SlideShare uma empresa Scribd logo

Security and Compliance

Bankingdotcom
Bankingdotcom

With the new interconnected age comes new risks for cyber attacks and other fraudulent activity. Do you know what you need to keep your end users protected? Digital Insight discusses security and compliance in the interconnected age.

Tecnologia
1 de 32
Baixar para ler offline
2014 Momentum Webinar Series: Security and Compliance In the Interconnected Age Alan Akahoshi June 24, 2014
• Momentum Series • Polls • Q/A Welcome
Introduction Alan Akahoshi is a lead security product manager at Digital Insight. With 22 years of network communication, applications and security experience, Alan has safeguarded systems for the nation’s leading technology companies. His previous roles include program manager for Microsoft's hosted services group, and product manager for Symantec's consumer business unit.
Agenda • The Internet of Everything (IoE) – Ecosystem • FFIEC Guidelines for your customer digital channel – Coverage • A security model for protecting your Customer – Closing the gap
Have you ever received an email from your refrigerator or television set? a. Yes b. No c. Is that possible?! Poll Question 1 : Current Events
>750K malicious emails sent by botnet. It’s enough to give you chills. “In this case, hackers broke into more than 100,000 everyday consumer gadgets, such as home-networking routers, connected multi-media centers, televisions, and at least one refrigerator, Proofpoint says. They then used those objects to send more than 750,000 malicious emails to enterprises and individuals worldwide.”
The Internet of Everything Today’s Challenge
IoE = User x (Devices x Networks x Services) The connected state or the “Internet of Everything” Networks (Places) Services (Transactions/Interactions) Devices Data Data Data DataData Data
Source: http://www.businessinsider.com/the-internet-of-everything-2014-slide-deck-sai-2014-2?op=1 An explosion of interconnectivity
Cyber Security is the biggest concern Source: http://www.businessinsider.com/the-internet-of-everything-2014-slide-deck-sai-2014-2?op=1
• “Six degrees or less,” you are connected to a vulnerable element in the IoE ecosystem. For Financial Institutions, Security must extend beyond your purview. youyou OLB OLB Gotcha!
• The Heartbleed bug is a vulnerability in the OpenSSL cryptographic software library that existed since 2012 and was not uncovered until early this year. And the effects may be devastating Reputation takes years to build, and only moments to lose. In IoE, controlling borders and layering security isn’t enough. You need to dramatically change your security strategy.
FFIEC Guidelines What does it address in IoE?
• Federal rules and regulations – Federal Reserve Board • Regulation E (Electronic Fund Transfers, 12 CFR 205) – Uniform Commercial Code • Article 4A, Funds Transfer (2012) – Dodd-Frank Wall Street Reform and Consumer Protection Act • The FFIEC prescribes recommendations for federal examinations of financial institutions . – E-Banking – Information Security – Supplement in 2011 In a highly regulated industry, how do you respond to IoE?
• 2001: Electronic Banking • 2005, 2011: Internet Banking • What does it protect? – Customer data (privacy) – Fund movement (anti-fraud) • How does it protect? – Periodic risk assessments – Multi-factor authentication – Layered security controls • Access controls (limits) • Monitoring – Customer awareness FFIEC Internet Banking Guidelines (2011)
Networks (Places) Services (Transactions/Interactions) Devices Data Data Data DataData Data What the FFIEC doesn’t cover
Financial Institution Best Practices How do you provide an effective and secure digital banking experience?
Please select the best statement that applies to your institution: a. The security of my solution is most important. b. The security of my solution is important, but it should minimally impact my customer user experience. c. My customer user experience is most important. Poll Question 2 : Security vs. Ease of Use
• Includes Prevention • Includes Monitoring • Includes Remediation • Is multi-faceted, multi-layered to provide maximum protection – a system of redundancy An effective security program framework Prevention MonitoringRemediation
• In order to secure the online and mobile banking ecosystem, you need to consider the multiple layers and what it is you are protecting. • Adopt solutions using the “lenses” of your security program – Prevention, monitoring and remediation User protection •User credentials •User devices •User applications •User assets ($) •Malware detection/removal Network protection •Network providers (public, private, mobile) •Data exchange (privacy encryption) Service protection •Online banking applications •Mobile banking applications •Data handling and storage (privacy) •Service availability Business protection •Employees •Business assets ($) •Data governance Protection layers in order to manage risk
• Identity Verification (Account Origination) – Required by Section 326 of the USA Patriot Act (FFIEC 2005) – Reduce the risk of • Identity theft • Fraudulent account applications (international money laundering and terrorist financing) • Unenforceable account agreements or transactions • User Verification (Authentication, Authorization and Access Control) – Layered “what you can see” & “what you can do” – Reduce the risk of • Unauthorized account access (privacy; protecting data) • Account takeover • Fraudulent activity Prove you are who you say you are P MR User Network Service Business
• User verification methods – Something the user knows • “Shared secret”, password, PIN – Something the user has • ATM card, smart card, scratch card • Mobile device, FOB token, USB token – Something the user is • Biometric hardware (fingerprint, face, voice, retinal/iris, etc.) – Other factors that complement authentication • User device identification • User location / network • User internet protocol address Authentication, Authorization and Access Control P MR User Network Service Business
• Layered Security Controls – Measure the level of risk and match protection methods • Consumer Banking – Accessing banking account information – Accessing personal account information – Money movement activity • Bill payment • Intrabank funds transfers • Interbank funds/wire transfers • Business Banking – Frequent and higher $$$ amounts money movement activity • ACH file origination • Frequent interbank wire transfers Not all online activity or actions are equal P MR User Network Service Business
Consumer Concerns About Mobile Source: Deloitte, May 2014, The Financial Brand
What is your greatest mobile security concern? (Select one) a. Application security b. Device data leakage c. Device loss or theft d. Malware attack Poll Question 3 : Mobile Risk
• Mobile devices, networks it connects to, services it accesses, and data shared… – 63% of smartphone users access their bank or credit union institution – 61% of smartphone owners who don’t use mobile banking cite “security” issues • Mobile Apps vs Mobile Web • Secure communication channel (data privacy) • Complex device identification, geo-location and reputation – Assurance to tie this to a user – Monitoring Mobile is personal, an extension of You P MR User Network Service Business Source: Deloitte, May 2014, Mobile Financial Services: Raising The Bar on Customer Engagement
• It’s never a question of ‘if’ I get hacked, but ‘when’ I get hacked… – Hackers are continuously finding and exploiting the weakest link • Effective monitoring is key to detecting fraud and preventing attacks • Complex analytics of user, device and system data, and behavioral modeling provide intelligent detection • Mitigation processes Hackers hack and they will continue to hack P MR User Network Service Business
How do you provide customers/members with tools and tips to safeguard their online and/or mobile banking experience? (select all that apply) a. Online Banking Application b. Mobile Banking Application c. Email d. Text/SMS e. In-Branch f. Other g. We do not provide any tools or tips Poll Question 4 : Education Programs
• Customer Awareness & Education – DOs and DON’Ts – Alerts and Notifications • Attacks, risks etc. • Internal Training Secure people, not just the technology P MR 1. Be vigilant. 2. Protect your devices. 3. Protect your passwords. • Create password groups. 4. Do not share your passwords. 5. Use trusted applications from known and trusted sources. 6. Access trusted websites. 7. Be careful of email content, even if it’s from a known person. * Feb 1st – National Change Your Password Day User Network System Business
What you can do . . .  Effective security strategy – elements for prevention, monitoring and remediation  Multi-factor authentication  Layered security controls  Transaction monitoring  Marketing programs for customer awareness and education  Annual risk assessment Security and Compliance Checklist User Service Business Network
Questions?
www.digitalinsight.com Thank you! October 2014: Trends in Delivery: Channel Convergence and Funding Innovation David Potterton, Cornerstone Advisors Visit Us:

Recomendados

Policies and Law in IT
Policies and Law in ITPolicies and Law in IT
Policies and Law in IT
Anushka Perera
 
e-Commerce: Chapter 6
e-Commerce: Chapter 6e-Commerce: Chapter 6
e-Commerce: Chapter 6
annwhyjay
 
Oath appsec sf 2015 dem rev. 2
Oath appsec sf 2015 dem rev. 2Oath appsec sf 2015 dem rev. 2
Oath appsec sf 2015 dem rev. 2
Donald Malloy
 
Leading Practices in Information Security & Privacy
Leading Practices in Information Security & PrivacyLeading Practices in Information Security & Privacy
Leading Practices in Information Security & Privacy
Donny Shimamoto
 
Privacy Implications of Biometric Data - Kevin Nevias
Privacy Implications of Biometric Data - Kevin NeviasPrivacy Implications of Biometric Data - Kevin Nevias
Privacy Implications of Biometric Data - Kevin Nevias
Kevin Nevias
 
Reinforcement of Information Privacy and Security Nowadays
Reinforcement of Information Privacy and Security NowadaysReinforcement of Information Privacy and Security Nowadays
Reinforcement of Information Privacy and Security Nowadays
Goutama Bachtiar
 
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
Aviva Spectrum™
 
Threats of E-Commerce in Database
Threats of E-Commerce in DatabaseThreats of E-Commerce in Database
Threats of E-Commerce in Database
Mentalist Akram
 

Recomendados

Policies and Law in IT
Policies and Law in ITPolicies and Law in IT
Policies and Law in IT
Anushka Perera
 
e-Commerce: Chapter 6
e-Commerce: Chapter 6e-Commerce: Chapter 6
e-Commerce: Chapter 6
annwhyjay
 
Oath appsec sf 2015 dem rev. 2
Oath appsec sf 2015 dem rev. 2Oath appsec sf 2015 dem rev. 2
Oath appsec sf 2015 dem rev. 2
Donald Malloy
 
Leading Practices in Information Security & Privacy
Leading Practices in Information Security & PrivacyLeading Practices in Information Security & Privacy
Leading Practices in Information Security & Privacy
Donny Shimamoto
 
Privacy Implications of Biometric Data - Kevin Nevias
Privacy Implications of Biometric Data - Kevin NeviasPrivacy Implications of Biometric Data - Kevin Nevias
Privacy Implications of Biometric Data - Kevin Nevias
Kevin Nevias
 
Reinforcement of Information Privacy and Security Nowadays
Reinforcement of Information Privacy and Security NowadaysReinforcement of Information Privacy and Security Nowadays
Reinforcement of Information Privacy and Security Nowadays
Goutama Bachtiar
 
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
Aviva Spectrum™
 
Threats of E-Commerce in Database
Threats of E-Commerce in DatabaseThreats of E-Commerce in Database
Threats of E-Commerce in Database
Mentalist Akram
 
6. Security Threats with E-Commerce
6. Security Threats with E-Commerce6. Security Threats with E-Commerce
6. Security Threats with E-Commerce
Jitendra Tomar
 
CULCT Cybersecurity Workshop 2.10.15
CULCT Cybersecurity Workshop 2.10.15CULCT Cybersecurity Workshop 2.10.15
CULCT Cybersecurity Workshop 2.10.15
E Andrew Keeney
 
Smart Cities in India: Privacy & Security Concerns and Strategies
Smart Cities in India: Privacy & Security Concerns and StrategiesSmart Cities in India: Privacy & Security Concerns and Strategies
Smart Cities in India: Privacy & Security Concerns and Strategies
Kavitha Gupta, CIPP-Asia
 
Information Security
Information SecurityInformation Security
Information Security
steffiann88
 
Banks and cybersecurity v2
Banks and cybersecurity v2Banks and cybersecurity v2
Banks and cybersecurity v2
Semir Ibrahimovic
 
Security Threats in E-Commerce
Security Threats in E-CommerceSecurity Threats in E-Commerce
Security Threats in E-Commerce
Dattatreya Reddy Peram
 
protection & security of e-commerce ...
protection & security of e-commerce ...protection & security of e-commerce ...
protection & security of e-commerce ...
Rishav Gupta
 
E-Commerce Security: A Primer
E-Commerce Security: A PrimerE-Commerce Security: A Primer
E-Commerce Security: A Primer
John ILIADIS
 
Deconstructing Data Breach Cost
Deconstructing Data Breach CostDeconstructing Data Breach Cost
Deconstructing Data Breach Cost
Resilient Systems
 
Mobile banking & payment
Mobile banking & paymentMobile banking & payment
Mobile banking & payment
Anil Chaurasiya
 
Security Awareness
Security AwarenessSecurity Awareness
Security Awareness
Dinesh O Bareja
 
Managing IT Risks in Internet Banking
Managing IT Risks in Internet BankingManaging IT Risks in Internet Banking
Managing IT Risks in Internet Banking
Goutama Bachtiar
 
Protecting Your Business From Cyber Risks
Protecting Your Business From Cyber RisksProtecting Your Business From Cyber Risks
Protecting Your Business From Cyber Risks
This account is closed
 
Chapter7
Chapter7Chapter7
Chapter7
Knowlittle Matharu
 
Internet of Things TCLG Oct 23 2014
Internet of Things TCLG Oct 23 2014Internet of Things TCLG Oct 23 2014
Internet of Things TCLG Oct 23 2014
Lisa Abe-Oldenburg, B.Comm., JD.
 
Privacy and E-Commerce
Privacy and E-CommercePrivacy and E-Commerce
Privacy and E-Commerce
Aleksandr Yampolskiy
 
Proven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS DeckProven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS Deck
NetIQ
 
E business security
E business securityE business security
E business security
Sameer Sharma
 
Dealing with Fraud in E-Banking Sphere
Dealing with Fraud in E-Banking SphereDealing with Fraud in E-Banking Sphere
Dealing with Fraud in E-Banking Sphere
Goutama Bachtiar
 
Password Security
Password SecurityPassword Security
Password Security
Melissa Shaffer
 
Security Day - Intro
Security Day - IntroSecurity Day - Intro
Security Day - Intro
Amazon Web Services
 
2016 02-23 Is it time for a Security and Compliance Assessment?
2016 02-23 Is it time for a Security and Compliance Assessment?2016 02-23 Is it time for a Security and Compliance Assessment?
2016 02-23 Is it time for a Security and Compliance Assessment?
Raffa Learning Community
 

Mais conteúdo relacionado

Mais procurados

6. Security Threats with E-Commerce
6. Security Threats with E-Commerce6. Security Threats with E-Commerce
6. Security Threats with E-Commerce
Jitendra Tomar
 
CULCT Cybersecurity Workshop 2.10.15
CULCT Cybersecurity Workshop 2.10.15CULCT Cybersecurity Workshop 2.10.15
CULCT Cybersecurity Workshop 2.10.15
E Andrew Keeney
 
Information Security
Information SecurityInformation Security
Information Security
steffiann88
 
protection & security of e-commerce ...
protection & security of e-commerce ...protection & security of e-commerce ...
protection & security of e-commerce ...
Rishav Gupta
 
Deconstructing Data Breach Cost
Deconstructing Data Breach CostDeconstructing Data Breach Cost
Deconstructing Data Breach Cost
Resilient Systems
 

Mais procurados (19)

6. Security Threats with E-Commerce
6. Security Threats with E-Commerce6. Security Threats with E-Commerce
6. Security Threats with E-Commerce
 
CULCT Cybersecurity Workshop 2.10.15
CULCT Cybersecurity Workshop 2.10.15CULCT Cybersecurity Workshop 2.10.15
CULCT Cybersecurity Workshop 2.10.15
 
Smart Cities in India: Privacy & Security Concerns and Strategies
Smart Cities in India: Privacy & Security Concerns and StrategiesSmart Cities in India: Privacy & Security Concerns and Strategies
Smart Cities in India: Privacy & Security Concerns and Strategies
 
Information Security
Information SecurityInformation Security
Information Security
 
Banks and cybersecurity v2
Banks and cybersecurity v2Banks and cybersecurity v2
Banks and cybersecurity v2
 
Security Threats in E-Commerce
Security Threats in E-CommerceSecurity Threats in E-Commerce
Security Threats in E-Commerce
 
protection & security of e-commerce ...
protection & security of e-commerce ...protection & security of e-commerce ...
protection & security of e-commerce ...
 
E-Commerce Security: A Primer
E-Commerce Security: A PrimerE-Commerce Security: A Primer
E-Commerce Security: A Primer
 
Deconstructing Data Breach Cost
Deconstructing Data Breach CostDeconstructing Data Breach Cost
Deconstructing Data Breach Cost
 
Mobile banking & payment
Mobile banking & paymentMobile banking & payment
Mobile banking & payment
 
Security Awareness
Security AwarenessSecurity Awareness
Security Awareness
 
Managing IT Risks in Internet Banking
Managing IT Risks in Internet BankingManaging IT Risks in Internet Banking
Managing IT Risks in Internet Banking
 
Protecting Your Business From Cyber Risks
Protecting Your Business From Cyber RisksProtecting Your Business From Cyber Risks
Protecting Your Business From Cyber Risks
 
Chapter7
Chapter7Chapter7
Chapter7
 
Internet of Things TCLG Oct 23 2014
Internet of Things TCLG Oct 23 2014Internet of Things TCLG Oct 23 2014
Internet of Things TCLG Oct 23 2014
 
Privacy and E-Commerce
Privacy and E-CommercePrivacy and E-Commerce
Privacy and E-Commerce
 
Proven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS DeckProven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS Deck
 
E business security
E business securityE business security
E business security
 
Dealing with Fraud in E-Banking Sphere
Dealing with Fraud in E-Banking SphereDealing with Fraud in E-Banking Sphere
Dealing with Fraud in E-Banking Sphere
 

Destaque

Destaque (7)

Password Security
Password SecurityPassword Security
Password Security
 
Security Day - Intro
Security Day - IntroSecurity Day - Intro
Security Day - Intro
 
2016 02-23 Is it time for a Security and Compliance Assessment?
2016 02-23 Is it time for a Security and Compliance Assessment?2016 02-23 Is it time for a Security and Compliance Assessment?
2016 02-23 Is it time for a Security and Compliance Assessment?
 
Security Day What's (nearly) New
Security Day What's (nearly) NewSecurity Day What's (nearly) New
Security Day What's (nearly) New
 
Password (in)security
Password (in)securityPassword (in)security
Password (in)security
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
The State Of Information and Cyber Security in 2016
The State Of Information and Cyber Security in 2016The State Of Information and Cyber Security in 2016
The State Of Information and Cyber Security in 2016
 

Semelhante a Security and Compliance

The internet of things..perspectives for the Nigerian legal system
The internet of things..perspectives for the Nigerian legal systemThe internet of things..perspectives for the Nigerian legal system
The internet of things..perspectives for the Nigerian legal system
Simon Aderinlola
 
Fall2015SecurityShow
Fall2015SecurityShowFall2015SecurityShow
Fall2015SecurityShow
Adam Heller
 
Internet of things ecosystem: The quest for value
Internet of things ecosystem: The quest for valueInternet of things ecosystem: The quest for value
Internet of things ecosystem: The quest for value
Deloitte United States
 
protectingyourbusinessfromcyberrisks-pptforseminarnov122014-141120120959-conv...
protectingyourbusinessfromcyberrisks-pptforseminarnov122014-141120120959-conv...protectingyourbusinessfromcyberrisks-pptforseminarnov122014-141120120959-conv...
protectingyourbusinessfromcyberrisks-pptforseminarnov122014-141120120959-conv...
James Fisher
 

Semelhante a Security and Compliance (20)

Strong Authentication - Open Source
Strong Authentication - Open SourceStrong Authentication - Open Source
Strong Authentication - Open Source
 
Cyber security
Cyber securityCyber security
Cyber security
 
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovProtecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
 
Managing Frequently Overlooked Risks & Threats (FORTS) in Corporations
Managing Frequently Overlooked Risks & Threats (FORTS) in CorporationsManaging Frequently Overlooked Risks & Threats (FORTS) in Corporations
Managing Frequently Overlooked Risks & Threats (FORTS) in Corporations
 
ISACA ISSA Presentation
ISACA ISSA PresentationISACA ISSA Presentation
ISACA ISSA Presentation
 
Outside the Office: Mobile Security
Outside the Office: Mobile SecurityOutside the Office: Mobile Security
Outside the Office: Mobile Security
 
BYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, WestBYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, West
 
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
 
The internet of things..perspectives for the Nigerian legal system
The internet of things..perspectives for the Nigerian legal systemThe internet of things..perspectives for the Nigerian legal system
The internet of things..perspectives for the Nigerian legal system
 
Cyber security general perspective a
Cyber security general perspective aCyber security general perspective a
Cyber security general perspective a
 
Kaseya Kaspersky Breaches
Kaseya Kaspersky BreachesKaseya Kaspersky Breaches
Kaseya Kaspersky Breaches
 
Don't let them take a byte
Don't let them take a byteDon't let them take a byte
Don't let them take a byte
 
Dr K Subramanian
Dr K SubramanianDr K Subramanian
Dr K Subramanian
 
Presentation on Information Privacy
Presentation on Information PrivacyPresentation on Information Privacy
Presentation on Information Privacy
 
Using Technology and People to Improve your Threat Resistance and Cyber Security
Using Technology and People to Improve your Threat Resistance and Cyber SecurityUsing Technology and People to Improve your Threat Resistance and Cyber Security
Using Technology and People to Improve your Threat Resistance and Cyber Security
 
Securing 3-Mode Mobile Banking
Securing 3-Mode Mobile BankingSecuring 3-Mode Mobile Banking
Securing 3-Mode Mobile Banking
 
Fall2015SecurityShow
Fall2015SecurityShowFall2015SecurityShow
Fall2015SecurityShow
 
Internet of things ecosystem: The quest for value
Internet of things ecosystem: The quest for valueInternet of things ecosystem: The quest for value
Internet of things ecosystem: The quest for value
 
Protecting Client Data 11.09.11
Protecting Client Data 11.09.11Protecting Client Data 11.09.11
Protecting Client Data 11.09.11
 
protectingyourbusinessfromcyberrisks-pptforseminarnov122014-141120120959-conv...
protectingyourbusinessfromcyberrisks-pptforseminarnov122014-141120120959-conv...protectingyourbusinessfromcyberrisks-pptforseminarnov122014-141120120959-conv...
protectingyourbusinessfromcyberrisks-pptforseminarnov122014-141120120959-conv...
 

Último

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 

Último (20)

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 

Security and Compliance

  • 1. 2014 Momentum Webinar Series: Security and Compliance In the Interconnected Age Alan Akahoshi June 24, 2014
  • 2. • Momentum Series • Polls • Q/A Welcome
  • 3. Introduction Alan Akahoshi is a lead security product manager at Digital Insight. With 22 years of network communication, applications and security experience, Alan has safeguarded systems for the nation’s leading technology companies. His previous roles include program manager for Microsoft's hosted services group, and product manager for Symantec's consumer business unit.
  • 4. Agenda • The Internet of Everything (IoE) – Ecosystem • FFIEC Guidelines for your customer digital channel – Coverage • A security model for protecting your Customer – Closing the gap
  • 5. Have you ever received an email from your refrigerator or television set? a. Yes b. No c. Is that possible?! Poll Question 1 : Current Events
  • 6. >750K malicious emails sent by botnet. It’s enough to give you chills. “In this case, hackers broke into more than 100,000 everyday consumer gadgets, such as home-networking routers, connected multi-media centers, televisions, and at least one refrigerator, Proofpoint says. They then used those objects to send more than 750,000 malicious emails to enterprises and individuals worldwide.”
  • 7. The Internet of Everything Today’s Challenge
  • 8. IoE = User x (Devices x Networks x Services) The connected state or the “Internet of Everything” Networks (Places) Services (Transactions/Interactions) Devices Data Data Data DataData Data
  • 10. Cyber Security is the biggest concern Source: http://www.businessinsider.com/the-internet-of-everything-2014-slide-deck-sai-2014-2?op=1
  • 11. • “Six degrees or less,” you are connected to a vulnerable element in the IoE ecosystem. For Financial Institutions, Security must extend beyond your purview. youyou OLB OLB Gotcha!
  • 12. • The Heartbleed bug is a vulnerability in the OpenSSL cryptographic software library that existed since 2012 and was not uncovered until early this year. And the effects may be devastating Reputation takes years to build, and only moments to lose. In IoE, controlling borders and layering security isn’t enough. You need to dramatically change your security strategy.
  • 13. FFIEC Guidelines What does it address in IoE?
  • 14. • Federal rules and regulations – Federal Reserve Board • Regulation E (Electronic Fund Transfers, 12 CFR 205) – Uniform Commercial Code • Article 4A, Funds Transfer (2012) – Dodd-Frank Wall Street Reform and Consumer Protection Act • The FFIEC prescribes recommendations for federal examinations of financial institutions . – E-Banking – Information Security – Supplement in 2011 In a highly regulated industry, how do you respond to IoE?
  • 15. • 2001: Electronic Banking • 2005, 2011: Internet Banking • What does it protect? – Customer data (privacy) – Fund movement (anti-fraud) • How does it protect? – Periodic risk assessments – Multi-factor authentication – Layered security controls • Access controls (limits) • Monitoring – Customer awareness FFIEC Internet Banking Guidelines (2011)
  • 17. Financial Institution Best Practices How do you provide an effective and secure digital banking experience?
  • 18. Please select the best statement that applies to your institution: a. The security of my solution is most important. b. The security of my solution is important, but it should minimally impact my customer user experience. c. My customer user experience is most important. Poll Question 2 : Security vs. Ease of Use
  • 19. • Includes Prevention • Includes Monitoring • Includes Remediation • Is multi-faceted, multi-layered to provide maximum protection – a system of redundancy An effective security program framework Prevention MonitoringRemediation
  • 20. • In order to secure the online and mobile banking ecosystem, you need to consider the multiple layers and what it is you are protecting. • Adopt solutions using the “lenses” of your security program – Prevention, monitoring and remediation User protection •User credentials •User devices •User applications •User assets ($) •Malware detection/removal Network protection •Network providers (public, private, mobile) •Data exchange (privacy encryption) Service protection •Online banking applications •Mobile banking applications •Data handling and storage (privacy) •Service availability Business protection •Employees •Business assets ($) •Data governance Protection layers in order to manage risk
  • 21. • Identity Verification (Account Origination) – Required by Section 326 of the USA Patriot Act (FFIEC 2005) – Reduce the risk of • Identity theft • Fraudulent account applications (international money laundering and terrorist financing) • Unenforceable account agreements or transactions • User Verification (Authentication, Authorization and Access Control) – Layered “what you can see” & “what you can do” – Reduce the risk of • Unauthorized account access (privacy; protecting data) • Account takeover • Fraudulent activity Prove you are who you say you are P MR User Network Service Business
  • 22. • User verification methods – Something the user knows • “Shared secret”, password, PIN – Something the user has • ATM card, smart card, scratch card • Mobile device, FOB token, USB token – Something the user is • Biometric hardware (fingerprint, face, voice, retinal/iris, etc.) – Other factors that complement authentication • User device identification • User location / network • User internet protocol address Authentication, Authorization and Access Control P MR User Network Service Business
  • 23. • Layered Security Controls – Measure the level of risk and match protection methods • Consumer Banking – Accessing banking account information – Accessing personal account information – Money movement activity • Bill payment • Intrabank funds transfers • Interbank funds/wire transfers • Business Banking – Frequent and higher $$$ amounts money movement activity • ACH file origination • Frequent interbank wire transfers Not all online activity or actions are equal P MR User Network Service Business
  • 24. Consumer Concerns About Mobile Source: Deloitte, May 2014, The Financial Brand
  • 25. What is your greatest mobile security concern? (Select one) a. Application security b. Device data leakage c. Device loss or theft d. Malware attack Poll Question 3 : Mobile Risk
  • 26. • Mobile devices, networks it connects to, services it accesses, and data shared… – 63% of smartphone users access their bank or credit union institution – 61% of smartphone owners who don’t use mobile banking cite “security” issues • Mobile Apps vs Mobile Web • Secure communication channel (data privacy) • Complex device identification, geo-location and reputation – Assurance to tie this to a user – Monitoring Mobile is personal, an extension of You P MR User Network Service Business Source: Deloitte, May 2014, Mobile Financial Services: Raising The Bar on Customer Engagement
  • 27. • It’s never a question of ‘if’ I get hacked, but ‘when’ I get hacked… – Hackers are continuously finding and exploiting the weakest link • Effective monitoring is key to detecting fraud and preventing attacks • Complex analytics of user, device and system data, and behavioral modeling provide intelligent detection • Mitigation processes Hackers hack and they will continue to hack P MR User Network Service Business
  • 28. How do you provide customers/members with tools and tips to safeguard their online and/or mobile banking experience? (select all that apply) a. Online Banking Application b. Mobile Banking Application c. Email d. Text/SMS e. In-Branch f. Other g. We do not provide any tools or tips Poll Question 4 : Education Programs
  • 29. • Customer Awareness & Education – DOs and DON’Ts – Alerts and Notifications • Attacks, risks etc. • Internal Training Secure people, not just the technology P MR 1. Be vigilant. 2. Protect your devices. 3. Protect your passwords. • Create password groups. 4. Do not share your passwords. 5. Use trusted applications from known and trusted sources. 6. Access trusted websites. 7. Be careful of email content, even if it’s from a known person. * Feb 1st – National Change Your Password Day User Network System Business
  • 30. What you can do . . .  Effective security strategy – elements for prevention, monitoring and remediation  Multi-factor authentication  Layered security controls  Transaction monitoring  Marketing programs for customer awareness and education  Annual risk assessment Security and Compliance Checklist User Service Business Network
  • 32. www.digitalinsight.com Thank you! October 2014: Trends in Delivery: Channel Convergence and Funding Innovation David Potterton, Cornerstone Advisors Visit Us: