We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byCandace Clarke
Modified over 8 years ago
BITS Proprietary and Confidential © BITS 2003. Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior Director, BITS Presentation to Global Dialogue World Bank Group September 10, 2003
2 BITS Proprietary and Confidential © BITS 2003. Agenda Overview of BITS Key Security and Technology Risks BITS Security-Related Risk Management Activities –BITS Product Certification Program –IT Service Providers Effort –Fraud Reduction and Identity Theft Prevention and Assistance
3 BITS Proprietary and Confidential © BITS 2003. A BIT about BITS Created in 1996 to foster the growth and development of electronic financial services and e-commerce for the benefit of financial institutions and their customers. A nonprofit industry consortium that represents the 100 largest financial institutions in the US (banks, securities and insurance). Works as a strategic brain trust to provide intellectual capital and address emerging issues where financial services, technology and commerce intersect.
4 BITS Proprietary and Confidential © BITS 2003. Key BITS Accomplishments Crisis Management –Leading crisis management coordination efforts for the sector –Creating the BITS/FSR Crisis Communicator –Driving dialogue to address telecommunications interdependencies Best Practices –BITS Voluntary Guidelines for Aggregation Services –BITS IT Service Provider Framework –BITS Guidelines for Mobile Financial Services –BITS E-Insurance Technology Risk Transfer Gap Analysis Tool White Papers –Fraud Prevention Strategies for Internet Banking –Financial Identity Theft: Prevention and Consumer Assistance Product Security –Security profiles and testing for e-commerce products
5 BITS Proprietary and Confidential © BITS 2003. Security and Technology Risks Continuing growth in new e-finance applications, movement of these applications to public networks, and expanding customer access via new channels Increase in outsourcing arrangements Complexity of software and systems Escalating rate and nature of cyber attacks, viruses and worms Poor quality of software “Patch management” challenges Identity theft and privacy protection Infrastructure interdependencies (e.g., telecommunications networks, power grid) Regulatory requirements and operational risk capital requirements
6 BITS Proprietary and Confidential © BITS 2003. BITS Security-Related Activities Product Security –Urging software manufacturers to improve software quality. –Developing best practices for patch management. –Improving baseline security of products used in the financial industry through security requirements and software testing. Critical Infrastructure –Developing the National Strategy for Critical Infrastructure Protection. –Supporting and strengthening the Financial Services Information Sharing and Analysis Center (FS/ISAC). –Founding and participating in the Financial Services Sector Coordinating Council for Homeland Security and Critical Infrastructure Protection.
7 BITS Proprietary and Confidential © BITS 2003. BITS Security-Related Activities Operational Risk –Developing a common body of high-risk factors that influence operational risk models. –Establish metrics and measurement methodologies. Regulatory –Assisting financial institutions in complying with new cyber security and other security requirements (e.g., customer notification in response to security breaches). –Facilitating industry dialogue with regulators.
8 BITS Proprietary and Confidential © BITS 2003. BITS Product Security Program A three-year development effort involving 32 BITS member companies, 23 outside organizations and over 100 security professionals from technology vendors, government agencies and leading financial services firms. Criteria represent minimum baseline product security requirements for a set of security features including: –Identification –Non-repudiation –Authorization –Confidentiality –Data and system integrity –Data disposal –Audit –Authentication –Security administration –Guidance documentation
9 BITS Proprietary and Confidential © BITS 2003. IT Service Providers Effort BITS IT Service Providers Working Group – Raises awareness, develops voluntary guidelines, and shares successful strategies to assure the security and privacy of third-party services in support of the financial services industry. BITS Framework for Managing Technology Risk for IT Service Provider Relationships – Provides criteria against which relationships can be evaluated and managed. –Update published for comment September 2003. BITS IT Service Provider Expectations Matrix – Reduces risk, helps institutions comply with regulatory requirements and eliminates gaps in the audit or assessment process. –RFI available for public comment through September 30. BITS/American Banker Financial Services Outsourcing Conference – Held November 6-7, 2003 in Washington, DC.
10 BITS Proprietary and Confidential © BITS 2003. Fraud Reduction/Identity Theft Prevention and Assistance Quarterly Loss Reporting Program – Participants saw, on average, a 3% annual decrease in losses per account vs. an industry increase of 1% between 1999 and 2001. (Program administered by the American Bankers Association.) BITS/FSR Fraud Reduction Voluntary Guidelines – Efficient and consistent procedures to prevent identity theft and restore victims’ financial identity. Uniform Affidavit for Identity Theft – Allows for collection of transactional detail to be shared with law enforcement to help build cases and shut down fraud rings. The affidavit may be shared with other companies where the victim holds accounts. (Created with the Federal Trade Commission.) Publications – White papers on truncation, identity theft and Internet fraud.
BITS Proprietary and Confidential © BITS 2003. For More Information John Carlson Senior Director E-mail: firstname.lastname@example.org Telephone: (202) 589-2442 www.BITSinfo.org
Yukiko Ko Binding Corporate Rules – Global Implications Conference on Cross Border Data Flows and Privacy October 16, 2007.
How can Parliamentarians contribute to a Positive Investment Climate? by Rainer Geiger Senior Regional Advisor, OECD 3rd Global Conference of Parliamentarians.
Global Marketing Overview of Supply Chain Security Assurance Certification/membership in supply chain security programs –Different programs focus on particular.
The Financial Modernization Act of 1999, also known as the Gramm-Leach-Bliley Act (GLBA) UNDERSTANDING AND DEVELOPING A STRATEGIC PLAN TO BECOME COMPLIANT.
SL21 Information Security Board Mission, Goals and Guiding Principles.
DHS, National Cyber Security Division Overview
“Limiting electronic fraud through an Information Security Management System (ISMS): An Introduction to ISO 27001" Presented to the ICGFM Annual Conference.
Sarbanes-Oxley Compliance Process Automation
Security Controls – What Works
SECR 5140-FL Critical Infrastructure Protection Dr. Barry S. Hess Spring 2 Semester Week 3: 1 April 2006.
Asia-Pacific Finance and Development Centre 2006 Biennial Forum Shanghai, September 2006 Session V: Regional Cooperation and Innovation Development Presented.
PPA 573 – Emergency Management and Homeland Security Lecture 9b - Department of Homeland Security Strategic Plan.
Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
(Geneva, Switzerland, September 2014)
Affiliated Information Security Collaborative An Affiliated Enterprise Approach to Information Security Deans and Vice Presidents Meeting April 17, 2014.
Guidance for Managing Third-Party Risk Chicago Region Regulatory Conference Call December 8, 2010.
Competency Models Impact on Talent Management
© 2023 SlidePlayer.com Inc. All rights reserved.