Call us on +254-20-2522068/70email us on:

Downloads (PDS & whitepaper)

BitDefender Products

No pop-ups. No configuring. No interruptions. In fact, it requires zero interaction on your part. That's the kind of silent security you'll find in all three levels of Bitdefender 2014 antivirus software. Whether you're a PC novice or expert, parent or gamer, select the protection that's right for you!

View More

Regulatory Compliance

Meeting Compliance Requirements in a Competitive Marketplace

As more and more high-profile cases of corporate insider fraud come to light, there is an increased awareness of the internal threat to corporate assets coming from company employees and management - as opposed to malicious outsiders. Most companies and public service organizations are exposed to the very real threat posed by insiders who have authorized access to and are capable of manipulating internal systems for personal gain. In response, governments worldwide have enacted new regulations with the foremost intention of protecting the customers and shareholders who place their trust in the organizations serving and representing them. While beneficial, these regulations pose significant technical challenges for organizations as most of their systems were developed and deployed before these regulations were enacted.

Privacy Regulations- PCI, HIPAA&GLBA:

The Audit Trail Challenge

The Payment Card Industry Data Security Standard (PCI DSS) requires organizations that deal with credit card transactions to “Implement automated audit trails for all system components to reconstruct all individual user accesses to cardholder data.” The Gramm-Leach-Bliley Act
(GLBA) makes similar requirements regarding tracking access to financial information and the HIPAA Security Rule poses similar requirements regarding electronic protected health information.

The requirement to maintain a detailed audit trail is challenging for organizations that rely on both legacy and modern systems. Unlike network devices and infrastructure systems, there is typically no detailed user access logging mechanism in most applications. Developing such a
mechanism involves tremendous effort and cost, potentially altering thousands of programs. Mechanisms that track changes to corporate databases are not sufficient, as they track update and alteration of data but do not capture critical "read-only" access to data.

Sarbanes-Oxley Act:

The Activity Monitoring Challenge

The Sarbanes-Oxley Act requires executives and auditors of publicly traded companies to validate the accuracy and integrity of their financial reporting. Section 404 of the act requires companies to create and maintain effective internal controls for tracking financial processes. As financial reporting relies on information collection from various systems and resources, (purchasing, payroll, inventory, human resources, etc.), compliance with section 404 requires development of effective controls cross-platform. This is challenging, as systems developed prior to the Sarbanes-Oxley Act typically do not have sufficient logging or control mechanisms. Database Trace Monitoring solutions provide limited visibility into user actions, tracking changes to the database but not to end-user actions, such as accessed screens. In addition, user queries cannot be traced with this type of solution, missing out on potential fraud attempts.

Basel II Accord:

The Insider Threat Challenge

The Basel II Accord introduces the requirement of banks to manage operational risk as part of their overall risk management. According to Basel II, the risk the bank is exposed to affects its capital requirements. Operational risk is defined as the “direct or indirect loss resulting from
inadequate or failed internal processes, people and systems or from external events.” The accord lists several types of operational risk including Internal Fraud, External Fraud and Business disruption and system failures. Most of the existing solutions for fraud detection focus on external fraud and do not provide an effective solution for internal fraud which requires granular visibility to internal end-user behavior. As internal fraud represents a serious operational risk, banks now have even stronger incentive to be proactive about insider threat.

Infosol Systems 2014. All Rights Reserved.