BITS Proprietary and Confidential © BITS 2003. Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

Slides:



Advertisements
Similar presentations
Yukiko Ko Binding Corporate Rules – Global Implications Conference on Cross Border Data Flows and Privacy October 16, 2007.
Advertisements

How can Parliamentarians contribute to a Positive Investment Climate? by Rainer Geiger Senior Regional Advisor, OECD 3rd Global Conference of Parliamentarians.
Global Marketing Overview of Supply Chain Security Assurance Certification/membership in supply chain security programs –Different programs focus on particular.
The Financial Modernization Act of 1999, also known as the Gramm-Leach-Bliley Act (GLBA) UNDERSTANDING AND DEVELOPING A STRATEGIC PLAN TO BECOME COMPLIANT.
SL21 Information Security Board Mission, Goals and Guiding Principles.
DHS, National Cyber Security Division Overview
“Limiting electronic fraud through an Information Security Management System (ISMS): An Introduction to ISO 27001" Presented to the ICGFM Annual Conference.
Sarbanes-Oxley Compliance Process Automation
Security Controls – What Works
SECR 5140-FL Critical Infrastructure Protection Dr. Barry S. Hess Spring 2 Semester Week 3: 1 April 2006.
Asia-Pacific Finance and Development Centre 2006 Biennial Forum Shanghai, September 2006 Session V: Regional Cooperation and Innovation Development Presented.
PPA 573 – Emergency Management and Homeland Security Lecture 9b - Department of Homeland Security Strategic Plan.
Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
(Geneva, Switzerland, September 2014)
Affiliated Information Security Collaborative An Affiliated Enterprise Approach to Information Security Deans and Vice Presidents Meeting April 17, 2014.
Guidance for Managing Third-Party Risk Chicago Region Regulatory Conference Call December 8, 2010.
Competency Models Impact on Talent Management
Internal auditing for credit unions Nuala Comerford, Chair IIA Irish Region Committee Pamela McDonald Council Member IIA Credit Union Summer School Thursday,
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
Consultancy.
IT Security Policy in Japan 23 September 2002 Office of IT Security Policy Ministry of Economy, Trade and Industry JAPAN.
Information Security Governance 25 th June 2007 Gordon Micallef Vice President – ISACA MALTA CHAPTER.
No one questions that Microsoft can write great software. Customers want to know if we can be innovative, scalable, reliable in the cloud. (1996) 450M+
Due Diligence - The Regulator’s Perspective ABA Telephone/Webcast Briefing August 14, 2001 Cynthia Bonnette, Assistant Director FDIC Bank Technology Group.
OECD Guidelines on Insurer Governance
1 International Forum on Trade Facilitation May 2003 Trade Facilitation, Security Concerns and the Postal Industry Thomas E. Leavey Director General, UPU.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Looking beyond the obvious!! HOW SECURE IS BANKS’ CORE DATA? Prashant Pande Head Professional Services IDBI Intech Ltd.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
© BITS BITS and FSSCC R&D Efforts John Carlson Senior Vice President of BITS Panel on Data Breaches in Payments Systems-- Roles and Best Practices.
Financial Services Privacy - the interaction of the privacy and financial services regulatory systems Chris Connolly Financial Services Consumer Policy.
Supervision of Information Security and Technology Risk Barbara Yelcich, Federal Reserve Bank of New York Presentation to the World Bank September 10,
AREVA T&D Security Focus Group - 09/14/091 Security Focus Group A Vendor & Customer Collaboration EMS Users Conference September 14, 2009 Rich White AREVA.
Security is not just… 1 A Compliance Exercise Certification and Accreditation FISMA.
© Dr. John T. Whiting All Rights Reserved Slide 1 Achieving Compliance with GBLA & Other Laws and Regulations Impacting.
Information Security: It’s Everyone’s Business September 16, 2003 Greg Garcia, Vice President, Information Security ITAA.
℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.
SMU Dedman School of Law October 8, 2007 Glenn Wheeler – Chief Executive Officer.
Seeking a National Standard for Security: Developing a Systematic Crosswalk of the Final HIPAA Security Rule, the NIST SP , NIST SP Security.
International Telecommunication Union Geneva, 9(pm)-10 February 2009 BEST PRACTICES FOR ORGANIZING NATIONAL CYBERSECURITY EFFORTS James Ennis US Department.
DGS Recommendations to the Governor’s Task Force on Contracting & Procurement Review Report Overview August 12, 2002.
Jeff Miller Tamra Pawloski IT Procurement Summit headline news…
FFIEC Cyber Security Assessment Tool
IT Security in Nepal: Issues and challenges Rajan R. Pant ITSERT-NP.
Organizing a Privacy Program: Administrative Infrastructure and Reporting Relationships Presented by: Samuel P. Jenkins, Director Defense Privacy Office.
John Weigelt, MEng, PEng, CISSP, CISM National Technology Officer Microsoft Canada November 2005 Fighting Fraud Through Data Governance.
David A. Olive General Manager, Fujitsu Limited WITSA Public Policy Chairman WITSA Public Policy Meeting Hanoi, Vietnam November 26, 2005 Chairman ’ s.
Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.
Voluntary Standards and Government: Working Together A Positive Collaboration Benefits Both the Public and Private Sectors Presentation by Mary C. McKiel,
The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law
E-FINANCE CHAPTER 6 RISK AND CHALLENGES Risk and Challenges, V.C joshi (2004), E-finance Log into the future, 2nd Edition, Thousand Oakes, London, E-finance:
Financial Services Sector Coordinating Council (FSSCC) 2011 KEY FSSCC INITIATIVES 2011 Key FSSCC Initiatives Project Name: Project Description: All-Hazards.
HHS Security and Improvement Recommendations Insert Name CSIA 412 Final Project Final Project.
INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.
Cyber Insurance Risk Transfer Alternatives Heather Soronen - Operations Director Rocky Mountain Insurance Information Association.
The technology behind the USPS EPM. AND COMPLIANCE March 25, 2004 Adam Hoffman.
Cyber Insurance Risk Transfer Alternatives
Information Security Program
MGMT 452 Corporate Social Responsibility
Information Security Board
E-Commerce for Developing Countries (EC-DC)
John Carlson Senior Director, BITS
Neopay Practical Guides #2 PSD2 (Should I be worried?)
Anatomy of a Common Cyber Attack
Presentation transcript:

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior Director, BITS Presentation to Global Dialogue World Bank Group September 10, 2003

2 BITS Proprietary and Confidential © BITS Agenda Overview of BITS Key Security and Technology Risks BITS Security-Related Risk Management Activities –BITS Product Certification Program –IT Service Providers Effort –Fraud Reduction and Identity Theft Prevention and Assistance

3 BITS Proprietary and Confidential © BITS A BIT about BITS Created in 1996 to foster the growth and development of electronic financial services and e-commerce for the benefit of financial institutions and their customers. A nonprofit industry consortium that represents the 100 largest financial institutions in the US (banks, securities and insurance). Works as a strategic brain trust to provide intellectual capital and address emerging issues where financial services, technology and commerce intersect.

4 BITS Proprietary and Confidential © BITS Key BITS Accomplishments Crisis Management –Leading crisis management coordination efforts for the sector –Creating the BITS/FSR Crisis Communicator –Driving dialogue to address telecommunications interdependencies Best Practices –BITS Voluntary Guidelines for Aggregation Services –BITS IT Service Provider Framework –BITS Guidelines for Mobile Financial Services –BITS E-Insurance Technology Risk Transfer Gap Analysis Tool White Papers –Fraud Prevention Strategies for Internet Banking –Financial Identity Theft: Prevention and Consumer Assistance Product Security –Security profiles and testing for e-commerce products

5 BITS Proprietary and Confidential © BITS Security and Technology Risks Continuing growth in new e-finance applications, movement of these applications to public networks, and expanding customer access via new channels Increase in outsourcing arrangements Complexity of software and systems Escalating rate and nature of cyber attacks, viruses and worms Poor quality of software “Patch management” challenges Identity theft and privacy protection Infrastructure interdependencies (e.g., telecommunications networks, power grid) Regulatory requirements and operational risk capital requirements

6 BITS Proprietary and Confidential © BITS BITS Security-Related Activities Product Security –Urging software manufacturers to improve software quality. –Developing best practices for patch management. –Improving baseline security of products used in the financial industry through security requirements and software testing. Critical Infrastructure –Developing the National Strategy for Critical Infrastructure Protection. –Supporting and strengthening the Financial Services Information Sharing and Analysis Center (FS/ISAC). –Founding and participating in the Financial Services Sector Coordinating Council for Homeland Security and Critical Infrastructure Protection.

7 BITS Proprietary and Confidential © BITS BITS Security-Related Activities Operational Risk –Developing a common body of high-risk factors that influence operational risk models. –Establish metrics and measurement methodologies. Regulatory –Assisting financial institutions in complying with new cyber security and other security requirements (e.g., customer notification in response to security breaches). –Facilitating industry dialogue with regulators.

8 BITS Proprietary and Confidential © BITS BITS Product Security Program A three-year development effort involving 32 BITS member companies, 23 outside organizations and over 100 security professionals from technology vendors, government agencies and leading financial services firms. Criteria represent minimum baseline product security requirements for a set of security features including: –Identification –Non-repudiation –Authorization –Confidentiality –Data and system integrity –Data disposal –Audit –Authentication –Security administration –Guidance documentation

9 BITS Proprietary and Confidential © BITS IT Service Providers Effort BITS IT Service Providers Working Group – Raises awareness, develops voluntary guidelines, and shares successful strategies to assure the security and privacy of third-party services in support of the financial services industry. BITS Framework for Managing Technology Risk for IT Service Provider Relationships – Provides criteria against which relationships can be evaluated and managed. –Update published for comment September BITS IT Service Provider Expectations Matrix – Reduces risk, helps institutions comply with regulatory requirements and eliminates gaps in the audit or assessment process. –RFI available for public comment through September 30. BITS/American Banker Financial Services Outsourcing Conference – Held November 6-7, 2003 in Washington, DC.

10 BITS Proprietary and Confidential © BITS Fraud Reduction/Identity Theft Prevention and Assistance Quarterly Loss Reporting Program – Participants saw, on average, a 3% annual decrease in losses per account vs. an industry increase of 1% between 1999 and (Program administered by the American Bankers Association.) BITS/FSR Fraud Reduction Voluntary Guidelines – Efficient and consistent procedures to prevent identity theft and restore victims’ financial identity. Uniform Affidavit for Identity Theft – Allows for collection of transactional detail to be shared with law enforcement to help build cases and shut down fraud rings. The affidavit may be shared with other companies where the victim holds accounts. (Created with the Federal Trade Commission.) Publications – White papers on truncation, identity theft and Internet fraud.

BITS Proprietary and Confidential © BITS For More Information John Carlson Senior Director Telephone: (202)