The IT Risk Environment and Data Analytics. Parm Lalli Director, Focal Point Data Risk, LLC
|
|
- Blanche Douglas
- 6 years ago
- Views:
Transcription
1 The IT Risk Environment and Data Analytics Parm Lalli Director, Focal Point Data Risk, LLC
2 Parm Lalli Director, Data Analytics Focal Point Data Risk, LLC Parm is a Director with Sunera and leads our national Data Analytics practice. Parm has over 14 years of data analytics, audit, and controls experience with Sunera and other IT consulting firms, and is widely considered a leading data analytics practitioner in North America. Parm s data analytics expertise includes vast experience with various Computer-Aided Audit Tools (CAATs), leading and performing data analytics and developing continuous controls monitoring (CCM) applications for many business processes. His experience also includes installing, implementing and configuring ACL Analytics Exchange, and providing training on all aspects of data analytics, from basic functionality to complex scripting and controls monitoring. Parm s 16 years experience with ACL Software includes six years working at ACL. During Parm s time at ACL, he led the development of analytics for ACL s CCM solution. These analytics covered risks associated with accounts payable, travel and entertainment, general ledger, order to cash, procurement, human resource and payroll. Once the analytics were developed, Parm led consulting projects for ACL clients where he implemented the analytics and assisted clients with the development and maturation of the data analytics and CCM programs. Parm has also worked at PricewaterhouseCoopers in the Advisory group where he performed Revenue Assurance consultancy with the Telco Industry. Parm also have extensive experience with other data analytics tools and applications such as TOAD for Oracle & SQL Server, Arbutus, and Alteryx. In addition to his data analytics focus, Parm s background is IT audit focused, having provided services related to IT general controls, application controls, internal audit, IT risk assessment, process improvement advisory, operational audit and Sarbanes-Oxley Act (SOX). Parm has also been involved with conducting vulnerability assessments and penetration testing for clients. Parm is a Certified Information Systems Auditor (CISA) and ACL Certified Data Analyst (ACDA). 2
3 OBJECTIVES Raise awareness of the contribution data analytics can make to mitigate risks in IT Identify key risk areas that can be tested with data analytics tools Describe data analytics tests for key high-risk areas 3
4 AGENDA Why data analytics for IT? Risks to mitigate Specific risk areas Data Analytics for Cybersecurity Proactive security monitoring 4
5 Why data analytics for information technology?
6 2014 Data Breach Statistics $3.8 million per organization* $154 per record* Increases in Cyberattack frequency Remediation costs Business impact Detection/escalation costs *IBM/Ponemon 2015 Cost of Data Breach Study 6
7 The Environment High-risk area Abundance of data Multiple platforms/formats Complex Decentralized Proliferation of unencrypted devices 7
8 DA enables High-frequency automated testing Development of metrics Operational performance Call centers Cybersecurity Close to real-time monitoring/reporting of risks Comprehensive overview 8
9 Output Dashboarding of trends/metrics Drill-down capabilities for supporting data User-friendly formats 9
10 Risks
11 Risks Unauthorized activity Loss of revenue Data corruption Data leakage (accidental) Data theft (intentional internal or external) System downtime Loss of confidentiality Erosion of process integrity Decreased performance Malfunctioning hardware 11
12 Risk Areas
13 Key Risk Areas Access Change logs Segregation of duties Change management Physical access General Computer Controls/ITGC Application controls Improper user of company assets (Policies) 13
14 Access Elevated access review Usage of Admin/Super user accounts Compare access to position description Compare to previous review results Flip flop access privileges Segregation of duties Access to contractors HR payroll records vs Active Directory user listing 14
15 Change Logs Review major changes Identify change/reversion ( flip-flop ) Frequency distribution by individual or department Audit logs for application and database changes 15
16 Change Management Compare to ITAF standards Proper categorization UAT results Test all environments to ensure proper change management (Dev, Test, Prod) Use DA tools for Code Review SOX controls for Vendor Master / Customer Master changes 16
17 Physical Access Review entries/exits to data centers (who) Review entry times vs exit times (duration) Cross-reference with HR data for departing employees Compare against logs for suspect events Review temporary access passes for approvals Review failed attempted access logs 17
18 General Computer Controls/ITGC Configuration vs Policies Default accounts Passwords Inactivity Failed logins Time out settings Security Firewall configuration settings/changes 18
19 Application Controls Password settings Account settings Time out settings User access reports (compare time periods) Compare all of the above with policies and procedures 19
20 Applications Active Directory UNIX Mainframe Oracle Other Databases HRMS 20
21 Security Incident & Event Monitoring SIEM tools in IT Great at collecting information & analyzing information Misconfigured SIEM tools. Tools are only as good as how they re configured SIEM tools normally configured for: Excessive login attempts Privileged escalation missed cross reference with authorization data 21
22 Data Analytics for Cybersecurity
23 Analytics and Cybersecurity Measure IT Risk across the organization Data is very disparate and complex Big data variable, volume, velocity Data can be very big Log files events Use data analytics to normalize, harmonize, structure data 23
24 Data to collect Installed application what applications are users installing? Virus / Trojan data should be captured What systems / applications do users have access to? (IAM) IT Infrastructure servers, workstations, applications, etc. 24
25 Data to Monitor Monitor what is being browsed on the internet Help identify sites being visited that can cause virus infections Gather information on virus infections that occur when, where, how Is training required in certain departments or sites Is your Intellectual Property being leaked? What sites, by who, how much data? Shut down code sites like (Github) 25
26 Data analytics monitoring Identify, quantify, rank, and prioritize your risk Develop Risk scores Uses risk scores to identify the norm so the abnormal jumps out Employees in similar departments / roles are normally the same Figuring out their patterns or behaviors is important Collecting this data can help identify the internal hackers, negligent users and opportunities to mitigate RISK Internal hackers will eventually give themselves away. Just need to make sure we are watching / monitoring the correct data 26
27 Proactive Security monitoring
28 DA Tools for IT Standard data analytic tools Alteryx, ACL, Arbutus, IDEA PowerShell Scripts to access Active Directory Run through EXECUTE & RUN commands Creates CSV (or other formats) files to import into above tools Forensic Software for data examination ( s) Cyber Security tools 28
29 Proactive Security Monitoring Login Velocity logging into multiple assets from a single source Previously Unseen Origin Remote logging in from a location not previously seen Previously Unseen Process Identify a previously unseen process running on critical machines Impossible Traveler logging in from different locations that can not be achieved through normal travel means Cross User Login same user account being logged on to multiple assets at the same time 29
30 Proactive Security Monitoring con t Non-Badged User Login identifying when an on-site login does not have a corresponding badge entry into the building Proxy Beaconing looking for machines reaching out to uncommon domains and IP s Timewheel identifying machines performing beaconing during hours of the day when the user or system isn t typically active. Snowflake analysis to find process/software that has not been seen in the environment before, across the fleet Concerning Connections assess network data to automatically generate network maps from which undesired, or unexpected, connections can be identified. 30
31 The End Questions / Comments? 31
32 Parm Lalli Director
Data Management: Applying Data Analytics to a Continuous Controls Monitoring Solution
Data Management: Applying Data Analytics to a Continuous Controls Monitoring Solution February 04, 2014 Parm Lalli, CISA, ACDA Sunera Snapshot We are a professional consultancy focused on regulatory compliance,
More informationContinuous Monitoring: Getting Results Today!
Continuous Monitoring: Getting Results Today! Gerard (Rod) Brennan, PhD, CFE Risk & Internal Control Officer NA, Siemens Corporation Jason A. Gross, CPA, CIA, CFE, CISA, ACDA Vice President, Controls Management,
More informationThe Road to Continuous Assurance. Jason A. Gross, CPA, CIA, CFE, CISA, ACDA Vice President, Controls Management Siemens Financial Services, Inc.
The Road to Continuous Assurance Jason A. Gross, CPA, CIA, CFE, CISA, ACDA Vice President, Controls Management Siemens Financial Services, Inc. Challenge Statement: Implement a CCM program for the Organization
More informationThe Road to Continuous Assurance. Jason A. Gross, CPA, CIA, CFE, CISA, ACDA Vice President, Controls Management Siemens Financial Services, Inc.
The Road to Continuous Assurance Jason A. Gross, CPA, CIA, CFE, CISA, ACDA Vice President, Controls Management Siemens Financial Services, Inc. Agenda Key Drivers for Successful Implementation Technology
More informationFulfilling CDM Phase II with Identity Governance and Provisioning
SOLUTION BRIEF Fulfilling CDM Phase II with Identity Governance and Provisioning SailPoint has been selected as a trusted vendor by the Continuous Diagnostics and Mitigation (CDM) and Continuous Monitoring
More informationGOVERNANCE AES 2012 INFORMATION TECHNOLOGY GENERAL COMPUTING CONTROLS (ITGC) CATALOG. Aut. / Man. Control ID # Key SOX Control. Prev. / Det.
GOVERNANCE 8.A.1 - Objective: Information Technology strategies, plans, personnel and budgets are consistent with AES' business and strategic requirements and goals. Objective Risk Statement(s): - IT Projects,
More informationUsing Transactional Analysis for
Using Transactional Analysis for Effective Fraud Detection Date: 15 th January 2009 Nishith Seth Seth Services.P. Ltd. www.sspl.net.in Cost Indirect costs: image, morale Fraud Issues & Impact Direct costs:
More informationSOX 404 & IT Controls
SOX 404 & IT Controls IT Control Recommendations For Small and Mid-size companies by Ike Ugochuku, CIA, CISA TLK Enterprise 2006, www.tlkenterprise.com INTRODUCTION Small, medium, and large businesses
More informationS12 - Guidelines for Planning an IS Audit Christopher Chung
S12 - Guidelines for Planning an IS Audit Christopher Chung IS Auditing Guidelines for Planning an IS Audit Session Objectives Agenda Information Systems Audit Planning and Scoping o Understanding Business
More informationInfor Risk and Compliance for CDM Phase 2: Automate, integrate, manage, and report across your enterprise
Public Sector Infor Risk and Compliance for CDM Phase 2: Automate, integrate, manage, and report across your enterprise Now in its Phase 2 rollout, The Department of Homeland Security (DHS) and General
More informationCHAPTER 5 INFORMATION TECHNOLOGY SERVICES CONTROLS
5-1 CHAPTER 5 INFORMATION TECHNOLOGY SERVICES CONTROLS INTRODUCTION In accordance with Statements on Auditing Standards Numbers 78 and 94, issued by the American Institute of Certified Public Accountants
More informationContinuous Monitoring - Definition
Agenda Continuous Monitoring ADB Treasury Operation Road Map for Introducing Continuous Monitoring in Treasury Investment Activities using ACL Lessons Learnt References Q&A 2 Continuous Monitoring - Definition
More informationThird Party Risk Management ( TPRM ) Transformation
Third Party Risk Management ( TPRM ) Transformation September 20, 2017 Internal use only An introduction to TPRM What is a Third Party relationship? A Third Party relationship is any business arrangement
More informationIT Managed Services. Agenda
IT Managed Services Agenda Introduction IT Challenges Problems with Traditional Approaches What is Managed Services The Benefits of Managed Services How it Works Q & A 517.323.7500 1 IT Challenges No Structured
More informationASSESSMENT AND EVALUATION OF THE CITY OF PHILADELPHIA S INFORMATION TECHNOLOGY GENERAL CONTROLS FISCAL 2016
ASSESSMENT AND EVALUATION OF THE CITY OF PHILADELPHIA S INFORMATION TECHNOLOGY GENERAL CONTROLS FISCAL 2016 Charles J. Brennan Chief Information Officer Office of Innovation and Technology 1234 Market
More informationORACLE ADVANCED FINANCIAL CONTROLS CLOUD SERVICE
ORACLE ADVANCED FINANCIAL CONTROLS CLOUD SERVICE Advanced Financial Controls (AFC) Cloud Service enables continuous monitoring of all expense and payables transactions in Oracle ERP Cloud, for potential
More informationPosition Description. Job Summary: Campus Job Scope:
Position Description Requisition # 03020430 Position Number: 02019533 Dept: ENT APPS & INFRASTRUCTURE SVCS - 061419 Position: WINDOWS SYSTEM APPLICATION ADMINISTRATOR Approved Payroll Title 0520 Code:
More informationInformation Technology Risks in Today s Environment
Information Technology s in Today s Environment - Traci Mizoguchi Enterprise Services Senior Manager, Deloitte & Touche LLP Agenda Overview Top 10 Emerging IT s Summary Q&A 1 Overview Technology continues
More informationWhat does an external auditor look for in SAP R/3 during SOX 404 Audits? Ram Bapu, CISSP, CISM Sandra Keigwin, CISSP
What does an external auditor look for in SAP R/3 during SOX 404 Audits? Ram Bapu, CISSP, CISM Sandra Keigwin, CISSP What does an external auditor look for in SAP during SOX 404 Audits? Corporations have
More informationPREVENT MAJOR DATA BREACHES WITH THREAT LIFECYCLE MANAGEMENT Seth Goldhammer, Senior Director of Product Management at LogRhythm
PREVENT MAJOR DATA BREACHES WITH THREAT LIFECYCLE MANAGEMENT Seth Goldhammer, Senior Director of Product Management at LogRhythm WELCOME Audio is streamed over your computer Dial in numbers and codes are
More informationBuilding a World-Class Data Analysis Function for Internal Audit
Building a World-Class Data Analysis Function for Internal Audit Michael Kano, ACDA March 19, 2015 Agenda Why focus on DA? Characteristics of success Audit leadership support DA ownership and accountability
More informationTop 10 SAP audit and security risks: Securing your system and vital data
Top 10 SAP audit and security risks: Securing your system and vital data Prepared by: Luke Leaon, Manager, McGladrey LLP 612.629.9072, luke.leaon@mcgladrey.com Adam Harpool, Supervisor, McGladrey LLP 212.372.1773,
More informationIBM QRadar SIEM. Detect threats with IBM QRadar Security Information and Event Management (SIEM) Highlights
IBM Security Data Sheet IBM QRadar SIEM Detect threats with IBM QRadar Security Information and Event Management (SIEM) Highlights Use IBM QRadar Security Information and Event Management, powered by the
More informationFraud Risk Management
Fraud Risk Management Using Automated Continuous Monitoring Tools 2017 Association of Certified Fraud Examiners, Inc. Discussion Questions 1. Does your organization use continuous and/or automated monitoring
More informationFGFOA 2017 Focus on the Future
IT Modernization: Bringing Government from Obsolete to Cutting Edge FGFOA 2017 Focus on the Future Christine Horrocks, CPA/CFF, CGMA Brent Pruim, CPA Topics Covered State of the industry with respect to
More informationSecurity Monitoring Service Description
Security Monitoring Service Description Contents Section 1: UnderdefenseSOC Security Monitoring Service Overview 3 Section 2: Key Components of the Service 4 Section 3: Onboarding Process 5 Section 4:
More informationInternal Control and the Computerised Information System (CIS) Environment. CA A. Rafeq, FCA
Internal Control and the Computerised Information System (CIS) Environment CA A. Rafeq, FCA 1 Agenda 1. Internal Controls and CIS Environment 2. Planning audit of CIS environment 3. Design and procedural
More informationIntegrating COSO s Fraud Risk Management Guide on an Enterprise Scale
Integrating COSO s Fraud Risk Management Guide on an Enterprise Scale September 15, 2017 Vincent Walden Partner EY Atlanta Delores White Director, Internal Audit Southern Company Scott Hulsey Chief Compliance
More informationTOP 6 SECURITY USE CASES
Solution Brief: Top 6 Security Use Cases for Automated Asset Inventory page 1 SOLUTION BRIEF TOP 6 SECURITY USE CASES for Automated Asset Inventory Solution Brief: Top 6 Security Use Cases for Automated
More informationCertified Identity Governance Expert (CIGE) Overview & Curriculum
Overview Identity and Access Governance (IAG) provides the link between Identity and Access Management (IAM) rules and the policies within a company to protect systems and data from unauthorized access,
More informationTop 10 SAP audit and security risks
Top 10 SAP audit and security risks Securing your system and vital data Prepared by: Luke Leaon, Manager, RSM US LLP luke.leaon@rsmus.com, +1 612 629 9072 SAP is a functional enterprise resource planning
More informationWHEN END USERS CREATE TECHNOLOGY. Robert Newsome 9/21/2016
WHEN END USERS CREATE TECHNOLOGY Robert Newsome 9/21/2016 Agenda What are EUC (End User Computing) & EUCA (End User Computing Applications) Organizational Challenges Audit Challenges Complexities Solutions
More informationVULNERABILITY MANAGEMENT BUYER S GUIDE
VULNERABILITY MANAGEMENT BUYER S GUIDE VULNERABILITY MANAGEMENT BUYER S GUIDE 01 Introduction 2 02 Key Components 3 03 Other Considerations 10 About Rapid7 11 01 INTRODUCTION Exploiting weaknesses in browsers,
More informationSecuring Intel s External Online Presence
IT@Intel White Paper Intel IT IT Best Practices Information Security May 2011 Securing Intel s External Online Presence Executive Overview Overall, the Intel Secure External Presence program has effectively
More informationIT Audit Process. Michael Romeu-Lugo MBA, CISA March 27, IT Audit Process. Prof. Mike Romeu
Michael Romeu-Lugo MBA, CISA March 27, 2017 1 Agenda Audit Planning PS 1203 / PG 2203 Evidence PS 1205 / PG 2205 References: ITAF 3 rd Edition Information Systems Auditing: Tools and Techniques Creating
More informationGeneral IT Controls Review of the Division of Technology. Fiscal 2008
General IT Controls Review of the Division of Technology Fiscal 2008 February 18, 2009 Mr. Allan R. Frank, Chief Information Officer City of Philadelphia Division of Technology 1234 Market Street, Suite
More informationSUPPORT SERVICES HANDBOOK
SUPPORT SERVICES HANDBOOK Contents Our Commitment to Support... 1 Contact Us... 1 WinEst Software Support Service...... 1 Standard Support vs. Professional Services 1 Support Plan Detail. 2 Support Incidents....
More informationSOLUTION BRIEF RSA IDENTITY GOVERNANCE & LIFECYCLE SOLUTION OVERVIEW ACT WITH INSIGHT TO DRIVE INFORMED DECISIONS TO MITIGATE IDENTITY RISK
RSA IDENTITY GOVERNANCE & LIFECYCLE SOLUTION OVERVIEW ACT WITH INSIGHT TO DRIVE INFORMED DECISIONS TO MITIGATE IDENTITY RISK BENEFITS ACT WITH INSIGHTS Identity has emerged as today s most consequential
More informationApplication Security Best Practices in an Oracle E- Business Suite Environment
Application Security Best Practices in an Oracle E- Business Suite Environment Introduction - Jeffrey T. Hare, CPA CISA CIA Founder of ERP Risk Advisors Written various white papers on Internal Controls
More informationThe 7 Tenets of Successful Identity & Access Management
The 7 Tenets of Successful Identity & Access Management Data breaches. The outlook is not promising. Headlines practically write themselves as new breaches are uncovered. From Home Depot to the US Government
More informationThe Best of Crimes, the Worst of Crimes: Fraud Stories That Prove the Truth Is in the Transactions
Technology for Business Assurance The Best of Crimes, the Worst of Crimes: Fraud Stories That Prove the Truth Is in the Transactions Copyright 2009 ACL Services Ltd. Peter Millar Director, Technology Application
More informationWHITE PAPER SPLUNK SOFTWARE AS A SIEM
SPLUNK SOFTWARE AS A SIEM Improve your security posture by using Splunk as your SIEM HIGHLIGHTS Splunk software can be used to build and operate security operations centers (SOC) of any size (large, med,
More informationMinimizing fraud exposure with effective ERP segregation of duties controls
Minimizing fraud exposure with effective ERP segregation of duties controls Prepared by: Luke Leaon, Manager, RSM US LLP luke.leaon@rsmus.com, +1 612 629 9072 Adam Harpool, Manager, RSM US LLP adam.harpool@rsmus.com,
More informationContinuous Controls Monitoring for Transactions: The Next Frontier for GRC Automation
Research Publication Date: 15 January 2009 ID Number: G00164382 Continuous Controls Monitoring for Transactions: The Next Frontier for GRC Automation French Caldwell, Paul E. Proctor Continuous controls
More informationIdentity and Access Governance. Buyer s Guide. By Felicia Thomas
Identity and Access Governance Buyer s Guide By Felicia Thomas March 2016 Table of Contents Purpose of This Guide... 3 Identity and Access Governance... 5 Tasks and People... 6 IAG as Part of Identity
More informationCOSO Updates and Expectations. IIA San Diego Chapter January 8, 2014
COSO Updates and Expectations IIA San Diego Chapter January 8, 2014 Agenda Overview of 2013 Internal Control-Integrated Framework and Companion Guidance 2013 Framework General Enhancements by Component
More informationManaging Complexity in Identity & Access Management
Managing Complexity in Identity & Access Management Sponsored by RSA Aveksa Independently conducted by Ponemon Institute LLC Publication Date: August 2013 Ponemon Institute Research Report Part 1. Executive
More informationLeverage T echnology: July 19 th, 2013 Adil Khan. Move Your Business Forward. Copyright. Fulcrum Information Technology, Inc.
Life After ERP Go-Live: Navigating to Nirvana Learn how leading organizations are utilizing Advanced Controls to make systematic improvements in their ERP systems to achieve expected benefits of ERP systems
More informationCyber Security. & GRC Metrics That Tell a Story! Presented by: Swarnika Mehta Manager, KPMG Cyber Security Services
Cyber Security & GRC Metrics That Tell a Story! Presented by: Swarnika Mehta Manager, KPMG Cyber Security Services Eva Benn Senior Associate, KPMG Cyber Security Services Contents 2 Introduction In the
More informationREPORT 2014/115 INTERNAL AUDIT DIVISION. Audit of information and communications technology management at the United Nations Office at Geneva
INTERNAL AUDIT DIVISION REPORT 2014/115 Audit of information and communications technology management at the United Nations Office at Geneva Overall results relating to the effective and efficient management
More informationUNDERSTANDING THE NEED FOR A HELP DESK SOLUTION. How to select the right help desk solution for your organization
UNDERSTANDING THE NEED FOR A HELP DESK SOLUTION How to select the right help desk solution for your organization UNDERSTANDING THE NEED FOR A HELP DESK SOLUTION INTRODUCTION Every business, no matter which
More informationSeptember 19, 2007 San Francisco Chapter
Optimizing Spreadsheet Controls A Proactive Approach to Sustaining Compliance September 19, 2007 Welcome! Today s Facilitators Dannette Roberts Industry Partner Manager Microsoft Corporation Terry Nystrom
More informationEffective implementation of COSO s new anti-fraud guidance
Effective implementation of COSO s new anti-fraud guidance In September 2016, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) published a new Fraud Risk Management Guide (Anti-fraud
More informationTMT Fleet Maintenance Windows. TruckMate Installation Guide
TMW Asset Maintenance TMT Fleet Maintenance Windows TruckMate Installation Guide 1 Table of Contents TruckMate Interface... 3 TruckMate TMT Fleet Maintenance Interface... 4 TruckMate Installation from
More informationREQUEST FOR PROPOSALS: INFORMATION TECHNOLOGY SUPPORT SERVICES
REQUEST FOR PROPOSALS: INFORMATION TECHNOLOGY SUPPORT SERVICES Responses Due October 30, 2017 at 4:00 PM RFP 2017: INFORMATION TECHNOLOGY SERVICES PAGE 1 TABLE OF CONTENTS I. INTRODUCTION II. SUBMISSION
More informationDrive more value through data source and use case optimization
Drive more value through data source and use case optimization BEST PRACTICES FOR SHARING DATA ACROSS THE ENTEPRRISE David Caradonna Director, Global Business Value Consulting Date Washington, DC Forward-Looking
More informationIBM QRadar on Cloud. The amount payable for the IBM SaaS is specified in a Transaction Document.
IBM Terms of Use SaaS Specific Offering Terms IBM QRadar on Cloud The Terms of Use ( ToU ) is composed of this IBM Terms of Use - SaaS Specific Offering Terms ( SaaS Specific Offering Terms ) and a document
More informationCompliance Management Solutions from Novell Insert Presenter's Name (16pt)
Compliance Solutions from Novell Insert Presenter's Name (16pt) Insert Presenter's Title (14pt) Issues Driving the Compliance Need Dealing with Compliance Requirements It's All about Balance Flexibility
More informationData Analytics: Where Do I Start?
Data Analytics: Where Do I Start? Ryan Merryman, CPA, CFF, CITP, CFE David Heneke, CPA, CISA Investment advisory services are offered through CliftonLarsonAllen Wealth Advisors, LLC, an SEC-registered
More informationPeopleSoft Component Global Price List October 16, 2014 Software Investment Guide
Prices in USA (Dollar) PeopleSoft Global Price List October 16, 2014 Software Investment Guide only. Subject to change without notice. 1 of 11 PeopleSoft Global Price List Prices in USA (Dollar) License
More informationStart your SAP Optimization Effort Yesterday: A 10-minute guide to the SAP Optimization process for an Enterprise
Start your SAP Optimization Effort Yesterday: A 10-minute guide to the SAP Optimization process for an Enterprise EXECUTIVE SUMMARY If you just completed your annual LAW submission to SAP, you should immediately
More informationVentana Research Marketing Research in 2017
Ventana Research Marketing Research in 2017 Setting the annual expertise and topic agenda Mark Smith CEO & Chief Research Officer blog.ventanaresearch.com @ventanaresearch In/ventanaresearch 1 Confidentiality
More informationSecurity intelligence for service providers
Security Thought Leadership White Paper July 2015 Security intelligence for service providers Expanded capabilities for IBM Security QRadar including multi-tenancy, unified management and SaaS 2 Security
More informationThe Case for Outsourcing Accounts Payable
Presented by Lynn Belletti BNY Mellon Transaction Processing Director The & Procure-To-Pay Conference & Expo is produced by: The world is changing. How will you respond to the new pressures of regulatory
More informationAgency for State Technology Office of Inspector General
Agency for State Technology Office of Inspector General Eric M. Larson, State CIO/ Executive Director Tabitha A. McNulty Inspector General Six Month Follow up Response to Agency for State Technology, State
More informationSupplier Security Directives
Page 1 (8) Supplier Directives 1 Description This document (the Directives ) describes the security requirements applicable to Suppliers (as defined below) and other identified business partners to Telia
More informationHARNESSING THE POWER OF DATA ANALYTICS AND CONTINUOUS MONITORING
HARNESSING THE POWER OF DATA ANALYTICS AND CONTINUOUS MONITORING SEPTEMBER 26, 2017 Shana McGee, CIA Manager, Risk Advisory Services Kirstie Tiernan, CFE, OCA Managing Director, Forensic Technology Services
More informationArticle from: CompAct. April 2013 Issue No. 47
Article from: CompAct April 2013 Issue No. 47 Overview of Programmatic Framework and Key Considerations Key elements Description Items to consider Definition and identification of EUCs The statement that
More informationDatabases: Oracle v9i, v8i & v7.x, Legacy and Microsoft SQL Server v6.5 & v7
NAME Address Tel. Email Summary: 23 years of Aerospace/Commercial Manufacturing industry experience. I have leveraged that expertise over the last 8 years in the Collaborative / ERP / e-business software
More informationSAP Road Map for Governance, Risk, and Compliance Solutions
SAP Road Map for Governance, Risk, and Compliance Solutions Q4 2016 Customer Disclaimer The information in this presentation is confidential and proprietary to SAP and may not be disclosed without the
More informationExternal Supplier Control Obligations. Information Security
External Supplier Control Obligations Information Security Version 7.0 December 2016 Control Area / Title Control Description Why this is important Roles and Responsibilities The Supplier must define and
More informationSOLUTION BRIEF EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER
EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER ARRIVAL OF GDPR IN 2018 The European Union (EU) General Data Protection Regulation (GDPR), which takes effect in 2018, will bring changes
More informationCHAPTER 3: REQUIREMENT ANALYSIS
CHAPTER 3: REQUIREMENT ANALYSIS 3.1 Requirements Gathering At the start of the project, the travel management process handled by the admin department was studied in detail by using the basic requirement
More informationAutomating Audit Analytics: The benefits, the concepts and the road to Continuous Auditing
Automating Audit Analytics: The benefits, the concepts and the road to Continuous Auditing Agenda 1. Why automation for data based audits? 2. What options are available? 3. Automation Considerations 4.
More informationCREATING A FRAUD RISK ASSESSMENT AND IMPLEMENTING A CONTINUOUS MONITORING PROGRAM
CREATING A FRAUD RISK ASSESSMENT AND IMPLEMENTING A CONTINUOUS MONITORING PROGRAM Compliance professionals around the world are struggling with how to do more with less. In order to provide effective assurance
More informationIMPLEMENTATION QUESTIONNAIRE
IMPLEMENTATION QUESTIONNAIRE emaint CMMS Initial Assessment, Introductions & Services www.emaint.com (239) 494-8928 sales@emaint.com Contents emaint CMMS Functionality Flow Chart Introduction Purpose and
More informationBest Practices for IT Service Management in 2017+
Best Practices for IT Service Management in 2017+ Branko Tadić ITSM Solution Executive IBM Hybrid Cloud Europe branko.tadic@rs.ibm.com 2016 IBM Corporation 2016 IBM Corporation 2016 IBM Corporation 2016
More informationUsing Data Analytics as a Management Tool to Identify Organizational Risks
2013 CliftonLarsonAllen LLP Using Data Analytics as a Management Tool to Identify Organizational Risks Government Finance Officers Association of South Carolina October 13, 2014 cliftonlarsonallen.com
More informationPeopleSoft Component Global Price List September 21, 2017 Software Investment Guide
Prices in USA (Dollar) PeopleSoft Component Global Price List September 21, 2017 Software Investment Guide only. Subject to change without notice. 1 of 11 PeopleSoft Component Global Price List Prices
More information1 Building an Identity Management Business Case. 2 Agenda. 3 Business Challenges
1 Building an Identity Management Business Case Managing the User Lifecycle Across On-Premises and Cloud-Hosted Applications Justifying investment in identity management automation. 2 Agenda Business challenges
More informationEY Center for Board Matters. Leading practices for audit committees
EY Center for Board Matters for audit committees As an audit committee member, your role is increasingly complex and demanding. Regulators, standard-setters and investors are pressing for more transparency
More informationDeveloping the IT Audit Plan
Developing the IT Audit Plan Global Technology Audit Guide (GTAG) Written in straightforward business language to address a timely issue related to IT management, control, and security, the GTAG series
More informationTop 5 Must Do IT Audits
Top 5 Must Do IT Audits Mike Fabrizius, Sharp HealthCare, VP, Internal Audit DJ Wilkins, KPMG, Partner, IT Advisory 2011 AHIA Annual Conference www.ahia.org Background on Sharp HealthCare Sharp s Co-sourcing
More informationITIL from brain dump_formatted
ITIL from brain dump_formatted Number: 000-000 Passing Score: 800 Time Limit: 120 min File Version: 1.0 Экзамен A QUESTION 1 Which role is responsible for carrying out the activities of a process? A. Process
More informationIdentity Management Solutions for Oracle E-Business Suite. An Oracle White Paper January 2008
Identity Management Solutions for Oracle E-Business Suite An Oracle White Paper January 2008 NOTE: The following is intended to outline our general product direction. It is intended for information purposes
More informationFraud and the Accounting Information System
10 CHAPTER TEN Fraud and the Accounting Information System INTRODUCTION Except for certain limited off-the-books schemes, fraud transaction data are almost always contained in the accounting information
More informationSarbanes-Oxley Compliance Kit
Kit February 2018 This product is NOT FOR RESALE or REDISTRIBUTION in any physical or electronic format. The purchaser of this template has acquired the rights to use it for a SINGLE Disaster Recovery
More informationS11: Conducting Enterprise-wide IT Risk Assessments Lance M. Turcato, City of Phoenix
S11: Conducting Enterprise-wide IT Risk Assessments Lance M. Turcato, City of Phoenix Conducting Enterprise-Wide IT Risk Assessments Session S-11 Monday, October 4, 2010 (10:15am-11:45am) Presented by
More informationExtendTime A completely automated IP Telephony time and attendance solution that immediately realizes an organizational return on investment.
A completely automated IP Telephony time and attendance solution that immediately realizes an organizational return on investment. Introduction Companies that are considering purchasing IP Telephony systems,
More informationWhite Paper. Veritas Configuration Manager by Symantec. Removing the Risks of Change Management and Impact to Application Availability
White Paper Veritas Configuration Manager by Symantec Removing the Risks of Change Management and Impact to Application Availability By Brian Babineau Analyst Intelligent Information Management February
More informationContinuous Improvement with help of Data Analytics, the LeidenUniv business case
Rob van den Wijngaard Continuous Improvement with help of Data Analytics, the LeidenUniv business case Rob van den Wijngaard 26-10-2016 Bij ons leer je de wereld kennen Rob van den Wijngaard Implementation-
More informationITIL: Operational Support & Analysis (OSA) (Revision 1.6)
ITIL: Operational Support & Analysis (OSA) (Revision 1.6) Course Overview This program leads to a Certificate in ITIL Service Capability Management - Operational Support and Analysis. The Service Capability
More informationSIEM Simplified. Answering the 4W s Who, What, Where and When. White Paper
SIEM Simplified Answering the 4W s Who, What, Where and When Abstract Security incidents such as successful hacks or breaches are not easily defined or understood because the evidence of the anomalous
More informationPCI COMPLIANCE PCI COMPLIANCE RESPONSE BREACH VULNERABLE SECURITY TECHNOLOGY INTERNET ISSUES STRATEGY APPS INFRASTRUCTURE LOGS
TRAILS INSIDERS LOGS MODEL PCI Compliance What It Is And How To Maintain It PCI COMPLIANCE WHAT IT IS AND HOW TO MAINTAIN IT HACKERS APPS BUSINESS PCI AUDIT BROWSER MALWARE COMPLIANCE VULNERABLE PASSWORDS
More informationPolicy Outsourcing and Cloud-Based File Sharing
Policy Outsourcing and Cloud-Based File Sharing Version 3.3 Table of Contents Outsourcing and Cloud-Based File Sharing Policy... 2 Outsourcing Cloud-Based File Sharing Management Standard... 2 Overview...
More informationEnergy Future Holdings (EFH)
Energy Future Holdings (EFH) Inclusion of Data Analytics into the Internal Audit Lifecycle June 3, 2015 Starting Place Baseline Questions Pertaining to the utilization of data analytics in the internal
More informationinoc for Cloud Based Agile Billing and Monetization Platform ATTENTION. ALWAYS.
inoc for Cloud Based Agile Billing and Monetization Platform ATTENTION. ALWAYS. COMPANY The client is one of the leading Cloud-based monetization platforms for subscription and usage-based businesses in
More informationSOLUTION BRIEF EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER
EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER ARRIVAL OF GDPR IN 2018 The European Union (EU) General Data Protection Regulation (GDPR) that takes effect in 2018 will bring changes for
More informationInformation Technology ControlsA uditing Application Controls
IPPF Practice Guide Information Technology ControlsA uditing Application Controls Authors David A. Richards, CIA, President, The IIA Alan S. Oliphant, MIIA, QiCA, MAIR InternationalChristine Bellino, Jefferson
More informationCloud Computing Opportunities & Challenges
Cloud Computing Opportunities & Challenges AICPA & CPA/SEA Interchange State Regulatory & Legislative Affairs Emerging Technologies July 11, 2017 Presented by Donny C. Shimamoto, CPA.CITP, CGMA 1 Unless
More information