|
2003
2003:
All stages of computer operations are susceptible to criminal
activity, either as the target of the crime, the instrument of the
crime, or both. Input operations, data processing, output
operations, and communications have all been utilized for illicit
purposes. The more common types of computer related crime are
categorized here. (Read
more...)
2003: This checklist will help you
to assess whether your organization has put the appropriate
physical and logical controls over your information system in
place.
The checklist is intended for
general guidance and information only. Use of the checklist does
not guarantee the adequacy of computer security, and it is not
intended as a substitute for audits or similar procedures. (Read
more...)
2002
Risky Business -
Internal audit teams up with the audit committee
to tackle IT security needs.
JUNE 2002: It’s no secret why audit committees are
examining their information technology systems and security risks for their
companies: They have no choice. Amid more frequent virus and hacker attacks
and concerns about cyberterrorism, boards are diligently gathering
information on the subject.
“Audit committees are
beginning to see IT security as a challenge they can’t ignore,” says Stephen
Head, CPA, senior security consultant in the enterprise security practice
group of Royal & Sun Alliance Inc., Charlotte, North Carolina. Now is a
perfect time for internal auditors to identify information risks and get
board approval to protect their company’s financial viability by ensuring
appropriate, cost-effective IT security controls are in place and working. (Read
more...)
The 3 e's of e-mail and
Internet policies
JULY 2000: The cornerstone of an
effective risk management program comprises the establishment of
comprehensive policies, the education of employees on these
policies, and enforcement-and reinforcement-based on defined
guidelines.
These policies must cover all forms of
employee conduct in the workplace, including physical, verbal, printed or
electronic interaction. For many of these activities, policies have already
been established, with enforcement precedents on record. It is electronic
interaction, however, that many businesses have yet to effectively address.
Given that the misuse of a company's e-mail
system or Internet access by an employee can wreak havoc on an organization,
the lack of attention to this matter is unacceptable. Inappropriate e-mail
or Internet use not only decreases productivity, it opens your company to
costly liability. This is clearly no laughing matter. (Read
more...)
Outwitting cybercriminals
JULY 2000: The cyberworld is a whole new arena
for risk managers, one in which the risks are unclear, and yet they dwarf
exposures in the physical world. Indeed, the business interruption resulting
from the February hacking of just eBay, which was down for four hours,
caused $6 million in lost business opportunities.
But this is nothing compared to the financial
chaos caused by another growing cybercrime-the theft of customer credit card
data from e-commerce sites. There is the specter of lawsuits from several
parties-aggrieved customers, credit card issuers and shareholders-as well as
incalculable damage done to the corporate brand. (Would you give your credit
card to a company that has experienced a theft of this data in the past?) (Read
more...)
|
