THE IT AUDIT - A MAJOR REQUIREMENT FOR THE MANAGEMENT QUALITY AND SUCCESS IN THE EUROPEAN BUSINESS CONTEXT

A requirement for the improvement of the quality management for the Romanian companies that are integrated in the European environment is represented by the development of an informational partnership between the actors involved in the company network. This partnership must be characterized by credibility, conformity, performance and security. The IT&C system represent the hardware and software support of this partnership, and the IT audit is the process that certify it's conformity. In the audit process, the main accent is on the security audit due to the importance of the vulnerabilities, threats and IT risk analysis. The list of measures that are proposed at the end of the audit to company management should be incorporated in the company security policy, that is the starting point for the ISMS - Information Security Management System, part of the company general management system. The implementation of the Business Continuity and Disaster Recovery Plan is one of the most important measures in order to increase the confidence level of the business partners and to provide safe environment for business continuance.Management, IT&C Systems, IT Audit, ISMS, Security Policy, Business Continuity, Disaster Recovery Plan

Analisis Tingkat Kesiapan Pengamanan Sistem Informasi

The University has a number of data relating to Academic and Higher Education Governance. The large amount of data that requires security, especially in terms of readiness to secure information systems. Maintaining information system security in the university environment aims to maintain confidentiality, fulfill the availability of the system for those who have authority for those who use it and the integrity of the system. The University of National Development "Veteran" Jakarta has work units such as the Faculty, UPT and Bureau where each has the task and function to manage data. The problem is the need to measure the level of information system security to see the maturity of an information system at UPN Veteran Jakarta. OUR Index stands for Information Security Index which is used as a tool to analyze and measure and evaluate the maturity level of information security with the application of SNI ISO / IEC 27001: 2009 standards that can be applied within government agencies. As for the KAMi index version used, namely version 3.1. The method used to solve the problems in OUR index is through six stages, namely the first stage of electronic systems, both information security governance, third information security risk management, the four information security management frameworks, the five asset information management and the six information security technologies. The results obtained after taking measurements using the US Index need improvement in system security in managing information security risks and governance

Information Security Analysis of Online Education Management System using Information Technology Infrastructure Library Version 3

The rapid development of information affects many aspects of human life. So that the field of information security becomes one aspect that must be considered. This study aims to measure the information security awareness and to improve daily operational activities of managing IT services effectively and efficiently. Salemba Adventist Academy has used the Wium Online Education Management System (WIOEM) online system, but in its implementation the security aspects of the system are not yet known. The Information Technology Infrastructure Library (ITIL) v3 framework which is globally recognized for managing information technology is broken down into five parts: Service Strategy, Service Design, Service Transition, Service Operation, Continual Service Improvement. This study focuses on Service Operations with 4 attributes, namely: Security, Privacy, Risk, and Trust. The data collection method used by the researcher was through observation in the form of a questionnaire in taking the number of samples to several students by taking population samples using the Lemeshow method. After the data were collected, the results of the ITIL indicator questionnaire are calculated based on the data security level. The results show that the Security indicator is Level 1, the Privacy indicator is level 3, the Risk indicator is level 3, and the Trust indicator is level 4 on the Data Security Level scale. This shows that the WIOEM system can be used properly according to user expectations and meets several levels of data security according to ITIL v3 framework.   &nbsp

An examination of the extent of implementation of the information security system and IT audit system in Ghananian Banks

The study examined the impact of information security and information technology (IT) audit in selected banks in Ghana. The study specifically, ascertained the degree of exposure to threats, it examined the extent of implementation of information security and IT audit system in the bank to protect information from threats, determined the impact, the performance and finally identified the challenges of the banks in managing information security system. A structured questionnaire was used as the main research instrument.  Four banks were selected for the study, including two local and two foreign banks. A total of 20 employees (5 from each) were sampled from the Headquarters of each bank in Accra. Only managers, IT managers, and Risk managers were sampled. The study found that the sampled level exposure of banks to threats to information systems is low. Local banks were however more exposed to threats than foreign banks. Largely the banks managed threats to information system by implementing strategies, including having an information security policy, information security organization, asset and human resource security system, information access control IT Audit system. The performance of banks in information system was moderate. Information security and IT audit system had correlated positively to the overall performance of the banks. Availability of information security policy has significant positive impact on bank performance. The study encouraged the banks to improve upon their information security and IT audit practices to ensure improvement in the performance of the banks in information security management. Keywords: Employee, Technology, Audit,Managemen

Riskienhallinnan ja turvallisuusjohtamisen tietojärjestelmän kehittämissuunnitelma S-ryhmälle

Opinnäytetyö on toiminnallinen kehittämissuunnitelma S-ryhmän riskienhallinnan ja turvallisuusjohtamisen tietojärjestelmästä. Järjestelmä on aikoinaan hankittu tukemaan riskienhallinnan suunnittelua ja turvallisuuden johtamista, mutta sen kehitystyö oli jäänyt kesken. Työn toimeksiantajalla oli tarve selkeälle ja johdonmukaiselle suunnitelmalle järjestelmän käytön ja sisällön kehittämiseksi. Opinnäytetyön raportti toimii samalla itse kehittämissuunnitelmana. Työ toteutettiin tutustumalla itse tietojärjestelmän sisältöön ja ominaisuuksiin sekä haastattelemalla S-ryhmän riskienhallinnan ja turvallisuusjohtamisen asiantuntijoita, joiden käyttöön tietojärjestelmä on tarkoitettu. Kerättyjen tietojen perusteella määritettiin kehittämissuunnitelman lähtökohta ja toimeksiantajan tarpeet järjestelmälle, joiden pohjalta luotiin ehdotukset kehittämistoimenpiteiksi. Lähtökohtien määrittelyssä ilmeni tietojärjestelmän ominaisuuksien puutteiden suuri määrä sekä järjestelmän käytön hajanaisuus ja epäsäännöllisyys. Käyttäjähallinta, selkeät käyttäjien roolit ja raportoinnin hankaluus nousivat merkittävimmiksi ongelmakohdiksi, jotka myös heijastuivat toimeksiantajan tarpeissa. Raportointiin kaivattiin monipuolisuutta, selkeyttä, säännöllisyyttä ja luotettavuutta. Järjestelmästä pitää saada oikeasti suunnittelua tukeva työväline. Toimenpide-ehdotukset jakaantuivat tärkeimpiin, vähemmän tärkeisiin sekä vähiten tärkeisiin ehdotuksiin. Tietojärjestelmän kokeilu, ”pilotointi”, ennalta harkitusti ja suunnitellusti, uusituilla ohjeilla, tarkistetuilla käytänteillä ja käyttäjien selkeytetyillä rooleilla olisi enemmän kuin tarpeellista. Toinen tärkeä toimenpide on raportoinnin korjaaminen monipuolisemmaksi ja selkeämmäksi.Development plan for S-group’s Information System of Risk and Security Management This thesis is a development plan for the S-group’s information system of risk and security management. The purpose of the plan is to write down a clear plan and guidelines, how to improve the usage and features of this particular system in S-group. The plan consists of the clarification of the system’s modern state, the S-groups needs for the system and proposals for the steps of development. For the development plan, I studied the information system and made observations about the features it contains. In addition, I interviewed four specialist of the S-group risk management team to detect the state of usage of the system. Through the interviews also the S-groups needs for the system were defined. The list of problems and development areas became relatively long. The main focus areas were the user definitions and roles and the problematic of reporting features. The reporting needs to be more clear, versatile, regular and trustworthy. At the moment, the system isn’t supporting the planning of the S-groups risk management procedures. The most important suggestions for improvement turn out to be a proper piloting project with planned and purposeful means, guiding and user roles and the improvement of the reporting feature. In addition, the plan contains several less important measures of development

Risk analysis and management of technological stages of construction

Diplomová práce se zabývá analýzou a hodnocením kvalitativních, environmentálních a bezpečnostních rizik, nebezpečí a aplikací vhodné metodiky na konkrétní stavební dílo. Pro aplikaci je zvolena klíčová stavební technologie – zdění. Diplomová práce stanovuje rámec pro řízení rizik na základě zavedeného integrovaného systému řízení (ISM), definuje cíle a nastavení mechanismů kontrolujících dodržování standardů, vyhodnocení podnikových rizik, definování strategií pro řízení rizik, návrh postupů pro řízení rizik, sledování jejich fungování, vyhodnocení jejich fungování a případné zdokonalování a podpora procesu dodáváním potřebných informací.This thesis deals with the analysis and evaluation of quality, environmental, and security risks, hazards and application of appropriate methodology to a particular construction project. For an application is selected the key construction technology - walling. Diploma thesis establishes a framework for risk management on the basis of established integrated management system (IMS) defines the objectives and mechanisms in controlling adherence to standards, evaluation of business risks, defining risk management strategies, the draft risk management procedures, monitoring their functioning, assessing their performance and any improvement and support the process of supplying the required information.

Cyber risk as a threat to financial stability

Information systems play a critical role in the functioning of financial institutions. While supporting their services and enabling their strategies, underlying vulnerabilities could pose an important source of risk: cyber risk. This may impair financial institutions’ operational capabilities and even threaten their viability. Furthermore, the high level of interconnection and interdependence between the elements of the financial system allows for the contagion of cyber risk among them. Consequently, the materialization of cyber risk in its most extreme form could threaten the stability of the financial system. To address this topic, the article first introduces cyber incidents and their estimated costs, focusing on the financial system. Cyber risk is then considered, together with the main vulnerabilities and threats to cyber security affecting financial institutions. This is followed by a justification of the potential systemic effect of cyber risk on the financial system, supported by the use of theoretical models. Moreover, highlights of the current regulatory framework on cyber risk for financial institutions operating in Spain are also presented. Finally, recommended future lines of work for the improvement of the management of cyber risk in the financial system are discussed

Providing high resolution quantified seasonal forecasts in East Africa

The food security of millions of people in East Africa is threatened due to climate events that shock the mainly agricultural system. Under a changing climate, these shocks will increase in severity and frequency, further destabilizing food security in the region. In the past, climate and food security forecasting systems in the region only supplied seasonal climate forecasts, consisting of three general expected rainfall categories: 'above normal', 'near normal' and 'below normal'. This type of forecast was limited in scope and did not provide sufficient detail of how much rainfall was expected and when, which is important information for rural communities and their support services. The Intergovernmental Authority on Development (IGAD) Climate Prediction and Applications Centre (ICPAC) was set up in order to equip member countries with climate early warning and relevant information. This helps in addressing devastating, serious climate events like floods or droughts in the Horn of Africa. In support of ICPAC, the Integrated Agricultural Production and Food Security Forecasting System for East Africa project led by scientists at the International Maize and Wheat Improvement Center (CIMMYT), developed a forecasting system that is robust, user friendly and scientifically reliable. It integrates improved seasonal climate, production and food security forecasts. As a result, ICPAC is now able to forecast the amount of rainfall on both a seasonal and monthly basis, as well as effectively communicating this information to national and regional policymakers, agriculturists, meteorological and hydrological services, disaster management and food security offices and non-governmental organizations. The project also provides early warnings to local and national governments and relief agencies, enabling them to respond to climate crises in a timely and efficient manner. The warnings allow these agencies to respond effectively to climate change shocks, reducing costs, saving lives and enhancing long-term climate risk management and policy options in the region

Risk and Work Configuration Management as a Function of Integrated Safety Management

National Security Technologies, LLC (NSTec), has established a work management program and corresponding electronic Facilities and Operations Management Information System (e-FOM) to implement Integrated Safety Management (ISM). The management of work scopes, the identification of hazards, and the establishment of implementing controls are reviewed and approved through electronic signatures. Through the execution of the program and the implementation of the electronic system, NSTec staff work within controls and utilize feedback and improvement process. The Integrated Work Control Manual further implements the five functions of ISM at the Activity level. By adding the Risk and Work Configuration Management program, NSTec establishes risk acceptance (business and physical) for liabilities within the performance direction and work management processes. Requirements, roles, and responsibilities are specifically identified in the program while e-FOM provides the interface and establishes the flowdown from the Safety Chain to work and facilities management processes to company work-related directives, and finally to Subject Matter Expert concurrence. The Program establishes, within the defined management structure, management levels for risk identification, risk mitigation (controls), and risk acceptance (business and physical) within the Safety Chain of Responsibility. The Program also implements Integrated Safeguards and Security Management within the NSTec Safety Chain of Responsibility. Once all information has been entered into e-FOM, approved, and captured as data, the information becomes searchable and sortable by hazard, location, organization, mitigating controls, etc

Rekomendasi Perancangan Sistem Manajemen Keamanan Informasi (SMKI) Menggunakan Metode AHP-TOPSIS Berdasarkan ISO/IEC 27001:2005 (Studi Kasus: PT PJB SERVICES)

PT. PJB Services adalah perusahaan yang didirikan untuk memenuhi kebutuhan lini bisnis dalam memberikan jasa operasi dan pemeliharaan unit pembangkit listrik. Pengelolaan keamanan informasi pada PT. PJB Services selama ini hanya didasarkan pada praktik dasar keamanan yang melalui proses peningkatan tanpa adanya dasar pedoman. Perusahaan cenderung melakukan peningkatan keamanan informasi berdasarkan trend yang berkembang saat itu atau saat terjadinya insiden yang berkaitan dengan keamanan informasi. Tanpa adanya pengelolaan keamanan informasi yang baik dan berkelanjutan pada perusahaan, maka perusahaan sangat rentan terdahap ancaman keamanan informasi yang ada. Berdasarkan hal tersebut, penelitian difokuskan kepada rekomendasi perancangan Sistem Manajemen Keamanan Informasi (SMKI) untuk PT PJB Services khususnya di Divisi Teknologi Informasi (TI). SMKI merupakan sebuah sistem manajemen yang berdasarkan pendekatan risiko aset informasi untuk memantapkan, menerapkan, menjalankan, memantau, meninjau ulang, memelihara dan meningkatkan keamanan informasi. Penelitian ini menggabungkan penggunaan AHP-TOPSIS dengan berdasar pada ISO/IEC 27001:2005 dalam pembuatan perancangan SMKI. Proses assessment menggunakan ISO/IEC 27001:2005, dari hasil audit akan didapatkan kontrol beserta cara penanganan berdasarkan beberapa kriteria dari resiko tersebut, setelah itu akan dilakukan proses rekomendasi menggunakan metode AHP-TOPSIS sehingga akan mendapatkan prioritas kontrol dalam penanganan keamanan informasi. Hasil dari penelitian ini, sebanyak 45 aset informasi dan 224 risiko yang dapat diidentifikasi. Prioritas kontrol yang direkomendasikan sesuai dari hasil penelitian ini adalah Security Policy, Organization of Information Security, Human Resource Policy, Physical and Environmental Security, Communications and Operations Management, Access Control, Information Security Incident Management, Asset Management, Information System Acquisition Development and Maintenance. =========================================================== PT. PJB Services is a company established to meet the needs of business lines in providing services operation and maintenance of power plant. Information security management at PT. PJB Services has been based solely on basic security practices through an improvement process in the absence of a guideline. Companies improve information security based on current trends or incidents related to information security. In the absence of good and sustainable corporate information security management, companies are vulnerable to existing information security threats. Based on that situation, this research focused on designing recommendation of Information Security Management System (ISMS) for PT PJB Services, especially in the Division of Information Technology (IT). The ISMS is a management system based on an information asset risk approach to consolidate, implement, monitor, review, maintain and enhance information security. This study combines the use of AHP-TOPSIS based on ISO / IEC 27001: 2005 in making ISMS design. The assessment process using ISO / IEC 27001: 2005, from the assessment results will be obtained control and how to handle based on several criteria of the risk, after that, the recommendation process will be done using AHP-TOPSIS method so it will get priority control in handling information security. The results of this study, 45 information assets and 224 risks that can be identified. The recommended priority controls from the results of this study are Security Policy, Organization of Information Security, Human Resource Policy, Physical and Environmental Security, Communications and Operations Management, Access Control, Information Security Incident Management, Asset Management, Information Systems Acquisition Development and Maintenance