CHAPTER 5

CYBERSECURITY, RISK MANAGEMENT, AND

FINANCIAL CRIME

Why is stealing
data easy for
employee?

Cybersecurity
challenges?

What are the

negative
impacts and
costs of data
breach?

Why do
hackers carry
data breach
out ?

Preventing
IT security
risks?
Financial
crimes?

Cybersecurity
challenges?

Distributed denial-of-service (DDoS)

Malware
Advanced persistent threats (APT)
Mobile computing and BYOD
Social media for social engineering
Phishing

viruses, trojans, worms, rootkits, backdoors, botnets, keyloggers

high-risk attack vectors

negligence

hacking

Management not doing enough

to defend against cyberthreats

data
breach

Basic IT Security Concepts

Risk

Exploit

Probability of a threat exploiting a

vulnerability and the resulting cost
of the loss, damage, disruption, or
destruction

A program (code) that allows attackers to

automatically break into a system through a
vulnerability
-To attack or take advantage of a
vulnerability

Threat
Someone or something that can cause
loss, damage, or destruction

Vulnerability
Weakness or flaw in a system that
allows an attack to be successful

Asset
Something of value that needs to
protected

Objectives of Data and Information

Systems Security

Confidentiality

Integrity

Availability

Why do
hackers carry
data breach
out ?

To shake down business and steal identities

Hacking is a profitable industry
Hackers feel untouched

Ability to bypass physical and technical security

Defenses protect against external threats

Why is stealing
data easy for
employee?

What are the

negative
impacts and
costs of data
breach?
Lost sales and income
Delayed sales or income
Increased expenses (overtime labor, outsourcing, etc.)
Regulatory fines
Contractual penalties or loss of contractual bonuses
Customer dissatisfaction or defection
Delay of new business plans
Costs and losses should be compared to the costs
for possible recovery strategies

Tools:
How should
IT security
risks be
prevented?

Antivirus software
Intrusion detection systems
Intrusion prevention systems

COBIT Governance Model:

Principle of economic use of resources
Principle of legality
Accounting principles

Industry data security standard

IT Security Model: People, Processes,

and Technology
Senior management commitment and support
Acceptable use policies and IT security training
IT security procedures and enforcement
Up-to-date hardware and softaware

Financial
crimes and
fraud
defenses?

Crime

Nonviolent

Fraud

Violent

Financial
crimes

Operating management corruption

Conflict of interest
Bribery
Embezzlement
Senior management financial reporting fraud
Accounting cycle fraud

Fraud Prevention

Fraud Detection

IT monitoring systems

Intelligent analysis engines

effective corporate governance and fraud

prevention measure

using advanced data warehousing and

analytics techniques

most cost-effective approach

audit trails from key systems and

personnel records from the HR and
finance departments
to detect anomalous patterns: excessive
working hours,deviations in patterns of
behavior, copying huge amounts of data,
attempts to override controls, unusual
transactions, inadequate documentation
about transaction
enormous cost in addition to the direct
cost of the loss

In conclusion,
one of biggest mistakes managers make is
underestimating IT vulnerabilities and threats.

Thus,
data security must be treated as a key business issue
and not simply the responsibility of the IT
department