 |
Detect, Prevent & Deter Financial Loss from Systems-based Fraud, Misuse and Errors |
 |
"IDSs must move toward monitoring and alerting on the misuse of IT resources by authenticated, authorized
users. This means evolving up the stack to the application layer. However, network- and syslog-based IDS
technologies don't lend themselves to the detection of business-layer offenses. Thus, other vendors likely
will address these needs. For example, ... Oversight Systems (is) bringing such products to market."
- Richard Stiennon, Gartner
|
|
"While IT security has traditionally focused on securing the perimeter against outside threats, Oversight
Systems addresses the much larger need to secure financial systems from 'Business Hackers' or authorized
users who employ their knowledge of business systems to perform unauthorized transaction. Continuous
transaction incident monitoring delivers value to the bottom line by detecting real financial losses. While
the application of these concepts and technologies plays a key role in regulatory compliance, the direct
dollar savings alone justifies its deployment."
- Matthew Kovar, Yankee Group
|
|
"Historically, hackers have not really been a problem. The major threat comes from technology-minded
insiders who have knowledge about processes, business system customizations and technologies. Insiders such
as current employees, recently terminated employees, subcontractors and consultants are significantly more
dangerous than outsiders.
"Any individual familiar with internal business processes represents a significant threat. Most instances
of computer crime involve insiders abusing processes and circumventing control measures to take money or
cause damage. In some business environments, such as ERP or CRM, 95 percent of fraud comes from insiders or
internal users with access to key data transactions."
- Gartner
|
|
"To successfully managing the high risk areas … companies must be able to monitor transactions independently
and continuously close to the point at which they occur. Data analysis technologies capable of continuous
monitoring that run alongside ERP systems can add an additional control layer and improve the process of
checking compliance with controls and exception reporting. And while this may seem 'futuristic' or even
unattainable, it doesn't have to be."
- Rich Lanza, Compliance Week
|
|
"In 2003, 36 percent of companies incurred $1 million or more in costs due to fraud, a significant jump
from 21 percent in 1998."
- KPMG's 2003 Fraud
and Misconduct Diagnostic Survey
|
|
"Security managers and CIOs are well aware of the threat posed by insiders, but often find it easier
technically and politically to take action against external threats instead. Businesses must take steps to
secure themselves against criminally intent insiders or resign themselves to suffering significant losses
from insider crimes."
- Victor S. Wheatman, Gartner
|
|
|
|
|
|
 |
About Oversight |
|
|
|
|
| |
|
|
|
|
|
|
|
|
| |
