Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

Information Security Management System in the Banking Sector

759 Aufrufe

Veröffentlicht am

Information Security Management System design. Information security governance approaches comparison. ISMS processes. ISMS implementation. The biggest threats in the Banking sector. The future of banking and payment systems. The challenges and future of banking. Cybersecurity solutions for Financial services.

Veröffentlicht in: Technologie
  • Als Erste(r) kommentieren

Information Security Management System in the Banking Sector

  1. 1. Samvel Gevorgyan CEO, CYBER GATES MSc Information Systems & Cyber Security Information Security Management System in the Banking Sector COPYRIGHT 2017 © CYBER GATES WWW.CYBERGATES.ORG
  2. 2. Information Security Management System (design)
  3. 3. PDCA Model applied to ISMS processes
  4. 4. Security measures meta-framework Image source: www.enisa.europa.eu
  5. 5. Information security risks Image source: www.enisa.europa.eu
  6. 6. Information security governance approaches (comparison) Image source: ibimapublishing.com
  7. 7. Information Security Management System (implementation)
  8. 8. The biggest threats 1. Malicious software • Infecting critical systems with ransomware • Installing keyloggers to get sensitive data, etc. 2. IoT (Internet of Things) devices and botnets • Hacking CCTV cameras to perform DoS/DDoS attacks, etc. 3. Phishing and social engineering • Revealing confidential information relating to clients and employees • Hacking corporate email accounts to alter payment bank account numbers, etc. 4. Business process compromise attacks • Hacking processing system to redirect customers’ transactions 5. Third party services, unsecured mobile banking, unencrypted data, data breaches, etc.
  9. 9. Malicious software Infecting critical systems with malwares
  10. 10. IoT devices and botnets Hacking CCTV cameras to perform DoS/DDoS attacks
  11. 11. Phishing and social engineering Anomaly of phishing attack against bank employees
  12. 12. Business process compromise attacks
  13. 13. Third party services and mobile banking Exploiting critical infrastructure weaknesses
  14. 14. Unencrypted data and data breaches
  15. 15. The Open Banking and PSD2 The future of banking
  16. 16. The next generation payment system
  17. 17. The challenges and future of banking Targets for hacking in the near future: • Online / mobile banking systems • Initial Coin Offering (ICO) • Blockchain • Cryptocurrency The future of intrusion detection: • Machine learning for preventing data leakages • Artificial Intelligence for fighting financial fraud, malware anomalies, etc. The future of mobile banking security: • Biometric authentication for mobile banking (fingerprint, face and voice recognition, etc.)
  18. 18. Cybersecurity solutions for Financial Services
  19. 19. PinCat PinCat is a unified threat management (UTM) solution that combines multiple security features into a single platform to protect your network, web, email, applications, and users against advanced persistent threats (APT), DoS/DDoS attacks, viruses, spyware, ransomware and spam messages. • Protection against DDoS attack vectors up to 50 Gbit/s • Next generation Firewall • Data Loss Prevention • Anti-Ransomware • Advanced SPAM filter
  20. 20. FireEye The FireEye Threat Prevention Platform provides real-time, dynamic threat protection without the use of signatures to protect an organization across the primary threat vectors and across the different stages of an attack life cycle. • Staying ahead of issues that could endanger the bank’s mission • Identifying and blocking unknown cyber threats that are missed by traditional defenses • Preventing the potential compromise of critical operations and data
  21. 21. Trend Micro Coordinated threat defenses is a new approach to enterprise security that helps address this situation. It builds on the traditional tactic of relying on comprehensive domain-level countermeasures by emphasizing the additional need for: • Extensive, multi-way integration among domain- and management-level components • Overarching, cross-domain security data analysis, correlation, and visualization • Supplemental, global threat intelligence • Intelligent coordination and automation of essential threat response capabilities
  22. 22. MaxPatrol MaxPatrol gives an unbiased picture of the state of protection at the system, department, node, and application levels. Pentesting, auditing, and compliance verification—combined with support for diverse operating systems, databases, and web apps—make MaxPatrol the perfect choice for auditing security in real time, all the time, at all levels of a corporate information system. • All-in-one solution ensures consistent results • Multilevel reporting tells the whole story • Presets ease compliance