- TYPE: Combined Session DATE: Wednesday, May 11, 2016 TIME: 12:00-13:00 LOCATION: AMMERSEE II
As of now, Fraud Management and Security, including Real Time Security Intelligence (RTSI) and advanced security and threat analytics are commonly segregated from each other. While this at first glance makes sense, given the different corporate buyers, there are three good reasons for a more integrated perspective. On is that the underlying analytical technologies are vastly the same. It is about machine-learning and pattern-based analytics, helping better protecting organizations against fraudulent behavior and attacks (notably, banking fraud is tightly related to threat analytics anyway). It is about Adaptive Authentication, taking the context risk into account when e.g. granting customers access to their bank accounts or employees access from their mobile devices to sensitive business applications.
Moreover, the reason for doing all this is risk migration. Both Fraud Management and RTSI are elements of risk mitigation strategies. Both should integrate with GRC (Governance, Risk Management, Compliance) tools for providing an up-to-date risk view.
In this session, we will look at the similarities and differences, but also the emerging need for better integrating both Fraud Management and Security Management with the overarching GRC view.
There are two facets of fraud – the business fraud and the IT fraud. The first is about people e.g. transferring money to accounts they have created for a fake supplier. The latter involves all fraudulent behavior in IT systems, particularly when it leads to financial losses. However, IT fraud includes attackers hijacking accounts of business users, ending up in business fraud. And most business fraud scenarios are related to excessive entitlements and SoD violations. So business fraud and IT fraud are tightly aligned. On the other hand, both business risk management and IT risk management and business fraud management and IT security intelligence (including fraud management) are kept separate in most organizations. The panel will discuss whether this must be the case due to the fact that business organization and IT organization are kept separate or whether and how it should change. And if there should be one approach on fraud management: How must organizations look like, both from the line, the security, and the government organization? Is it realistic to integrate these areas or not?
- Registration fee:
- Contact person:
Mr. Levent Kara
+49 211 23707710
- May 10 - 13, 2016 Munich, Germany