Software errors are constant threat to information systems
Can enable malware to slip past antivirus defenses Patches Created by software vendors to update and fix vulnerabilities Business Value of Security and Control Business value of security and control Protection of confidential corporate and personal information Electronic Records Management (ERM) Policies, procedures, and tools for managing retention, destruction, and storage of electronic records Legal and regulatory requirements for ERM HIPAA - Outlines medical security and privacy rules Gramm-Leach-Bliley Act - Requires financial institutions to ensure security and confidentiality of customer data Sarbanes-Oxley Act - Imposes responsibility on companies and their management to safeguard accuracy and integrity of financial information used internally and released externally
Electronic evidence and computer forensics
Legal cases today increasingly rely on evidence represented as digital data Computer forensics Scientific collection, examination, authentication, preservation, and analysis of data on computer storage media so that it can be used as evidence in a court Establishing a Framework for Security and Control ISO 17799 International standards for security and control specifies best practices in information systems security and control Risk Assessment Determines level of risk to firm if specific activity or process is not properly controlled