Security and compliance

management
Group Members
Dawood Iqbal
Nimra Waheed
Umer Khalid
Sohaib mehmood
Ahmad nawaz
Sajjad Hussain
In This Chapter
1. Foundation of risk management
2. Compliance management
3. ISM
4. Technology
5. Legal Aspects
 1. Foundation of Risk
management
1. Threats of ICT system
◇ There are physical and non-physical threats
◇ Physical threats cause damage to computer systems
hardware and infrastructure. Examples include theft,
vandalism through to natural disasters.
◇ Non-physical threats target the software and data on the
computer systems.

4
 BSI catalouge
1. Fire
2. Water
3. Unfavour able Climatic Conditions
4. Environmental Disasters
5. Eavesdropping
6. Information or Products from an Unreliable Source

5
 What is Risk ?
 It defines risk as the possibility of loss, injury, or other adverse or
unwelcome circumstance; a chance or situation involving such a

1 possibility.
 Risk is an uncertain event or condition that, if it occurs, has an
effect on at least one [project] objective.
 “
Types Of Risk

7
 Single Risk
Also called comprehensive non-payment insurance, buyer or
borrower failing to meet their contractual payment obligations due to
their inability to pay.
Portfolio risk
Portfolio risk is a chance that the combination of assets or units,
within the investments that you own, fail to meet financial
objectives. Each investment within a portfolio carries its own risk,
with higher potential return typically meaning higher risk.

8
 Risk Analysis
1. Conduct a risk assessment survey
2. Identify the risks
3. Analyze the risks
4. Develop a risk management plan
5. Implement the risk management plan
6. Monitor the risks

9
 Risk Management
Strategies
◇ Avoid the Risk
◇ Reduce the Risk
◇ Transfer the Risk
◇ Accept the Risk

10
 “
◇ Compliance Management

11
 Compliance Management
◇ In general compliance mean to follow the rule and
regulation which are made by regulation departments that
our organization is following them and we are aware about
that policies and standards. This ensure that how will
company get the goals completion and what to get success
in the market.

12
 Relevance of Compliance
Management
◇ It is refer that to follow the regulations which is made by
government. Missing the compliance may cause of
punishment.

13
 Integration Into GRC
Management
◇ Governance
Governance is the process establishing rules and regulations and
confirms the working.
◇ Risk
Risk may effect to achieve our goals, as we know that higher the
risk higher the chance of success.

◇ Compliance
When we follow the regulations that increase our ratio towards our
success.

14
 ◇ Information Security Management

“ (ISM)

15
 Information Security
Management (ISM)
◇  Information Security Management (ISM) is a governance
activity within the corporate government framework. ISM
describes the controls which are necessary to be
implemented by an organization to make sure that is
sensibly managing the risks.

16
 Objectives
1. Information is available and ready to use whenever it is
required.
2. The systems which provide information can resist attacks
adequately .
3. The information is visible or disclosed to only those people
who have the necessary clearance.
4. The information is complete, accurate and has complete.

17
 ISM process
◇ The ISM process involves the identification of factors, the
definition of their interrelationships, and the imposition of rank
order and direction to illuminate complex problems from a
systems perspective.

18
 ISM process
◇ Control
◇ Plan
◇ Implement
◇ Evaluate
◇ Maintain

19
 ISM Actions

20
 ISM Actions
1. Organization

◇ Establish Access profile

◇ Provide and file task description

21
 2. People
◇ Careful adjustment to the job
◇ Do a proper placement of employees
◇ Conduct professional recruiting

22
 “
◇Technology

23
 “
◇ Technology

24
 Technology
◇ E-commerce (electronic commerce) is the activity of
electronically buying or selling of products on online services
or over the Internet...
◇ Data Encryption
◇ Smart card

25
 Data Encryption
◇ Steganography
◇ Symmetric encryption
◇ Asymmetric encryption
◇ Hash function
◇ Electronic signature

26
 What is Steganography?
◇ Hiding secret message or data within another message or
data .
◇ E-mail steganography (microdot)
◇ Whitespace steganography
◇ Image steganography

27
 Symmetric Encryption
◇ One of the most effective means of ensuring data
security and integrity is encryption.
◇ Encryption is a generic term that refers to the act of
encoding data, in this context so that those data can be
securely transmitted via the Internet

28
 Hash function
◇ A hash function is any function that can be used to map
data of arbitrary size to fixed-size values.
◇ Hashing is a commonly used method to uniquely identify
malware.

29
 Hash function

30
 Electronic Signature
◇ A digital signature is also known as an electronic
signature.

◇ Digital signatures are used in e-commerce, software

distribution, financial transactions and other situations

31
 Smart Cards
◇ Smart card is one of the latest addition in this IT
world.
◇ It is of the size of a credit card.
◇ It has embedded silicon chip to store data and
communicate.

32
 Pros & Cons

33
 “
◇Ecommerce Legal and Law

34
 Taxes
◇ First, know that every state and country has different
expectations and standards when it comes to taxes.
◇ That means you have to conduct some research and
understand your target market.

35
 Trademarks, patents, and
copyrights
◇ Trademark: A word, phrase, symbol, that identifies and
distinguishes the source of the goods of one party from those of
others.
◇ Patent: A limited duration property right relating to an invention,
granted by the United States Patent and
◇ Copyright: Protects works of authorship, such as writings,
music, and works of art that have been tangibly expressed.

36
 Age restrictions
◇ Anytime you launch a website, it’s absolutely required
that it comply with the Children’s Online Privacy
Protection Act (COPPA) 
◇ This act includes quite a few regulations, but the one that
will likely apply to your site is the inability to collect any
personal information from a child under the age of 13.

37
 Licenses and permits
◇ Depending on which product you decide to offer, you
may need a license to sell it.
◇ This varies based on the country in which you’re
located, so contact your local licensing department.

38
 Domain rights
◇ The domain is the element of a DNS (domain
name system) that indicates the IP address of a
website or a computer.

39
 criminal law
◇ The Commerce Clause describes an enumerated
power listed in the United States Constitution (Article I,
Section 8, Clause ).
◇ The clause states that the United States Congress shall have
power "To regulate Commerce with foreign Nations, and
among the several States

40
41
42