2. Programme
Introduction by Toon Vanagt
Fintech industry: A reliable partner
for the financial sector by Professor
Georges Ataya
o Case studies
o What methods should be put in place?
o The skills that are lacking
o Certifications
3. Your Speakers
Georges Ataya
Academic Director at Solvay Brussels School
Managing partner Ataya & partner
Co-Founder of the Belgian Cybersecurity Coalition
Co-founder DPO Circle
Member of the Advisory Boards at Agoria, BECI, CIONET,
ISACA
Past International Vice President at ISACA and co-
founder of the body of knowledge of CISM and CGEIT
Toon Vanagt
Host, Board of FinTech Belgium
CEO of data.be
4. Cybersecurity context
Fintech concerns for Cybersecurity
European regulations and guidelines
Certification for SME
Cybersecurity skills assessment
Competences and knowledge
Professional certification
Cybersecurity
for FINTECH
Prof. Georges Ataya
5.
6. Urgent Cyber Security Issues
1. Financial Crimes
2.The Rise of Multi-Cloud Computing
3. Third-Party and Supply Chain Attacks
4. Shortage of Cybersecurity Professionals
5. More Sophisticated Phishing Exploits
6. Cyber Attacks on the Grid
7. Personal Attacks
8. State-Sponsored Attacks
9. IoT and Autonomous Systems
10. Smart Health Devices and EMR
“Cyber crime is big
business, with the most
elite hackers earning a cool
half a million dollars a
year just to test system
security; the bad guys are
raking in billions”.
Source: www.csoonline.com
The 14 biggest data breaches of the 21st
century
Adobe
Date: October 2013
Impact: 153 million user records
Adult Friend Finder
Date: October 2016
Impact: 412.2 million accounts
Canva
Date: May 2019
Impact: 137 million user accounts
eBay
Date: May 2014
Impact: 145 million users
Equifax
Date: July 29, 2017
Impact: 147.9 million consumers
LinkedIn
Date: 2012 (and 2016)
Impact: 165 million user accounts
Marriott International
Date: 2014-18
Impact: 500 million customers
Yahoo
Date: 2013-14
Impact: 3 billion user accounts
7. Sources of external threat
Intelligence
Agencies
Criminal
Groups
Terrorist
Groups
Activist
Groups
Armed
Forces
7
8. The fact that there’re many cases in which large
traditional banks have failed to protect the data of
their customers do not imply that Fintech is better
than other financial institutions
Source: FSBT.TECH (Open API Platform)
A report by PWC indicates that it is easy for the new
banks to focus on securing the activities of their
clients on their systems than for large conventional
banks.
11. setting the security and notification
requirements for digital service providers and
build national capabilities
help to manage digital identities by providing
online trust and allows citizens and business to
use national eID and trust services across borders
gives control to individuals over their personal
data and to simplify the regulatory
environment for international business
eIDAS
framework for European Cybersecurity
Certificates for products, processes and
services that will be valid throughout the EU
12.
13. Cyber Security Coalition & CCB Elements of the scheme
Page 13
Cybersecurity Fundamentals for SME
Plan your cyber security
• Understand the enterprise context
• Management commitment
• Training, communication and awareness
• Custom made or internally developed software and hardware
• Incident management basics
Manage risks for your most important assets
• Inventory of IT devices
• Risk management (Predefined)
• Information classification and handling (minimum mores)
• Backups and Restore
Cybersecurity Technical measures
• Firewalls
• Secured configuration
• User access controls
• Malware
• Patch management
• Email Security
https://cyberguide.ccb.belgium.be/en
14. Cyber Security Coalition & CCB Elements of the scheme
Page 14
Cybersecurity Fundamentals for SME
https://cyberguide.ccb.belgium.be/en
Project 1 Project 2 Project 3 Project 4 Project 5
Self-assessment
questionnaire &
tool
Promotion &
Communication
Advice
Development
Labelling
Currently on hold
Registry of
specialists &
solution providers
16. Cybersecurity
Awareness
Corporate and general Management
Application Development
Business managers and Users
IT Professionals
Information Security Professionals
Awareness Classes
Incident Management
Guide
16
24. 24
A MANAGER FOR CYBER SECURITY
PROTECTION and INCIDENT MANAGEMENT
Information Security Governance
Information Security Incident
Management
Information Security Program
Development & Management
Information Risk Management
& Compliance
27. DREAM. LEARN. LEAD.
• THANKS
Full online Education
Starting in April 2020
S2 (CISSP preparation)
G2 (COBIT 2019)
B2 (Data Management)
M2 (Application development)
April and
May 2020
30. Georges Ataya
Professor, founder and Academic Director of Digital and information
security management at SBS-EM
Co-Fouder of the Belgian Cybersecurity Coalition
Co-founder DPO Circle
Member of the Advisory Board: Agoria, BECI, CIONET, ISACA, belgian
Cybersecurity Coalition
Managing Director ICT Control advisory firm
Founded IT Management Academy
Past International Vice President at ISACA
Past Partner Ernst & Young
Past Deputy International CIO ITT World Directories
Previously Project Manager and Senior IT Auditor
Linkedin: ataya
Academy.atayapartners.com/fintech-sessions
31.
32. • NEXT FRIDAY AT 14PM:
Webinar: Financial crisis survival / Coronavirus
Homeworking Challenge
• NEXT THURSDAY APRIL 23rd:
Digital Classroom: How to become and stay
licensed in Belgium?, April 23rd from 2pm to
6pm, in collaboration with Febelfin Academy
Hinweis der Redaktion
When watching the trends and the extent of attacks, we understand the need for securiting the logic of our processes, the essence of how we do business.
The motives behind most APTs are as old as civilization itself: espionage, sabotage, crime, terrorism, warfare, protest and vandalism.
Such threats are familiar to everybody, although their physical manifestations are generally beyond the everyday work experiences of most citizens and company staff.
The average person rarely encounters spies, criminals or hackers when going about his/her business, but networks are bringing such threats much closer to home.
Abundant Regulations seek to bring organisation to new level of basic security
It is not a secret that the complexity of our business processes, the multitude of diverse technologies and the absence of homogeneity of our architecture constitute major vulnerabilities
On the other hand, the expansion of cyber criminal activities, the demanding requirements of various regulations and the demand for improved services increase on their turn the need for more effort required to deliver up to expectations.
Roundel in Fort de Salses (southern France), 15th century, drawing byViollet-le-Duc
Today, cybersecurity now needs to be addressed in a more holistic manner. Building higher defensive walls and installing defense-in-depth solutions are no longer sufficient to prevent criminal intrusions and compromise.
Today, many organisations still put all their faith in annual intrusion tests run with external consultants, with little regards to the complexity of the enterprise system.
Identify – Develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities.
Protect – Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services.
Detect – Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event.
Respond – Develop and implement the appropriate activities to take action regarding a detected cybersecurity event.
Recover – Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event.
Identify – Develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities.
Protect – Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services.
Detect – Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event.
Respond – Develop and implement the appropriate activities to take action regarding a detected cybersecurity event.
Recover – Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event.
The CISO function evolves as new management methods and threats landscape require different skills and capabilities.