SlideShare ist ein Scribd-Unternehmen logo

Critical Security And Compliance Issues In Internet Banking

Als PPT, PDF herunterladen
T
Thomas Donofrio
Technologie
1 von 30
Presented By: Thomas A. Donofrio Director of Technology Audit and Consulting Services CRITICAL SECURITY AND COMPLIANCE ISSUES IN INTERNET BANKING
Regulatory Guidelines and Suggested Practices - Electronic Banking Environment FFIEC, OCC, FRB, FDIC and OTS have issued joint and separate guidance such as: ,[object Object],[object Object],[object Object],[object Object]
Regulatory Guidelines and Suggested Practices - Electronic Banking Environment “ Living” risk-based management plan and enterprise-wide security program. ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],4. Compliance risks Regulatory Guidelines and Suggested Practices - Electronic Banking Environment
[object Object],Due diligence in selection of vendor Risk assessment of application and services is critical Ongoing evidence of vendor oversight Regulatory Guidelines and Suggested Practices - Electronic Banking Environment
Regulatory Guidelines and Suggested Practices - Electronic Banking Environment ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Technology Risk Management: Components of an E-Banking Risk Assessment Model and Security Guidelines Enterprise-wide technology universe ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
[object Object],[object Object],[object Object],Three essential elements for planned new technologies Technology Risk Management: Components of an E-Banking Risk Assessment Model and Security Guidelines
Risk assessment document ,[object Object],[object Object],[object Object],[object Object],[object Object],Technology Risk Management: Components of an E-Banking Risk Assessment Model and Security Guidelines
Risk assessment document that addresses evidence of: ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Technology Risk Management: Components of an E-Banking Risk Assessment Model and Security Guidelines
[object Object],[object Object],[object Object],[object Object],[object Object],Privacy and Information Security Policy Technology Risk Management: Components of an E-Banking Risk Assessment Model and Security Guidelines
Privacy and Information Security Policy suggested additional guidelines (in addition to those already addressed prior to GLBA) ,[object Object],[object Object],[object Object],[object Object],Technology Risk Management: Components of an E-Banking Risk Assessment Model and Security Guidelines
Privacy and Information Security Policy suggested additional guidelines (in addition to those already addressed prior to GLBA) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Technology Risk Management: Components of an E-Banking Risk Assessment Model and Security Guidelines
Privacy and Information Security Policy suggested additional guidelines (in addition to those already addressed prior to GLBA) ,[object Object],[object Object],[object Object],[object Object],[object Object],Technology Risk Management: Components of an E-Banking Risk Assessment Model and Security Guidelines 8. Effective February 28, 2001, contracts with third party service providers must contain appropriate language
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Responsibility for services provided by third party vendors ,[object Object],Technology Risk Management: Components of an E-Banking Risk Assessment Model and Security Guidelines
New E-customer verification, if not face to face, requires: Positive verification Logical verification with customer of general information Use of digital certificates Authentication of E-customers Technology Risk Management: Components of an E-Banking Risk Assessment Model and Security Guidelines
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Authentication of E-customers Technology Risk Management: Components of an E-Banking Risk Assessment Model and Security Guidelines
[object Object],[object Object],[object Object],[object Object],[object Object],Network and Web-based Security and System Monitoring Network and web site security maintenance
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Other control initiatives include: Network and Web-based Security and System Monitoring
[object Object],[object Object],[object Object],Penetration/Intrusion Testing Tests electronic environments ,[object Object],[object Object],Zero-knowledge attacks versus full-knowledge attacks
[object Object],[object Object],[object Object],Penetration/Intrusion Testing Typical goals of testing: Insider attacks Remote access exploits (telnet, pc anywhere, secure shell) E-mail exploits Back doors Frontal assaults Evidence and monitoring destruction
Penetration/Intrusion Testing Typical goals of testing: ,[object Object],[object Object],[object Object],[object Object]
Penetration/Intrusion Testing Testing limitations ,[object Object],[object Object]
Network versus E-Commerce intrusion Outsourced web hosting and applications Skill set to exploit the vulnerabilities Penetration/Intrusion Testing Choose a service provider wisely ,[object Object],[object Object],[object Object],[object Object],[object Object]
Security Issues with Other Web Site Initiatives Weblinking/Portals ,[object Object],content compliance customer confusion security policies compliance (e.g., RESPA and Privacy) ,[object Object]
Security Issues with Other Web Site Initiatives Weblinking/Portals ,[object Object],[object Object]
Security Issues with Other Web Site Initiatives Aggregation - web-based consolidation of customer information ,[object Object],Erroneous data gathered Concentration of data increases risk of intrusion Reliance on third party security over information Liability for disputed transactions ,[object Object]
Security Issues with Other Web Site Initiatives Aggregation - web-based consolidation of customer information ,[object Object],Wireless Banking
Needs Assessment - E-Insurance Analysis of your current commercial coverage Determine if new e-insurance offerings duplicate Customer privacy violations, specific business interruptions or denial of access may have limited coverage or no coverage at all
Does current business coverage meet needs if modified? If new coverage is needed, how does it work and how are losses valued? When will coverage in proposal be available? Needs Assessment - E-Insurance Coverage questions to assist in determining e-insurance needs Require outsourcing partners e-insurance as part of contract SLA

Empfohlen

Clifford wilke
Clifford wilkeClifford wilke
Clifford wilke
Lanka Praneeth
 
Security Management Strategies and Defense and their uses.
Security Management Strategies and Defense and their uses.Security Management Strategies and Defense and their uses.
Security Management Strategies and Defense and their uses.
Computer engineering company
 
Security management and tools
Security management and toolsSecurity management and tools
Security management and tools
Vibhor Raut
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010
joevest
 
6 e commerce security
6 e commerce security6 e commerce security
6 e commerce security
Naveed Ahmed Siddiqui
 
Security Management | System Administration
Security Management | System AdministrationSecurity Management | System Administration
Security Management | System Administration
Lisa Dowdell, MSISTM
 
Banking and Modern Payments System Security Analysis
Banking and Modern Payments System Security AnalysisBanking and Modern Payments System Security Analysis
Banking and Modern Payments System Security Analysis
CSCJournals
 
Task 3
Task 3Task 3
Task 3
BIBEKCHAUDHARYBScHon
 

Empfohlen

Clifford wilke
Clifford wilkeClifford wilke
Clifford wilke
Lanka Praneeth
 
Security Management Strategies and Defense and their uses.
Security Management Strategies and Defense and their uses.Security Management Strategies and Defense and their uses.
Security Management Strategies and Defense and their uses.
Computer engineering company
 
Security management and tools
Security management and toolsSecurity management and tools
Security management and tools
Vibhor Raut
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010
joevest
 
6 e commerce security
6 e commerce security6 e commerce security
6 e commerce security
Naveed Ahmed Siddiqui
 
Security Management | System Administration
Security Management | System AdministrationSecurity Management | System Administration
Security Management | System Administration
Lisa Dowdell, MSISTM
 
Banking and Modern Payments System Security Analysis
Banking and Modern Payments System Security AnalysisBanking and Modern Payments System Security Analysis
Banking and Modern Payments System Security Analysis
CSCJournals
 
Task 3
Task 3Task 3
Task 3
BIBEKCHAUDHARYBScHon
 
Info Security & PCI(original)
Info Security & PCI(original)Info Security & PCI(original)
Info Security & PCI(original)
NCTechSymposium
 
Powerpoint v7
Powerpoint v7Powerpoint v7
Powerpoint v7
Veronica Pereira
 
E-Commerce Security: A Primer
E-Commerce Security: A PrimerE-Commerce Security: A Primer
E-Commerce Security: A Primer
John ILIADIS
 
Ch19 E Commerce Security
Ch19 E Commerce SecurityCh19 E Commerce Security
Ch19 E Commerce Security
phanleson
 
Threats of E-Commerce in Database
Threats of E-Commerce in DatabaseThreats of E-Commerce in Database
Threats of E-Commerce in Database
Mentalist Akram
 
Assessment and Mitigation of Risks Involved in Electronics Payment Systems
Assessment and Mitigation of Risks Involved in Electronics Payment Systems Assessment and Mitigation of Risks Involved in Electronics Payment Systems
Assessment and Mitigation of Risks Involved in Electronics Payment Systems
International Journal of Science and Research (IJSR)
 
Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing
Dinesh O Bareja
 
Information Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your BusinessInformation Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your Business
Laura Perry
 
Security@ecommerce
Security@ecommerceSecurity@ecommerce
Security@ecommerce
Om Vikram Thapa
 
Secure Your Career Shift With Computer-Security Training
Secure Your Career Shift With Computer-Security TrainingSecure Your Career Shift With Computer-Security Training
Secure Your Career Shift With Computer-Security Training
CCI Training Center
 
Cyber security guide
Cyber security guideCyber security guide
Cyber security guide
Mark Bennett
 
E-commerce Security and Threats
E-commerce Security and ThreatsE-commerce Security and Threats
E-commerce Security and Threats
BPalmer13
 
Chapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessChapter 12 iso 27001 awareness
Chapter 12 iso 27001 awareness
newbie2019
 
bankauditinITEnv
bankauditinITEnvbankauditinITEnv
bankauditinITEnv
Dr Vijay Pithadia Director
 
Information Security Management
Information Security ManagementInformation Security Management
Information Security Management
Bhadra Gowdra
 
Information systems audit and control
Information systems audit and controlInformation systems audit and control
Information systems audit and control
Kashif Rana ACCA
 
Heartlandpt3
Heartlandpt3Heartlandpt3
Heartlandpt3
grimesjo
 
Ecommerce security
Ecommerce securityEcommerce security
Ecommerce security
politegcuf
 
Access Control Systems
Access Control SystemsAccess Control Systems
Access Control Systems
arnoldpeter01
 
IS4799 Final Project (1)
IS4799 Final Project (1)IS4799 Final Project (1)
IS4799 Final Project (1)
Mark Milburn
 
MATERI KRIPTOGRAFI
MATERI KRIPTOGRAFIMATERI KRIPTOGRAFI
MATERI KRIPTOGRAFI
Universitas Bina Darma Palembang
 
DISSERTATION_40096050
DISSERTATION_40096050DISSERTATION_40096050
DISSERTATION_40096050
Pamela Dempster
 

Weitere ähnliche Inhalte

Was ist angesagt?

Info Security & PCI(original)
Info Security & PCI(original)Info Security & PCI(original)
Info Security & PCI(original)
NCTechSymposium
 
Information Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your BusinessInformation Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your Business
Laura Perry
 
Cyber security guide
Cyber security guideCyber security guide
Cyber security guide
Mark Bennett
 
E-commerce Security and Threats
E-commerce Security and ThreatsE-commerce Security and Threats
E-commerce Security and Threats
BPalmer13
 
Information systems audit and control
Information systems audit and controlInformation systems audit and control
Information systems audit and control
Kashif Rana ACCA
 
Heartlandpt3
Heartlandpt3Heartlandpt3
Heartlandpt3
grimesjo
 
IS4799 Final Project (1)
IS4799 Final Project (1)IS4799 Final Project (1)
IS4799 Final Project (1)
Mark Milburn
 

Was ist angesagt? (20)

Info Security & PCI(original)
Info Security & PCI(original)Info Security & PCI(original)
Info Security & PCI(original)
 
Powerpoint v7
Powerpoint v7Powerpoint v7
Powerpoint v7
 
E-Commerce Security: A Primer
E-Commerce Security: A PrimerE-Commerce Security: A Primer
E-Commerce Security: A Primer
 
Ch19 E Commerce Security
Ch19 E Commerce SecurityCh19 E Commerce Security
Ch19 E Commerce Security
 
Threats of E-Commerce in Database
Threats of E-Commerce in DatabaseThreats of E-Commerce in Database
Threats of E-Commerce in Database
 
Assessment and Mitigation of Risks Involved in Electronics Payment Systems
Assessment and Mitigation of Risks Involved in Electronics Payment Systems Assessment and Mitigation of Risks Involved in Electronics Payment Systems
Assessment and Mitigation of Risks Involved in Electronics Payment Systems
 
Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing
 
Information Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your BusinessInformation Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your Business
 
Security@ecommerce
Security@ecommerceSecurity@ecommerce
Security@ecommerce
 
Secure Your Career Shift With Computer-Security Training
Secure Your Career Shift With Computer-Security TrainingSecure Your Career Shift With Computer-Security Training
Secure Your Career Shift With Computer-Security Training
 
Cyber security guide
Cyber security guideCyber security guide
Cyber security guide
 
E-commerce Security and Threats
E-commerce Security and ThreatsE-commerce Security and Threats
E-commerce Security and Threats
 
Chapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessChapter 12 iso 27001 awareness
Chapter 12 iso 27001 awareness
 
bankauditinITEnv
bankauditinITEnvbankauditinITEnv
bankauditinITEnv
 
Information Security Management
Information Security ManagementInformation Security Management
Information Security Management
 
Information systems audit and control
Information systems audit and controlInformation systems audit and control
Information systems audit and control
 
Heartlandpt3
Heartlandpt3Heartlandpt3
Heartlandpt3
 
Ecommerce security
Ecommerce securityEcommerce security
Ecommerce security
 
Access Control Systems
Access Control SystemsAccess Control Systems
Access Control Systems
 
IS4799 Final Project (1)
IS4799 Final Project (1)IS4799 Final Project (1)
IS4799 Final Project (1)
 

Andere mochten auch

An Analytical Approach To Analyze The Impact Of Gray Hole Attacks In Manet
An Analytical Approach To Analyze The Impact Of Gray Hole Attacks In ManetAn Analytical Approach To Analyze The Impact Of Gray Hole Attacks In Manet
An Analytical Approach To Analyze The Impact Of Gray Hole Attacks In Manet
idescitation
 
Bruteforce basic presentation_file - linx
Bruteforce basic presentation_file - linxBruteforce basic presentation_file - linx
Bruteforce basic presentation_file - linx
idsecconf
 
Original image (Unification Thought)
Original image (Unification Thought)Original image (Unification Thought)
Original image (Unification Thought)
derek dey
 
Information System Security - Kriptografi
Information System Security - KriptografiInformation System Security - Kriptografi
Information System Security - Kriptografi
Dudy Ali
 
Fuzzy Set Theory
Fuzzy Set TheoryFuzzy Set Theory
Fuzzy Set Theory
AMIT KUMAR
 
Internet Banking Attacks (Karel Miko)
Internet Banking Attacks (Karel Miko)Internet Banking Attacks (Karel Miko)
Internet Banking Attacks (Karel Miko)
DCIT, a.s.
 

Andere mochten auch (20)

MATERI KRIPTOGRAFI
MATERI KRIPTOGRAFIMATERI KRIPTOGRAFI
MATERI KRIPTOGRAFI
 
DISSERTATION_40096050
DISSERTATION_40096050DISSERTATION_40096050
DISSERTATION_40096050
 
An Analytical Approach To Analyze The Impact Of Gray Hole Attacks In Manet
An Analytical Approach To Analyze The Impact Of Gray Hole Attacks In ManetAn Analytical Approach To Analyze The Impact Of Gray Hole Attacks In Manet
An Analytical Approach To Analyze The Impact Of Gray Hole Attacks In Manet
 
Compiler Design File
Compiler Design FileCompiler Design File
Compiler Design File
 
introduction to cryptography and its role in information technology era
introduction to cryptography and its role in information technology eraintroduction to cryptography and its role in information technology era
introduction to cryptography and its role in information technology era
 
Bruteforce basic presentation_file - linx
Bruteforce basic presentation_file - linxBruteforce basic presentation_file - linx
Bruteforce basic presentation_file - linx
 
Original image (Unification Thought)
Original image (Unification Thought)Original image (Unification Thought)
Original image (Unification Thought)
 
Plagiarisme
PlagiarismePlagiarisme
Plagiarisme
 
Pembelajaran Berbasis Riset (Hukum Gossen I)
Pembelajaran Berbasis Riset (Hukum Gossen I)Pembelajaran Berbasis Riset (Hukum Gossen I)
Pembelajaran Berbasis Riset (Hukum Gossen I)
 
Sosdarkam SMKN 1 cibinong 13 April 2016
Sosdarkam SMKN 1 cibinong 13 April 2016Sosdarkam SMKN 1 cibinong 13 April 2016
Sosdarkam SMKN 1 cibinong 13 April 2016
 
Cd lab manual
Cd lab manualCd lab manual
Cd lab manual
 
7 compiler lab
7 compiler lab 7 compiler lab
7 compiler lab
 
Compiler Design Lab File
Compiler Design Lab FileCompiler Design Lab File
Compiler Design Lab File
 
Information System Security - Kriptografi
Information System Security - KriptografiInformation System Security - Kriptografi
Information System Security - Kriptografi
 
Network security attacks
Network security attacksNetwork security attacks
Network security attacks
 
Plagiarisme
PlagiarismePlagiarisme
Plagiarisme
 
Fuzzy Set Theory
Fuzzy Set TheoryFuzzy Set Theory
Fuzzy Set Theory
 
Internet Banking Attacks (Karel Miko)
Internet Banking Attacks (Karel Miko)Internet Banking Attacks (Karel Miko)
Internet Banking Attacks (Karel Miko)
 
20080916 kriptografi
20080916 kriptografi20080916 kriptografi
20080916 kriptografi
 
Compiler Design Material
Compiler Design MaterialCompiler Design Material
Compiler Design Material
 

Ähnlich wie Critical Security And Compliance Issues In Internet Banking

17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
abhichowdary16
 
S nandakumar
S nandakumarS nandakumar
S nandakumar
IPPAI
 
S nandakumar_banglore
S nandakumar_bangloreS nandakumar_banglore
S nandakumar_banglore
IPPAI
 
Web Application Security Testing
Web Application Security TestingWeb Application Security Testing
Web Application Security Testing
Marco Morana
 
CRS Company Overview -Feb 6 2017
CRS Company Overview -Feb 6 2017CRS Company Overview -Feb 6 2017
CRS Company Overview -Feb 6 2017
Joseph John
 

Ähnlich wie Critical Security And Compliance Issues In Internet Banking (20)

Application Security Review 5 Dec 09 Final
Application Security Review 5 Dec 09 FinalApplication Security Review 5 Dec 09 Final
Application Security Review 5 Dec 09 Final
 
It Audit And Forensics
It Audit And ForensicsIt Audit And Forensics
It Audit And Forensics
 
David Whitaker: Managing Your Vendors
David Whitaker: Managing Your VendorsDavid Whitaker: Managing Your Vendors
David Whitaker: Managing Your Vendors
 
Core.co.enterprise.deck.06.16.10
Core.co.enterprise.deck.06.16.10Core.co.enterprise.deck.06.16.10
Core.co.enterprise.deck.06.16.10
 
IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security Audit
 
Lunch and Learn: June 29, 2010
Lunch and Learn: June 29, 2010Lunch and Learn: June 29, 2010
Lunch and Learn: June 29, 2010
 
Questions for a Risk Analyst Interview - Get Ready for Success.pdf
Questions for a Risk Analyst Interview - Get Ready for Success.pdfQuestions for a Risk Analyst Interview - Get Ready for Success.pdf
Questions for a Risk Analyst Interview - Get Ready for Success.pdf
 
𝐑𝐢𝐬𝐤 𝐀𝐧𝐚𝐥𝐲𝐬𝐭 𝐈𝐧𝐭𝐞𝐫𝐯𝐢𝐞𝐰 𝐐𝐮𝐞𝐬𝐭𝐢𝐨𝐧𝐬
𝐑𝐢𝐬𝐤 𝐀𝐧𝐚𝐥𝐲𝐬𝐭 𝐈𝐧𝐭𝐞𝐫𝐯𝐢𝐞𝐰 𝐐𝐮𝐞𝐬𝐭𝐢𝐨𝐧𝐬𝐑𝐢𝐬𝐤 𝐀𝐧𝐚𝐥𝐲𝐬𝐭 𝐈𝐧𝐭𝐞𝐫𝐯𝐢𝐞𝐰 𝐐𝐮𝐞𝐬𝐭𝐢𝐨𝐧𝐬
𝐑𝐢𝐬𝐤 𝐀𝐧𝐚𝐥𝐲𝐬𝐭 𝐈𝐧𝐭𝐞𝐫𝐯𝐢𝐞𝐰 𝐐𝐮𝐞𝐬𝐭𝐢𝐨𝐧𝐬
 
ISACA ISSA Presentation
ISACA ISSA PresentationISACA ISSA Presentation
ISACA ISSA Presentation
 
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
 
S nandakumar
S nandakumarS nandakumar
S nandakumar
 
S nandakumar_banglore
S nandakumar_bangloreS nandakumar_banglore
S nandakumar_banglore
 
Third Party Risk Management
Third Party Risk ManagementThird Party Risk Management
Third Party Risk Management
 
Risk Assessment Methodologies
Risk Assessment MethodologiesRisk Assessment Methodologies
Risk Assessment Methodologies
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit Club
 
Web Application Security Testing
Web Application Security TestingWeb Application Security Testing
Web Application Security Testing
 
Emerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityEmerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and Security
 
Emerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityEmerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and Security
 
CRS Company Overview -Feb 6 2017
CRS Company Overview -Feb 6 2017CRS Company Overview -Feb 6 2017
CRS Company Overview -Feb 6 2017
 
ByteCode pentest report example
ByteCode pentest report exampleByteCode pentest report example
ByteCode pentest report example
 

Kürzlich hochgeladen

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 

Kürzlich hochgeladen (20)

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 

Critical Security And Compliance Issues In Internet Banking

  • 1. Presented By: Thomas A. Donofrio Director of Technology Audit and Consulting Services CRITICAL SECURITY AND COMPLIANCE ISSUES IN INTERNET BANKING
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16. New E-customer verification, if not face to face, requires: Positive verification Logical verification with customer of general information Use of digital certificates Authentication of E-customers Technology Risk Management: Components of an E-Banking Risk Assessment Model and Security Guidelines
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29. Needs Assessment - E-Insurance Analysis of your current commercial coverage Determine if new e-insurance offerings duplicate Customer privacy violations, specific business interruptions or denial of access may have limited coverage or no coverage at all
  • 30. Does current business coverage meet needs if modified? If new coverage is needed, how does it work and how are losses valued? When will coverage in proposal be available? Needs Assessment - E-Insurance Coverage questions to assist in determining e-insurance needs Require outsourcing partners e-insurance as part of contract SLA