Presentation is loading. Please wait.

Presentation is loading. Please wait.

CYBER SECURITY in the SINGAPORE FINANCIAL SECTOR Tony Chew, Director, Technology Risk Supervision Monetary Authority of Singapore © Tel: 62299109 Email:

Published byHarriet Hopkins Modified over 9 years ago

Similar presentations

Presentation on theme: "CYBER SECURITY in the SINGAPORE FINANCIAL SECTOR Tony Chew, Director, Technology Risk Supervision Monetary Authority of Singapore © Tel: 62299109 Email:"— Presentation transcript:

1 CYBER SECURITY in the SINGAPORE FINANCIAL SECTOR Tony Chew, Director, Technology Risk Supervision Monetary Authority of Singapore © Tel: 62299109 Email: tonychew@mas.gov.sg WORLD BANK VIDEO SATELLITE CONFERENCE September 10, 2003

2 CYBER SECURITY and TECHNOLOGY RISK MANAGEMENT M ONETARY A UTHORITY OF S INGAPORE HOW DOES MAS PROMOTE IN THE FINANCIAL SECTOR ?

3 1. BANKING ACT – PRUDENTIAL REQUIREMENTS. 2. SUPERVISORY AND REGULATORY PROCESS. 3. NOTICES, ADVISORIES AND DIRECTIVES. 4. TECHNOLOGY RISK MANAGEMENT GUIDELINES. 5. INSPECTION AND TECHNOLOGY RISK ASSESSMENT. SAFETY AND SOUNDNESS FRAMEWORK

4 The 2 largest banks in Singapore were attacked by hackers. UOB in June 2001 DBS in June 2002 TWO HACKING INCIDENTS

5 On 4 July 2001, UOB discovered an intrusion into its internet banking system. Hackers from Eastern Europe attacked the bank’s online system. HACKING INTO ONLINE BANKING On 19 June 2002, between 8:20 am and 9:20 am, a hacker broke into 21 DBS customer accounts and transferred $62,000 from their accounts to his account. At 10 am, he walked into a branch and withdrew the stolen money.

6 HACKING INTO CYBER BANKING Web Server Crypto Server Database Server HOST HSM SSL PIN attack Virus/worms, backdoors, keyboard sniffers, AV/FW evasion

7 TECHNOLOGY RISK MANAGEMENT VULNERABILITIES THREATS CONSEQUENCES AND LOSSES RISK CONTROL AND SECURITY Level of Risk COSTCOST EXPOSUREEXPOSURE

8 CAMELO T S RISK RATING SYSTEMS INTEGRITY SYSTEMS CONTROLS TECHNOLOGY RISK ASSESSMENT PROCESS IS BASED ON 6 SYSTEMS CRITERIA COMPLIANCECOMPLIANCE SECURITY PRACTICES RECOVERYRECOVERY RISK MANAGEMENT

9 INTERNET BANKING 1. Establish robust risk management process. 2. Strengthen system availability, security, recoverability. 3. Deploy strong cryptography to protect data. Technology Risk Management Guidelines

10 TECHNOLOGY RISK MANAGEMENT Delineate responsibility for safety and soundness. Establish responsibility for managing technology risks. Nurture a risk awareness culture. Rectify the weakest security link. Conduct vulnerability and security assessment. Invest in system reliability and integrity. Prepare for contingencies and disruptions. Educate customers on security precautions. Manage outsourcing risks. Guidelines for Financial Institutions

11 SECURITY GUIDELINES FOR MOBILE BANKING AND PAYMENTS 1. Introduction – authentication and fraud detection 2.Risk management framework 3.Types of services 4.Technology risk management 5.Security practices a) PIN security b) Network and system security c) Cryptographic key management d) General security practices e) Customer education

12 END

Download ppt "CYBER SECURITY in the SINGAPORE FINANCIAL SECTOR Tony Chew, Director, Technology Risk Supervision Monetary Authority of Singapore © Tel: 62299109 Email:"

Similar presentations

Nishidh, CISSP. To comply with Sarbanes oxley and other legislations To comply with industry standards and business partner requirements To protect.

Nishidh, CISSP. To comply with Sarbanes oxley and other legislations To comply with industry standards and business partner requirements To protect.
Welcome To Presentation on Holistic Information Security Management.

Welcome To Presentation on Holistic Information Security Management.
Proposed FMRP Course for Middle & Back Office Support Functions Foundation Module Objectives To understand the structure of Financial Markets To be aware.

Proposed FMRP Course for Middle & Back Office Support Functions Foundation Module Objectives To understand the structure of Financial Markets To be aware.
The ROLE of the ACTUARY in INSURANCE PRUDENTIAL SUPERVISION Yangon, Myanmar 14 July 2014 Chi Cheng Hock, FFA.

The ROLE of the ACTUARY in INSURANCE PRUDENTIAL SUPERVISION Yangon, Myanmar 14 July 2014 Chi Cheng Hock, FFA.
Topic Outline — Information security? — Security Why? — Security approach — Vocabulary — The weakest link — Real life security sample.

Topic Outline — Information security? — Security Why? — Security approach — Vocabulary — The weakest link — Real life security sample.
Palestine Capital Markets Authority1.  PCMA has been established in 2005 to be the REGULATOR for the non- banking financial sectors  Sectors under the.

Palestine Capital Markets Authority1.  PCMA has been established in 2005 to be the REGULATOR for the non- banking financial sectors  Sectors under the.
IOR Scottish Chapter Annual Conference Glasgow Caledonian University – 1 st November 2013 Relevance of Operational Risk to the FCA Jill Savager Manager,

IOR Scottish Chapter Annual Conference Glasgow Caledonian University – 1 st November 2013 Relevance of Operational Risk to the FCA Jill Savager Manager,
#AVeSPresents AVeS Cyber Security Confidence in your Digital Information 2014/09/25 Charl Ueckermann Managing Director AVeS Cyber Security Lex Informatica.

#AVeSPresents AVeS Cyber Security Confidence in your Digital Information 2014/09/25 Charl Ueckermann Managing Director AVeS Cyber Security Lex Informatica.
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.

E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
E-Security Background IT Infrastructure in Sikkim Current Status of Cyber Security& Cyber Crime in SIkkimCurrent Status of Cyber Security& Cyber Crime.

E-Security Background IT Infrastructure in Sikkim Current Status of Cyber Security& Cyber Crime in SIkkimCurrent Status of Cyber Security& Cyber Crime.
Management’s Role in Information Security V.T. Raja, Ph.D., Oregon State University.

Management’s Role in Information Security V.T. Raja, Ph.D., Oregon State University.
Lecture 10 Security and Control.

Lecture 10 Security and Control.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
FIT3105 Security and Identity Management Lecture 1.

FIT3105 Security and Identity Management Lecture 1.
Regulation of Commercial Banks. Regulation on commercial banks Saudi Arabian Monetary Agency (SAMA) is responsible for ensuring soundness of the banking.

Regulation of Commercial Banks. Regulation on commercial banks Saudi Arabian Monetary Agency (SAMA) is responsible for ensuring soundness of the banking.
Maintaining & Reviewing a Web Application’s Security By: Karen Baldacchino Date: 15 September 2012.

Maintaining & Reviewing a Web Application’s Security By: Karen Baldacchino Date: 15 September 2012.
Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.

Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.
Accessibility, Integrity, & Confidentiality: Security Challenges for E-Business Rodney J. Petersen University of Maryland & Educause/Internet2 Security.

Accessibility, Integrity, & Confidentiality: Security Challenges for E-Business Rodney J. Petersen University of Maryland & Educause/Internet2 Security.

Similar presentations

Ads by Google