Audit &Consultancy Services IT AUDIT

1

#

#

#

#Incoming Call: Dad

#

#

#

#Incoming Call: Justin

#

#

#

#Incoming Mail: The Boss

#

#

#

#

#

#

#

#Salford IT Internal Audit Services

A..B..C..D..E.......GYODPresentation to Housing Technology conference27th Feb 2014 IntroductionsSteve (PADDY) ClarePrincipal IT AuditorGary (MAX) MarlandPrincipal IT AuditorWE ARE THE AUDITORS FROM SALFORD

#IT Audit SkillsNetwork and application securityVulnerability Assessments/ethical hackingPenetration testingWindows Operating Systems/ UNIX SAP/ ORACLEWebsite application and development Information Security ManagementITIL IT Service ManagementPrince2 - project management IDEA - data analysis

#Salford IT Internal Audit Services

A..B..C..D..E.......GYODPresentation to Housing Technology conference27th Feb 2014 BYODBUY YOUR OWN DRINK?Alphabet acronymWhatWhyHow

#10 key risks areaStrategy/Policy/EtcOwnershipSecurityAnti-VirusStandardsData LossSocial Media et alVulnerabilitiesLicensingPortable Media Devices

#1. Bureaucratic claptrapStrategyPolicyProceduresRisk appetiteObjectivesResponsibilitiesDos and donts ConsequencesTechy understandingKnow your audience

#2. Enthusiastic AmateurOwnershipDevice controlSystem AdministratorRoot access

#3. Max and Paddy IncData securityResponsibilitiesAccess permissionsMonitoringCurrent patchUp to date Anti VirusNetwork AccessMobile device management softwareLost, stolen, remote wipeBack up plan

#4. MacAfee v Norton...fight, fight, fightAnti Virus software conflictsLazy staffing updatesCosts

#5. My way or the highwayStandardsDevice differencesProcessing speedsPrivate v Business useBreach of standardsCostsLegal issuesMonitoring, control....Policing

#6. Piggy in the MiddleMan in the middle attacksData lossConsequencesUnsecure connections

#7. Its sick this innitFacebook - http://www.telegraph.co.uk/technology/facebook/10369934/Facebook-hacked-how-criminals-can-exploit-your-data.htmlTwitterInstagram - https://viaforensics.com/mobile-security/hacked-your-instagram-account.htmlYou TubeDropbox - http://www.computerweekly.com/news/2240204366/Dropbox-can-be-hacked-say-security-researchersHotmailLinked policy

#8. C3PO goes mentalAndroid vulnerabilitiesWindowsApple

#9. FAST and FuriousLicensingOwnershipCostsTypes of licenseLicense monitoring and controlBreachConsequences illegal downloads

#10. U Stupid Boy...USBStorage devicesData Loss PreventionSD cardCDs

#ConclusionGet the strategy rightKnow the take upManage the securityAgree ownershipAgree monitoring and control

#Contact DetailsGary Marland, Principal IT AuditorTelephone 0161 607 6974Gary.marland@salford.gov.uk

Steve Clare, Principal IT AuditorTelephone 0161 607 6976 steve.clare@salford.gvo.uk

Salford Internal Audit Services Salford City CouncilUnity House SwintonManchester M27 5AW

www.salford.gov.uk/acs-audit

#Any QuestionsThoughtsObservationsOr Confessions

#

#