One day Thomas Ryan, who worked as a white-hat hacker and cyber security analyst, created an entire social media background and history for Robin Sage, an attractive 25-year-old girl who claimed to be a cyber threat analyst at the Naval Network Warfare Command in Norfolk, Virginia.
She duped men and women alike (but mostly men) without showing any real biographical information. Within two months time (December 2009-January 2010), she acquired access to email accounts (one NRO contractor posted information on social media which revealed answers to security questions on his personal e-mail), home addresses, family information, and bank accounts.
Read more on this interesting “fake it ’til you make it” story!
The purpose of an information security policy is to set everyone’s expectations by outlining what’s being done or what should be done to protect systems and information within the business. Policies are a convenient solution to today’s security ailments. Or are they?
Many of the top risks organizations face today are related to technology.
As a result, internal auditors are paying close attention to areas such as cybersecurity, data privacy, and social media. These areas—and others related to technology—have the potential to deliver devastating setbacks to a company or organization.
“The technology risks we face today are increasingly complex, and a sophisticated, well-thought-out approach is required to manage them,” Richard Chambers, president of The Institute of Internal Auditors (IIA), said in a news release.
Methods for internal audit to help organizations manage the top 10 technology risks are described in a new report, Navigating Technology’s Top 10 Risks, that was released today by the IIA and is available for download on the IIA’s website. The top 10 technology risks were determined as the result of interviews with chief audit executives and IT specialists from Africa, Latin America, the Middle East, Europe, Canada, and the United States.
The report’s top 10 risks—and suggestions for how internal audit can manage them—include:
– See more at Journal of Accountancy