CYBER RISKS IN SECURITIES SERVICES

Slides:



Advertisements
Similar presentations
The Benefits and Challenges of Implementation of Basel II in Europe José María Roldán | 27 Sept 2005.
Advertisements

AFM INTERNAL AUDIT NETWORK MEETING MUTUAL ONE GROVE PARK, LEICESTER Current ‘Hot Topics’ in Information Security Governance Auditing David Tattersall 03.
HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.
Classification The Threat Environment Joyce Corell, NCSC Assistant Director for Supply Chain National Defense Industrial Association Global Supply Chain.
National Infrastructure Protection Plan
Cyber Resilience Simon Onyons Financial Stability – Resilience Team.
Part A: Cyber risk. Chart A.31 Concern about cyber risk has grown Sources: Bank of England Systemic Risk Surveys and Bank calculations. Systemic Risk.
What Is Vendor Management And Why Is It Important To You?
1 Business Continuity and Compliance Working Together Kristy Justice, AVP WaMu Card Services 08/19/2008.
Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.
- The views in this paper/presentation are solely the responsibility of the author/s and should not be interpreted as reflecting the views of the Board.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
De Nederlandsche Bank Eurosysteem Actual Developments of Payments and Securities Settlement Systems Michael van Doeveren 2nd Conference of the Macedonian.
BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
1 WFC 2015, Mexico Worldwide implementation of the PFMI Froukelien Wendt, Monetary and Capital Markets Department, IMF.
Supervision of Information Security and Technology Risk Barbara Yelcich, Federal Reserve Bank of New York Presentation to the World Bank September 10,
1 Jim Devlin Comptroller of the Currency November 5, 2009 Data Breaches in Payments Systems -- Roles and Best Practices for the Public and Private Sector.
© Copyright 2008, The NASDAQ OMX Group, Inc. All rights reserved. Influencing policy makers WFE Workshop on Leadership & Communication February 19 – 20,
What Keeps Your Board Up at Night? Sylvia Kerrigan, Exec. VP, General Counsel & Secretary – Marathon Oil Sean Gorman, Partner – Bracewell & Giuliani.
Vendor Management from a Vendor’s Perspective. Agenda Regulatory Updates and Trends Examiner Trends Technology and Solution Trends Common Issues and Misconceptions.
FFIEC Cyber Security Assessment Tool
Risk Management Standards and Guidelines
A global nonprofit: Focusing on IP Protection and Anti-Corruption Sharing leading practices based on insights from global companies, academics, organizations.
February 2, 2016 | Chicago NFA Cybersecurity Workshop.
Cyber Risk Management Solutions Fall 2015 Thomas Compliance Associates, Inc
Solvency Update2008 CAS Spring Meeting – Quebec City 1 Solvency Update The session will provide a survey of the solvency issues facing the insurance industry,
Keynote 9: Cyber Security in Emerging C4I Systems: Deployment and Implementation Perspectives By Eric J. Eifert, Sr. VP of DarkMatter’s Managed Security.
FFIEC Cybersecurity Assessment Tool Maine Credit Union League September 23, 2015 Patrick Truett, Information Systems Officer National Credit Union Administration.
Implementing Regulatory Reforms to Effectively Manage Risks relating to Financial Innovation, Emerging Products and Trends Jennifer Elliott Monetary and.
March 2006 IT For Financial Services Joe Leinhauser TREASURY & SECURITIES SERVICES.
What, when and how – are you prepared?
Cybersecurity as a Business Differentiator
Cyber Risk in the Financial Markets
Quality Management System Deliverable Software 9115 revision A Key changes presentation IAQG 9115 Team March 2017.
Increasing Information and Data Security in Today’s Cybersecurity World 2017 Conference Review 6/6/2017.
What Is Vendor Management And Why Is It Important To You?
CYBERSECURITY INCIDENCE IN THE FINANCIAL SERVICES SECTOR March 28, 2017 Presented by Osato Omogiafo Head IT Audit.
Principles for Recovery and Resolution of a Financial Market Infrastructure ACSDA Senior Leadership Summit – November 16 & 17, 2015.
Homerton university hospital NHS Foundation Trust
Hot Topics in the Financial Industry: Cybersecurity
Iowa Communications Alliance
The Cybersecurity Framework
ESMA DLT Report Key findings 30 May 2017
Cybersecurity - What’s Next? June 2017
Cyber Security Enterprise Risk Management: Key to an Organization’s Resilience Richard A. Spires CEO, Learning Tree International Former CIO, IRS and.
INSTITUTE FOR RISK AND DISASTER REDUCTION
and Security Management: ISO 28000
Public Facilities and Cyber Security
How DLTs might impact the financial sector
FS Regulatory Update: 20th May 2016
Current ‘Hot Topics’ in Information Security Governance Auditing
World Forum of Central Securities Depositories (WFC)
San Francisco IIA Fall Seminar
Conduct Risk Ger Bradley Eamonn Phelan 19 May 2015.
Credit Insurance - Global companies
John M. Felker Director, NCCIC.
Frameworks, Standards, Guidelines, and Best Practices
An Urgent National Imperative
CRITICAL INFRASTRUCTURE CYBERSECURITY
Elements of Corporate Resilience
MAZARS’ CONSULTING PRACTICE
Managing IT Risk in a digital Transformation AGE
Cyber Security in a Risk Management Framework
University of Maryland Robert H. Smith School of Business
DSC Contract Management Committee Meeting
An Executive Summary: The Issue the Profile Addresses, Its Development as a Solution, Its Benefits, and Support The Issue: Domestic and international regulatory.
CSDs over SWIFT Current status, challenges and strategy
The future of financial infrastructure An ambitious look at how blockchain can reshape financial services An Industry Project of the Financial Services.
CMGT/431 INFORMATION SYSTEMS SECURITY The Latest Version // uopcourse.com
CMGT 431 CMGT431 cmgt 431 cmgt431 Entire Course // uopstudy.com
Presentation transcript:

CYBER RISKS IN SECURITIES SERVICES Jason Harrell, Business and Government Cybersecurity Partnerships November 2018

Background The evolving threat landscape, new and emerging technology, and increased reliance on third parties and supply chain providers increases the risk across the financial services sector In 2017, the International Securities Servicers Association (ISSA) released the white paper, Inherent Risks within the Global Custody Chain, where the organization highlighted different risks specific to Securities Servicers Later that year, a Cybersecurity Working Group was formed to analyze how this threat may impact Securities Servicers Several questions emerged How would cyber threats materially impact this market segment? Do the current risk frameworks address the risks of Securities Servicers? / Are there risks that are specific to Securities Servicers that may not be covered by the current cybersecurity risk frameworks? What cyber risk programs should Securities Servicers focus on? What should Securities Servers focus on, as a market segment, to be operationally resilient? Why Did ISSA Review Cyber Risks To The Securities Services Market Segment?

Motivators For Threat Actors There are several types of Threat Actors Nation States Organized Crime Hacktivist Insiders Not All Cyber Criminals Are Focused On Direct Financial Gain! Market Disruption Geopolitical Motivation Market Manipulation What Is The Motivation For Cyber Criminals?

Market Impacts What would the market impact be if a threat actor disabled the operations of a Central Counter Party or Central Securities Depositor? What would be the market impact be is a threat actor disabled the operations of a large custodian or sub-custodian? What would the market impact be if a threat actor targeted the books and records of a specific security but did not disrupt all firm operations? AND OF EQUAL IMPORTANCE……… How would the Securities Servicers market segment respond if any of these events occurred? Why Did ISSA Review Cyber Risks To The Securities Services Market Segment?

Cybersecurity Frameworks There are several frameworks that may be used to build a cybersecurity program that provides reasonable assurance. These frameworks include: National Institute Of Standards and Technology (NIST) Cybersecurity Framework CPMI-IOSCO Guidance On Cyber Resilience for Financial Market Infrastructures International Standards Organization (ISO) 27000 series Federal Financial Institutions Examination Council (FFIEC) Information Security Handbook How May My Organization Provide A Reasonable Control Structure?

Important Cyber Security Services For Securities Servicers It is important that Securities Servicers have a comprehensive cybersecurity program that is sized based on: Type, Size, and Complexity of Operations Customer and Counterparties Markets and Products Traded Access Provided to Trading Venues Market Interconnectedness Threat Intelligence Vulnerability / Patch Management Penetration Testing Third Party / Supply Chain Management What Cyber Services Should My Organization Focus On As A Securities Servicer?

Cybersecurity Risk Management Activities - International Supervisor / Regulatory Focus Bank Of England / UK Financial Conduct Authority (FCA) Financial Stability Board (FSB) Basel Committee On Banking Supervision (BCBS) European Central Bank (ECB) Committee On Payments and Market Infrastructures, International Organization Of Securities Commission (CPMI – IOSCO) SWIFT Customer Security Program Trade Associations Regulatory / Examination Harmonization Two Hour Recovery For Cyber Events Operational / Cyber Resiliency What Are The International Activities That Are Occurring Within Cyber Security?

Call To Action Where Do We Go From Here? Continuously monitor the threat landscape for emerging threats to the financial services sector Build a cybersecurity program using an industry standard and focus on those programs that provide the largest risk mitigations for your business Understand the operational resiliency that your organization has in place to resume operations in the face of a material impact Work together across the Securities Services market segment to understand how the entire market would respond to a material operational outage Where Do We Go From Here?

Jason Harrell Depository Trust And Clearing Corporation (DTCC) Technology Risk Management Email: jharrell@dtcc.com

Links To Aforementioned Documents Resources Links To Aforementioned Documents ISSA: Cybersecurity Risk Management in Securities Services https://www.issanet.org/e/pdf/2018-10_ISSA_Cyber_Risk_in_Securities_Services.pdf ISSA: Inherent Risks Within The Global Custody Chain https://www.issanet.org/e/pdf/ISSA_Report_Inherent_Risk_February-2017.pdf NIST: Framework For Improving Critical Infrastructure Security https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf CPMI-IOSCO: Guidance On Cyber Resilience For Financial Market Infrastructures https://www.bis.org/cpmi/publ/d146.pdf FFIEC: Information Security Handbook https://www.ffiec.gov/press/pdf/ffiec_it_handbook_information_security_booklet.pdf Bank Of England / UK FCA: Building The UK Financial Sectors Operational Resilience https://www.bankofengland.co.uk/-/media/boe/files/prudential-regulation/discussion-paper/2018/dp118.pdf SWIFT Customer Security Program https://www.swift.com/myswift/customer-security-programme-csp