a rogue trader at societe generale roils the world financial system
A Rogue Trader at Societe Generale Roils the World Financial System.
1. What concepts in this chapter are illustrated in this case?
System vulnerabilities
Computer crime: using computers as instruments of crime to defraud the bank, customers, and other financial institutions
Internal threats from employees: Jerome Kerviel has access to privileged information; he was able to run through the organizations system without leaving a trace
Business value of security and control: Organizations can be held liable for needless risk and harm created if the organization fails to take appropriate protective action to prevent loss of confidential information, data, corruption, or breach of privacy
Information system controls: General controls: govern the design, security, and use of computer programs and the security of data files in general throughout the organizational information technology infrastructure
Application controls: automated and manual procedures that ensure that only authorized data are completely and accurately processed by that application
Risk assessment: determines the level of risk to the firm if a specific activity or process is not properly controlled
Security policy: drives policies determining acceptable use of the firms information resources and which members of the company have access to its information assets
The role of auditing: an MIS audit examines the firms overall security environment as well as controls governing individual information systems
2. Describe the control weaknesses at SocGen. What management, organization, and technology factors contributed to those weaknesses?
One former SocGen risk auditor, Maxime Legrand, called the control procedures used to monitor the activity of its traders a sham and that the management pretend(s) to have an inspection to please the banking commission.
Management: Jerome Kerviel’s supervisors saw a balanced book when in fact he was exposing the bank to substantial risk because of
1. What concepts in this chapter are illustrated in this case?
System vulnerabilities
Computer crime: using computers as instruments of crime to defraud the bank, customers, and other financial institutions
Internal threats from employees: Jerome Kerviel has access to privileged information; he was able to run through the organizations system without leaving a trace
Business value of security and control: Organizations can be held liable for needless risk and harm created if the organization fails to take appropriate protective action to prevent loss of confidential information, data, corruption, or breach of privacy
Information system controls: General controls: govern the design, security, and use of computer programs and the security of data files in general throughout the organizational information technology infrastructure
Application controls: automated and manual procedures that ensure that only authorized data are completely and accurately processed by that application
Risk assessment: determines the level of risk to the firm if a specific activity or process is not properly controlled
Security policy: drives policies determining acceptable use of the firms information resources and which members of the company have access to its information assets
The role of auditing: an MIS audit examines the firms overall security environment as well as controls governing individual information systems
2. Describe the control weaknesses at SocGen. What management, organization, and technology factors contributed to those weaknesses?
One former SocGen risk auditor, Maxime Legrand, called the control procedures used to monitor the activity of its traders a sham and that the management pretend(s) to have an inspection to please the banking commission.
Management: Jerome Kerviel’s supervisors saw a balanced book when in fact he was exposing the bank to substantial risk because of