An accountant's view of IT security

advertisement

Steve Gold,
IT expert on the Business IT Guide
100 Victoria Street
Bristol BS1 6HZ
United Kingdom
www.accountingweb.co.uk
info@accountingweb.co.uk
a Sift Media publication
What are the most important IT
skills that accountants need to have?
Steve Gold, Business/IT Security Journalist
AccountingWEB event July 15, 2008
Agenda
 Steve Gold - who on earth is this guy?
 IT skills needed by modern accountants
 Fraud and security threats – what’s
happening?
 How to protect you and your systems
 Lessons learned
 Further information
Audit security is a state of mind
 IT threats are becoming hybridised and multi-vectored
 Hackers are out to extract revenue from your organisation
 So what are the main threats?




Phishing
Trojan horses
Electronic eavesdropping
Man-in-the-middle attacks
 Fraud will always take the path of least resistance
Finjan IT threats report – July 15, 2008
 The cybercrime world is continually evolving
 Welcome to the world of crimeware
 Similar to the legitimate business world, organisations are
structured to supply their customers with a product or
service while generating revenue.
 With the transition from “hack for fame” to “cybercrime for
profit”, the industry is seeing see the rise of well-structured
and highly effective cybercrime organisations.
Business Challenges
 How do you protect your systems from these threats?
 Multiple layers of security
 Out-sourced or in-house security?
 Where does the audit function sit in this brave new world?
 Is it necessary to program to be an effective auditor?
 Good applications software is the key
Business Challenges
 Virtual servers pose a major threat to your audit function
 Virtual servers are cost-effective
 Virtual servers improve IT and business efficiency
 Conventional IT audit techniques do not apply to virtual servers
 Behavioural analysis may be the key to virtual server security
Conventional techniques are still viable
 Pattern analysis (digital signatures) may be the key
 Conventional IT security software use digital signature searching
 Every IT transaction has its own digital signature
 Pattern searching/analysis is the key to effective security
 Pattern analysis may well be the key to future audit software
Conclusions
 IT security and fraud threats are constantly evolving
 IT security and the audit function are inextricably linked
 Good security and auditing software is the key to fraud control
 “It isn’t rocket science”
Sources of further information
 Online resources are the key
 www.ITProPortal.com - one of the very first technology Web
sites to launch in the UK back in 1999 and now one of the
UK’s leading business and technology resources.
 http://wm.businessitguide.com - provides you with all the
information you need to make IT decisions that are right for
your business. We can help you identify those issues which
affect your business and recommend a clearly defined
course of action.
 www.infosecurity-magazine.com – Security and anti-fraud
systems news, reviews and observations for today’s
accountants and auditors (and not just for techies).
Download