The IT Risk Environment and Data Analytics Parm Lalli Director, - - PowerPoint PPT Presentation

the it risk environment and data analytics
SMART_READER_LITE
LIVE PREVIEW

The IT Risk Environment and Data Analytics Parm Lalli Director, - - PowerPoint PPT Presentation

Oct 29, 2023 516 likes •858 views

The IT Risk Environment and Data Analytics Parm Lalli Director, Focal Point Data Risk, LLC Parm Lalli Director, Data Analytics Focal Point Data Risk, LLC Parm is a Director with Sunera and leads our national Data Analytics practice. Parm has

slide-1
SLIDE 1

The IT Risk Environment and Data Analytics

Parm Lalli Director, Focal Point Data Risk, LLC

slide-2
SLIDE 2

2

Parm Lalli

Director, Data Analytics Focal Point Data Risk, LLC Parm is a Director with Sunera and leads our national Data Analytics practice. Parm has over 14 years of data analytics, audit, and controls experience with Sunera and other IT consulting firms, and is widely considered a leading data analytics practitioner in North America. Parm’s data analytics expertise includes vast experience with various Computer-Aided Audit Tools (CAATs), leading and performing data analytics and developing continuous controls monitoring (CCM) applications for many business processes. His experience also includes installing, implementing and configuring ACL Analytics Exchange, and providing training on all aspects of data analytics, from basic functionality to complex scripting and controls monitoring. Parm’s 16 years’ experience with ACL Software includes six years working at ACL. During Parm’s time at ACL, he led the development of analytics for ACL’s CCM solution. These analytics covered risks associated with accounts payable, travel and entertainment, general ledger, order to cash, procurement, human resource and payroll. Once the analytics were developed, Parm led consulting projects for ACL clients where he implemented the analytics and assisted clients with the development and maturation of the data analytics and CCM programs. Parm has also worked at PricewaterhouseCoopers in the Advisory group where he performed Revenue Assurance consultancy with the Telco Industry. Parm also have extensive experience with other data analytics tools and applications such as TOAD for Oracle & SQL Server, Arbutus, and Alteryx. In addition to his data analytics focus, Parm’s background is IT audit focused, having provided services related to IT general controls, application controls, internal audit, IT risk assessment, process improvement advisory, operational audit and Sarbanes-Oxley Act (SOX). Parm has also been involved with conducting vulnerability assessments and penetration testing for clients. Parm is a Certified Information Systems Auditor (CISA) and ACL Certified Data Analyst (ACDA).

slide-3
SLIDE 3

3

OBJECTIVES

▶ Raise awareness of the contribution data

analytics can make to mitigate risks in IT

▶ Identify key risk areas that can be tested with

data analytics tools

▶ Describe data analytics tests for key high-risk

areas

slide-4
SLIDE 4

4

AGENDA

▶ Why data analytics for IT? ▶ Risks to mitigate ▶ Specific risk areas ▶ Data Analytics for Cybersecurity ▶ Proactive security monitoring

slide-5
SLIDE 5

Why data analytics for information technology?

slide-6
SLIDE 6

6

2014 Data Breach Statistics

▶ $3.8 million per organization* ▶ $154 per record* ▶ Increases in

▸ Cyberattack frequency ▸ Remediation costs ▸ Business impact ▸ Detection/escalation costs

*IBM/Ponemon 2015 Cost of Data Breach Study

slide-7
SLIDE 7

7

The Environment

▶ High-risk area ▶ Abundance of data ▶ Multiple platforms/formats ▶ Complex ▶ Decentralized ▶ Proliferation of unencrypted devices

slide-8
SLIDE 8

8

DA enables…

▶ High-frequency automated testing ▶ Development of metrics

▸ Operational performance ▸ Call centers ▸ Cybersecurity

▶ Close to real-time monitoring/reporting of risks ▶ Comprehensive overview

slide-9
SLIDE 9

9

Output

▶ Dashboarding of trends/metrics ▶ Drill-down capabilities for supporting data ▶ User-friendly formats

slide-10
SLIDE 10

Risks

slide-11
SLIDE 11

11

Risks

▶ Unauthorized activity ▶ Loss of revenue ▶ Data corruption ▶ Data leakage (accidental) ▶ Data theft (intentional – internal or external) ▶ System downtime ▶ Loss of confidentiality ▶ Erosion of process integrity ▶ Decreased performance ▶ Malfunctioning hardware

slide-12
SLIDE 12

Risk Areas

slide-13
SLIDE 13

13

Key Risk Areas

▶ Access ▶ Change logs ▶ Segregation of duties ▶ Change management ▶ Physical access ▶ General Computer Controls/ITGC ▶ Application controls ▶ Improper user of company assets (Policies)

slide-14
SLIDE 14

14

Access

▶ Elevated access review ▶ Usage of Admin/Super user accounts ▶ Compare access to position description ▶ Compare to previous review results ▶ Flip flop access privileges ▶ Segregation of duties ▶ Access to contractors ▶ HR payroll records vs Active Directory user

listing

slide-15
SLIDE 15

15

Change Logs

▶ Review major changes ▶ Identify change/reversion (“flip-flop”) ▶ Frequency distribution by individual or

department

▶ Audit logs for application and database

changes

slide-16
SLIDE 16

16

Change Management

▶ Compare to ITAF standards ▶ Proper categorization ▶ UAT results ▶ Test all environments to ensure proper change

management (Dev, Test, Prod)

▶ Use DA tools for Code Review ▶ SOX controls for Vendor Master / Customer

Master changes

slide-17
SLIDE 17

17

Physical Access

▶ Review entries/exits to data centers (who) ▶ Review entry times vs exit times (duration) ▶ Cross-reference with HR data for departing

employees

▶ Compare against logs for suspect events ▶ Review temporary access passes for approvals ▶ Review failed attempted access logs

slide-18
SLIDE 18

18

General Computer Controls/ITGC

▶ Configuration vs Policies

▸ Default accounts ▸ Passwords ▸ Inactivity ▸ Failed logins ▸ Time out settings

▶ Security

▸ Firewall configuration settings/changes

slide-19
SLIDE 19

19

Application Controls

▶ Password settings ▶ Account settings ▶ Time out settings ▶ User access reports (compare time periods)

Compare all of the above with policies and procedures

slide-20
SLIDE 20

20

Applications

▶ Active Directory ▶ UNIX ▶ Mainframe ▶ Oracle ▶ Other Databases ▶ HRMS

slide-21
SLIDE 21

21

Security Incident & Event Monitoring

▶ SIEM tools in IT ▶ Great at collecting information & analyzing

information

▶ Misconfigured SIEM tools.

▸ Tools are only as good as how they’re configured

▶ SIEM tools normally configured for:

▸ Excessive login attempts

▶ Privileged escalation missed

▸ cross reference with authorization data

slide-22
SLIDE 22

Data Analytics for Cybersecurity

slide-23
SLIDE 23

23

Analytics and Cybersecurity

▶ Measure IT Risk across the organization ▶ Data is very disparate and complex

▸ Big data – variable, volume, velocity

▶ Data can be very big – Log files events ▶ Use data analytics to normalize, harmonize,

structure data

slide-24
SLIDE 24

24

Data to collect

▶ Installed application – what applications are

users installing?

▶ Virus / Trojan data should be captured ▶ What systems / applications do users have

access to? (IAM)

▶ IT Infrastructure

▸ servers, workstations, applications, etc.

slide-25
SLIDE 25

25

Data to Monitor

▶ Monitor what is being browsed on the internet

▸ Help identify sites being visited that can cause virus

infections ▶ Gather information on virus infections that

  • ccur – when, where, how

▸ Is training required in certain departments or sites

▶ Is your Intellectual Property being leaked?

▸ What sites, by who, how much data? ▸ Shut down code sites like (Github)

slide-26
SLIDE 26

26

Data analytics monitoring

▶ Identify, quantify, rank, and prioritize your risk ▶ Develop Risk scores

▸ Uses risk scores to identify the norm so the abnormal

jumps out

▶ Employees in similar departments / roles are

normally the same

▸ Figuring out their patterns or behaviors is important ▸ Collecting this data can help identify the internal

hackers, negligent users and opportunities to mitigate RISK

▶ Internal hackers will eventually give themselves

  • away. Just need to make sure we are watching /

monitoring the correct data

slide-27
SLIDE 27

Proactive Security monitoring

slide-28
SLIDE 28

28

DA Tools for IT

▶ Standard data analytic tools

▸ Alteryx, ACL, Arbutus, IDEA

▶ PowerShell

▸ Scripts to access Active Directory ▸ Run through EXECUTE & RUN commands ▸ Creates CSV (or other formats) files to import into

above tools ▶ Forensic Software for data examination

(emails)

▶ Cyber Security tools

slide-29
SLIDE 29

29

Proactive Security Monitoring

▶ Login Velocity – logging into multiple assets from a single source ▶ Previously Unseen Origin – Remote logging in from a location not previously seen ▶ Previously Unseen Process – Identify a previously unseen process running on critical machines ▶ Impossible Traveler – logging in from different locations that can not be achieved through normal travel means ▶ Cross User Login – same user account being logged on to multiple assets at the same time

slide-30
SLIDE 30

30

Proactive Security Monitoring con’t

  • Non-Badged User Login – identifying when an on-site

login does not have a corresponding badge entry into the building

  • Proxy Beaconing – looking for machines reaching out to

uncommon domains and IP’s

  • Timewheel – identifying machines performing beaconing

during hours of the day when the user or system isn’t typically active.

  • Snowflake – analysis to find process/software that has not

been seen in the environment before, across the fleet

  • Concerning Connections – assess network data to

automatically generate network maps from which undesired, or unexpected, connections can be identified.

slide-31
SLIDE 31

31

The End

▶ Questions / Comments?

slide-32
SLIDE 32

Parm Lalli Director 949-204-4550 plalli@focal-point.com www.focal-point.com