerations for an appropriate scope for all management systems
Key considerations for an appropriate scope for all management systems
 
ISO 27001:2013 IS audit plan - by software outsourcing company in india
 ISO 27001:2013  IS audit plan - by software outsourcing company in india ISO 27001:2013  IS audit plan - by software outsourcing company in india
ISO 27001:2013 IS audit plan - by software outsourcing company in india
 
How to improve resilience and respond better to Cyber Attacks with ISO 22301?
How to improve resilience and respond better to Cyber Attacks with ISO 22301?How to improve resilience and respond better to Cyber Attacks with ISO 22301?
How to improve resilience and respond better to Cyber Attacks with ISO 22301?
 
ISO 27001:2013 - Changes
ISO 27001:2013 -  ChangesISO 27001:2013 -  Changes
ISO 27001:2013 - Changes
 
100% cloud: Your action plan for success
100% cloud: Your action plan for success 100% cloud: Your action plan for success
100% cloud: Your action plan for success
 
How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?
 
Slum Improvement Action Plan (SIAP) NUSP2 Kota Batam
Slum Improvement Action Plan (SIAP) NUSP2 Kota BatamSlum Improvement Action Plan (SIAP) NUSP2 Kota Batam
Slum Improvement Action Plan (SIAP) NUSP2 Kota Batam
 

Similar to S nandakumar_banglore

2008: Web Application Security Tutorial
2008: Web Application Security Tutorial2008: Web Application Security Tutorial
2008: Web Application Security TutorialNeil Matatall
 
Standards & Framework.pdf
Standards & Framework.pdfStandards & Framework.pdf
Standards & Framework.pdfkarthikvcyber
 
Standards & Framework.ppt
Standards & Framework.pptStandards & Framework.ppt
Standards & Framework.pptkarthikvcyber
 
A Major Revision of the CISRCP Program
A Major Revision of the CISRCP ProgramA Major Revision of the CISRCP Program
A Major Revision of the CISRCP ProgramGoogleNewsSubmit
 
5 Standards And Recommendations For Information Security On Internet
5 Standards And Recommendations For Information Security On Internet5 Standards And Recommendations For Information Security On Internet
5 Standards And Recommendations For Information Security On InternetAna Meskovska
 
102 Information security standards and specifications
102 Information security standards and specifications102 Information security standards and specifications
102 Information security standards and specificationsSsendiSamuel
 
Causes And Consequences Of Data Leakage
Causes And Consequences Of Data LeakageCauses And Consequences Of Data Leakage
Causes And Consequences Of Data LeakagePatty Buckley
 
Professional Designations in IT Governance
Professional Designations in IT GovernanceProfessional Designations in IT Governance
Professional Designations in IT Governancejkllee
 
Professional designations in it governance
Professional designations in it governanceProfessional designations in it governance
Professional designations in it governancejkllee
 
Smart security solutions for SMBs
Smart security solutions for SMBsSmart security solutions for SMBs
Smart security solutions for SMBsJyothi Satyanathan
 
Annotated Bibliography On Database Security
Annotated Bibliography On Database SecurityAnnotated Bibliography On Database Security
Annotated Bibliography On Database SecurityLisa Diaz
 
Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Karl Kispert
 
Pci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009   Underside Of The Compliance EcosystemPci Europe 2009   Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance Ecosystemkpatrickwheeler
 
PCI DSS Compliance and Security: Harmony or Discord?
PCI DSS Compliance and Security: Harmony or Discord?PCI DSS Compliance and Security: Harmony or Discord?
PCI DSS Compliance and Security: Harmony or Discord?Lumension
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010joevest
 
Automatski - The Internet of Things - Security Standards
Automatski - The Internet of Things - Security StandardsAutomatski - The Internet of Things - Security Standards
Automatski - The Internet of Things - Security Standardsautomatskicorporation
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005ControlCase
 

Similar to S nandakumar_banglore (20)

2008: Web Application Security Tutorial
2008: Web Application Security Tutorial2008: Web Application Security Tutorial
2008: Web Application Security Tutorial
 
Standards & Framework.pdf
Standards & Framework.pdfStandards & Framework.pdf
Standards & Framework.pdf
 
Standards & Framework.ppt
Standards & Framework.pptStandards & Framework.ppt
Standards & Framework.ppt
 
Arvind Mehrotra
Arvind MehrotraArvind Mehrotra
Arvind Mehrotra
 
A Major Revision of the CISRCP Program
A Major Revision of the CISRCP ProgramA Major Revision of the CISRCP Program
A Major Revision of the CISRCP Program
 
5 Standards And Recommendations For Information Security On Internet
5 Standards And Recommendations For Information Security On Internet5 Standards And Recommendations For Information Security On Internet
5 Standards And Recommendations For Information Security On Internet
 
102 Information security standards and specifications
102 Information security standards and specifications102 Information security standards and specifications
102 Information security standards and specifications
 
Causes And Consequences Of Data Leakage
Causes And Consequences Of Data LeakageCauses And Consequences Of Data Leakage
Causes And Consequences Of Data Leakage
 
ISACA ISSA Presentation
ISACA ISSA PresentationISACA ISSA Presentation
ISACA ISSA Presentation
 
Professional Designations in IT Governance
Professional Designations in IT GovernanceProfessional Designations in IT Governance
Professional Designations in IT Governance
 
Professional designations in it governance
Professional designations in it governanceProfessional designations in it governance
Professional designations in it governance
 
Smart security solutions for SMBs
Smart security solutions for SMBsSmart security solutions for SMBs
Smart security solutions for SMBs
 
Annotated Bibliography On Database Security
Annotated Bibliography On Database SecurityAnnotated Bibliography On Database Security
Annotated Bibliography On Database Security
 
Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016
 
Pci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009   Underside Of The Compliance EcosystemPci Europe 2009   Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance Ecosystem
 
PCI DSS Compliance and Security: Harmony or Discord?
PCI DSS Compliance and Security: Harmony or Discord?PCI DSS Compliance and Security: Harmony or Discord?
PCI DSS Compliance and Security: Harmony or Discord?
 
It Audit And Forensics
It Audit And ForensicsIt Audit And Forensics
It Audit And Forensics
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010
 
Automatski - The Internet of Things - Security Standards
Automatski - The Internet of Things - Security StandardsAutomatski - The Internet of Things - Security Standards
Automatski - The Internet of Things - Security Standards
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005
 

More from IPPAI

The Move Towards Sustainable Transport in London - Mr. Steve Kearns
The Move Towards Sustainable Transport in London - Mr. Steve KearnsThe Move Towards Sustainable Transport in London - Mr. Steve Kearns
The Move Towards Sustainable Transport in London - Mr. Steve KearnsIPPAI
 
Standards – building blocks of the Smart City - Michael Mulquin
Standards – building blocks of the Smart City - Michael MulquinStandards – building blocks of the Smart City - Michael Mulquin
Standards – building blocks of the Smart City - Michael MulquinIPPAI
 
21st Century Grids and India’s journey towards smarter grids - Reji Kumar Pillai
21st Century Grids and India’s journey towards smarter grids - Reji Kumar Pillai21st Century Grids and India’s journey towards smarter grids - Reji Kumar Pillai
21st Century Grids and India’s journey towards smarter grids - Reji Kumar PillaiIPPAI
 
Smart City Principles - Rogier van den Berg
Smart City Principles - Rogier van den BergSmart City Principles - Rogier van den Berg
Smart City Principles - Rogier van den BergIPPAI
 
TImportance of certification and standardization for Smart Cities - Mr. Raymo...
TImportance of certification and standardization for Smart Cities - Mr. Raymo...TImportance of certification and standardization for Smart Cities - Mr. Raymo...
TImportance of certification and standardization for Smart Cities - Mr. Raymo...IPPAI
 
Smart, Secure and Sustainable Cities India – Mr. Trevor Gibson
Smart, Secure and Sustainable Cities India – Mr. Trevor GibsonSmart, Secure and Sustainable Cities India – Mr. Trevor Gibson
Smart, Secure and Sustainable Cities India – Mr. Trevor GibsonIPPAI
 
Industry Qualifications India - Cdr(Retd.) Kartik Vig
Industry Qualifications India - Cdr(Retd.) Kartik VigIndustry Qualifications India - Cdr(Retd.) Kartik Vig
Industry Qualifications India - Cdr(Retd.) Kartik VigIPPAI
 
Future cities catapult - Dr. Cathy Mulligan
Future cities catapult - Dr. Cathy MulliganFuture cities catapult - Dr. Cathy Mulligan
Future cities catapult - Dr. Cathy MulliganIPPAI
 
Can the dream of 100% renewable energy be a reality? - Mr. Ken Dragoon
Can the dream of 100% renewable energy be a reality? - Mr. Ken DragoonCan the dream of 100% renewable energy be a reality? - Mr. Ken Dragoon
Can the dream of 100% renewable energy be a reality? - Mr. Ken DragoonIPPAI
 
Smart Cities, Smart Consequences? - Mr. Devdutt Pattanaik
Smart Cities, Smart Consequences? - Mr. Devdutt PattanaikSmart Cities, Smart Consequences? - Mr. Devdutt Pattanaik
Smart Cities, Smart Consequences? - Mr. Devdutt PattanaikIPPAI
 
From Islands to Cities – Applications for Smart Energy Storage - Dr. Wolfram ...
From Islands to Cities – Applications for Smart Energy Storage - Dr. Wolfram ...From Islands to Cities – Applications for Smart Energy Storage - Dr. Wolfram ...
From Islands to Cities – Applications for Smart Energy Storage - Dr. Wolfram ...IPPAI
 
The Road to Smart Cities - Jeet Mistry
The Road to Smart Cities - Jeet MistryThe Road to Smart Cities - Jeet Mistry
The Road to Smart Cities - Jeet MistryIPPAI
 
From Smart Grid to Smart Cities - Richard Schomberg
From Smart Grid to Smart Cities - Richard SchombergFrom Smart Grid to Smart Cities - Richard Schomberg
From Smart Grid to Smart Cities - Richard SchombergIPPAI
 
INAUGURAL ADDRESS - Mr. Harry Dhaul
INAUGURAL ADDRESS - Mr. Harry DhaulINAUGURAL ADDRESS - Mr. Harry Dhaul
INAUGURAL ADDRESS - Mr. Harry DhaulIPPAI
 
Future Cities: Innovation, Investment and Transformation - Professor Sir Dav...
Future Cities:  Innovation, Investment and Transformation - Professor Sir Dav...Future Cities:  Innovation, Investment and Transformation - Professor Sir Dav...
Future Cities: Innovation, Investment and Transformation - Professor Sir Dav...IPPAI
 
Smart Water and Waste Management for Smart Cities - Mr. James Dunning
Smart Water and Waste Management for Smart Cities - Mr. James DunningSmart Water and Waste Management for Smart Cities - Mr. James Dunning
Smart Water and Waste Management for Smart Cities - Mr. James DunningIPPAI
 
SMART SEWAGE TREATMENT PLANTS FOR SMART CITIES IN INDIA, NY USA - Mr. Asim C ...
SMART SEWAGE TREATMENT PLANTS FOR SMART CITIES IN INDIA, NY USA - Mr. Asim C ...SMART SEWAGE TREATMENT PLANTS FOR SMART CITIES IN INDIA, NY USA - Mr. Asim C ...
SMART SEWAGE TREATMENT PLANTS FOR SMART CITIES IN INDIA, NY USA - Mr. Asim C ...IPPAI
 
Eyewatch a versatile mobile platform for security and M-governance - Cdr (Ret...
Eyewatch a versatile mobile platform for security and M-governance - Cdr (Ret...Eyewatch a versatile mobile platform for security and M-governance - Cdr (Ret...
Eyewatch a versatile mobile platform for security and M-governance - Cdr (Ret...IPPAI
 
Importance of Innovation for Water and Water Management for Smart Cities - As...
Importance of Innovation for Water and Water Management for Smart Cities - As...Importance of Innovation for Water and Water Management for Smart Cities - As...
Importance of Innovation for Water and Water Management for Smart Cities - As...IPPAI
 
Smart Water and Wastewater Management For Smart Cities - Mr. Anjum Parwez
Smart Water and Wastewater Management For Smart Cities - Mr. Anjum ParwezSmart Water and Wastewater Management For Smart Cities - Mr. Anjum Parwez
Smart Water and Wastewater Management For Smart Cities - Mr. Anjum ParwezIPPAI
 

More from IPPAI (20)

The Move Towards Sustainable Transport in London - Mr. Steve Kearns
The Move Towards Sustainable Transport in London - Mr. Steve KearnsThe Move Towards Sustainable Transport in London - Mr. Steve Kearns
The Move Towards Sustainable Transport in London - Mr. Steve Kearns
 
Standards – building blocks of the Smart City - Michael Mulquin
Standards – building blocks of the Smart City - Michael MulquinStandards – building blocks of the Smart City - Michael Mulquin
Standards – building blocks of the Smart City - Michael Mulquin
 
21st Century Grids and India’s journey towards smarter grids - Reji Kumar Pillai
21st Century Grids and India’s journey towards smarter grids - Reji Kumar Pillai21st Century Grids and India’s journey towards smarter grids - Reji Kumar Pillai
21st Century Grids and India’s journey towards smarter grids - Reji Kumar Pillai
 
Smart City Principles - Rogier van den Berg
Smart City Principles - Rogier van den BergSmart City Principles - Rogier van den Berg
Smart City Principles - Rogier van den Berg
 
TImportance of certification and standardization for Smart Cities - Mr. Raymo...
TImportance of certification and standardization for Smart Cities - Mr. Raymo...TImportance of certification and standardization for Smart Cities - Mr. Raymo...
TImportance of certification and standardization for Smart Cities - Mr. Raymo...
 
Smart, Secure and Sustainable Cities India – Mr. Trevor Gibson
Smart, Secure and Sustainable Cities India – Mr. Trevor GibsonSmart, Secure and Sustainable Cities India – Mr. Trevor Gibson
Smart, Secure and Sustainable Cities India – Mr. Trevor Gibson
 
Industry Qualifications India - Cdr(Retd.) Kartik Vig
Industry Qualifications India - Cdr(Retd.) Kartik VigIndustry Qualifications India - Cdr(Retd.) Kartik Vig
Industry Qualifications India - Cdr(Retd.) Kartik Vig
 
Future cities catapult - Dr. Cathy Mulligan
Future cities catapult - Dr. Cathy MulliganFuture cities catapult - Dr. Cathy Mulligan
Future cities catapult - Dr. Cathy Mulligan
 
Can the dream of 100% renewable energy be a reality? - Mr. Ken Dragoon
Can the dream of 100% renewable energy be a reality? - Mr. Ken DragoonCan the dream of 100% renewable energy be a reality? - Mr. Ken Dragoon
Can the dream of 100% renewable energy be a reality? - Mr. Ken Dragoon
 
Smart Cities, Smart Consequences? - Mr. Devdutt Pattanaik
Smart Cities, Smart Consequences? - Mr. Devdutt PattanaikSmart Cities, Smart Consequences? - Mr. Devdutt Pattanaik
Smart Cities, Smart Consequences? - Mr. Devdutt Pattanaik
 
From Islands to Cities – Applications for Smart Energy Storage - Dr. Wolfram ...
From Islands to Cities – Applications for Smart Energy Storage - Dr. Wolfram ...From Islands to Cities – Applications for Smart Energy Storage - Dr. Wolfram ...
From Islands to Cities – Applications for Smart Energy Storage - Dr. Wolfram ...
 
The Road to Smart Cities - Jeet Mistry
The Road to Smart Cities - Jeet MistryThe Road to Smart Cities - Jeet Mistry
The Road to Smart Cities - Jeet Mistry
 
From Smart Grid to Smart Cities - Richard Schomberg
From Smart Grid to Smart Cities - Richard SchombergFrom Smart Grid to Smart Cities - Richard Schomberg
From Smart Grid to Smart Cities - Richard Schomberg
 
INAUGURAL ADDRESS - Mr. Harry Dhaul
INAUGURAL ADDRESS - Mr. Harry DhaulINAUGURAL ADDRESS - Mr. Harry Dhaul
INAUGURAL ADDRESS - Mr. Harry Dhaul
 
Future Cities: Innovation, Investment and Transformation - Professor Sir Dav...
Future Cities:  Innovation, Investment and Transformation - Professor Sir Dav...Future Cities:  Innovation, Investment and Transformation - Professor Sir Dav...
Future Cities: Innovation, Investment and Transformation - Professor Sir Dav...
 
Smart Water and Waste Management for Smart Cities - Mr. James Dunning
Smart Water and Waste Management for Smart Cities - Mr. James DunningSmart Water and Waste Management for Smart Cities - Mr. James Dunning
Smart Water and Waste Management for Smart Cities - Mr. James Dunning
 
SMART SEWAGE TREATMENT PLANTS FOR SMART CITIES IN INDIA, NY USA - Mr. Asim C ...
SMART SEWAGE TREATMENT PLANTS FOR SMART CITIES IN INDIA, NY USA - Mr. Asim C ...SMART SEWAGE TREATMENT PLANTS FOR SMART CITIES IN INDIA, NY USA - Mr. Asim C ...
SMART SEWAGE TREATMENT PLANTS FOR SMART CITIES IN INDIA, NY USA - Mr. Asim C ...
 
Eyewatch a versatile mobile platform for security and M-governance - Cdr (Ret...
Eyewatch a versatile mobile platform for security and M-governance - Cdr (Ret...Eyewatch a versatile mobile platform for security and M-governance - Cdr (Ret...
Eyewatch a versatile mobile platform for security and M-governance - Cdr (Ret...
 
Importance of Innovation for Water and Water Management for Smart Cities - As...
Importance of Innovation for Water and Water Management for Smart Cities - As...Importance of Innovation for Water and Water Management for Smart Cities - As...
Importance of Innovation for Water and Water Management for Smart Cities - As...
 
Smart Water and Wastewater Management For Smart Cities - Mr. Anjum Parwez
Smart Water and Wastewater Management For Smart Cities - Mr. Anjum ParwezSmart Water and Wastewater Management For Smart Cities - Mr. Anjum Parwez
Smart Water and Wastewater Management For Smart Cities - Mr. Anjum Parwez
 

Recently uploaded

Introduction to Quantum Computing
Introduction to Quantum ComputingIntroduction to Quantum Computing
Introduction to Quantum ComputingGDSC PJATK
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
Cloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial DataCloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial DataSafe Software
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
Babel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxBabel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxYounusS2
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
GenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation IncGenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation IncObject Automation
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?SANGHEE SHIN
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
Things you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceThings you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceMartin Humpolec
 

Recently uploaded (20)

Introduction to Quantum Computing
Introduction to Quantum ComputingIntroduction to Quantum Computing
Introduction to Quantum Computing
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
Cloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial DataCloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial Data
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
Babel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxBabel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptx
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
GenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation IncGenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation Inc
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
Things you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceThings you didn't know you can use in your Salesforce
Things you didn't know you can use in your Salesforce
 

S nandakumar_banglore

  • 1. Cyber Crimes and IT Risk Management Nandakumar Shamanna
  • 2.  
  • 3. What makes it different form terrestrial Crime They are easy to learn how to commit They are often not clearly illegal When done leaves no or less trace They require few resources relative to the potential damage caused They can be committed in a jurisdiction without being physically present in it
  • 4.
  • 5. Cyber Crimes – Exploding Problem List of Top 20 Countries with the highest rate of Cybercrime (source: BusinessWeek/Symantec) Each country lists 6 contributing factors, share of malicious computer activity, malicious code rank, spam zombies rank, phishing web site hosts rank, bot rank and attack origin, to substantiate its cybercrime ranking. 11. India Share of malicious computer activity: 3% Malicious code rank: 3 Spam zombies rank: 11 Phishing web site hosts rank: 22 Bot rank: 20 Attack origin rank: 19
  • 6. Extent of the Problem Source: National Crime Records Bureau, Statistics of Cyber Crimes, 2007
  • 7. Extent of the Problem 2009 FBI-IC3 Internet Crime Report Friday, April 2nd, 2010
  • 8. Extent of the Problem Ponemon Institute Research Report Publication Date: July 2010
  • 9.
  • 10. Information Technology – Risk Management
  • 11.
  • 12. Definition of risk Risk is an event that occurs with a certain frequency/ probability and that has consequences towards one or more goals/objectives Risk Level = Frequency/ Probability combined with Consequence x = DAMAGE ASSET PROBABILITY CONSEQUENCE RISK THREAT EXPLOIT VULNERABILITY
  • 13. Approach - Work process and method Initiation & focusing Uncertainty Identification Risk Analysis Actions Planning Documentation Communication Implementation & follow-up The Risk Management Approach ensures that mapping of risk exposure, treatment of risks and follow-up are carried out in a structured manner
  • 14.
  • 15. to combat Cyber Crimes Implement Security Systems
  • 16.
  • 17.
  • 18. Security Models and Frameworks
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25. The CALDER-MOIR IT Governance Framework There are many IT-related management frameworks, standards and methodologies in use today. None of them, on their own, are complete IT governance frameworks, but they all have a useful role to play in assisting organizations manage and govern their IT operations more effectively. The CALDER-MOIR IT Governance Framework is designed to help you get maximum benefit from all these overlapping and competing frameworks and standards, and also to deploy the best practice guidance contained in the international standard for IT governance, ISO/IEC 38500. 
  • 26. Governance & Cyber Crime - Cost Comparison Ponemon Institute Research Report Publication Date: July 2010
  • 27.
  • 28. Cybercrime provisions under IT Act,2000 Offences & Relevant Sections under IT Act Tampering with Computer source documents Sec.65 Hacking with Computer systems, Data alteration Sec.66 Publishing obscene information Sec.67 Un-authorized access to protected system Sec.70 Breach of Confidentiality and Privacy Sec.72 Publishing false digital signature certificates Sec.73
  • 29.
  • 30.
  • 31. Safeguarding life, property and the environment www.dnv.com

Editor's Notes

  1. 22 December 2010 The new risk reality is a statement that illustrates the increased complexity of society. Picture 1: (Prestige sinking) Extreme environmental focus. Compliance, or lack of compliance? A symbol of a shipping accident. Picture 2: (Enron USA) Expectations on ethical standards in business. Demonstrates consequences of poor ethics. A symbol of corporate failure. Picture 3: (microphones) Requirements on transparency from media and non-governmental organisations (NGO) on the rise. Picture 4: (air pollution) Climate change is a consequence of human activity and pollution. Changes in weather patterns and more frequent natural catastrophes are risks business must take into account.
  2. 22 December 2010 Different definitions exists for Risk, let’s not go too deep into that now But the scales for probability and Consequence/Impact needs to be agree
  3. 22 December 2010 These are the core activities in regular Risk Management Often this exists and relevant risks may be found there, in addition findings from the BC Risk Assessment should be included in this risk picture
  4. 22 December 2010
  5. 22 December 2010 Widely used and, until the rise of BS 7799-1, probably the most recognized of the security frameworks, COBIT (Control OBjectives for Information and related Technology) is directed at information security. However, it should be noted that COBIT was created by a specific group and intended for a specific purpose. COBIT was created by ISACA (which used to be known as the Information Systems Audit and Control Association). Auditability is key to the COBIT, and the accounting and management background definitely shows in the choice of items in the COBIT list. Much of the activity suggested relates to measurement, performance, and reporting. Thus, in a sense, most of COBIT concentrates on what can be counted and demonstrated, sometimes disregarding what might actually be effective.
  6. 22 December 2010 The United States' Federal Information Systems Management Act mandates certain standards of information security and controls for US federal agencies. The legislation states that standards must be applied, but the standards are different for different agencies and applications. Detailed instructions can be found in directives for the military (Defense Information Technology Systems Certification and Accreditation Process or DITSCAP), the intelligence community (Director of Central Intelligence Directive 6/3 or DCID 6/3), and more generally the National Information Assurance Certification and Accreditation Process (NIACAP). The National Institute of Standards and Technology also has outlines.
  7. 22 December 2010 It really isn't fair to compare the Computer Security Resource Center (CSRC) of the United States' National Institute of Standards and Technology, with the security frameworks we have been discussing. The centre (which, even though it is only one office of the institute, is generally known simply as NIST in the security community) provides a wealth of security information and resources, which are freely available at the Website at http://csrc.nist.gov. The publications section is particularly useful, with a constantly updated stream of guidelines and aids, particularly the 800 series documents.
  8. 22 December 2010 As should be clear to everyone in both fields, the financial securities industry has very little to do with computer or information security, despite a heavy reliance on the technology. However, recent concerns in that community have concentrated on the area of internal controls, which have application in reviewing controls and safeguards, particularly in regard to insider attacks. This reference is shorthand for the second report from the Basel Committee on Banking Supervision, Risk Management Principles for Electronic Banking. Basel II Accord also looks at operational risk, which is more in line with the risk management that infosec people know and love. Shorthand for the Committee of Sponsoring Organizations of the Treadway Commission, Enterprise Risk Management Integrated Framework. Shorthand for the Committee of Sponsoring Organizations of the Treadway Commission, Enterprise Risk Management Integrated Framework. COSO outlines a three dimensional framework for examining controls. The United States' Sarbanes-Oxley law (frequently referred to as Sarbox or SOX) emphasizes that corporate management is responsible for the reliability of financial reports about publicly traded companies. Section 404 (and also 302, in a marvelous confusion with Web result codes) notes that the integrity of information systems supporting these financial reports must also be managed.