Cybersecurity, Risk

Management, and
Financial Crime
Andreas William
Nico Nathanael
Arya Gina Tarigan
 Data Breach
Data Breach: is the intentional or unintentional release ofsecureor
private/confidential information to an untrusted environment.
(source: wikipedia)
The main cause of a data breach is hacking.
Negligence: management not doing enough to defend againts
cyberthreats.
Data Security must be treated as a key business issue and not simply
the responsibility of the IT department.

Negligen Data
Hacking
ce Breach
 Worst Data Breaches Worldwide,
2013-2014, in Terms of Number of
Data Records Breached
eBay : 145 million
Korea Credit Bureau : 100 million
Adobe : 150 million
UbiSoft : 58 million
Turkish Government : 54 million
Evernote : 50 million
 Cybersecurity Challenges

Distributed denial-of-service (DDoS): attack bombards a

network or website with traffic to crash it and leave it vulnerable to
other threats.
Malware (viruses, trojans, worms, botnets, etc.)
Advanced persistent threats (APT): a stealth network attack in
which an unauthorized entity (hacker or malware) gains access to a
network and remains undetected for a long time.
Mobile computing and BYOD (Bring Your Own Device)
Social media for social engineering: users are tricked into
revealing their log-in credentials or other confidential information,
which can give cybercriminals access to corporate network
accounts as authorized users.
Phishing
 Basic IT Security Concepts
Risk: Probability of a
Exploit: A program
threat exploiting a
(code) that allows
vulnerability and the
attackers to
resulting cost of the
automatically break
loss, damage,
into a system through
disruption or
a vulnerability
destruction
Threat: Someone or
something that can
cause loss, damage,
or destruction

Asset: Something of
Vulnerability: value that needs to be
Weakness or flaw in a protected (customer
system that allows an data, trade secrets,
attack to be successful propriate formulas,
etc.)
 Objectives of Data and Information
System Security

Confidentiality: No unauthorized data disclosure.

Integrity: Data, documents, messages, and other files have
not been altered in any unauthorized way.
Availability: Data is accessible when needed by those
authorized to do so.
 Why do hackers carry data breach
out?

To shake down business and steal identities

Hacking is a profitable industry
Hackers feel untouched
 Why is stealing data easy for
employee?

Ability to bypass physical and technical security

Defenses protect againts external threats
 What are the negative impacts and
costs of data breach?

Lost sales and income

Delayed sales or income
Increased expenses (overtime labor, outsourcing, etc.)
Regulatory fines
Contractual penalties or loss of contractual bonuses
Customer dissatisfaction or defection
Delay of new business plans
 How Should IT security risks be
prevented?
Tools:
1. Antivirus software
2. Intrusion detection systems
3. Intrusion prevention systems
COBIT Governance Model
1. Principle of economic use of resources
2. Principle of legality
3. Accounting principles
Industry data security standard
IT Security Model: People, Processes, and Technology
1. Senior management commitment and support
2. Acceptable use policies and IT security training
3. IT security procedures and enforcement
4. Up-to-date hardware and software
Financial Crimes and Fraud Defences
Type of Fraud:
Crime 1. Operating Management Corruption
2. Conflict of interest
3. Bribery
4. Embezzlement or misappropriation
Nonviole 5. Senior Management financial reporting
Violent
nt fraud
6. Accounting Cycle Fraud

Fraud Prevention:
1. Effective corporate governance and fraud
Fraud prevention measure
2. Most cost-effective approach
Fraud Detection:
3. Intelligent Analysis
Financial 4. Anomaly Detections
Crimes
 Conclusion

Underestimating IT vulnerabilities and threats is the biggest

mistakes managements made.
Data Security must be treated as a key business issue and
not simply the responsibility of the IT department.