Marc Tomlinson and Bryan Finnegan, Deloitte & Touche LLP
Post Sarbanes-Oxley, the auditor's role in providing value added audit and risk management services has been limited due to time constraints and the focus on testing specific financial controls. As companies are starting to evolve their compliance environments, it is important to focus on cost-effective, sustainable programs that can leverage technology to reduce manual testing of systems and transactions, as well as identify control deficiencies earlier in the process through increased and more frequent testing coverage. Using the automation inherent in a continuous controls monitoring product, this session will describe how an organization can reduce its dependence on the Audit department for substantive testing and manual testing of controls, and return auditors to their key role of monitoring and evaluating the effectiveness of the organization's risk management systems
Sajay Rai and Kevin Cash, Ernst & Young LLP
This session will examine various metrics for evaluating the effectiveness of information systems security (ISS) investments. By evaluating return on investment (ROI) and determining costs and benefits, a framework can be developed for measuring ISS effectiveness. The need for a formal framework for evaluating ISS investments is imperative as organizations strive to secure their weakest links that can exist in several places, including service providers, joint ventures, suppliers and other business partners
Timothy O'Neill, Diebold
Biometric solutions are gaining importance in minimizing identity fraud. Effective identity management is key to ensuring confidentiality, integrity, and availability of strategic information. This session will describe Diebold's identiCenter identity fraud prevention system which is based on fingerprint technology. Using the Diebold's biometric technology, the presentation will describe the process of biometrics-enabled identification and its use in securing information systems in financial institutions and other types of businesses.
Jay Schulman, KMPG
There is no better way to steal money today than from an online banking platform. Whether it is a phishing scam trying to convince an unsuspecting user to enter their personal information or spyware that steals usernames and passwords, there are a variety of ways criminals are trying to take a bank's money. There are a plethora of regulations which banks have to meet to run an online site, but each provides a variety of implementation methods. This presentation will summarize a variety of attacks on the US Banking System and the risks that they pose to both the banking customer and the banks themselves. With the risks in mind, the presentation will outline a series of controls online banks should adopt to protect both themselves and their customers.
Dr. Sri Ramamoorti , Grant Thornton
Karthik Swarnam, Accenture
Threats, vulnerabilities, and exposure to risks have changed the game for enterprises on how they need to operate in a global economy. Risk mitigation in today's world is multi-dimensional and includes aspects of technology, process and behavioral changes. Information security is a constantly evolving journey. This session discusses various emerging information security risks, and the implications of managing those risks, at the enterprise level.