Steve Gold, IT expert on the Business IT Guide 100 Victoria Street Bristol BS1 6HZ United Kingdom www.accountingweb.co.uk info@accountingweb.co.uk a Sift Media publication What are the most important IT skills that accountants need to have? Steve Gold, Business/IT Security Journalist AccountingWEB event July 15, 2008 Agenda Steve Gold - who on earth is this guy? IT skills needed by modern accountants Fraud and security threats – what’s happening? How to protect you and your systems Lessons learned Further information Audit security is a state of mind IT threats are becoming hybridised and multi-vectored Hackers are out to extract revenue from your organisation So what are the main threats? Phishing Trojan horses Electronic eavesdropping Man-in-the-middle attacks Fraud will always take the path of least resistance Finjan IT threats report – July 15, 2008 The cybercrime world is continually evolving Welcome to the world of crimeware Similar to the legitimate business world, organisations are structured to supply their customers with a product or service while generating revenue. With the transition from “hack for fame” to “cybercrime for profit”, the industry is seeing see the rise of well-structured and highly effective cybercrime organisations. Business Challenges How do you protect your systems from these threats? Multiple layers of security Out-sourced or in-house security? Where does the audit function sit in this brave new world? Is it necessary to program to be an effective auditor? Good applications software is the key Business Challenges Virtual servers pose a major threat to your audit function Virtual servers are cost-effective Virtual servers improve IT and business efficiency Conventional IT audit techniques do not apply to virtual servers Behavioural analysis may be the key to virtual server security Conventional techniques are still viable Pattern analysis (digital signatures) may be the key Conventional IT security software use digital signature searching Every IT transaction has its own digital signature Pattern searching/analysis is the key to effective security Pattern analysis may well be the key to future audit software Conclusions IT security and fraud threats are constantly evolving IT security and the audit function are inextricably linked Good security and auditing software is the key to fraud control “It isn’t rocket science” Sources of further information Online resources are the key www.ITProPortal.com - one of the very first technology Web sites to launch in the UK back in 1999 and now one of the UK’s leading business and technology resources. http://wm.businessitguide.com - provides you with all the information you need to make IT decisions that are right for your business. We can help you identify those issues which affect your business and recommend a clearly defined course of action. www.infosecurity-magazine.com – Security and anti-fraud systems news, reviews and observations for today’s accountants and auditors (and not just for techies).