Presentation is loading. Please wait.

Presentation is loading. Please wait.

ELOC Bank Table Top Exercise Executive Leadership of Cybersecurity Austin, TX December 3, 2014 1.

Published byAlanna Hucke Modified over 9 years ago

Similar presentations

Presentation on theme: "ELOC Bank Table Top Exercise Executive Leadership of Cybersecurity Austin, TX December 3, 2014 1."— Presentation transcript:

1 ELOC Bank Table Top Exercise Executive Leadership of Cybersecurity Austin, TX December 3, 2014 1

2 ELOC Bank is a $250 million commercial bank providing a comprehensive range of banking products and services. Customers connect to the bank’s online Cash Management System to complete ACH origination and wire transfers. ELOC Bank Background 2

3 September 2014 IT Audit Report ELOC Bank 3

4 The September 2014 IT Audit found that the bank’s network and systems were adequately protected. However, the following recommendations were made: Bank IT Audit Report Enhance employee training on wire & ACH payment procedures Review and update the bank’s insurance coverages for cyber incidents Add an Intrusion Prevention System (IPS) to help prevent network intrusion Conduct incident response testing and provide the Board with reports on Cyber threats and readiness 4

5 The IT Steering Committee researched the auditor’s recommendations and provided an estimate of the cost to the Board. December 5, 2014 Board Meeting 5 Implementation and on-going costs are higher than expected and were not budgeted.

6 ELOC Bank Group Interaction 1

7 A. Revise 2015 budget to address all recommendations by September 30, 2015. B. Cancel employee and executive bonuses and Director’s fees to pay for auditor recommendations. C.Postpone action on the audit recommendations until the February 5, 2015 board meeting. D. Add an additional guard at the computer room door to prevent system intrusion. E. Other? What Would You Do?

8 Why or Why Not? A. Revise 2015 budget to address all recommendations by September 30, 2015. B. Cancel employee and executive bonuses and Director’s fees to pay for auditor recommendations. C.Postpone action on the audit recommendations until the February 5, 2015 board meeting. D. Add an additional guard at the computer room door to prevent system intrusion. E. Other?

9 On December 5, 2014, after much deliberation, ELOC Bank’s Board decides to postpone action on the audit recommendations until the February 5, 2015 Board meeting. Action the Board Took

10 December 26, 2014 Service Disruption ELOC Bank 10

11 Help and Technical Support Desks are receiving a significant volume of calls. 2:00 pm Employees are reporting : Slow computer response time Online-banking and cash management systems are behaving erratically. 2:30 pm Customers are flooding the bank’s Help Desk and reporting: ELOC Bank’s website is slow and acting erratically Can’t reach the online banking and cash management web pages 2:45 pm National news services begin reporting: that several large banks are having similar problems 3:00 pm Staff informs CEO of all of the above. December 26, 2014 11

12 ELOC Bank Group Interaction 2

13 A. Ask the IT manager for a verbal report - Wait for their recommendation and report before deciding what to do. B. Immediately call an Officer’s meeting to gather information and develop a plan of action. C. Alert appropriate staff that the IT department is aware of the issue and working on a solution. D.Launch your Incident Response Plan. E.Other? What Would You Do? 13

14 Why or Why Not? 14 A. Ask the IT manager for a verbal report - Wait for their recommendation and report before deciding what to do. B. Immediately call an Officer’s meeting to gather information and develop a plan of action. C. Alert appropriate staff that the IT department is aware of the issue and working on a solution. D.Launch your Incident Response Plan. E.Other?

15 Bank systems and operations are operating normally The IT Manager notifies the president that the bank experienced a Distributed Denial of Service (DDoS) attack earlier and that abnormal traffic activity was identified. However, the DDoS attack ended and all bank systems are operating normally. Employees are able to complete bank functions including retrieving customer ACH origination files and online wire transfer requests. All end of day processing was completed and all systems are operating normally. December 26, 2014 15

16 December 29, 2014 Wire Transfer ELOC Bank 16

17 $230,000 wire transfer request arrives from Cash Management System. President’s approval is needed. President questions validity, asks the cashier if she has called the customer to confirm. Cashier says she’s already talked to the customer and he confirmed the wire going to China. The President reviews the account, and again asks the cashier if she has called and talked the customer. She again says yes, she talked to him and confirmed it. December 29, 2014 17

18 Based upon the information known now, If you were this banker, would you: 1.Not send the wire 2.Send the wire Decision Point! 18

19 The customer from Monday contacts the bank and reports that $230,000 is missing from his account. He is upset and needs to make month-end payroll. After some investigation management determines that the wire was fraudulent. The bank contacts their correspondent bank to recover the funds but the money has already left the country and it is night time in China. December 30, 2014 19 9:00 am 10:00 am

20 ELOC Bank Group Interaction 3

21 A. Activate the Incident Response Plan. B. Notify primary regulator and law enforcement. C.Return the $230,000 to the customer’s account so they can meet payroll. D.Hire an outside expert to conduct an investigation and forensics analysis. E. Review insurance coverage. F. Other? What Would You Do? 21

22 Why or Why Not? 22 A. Activate the Incident Response Plan. B. Notify primary regulator and law enforcement. C.Return the $230,000 to the customer’s account so they can meet payroll. D.Hire an outside expert to conduct an investigation and forensics analysis. E. Review insurance coverage. F. Other?

23 Exercise Scenario Summary 1. Delayed Audit Action 2. Internet and System Disruption Incident Response testing and updating 3. Fraudulent Wire Transfer Incident Response testing and updating Wire procedures training Insurance review related to Cybersecurity 23

24 Culture of Security Tone from the Top Educate staff & customers Incident Response Plan Realistic Testing of Plans Review Insurance Threat intelligence and collaboration Executive Leadership of Cybersecurity 24

25 FFIEC.GOV 25

Download ppt "ELOC Bank Table Top Exercise Executive Leadership of Cybersecurity Austin, TX December 3, 2014 1."

Similar presentations

Red Flags Compliance BANKERS ADVISORY 1 Red Flags Compliance Fair & Accurate Credit Transactions Act (FACTA) Identity Theft Prevention.

Red Flags Compliance BANKERS ADVISORY 1 Red Flags Compliance Fair & Accurate Credit Transactions Act (FACTA) Identity Theft Prevention.
Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.

Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.
The importance of a Compliance program is to ensure that our agency meets the highest possible standards for all relevant federal, state and local regulations,

The importance of a Compliance program is to ensure that our agency meets the highest possible standards for all relevant federal, state and local regulations,
Introduction to the Investigative Audit Services Group.

Introduction to the Investigative Audit Services Group.
Company and Product Overview The AMLA Doug Keipper, CAMS.

Company and Product Overview The AMLA Doug Keipper, CAMS.
Internal Audit Review For Small Projects Cyndi Fout Project Services Director October 26, 2009.

Internal Audit Review For Small Projects Cyndi Fout Project Services Director October 26, 2009.
Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.

Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Australian High Tech Crime Centre What is cybercrime & trends Monday 5 November 2007.

Australian High Tech Crime Centre What is cybercrime & trends Monday 5 November 2007.
Management Control Systems

Management Control Systems
Accepting Credit Cards on your Website. If you are building an online shop, you will need to address the question of taking payments for orders. You can,

Accepting Credit Cards on your Website. If you are building an online shop, you will need to address the question of taking payments for orders. You can,
Department Of Computer Engineering

Department Of Computer Engineering
Network security policy: best practices

Network security policy: best practices
E XAMINATION AND E NFORCEMENT I SSUES : B EYOND T HE P ILLARS The AMLA Third Annual Full Day BSA/AML Conference October 4, 2013 Presented by: John M. Geiringer.

E XAMINATION AND E NFORCEMENT I SSUES : B EYOND T HE P ILLARS The AMLA Third Annual Full Day BSA/AML Conference October 4, 2013 Presented by: John M. Geiringer.
STUDYLINK OVERVIEW FOR EDUCATION PROVIDERS Find the best way to finance your future August 2013.

STUDYLINK OVERVIEW FOR EDUCATION PROVIDERS Find the best way to finance your future August 2013.
First Community Bank www.fcbnm.com Prevx Safe Online Rollout & Best Practice Presentation.

First Community Bank Prevx Safe Online Rollout & Best Practice Presentation.
Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.

Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.
Challenges Faced in Developing Audit Plans and Programs 21 st March, 2013.

Challenges Faced in Developing Audit Plans and Programs 21 st March, 2013.
1 Group-IB: Digital investigations and forensic Ilya Sachkov Group-IB

1 Group-IB: Digital investigations and forensic Ilya Sachkov Group-IB
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.

UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.

Similar presentations

Ads by Google