SlideShare a Scribd company logo

Information Security Management System in the Banking Sector

Samvel Gevorgyan
Samvel Gevorgyan

Information Security Management System design. Information security governance approaches comparison. ISMS processes. ISMS implementation. The biggest threats in the Banking sector. The future of banking and payment systems. The challenges and future of banking. Cybersecurity solutions for Financial services.

Technology
1 of 22
Samvel Gevorgyan CEO, CYBER GATES MSc Information Systems & Cyber Security Information Security Management System in the Banking Sector COPYRIGHT 2017 © CYBER GATES WWW.CYBERGATES.ORG
Information Security Management System (design)
PDCA Model applied to ISMS processes
Security measures meta-framework Image source: www.enisa.europa.eu
Information security risks Image source: www.enisa.europa.eu
Information security governance approaches (comparison) Image source: ibimapublishing.com
Information Security Management System (implementation)
The biggest threats 1. Malicious software • Infecting critical systems with ransomware • Installing keyloggers to get sensitive data, etc. 2. IoT (Internet of Things) devices and botnets • Hacking CCTV cameras to perform DoS/DDoS attacks, etc. 3. Phishing and social engineering • Revealing confidential information relating to clients and employees • Hacking corporate email accounts to alter payment bank account numbers, etc. 4. Business process compromise attacks • Hacking processing system to redirect customers’ transactions 5. Third party services, unsecured mobile banking, unencrypted data, data breaches, etc.
Malicious software Infecting critical systems with malwares
IoT devices and botnets Hacking CCTV cameras to perform DoS/DDoS attacks
Phishing and social engineering Anomaly of phishing attack against bank employees
Business process compromise attacks
Third party services and mobile banking Exploiting critical infrastructure weaknesses
Unencrypted data and data breaches
The Open Banking and PSD2 The future of banking
The next generation payment system
The challenges and future of banking Targets for hacking in the near future: • Online / mobile banking systems • Initial Coin Offering (ICO) • Blockchain • Cryptocurrency The future of intrusion detection: • Machine learning for preventing data leakages • Artificial Intelligence for fighting financial fraud, malware anomalies, etc. The future of mobile banking security: • Biometric authentication for mobile banking (fingerprint, face and voice recognition, etc.)
Cybersecurity solutions for Financial Services
PinCat PinCat is a unified threat management (UTM) solution that combines multiple security features into a single platform to protect your network, web, email, applications, and users against advanced persistent threats (APT), DoS/DDoS attacks, viruses, spyware, ransomware and spam messages. • Protection against DDoS attack vectors up to 50 Gbit/s • Next generation Firewall • Data Loss Prevention • Anti-Ransomware • Advanced SPAM filter
FireEye The FireEye Threat Prevention Platform provides real-time, dynamic threat protection without the use of signatures to protect an organization across the primary threat vectors and across the different stages of an attack life cycle. • Staying ahead of issues that could endanger the bank’s mission • Identifying and blocking unknown cyber threats that are missed by traditional defenses • Preventing the potential compromise of critical operations and data
Trend Micro Coordinated threat defenses is a new approach to enterprise security that helps address this situation. It builds on the traditional tactic of relying on comprehensive domain-level countermeasures by emphasizing the additional need for: • Extensive, multi-way integration among domain- and management-level components • Overarching, cross-domain security data analysis, correlation, and visualization • Supplemental, global threat intelligence • Intelligent coordination and automation of essential threat response capabilities
MaxPatrol MaxPatrol gives an unbiased picture of the state of protection at the system, department, node, and application levels. Pentesting, auditing, and compliance verification—combined with support for diverse operating systems, databases, and web apps—make MaxPatrol the perfect choice for auditing security in real time, all the time, at all levels of a corporate information system. • All-in-one solution ensures consistent results • Multilevel reporting tells the whole story • Presets ease compliance

Recommended

Cyber Security for Financial Institutions
Cyber Security for Financial InstitutionsCyber Security for Financial Institutions
Cyber Security for Financial Institutions
Khawar Nehal khawar.nehal@atrc.net.pk
 
Information technology risks
Information technology risksInformation technology risks
Information technology risks
salman butt
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Shawn Tuma
 
Information risk management
Information risk managementInformation risk management
Information risk management
Akash Saraswat
 
Enterprise Risk Management PowerPoint Presentation Slides
Enterprise Risk Management PowerPoint Presentation Slides Enterprise Risk Management PowerPoint Presentation Slides
Enterprise Risk Management PowerPoint Presentation Slides
SlideTeam
 
exploratory data analysis on german credit data
exploratory data analysis on german credit dataexploratory data analysis on german credit data
exploratory data analysis on german credit data
bhaswani
 
Enterprise Risk Management as a Core Management Process
Enterprise Risk Management as a Core Management ProcessEnterprise Risk Management as a Core Management Process
Enterprise Risk Management as a Core Management Process
regio12
 
Cybersecurity in Banking Sector
Cybersecurity in Banking SectorCybersecurity in Banking Sector
Cybersecurity in Banking Sector
Quick Heal Technologies Ltd.
 

Recommended

Cyber Security for Financial Institutions
Cyber Security for Financial InstitutionsCyber Security for Financial Institutions
Cyber Security for Financial Institutions
Khawar Nehal khawar.nehal@atrc.net.pk
 
Information technology risks
Information technology risksInformation technology risks
Information technology risks
salman butt
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Shawn Tuma
 
Information risk management
Information risk managementInformation risk management
Information risk management
Akash Saraswat
 
Enterprise Risk Management PowerPoint Presentation Slides
Enterprise Risk Management PowerPoint Presentation Slides Enterprise Risk Management PowerPoint Presentation Slides
Enterprise Risk Management PowerPoint Presentation Slides
SlideTeam
 
exploratory data analysis on german credit data
exploratory data analysis on german credit dataexploratory data analysis on german credit data
exploratory data analysis on german credit data
bhaswani
 
Enterprise Risk Management as a Core Management Process
Enterprise Risk Management as a Core Management ProcessEnterprise Risk Management as a Core Management Process
Enterprise Risk Management as a Core Management Process
regio12
 
Cybersecurity in Banking Sector
Cybersecurity in Banking SectorCybersecurity in Banking Sector
Cybersecurity in Banking Sector
Quick Heal Technologies Ltd.
 
Loan Default Prediction with Machine Learning
Loan Default Prediction with Machine LearningLoan Default Prediction with Machine Learning
Loan Default Prediction with Machine Learning
Alibaba Cloud
 
PCI DSS for Pentesting
PCI DSS for PentestingPCI DSS for Pentesting
PCI DSS for Pentesting
n|u - The Open Security Community
 
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesHow To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
SlideTeam
 
Board and Cyber Security
Board and Cyber SecurityBoard and Cyber Security
Board and Cyber Security
Leon Fouche
 
Operational Risk Management
Operational Risk ManagementOperational Risk Management
Operational Risk Management
arsqureshi
 
Understanding and complying with RBI’s Cyber security guidelines for Email sy...
Understanding and complying with RBI’s Cyber security guidelines for Email sy...Understanding and complying with RBI’s Cyber security guidelines for Email sy...
Understanding and complying with RBI’s Cyber security guidelines for Email sy...
Vaultastic
 
Credit risk management presentation
Credit risk management presentationCredit risk management presentation
Credit risk management presentation
harsh raj
 
ISO 27005 Risk Assessment
ISO 27005 Risk AssessmentISO 27005 Risk Assessment
ISO 27005 Risk Assessment
Smart Assessment
 
Risk governance framework
Risk governance frameworkRisk governance framework
Risk governance framework
estelleelizabeth
 
ISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewISO 27001 2013 isms final overview
ISO 27001 2013 isms final overview
Naresh Rao
 
Iso27001 Risk Assessment Approach
Iso27001 Risk Assessment ApproachIso27001 Risk Assessment Approach
Iso27001 Risk Assessment Approach
tschraider
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
Risk Management (1) (1).ppt
Risk Management (1) (1).pptRisk Management (1) (1).ppt
Risk Management (1) (1).ppt
AjjuSingh2
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessment
CAS
 
Fintech
FintechFintech
Fintech
AayushBedi3
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
PECB
 
Operational risk management and measurement
Operational risk management and measurementOperational risk management and measurement
Operational risk management and measurement
Rahmat Mulyana
 
E-commerce & Security
E-commerce & SecurityE-commerce & Security
E-commerce & Security
NetstarterSL
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness
SnapComms
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001
technakama
 
Seguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesSeguridad web -articulo completo- ingles
Seguridad web -articulo completo- ingles
isidro luna beltran
 
Advanced Approaches to Data Center Security.pdf
Advanced Approaches to Data Center Security.pdfAdvanced Approaches to Data Center Security.pdf
Advanced Approaches to Data Center Security.pdf
manoharparakh
 

More Related Content

What's hot

How To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesHow To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
SlideTeam
 
Operational Risk Management
Operational Risk ManagementOperational Risk Management
Operational Risk Management
arsqureshi
 
Understanding and complying with RBI’s Cyber security guidelines for Email sy...
Understanding and complying with RBI’s Cyber security guidelines for Email sy...Understanding and complying with RBI’s Cyber security guidelines for Email sy...
Understanding and complying with RBI’s Cyber security guidelines for Email sy...
Vaultastic
 
Iso27001 Risk Assessment Approach
Iso27001 Risk Assessment ApproachIso27001 Risk Assessment Approach
Iso27001 Risk Assessment Approach
tschraider
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
PECB
 
E-commerce & Security
E-commerce & SecurityE-commerce & Security
E-commerce & Security
NetstarterSL
 

What's hot (20)

Loan Default Prediction with Machine Learning
Loan Default Prediction with Machine LearningLoan Default Prediction with Machine Learning
Loan Default Prediction with Machine Learning
 
PCI DSS for Pentesting
PCI DSS for PentestingPCI DSS for Pentesting
PCI DSS for Pentesting
 
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation SlidesHow To Handle Cybersecurity Risk PowerPoint Presentation Slides
How To Handle Cybersecurity Risk PowerPoint Presentation Slides
 
Board and Cyber Security
Board and Cyber SecurityBoard and Cyber Security
Board and Cyber Security
 
Operational Risk Management
Operational Risk ManagementOperational Risk Management
Operational Risk Management
 
Understanding and complying with RBI’s Cyber security guidelines for Email sy...
Understanding and complying with RBI’s Cyber security guidelines for Email sy...Understanding and complying with RBI’s Cyber security guidelines for Email sy...
Understanding and complying with RBI’s Cyber security guidelines for Email sy...
 
Credit risk management presentation
Credit risk management presentationCredit risk management presentation
Credit risk management presentation
 
ISO 27005 Risk Assessment
ISO 27005 Risk AssessmentISO 27005 Risk Assessment
ISO 27005 Risk Assessment
 
Risk governance framework
Risk governance frameworkRisk governance framework
Risk governance framework
 
ISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewISO 27001 2013 isms final overview
ISO 27001 2013 isms final overview
 
Iso27001 Risk Assessment Approach
Iso27001 Risk Assessment ApproachIso27001 Risk Assessment Approach
Iso27001 Risk Assessment Approach
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
Risk Management (1) (1).ppt
Risk Management (1) (1).pptRisk Management (1) (1).ppt
Risk Management (1) (1).ppt
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessment
 
Fintech
FintechFintech
Fintech
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
 
Operational risk management and measurement
Operational risk management and measurementOperational risk management and measurement
Operational risk management and measurement
 
E-commerce & Security
E-commerce & SecurityE-commerce & Security
E-commerce & Security
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001
 

Similar to Information Security Management System in the Banking Sector

Seguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesSeguridad web -articulo completo- ingles
Seguridad web -articulo completo- ingles
isidro luna beltran
 
Ibm security overview 2012 jan-18 sellers deck
Ibm security overview 2012 jan-18 sellers deckIbm security overview 2012 jan-18 sellers deck
Ibm security overview 2012 jan-18 sellers deck
Arrow ECS UK
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network Automation
E.S.G. JR. Consulting, Inc.
 
Toward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationToward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network Automation
Ken Flott
 

Similar to Information Security Management System in the Banking Sector (20)

Seguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesSeguridad web -articulo completo- ingles
Seguridad web -articulo completo- ingles
 
Advanced Approaches to Data Center Security.pdf
Advanced Approaches to Data Center Security.pdfAdvanced Approaches to Data Center Security.pdf
Advanced Approaches to Data Center Security.pdf
 
Advanced Approaches to Data Center Security.pdf
Advanced Approaches to Data Center Security.pdfAdvanced Approaches to Data Center Security.pdf
Advanced Approaches to Data Center Security.pdf
 
Cybersecurity Risk from User Perspective
Cybersecurity Risk from User PerspectiveCybersecurity Risk from User Perspective
Cybersecurity Risk from User Perspective
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx
 
Ibm security overview 2012 jan-18 sellers deck
Ibm security overview 2012 jan-18 sellers deckIbm security overview 2012 jan-18 sellers deck
Ibm security overview 2012 jan-18 sellers deck
 
CYBER SECURITY.pptx
CYBER SECURITY.pptxCYBER SECURITY.pptx
CYBER SECURITY.pptx
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network Automation
 
Toward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationToward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network Automation
 
Endpoint Protection as a Service (EPaaS)
Endpoint Protection as a Service (EPaaS)Endpoint Protection as a Service (EPaaS)
Endpoint Protection as a Service (EPaaS)
 
Trend Micro - Hosted eMail Security
Trend Micro - Hosted eMail SecurityTrend Micro - Hosted eMail Security
Trend Micro - Hosted eMail Security
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
SECURITY TOOLS AND PRACTICES THAT ARE MINIMISING THE SURGE IN SUPPLY CHAIN AT...
SECURITY TOOLS AND PRACTICES THAT ARE MINIMISING THE SURGE IN SUPPLY CHAIN AT...SECURITY TOOLS AND PRACTICES THAT ARE MINIMISING THE SURGE IN SUPPLY CHAIN AT...
SECURITY TOOLS AND PRACTICES THAT ARE MINIMISING THE SURGE IN SUPPLY CHAIN AT...
 
Managing security threats in today’s enterprise
Managing security threats in today’s enterpriseManaging security threats in today’s enterprise
Managing security threats in today’s enterprise
 
Cysecc.pptx
Cysecc.pptxCysecc.pptx
Cysecc.pptx
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for business
 
Cyber Security: A Hands on review
Cyber Security: A Hands on reviewCyber Security: A Hands on review
Cyber Security: A Hands on review
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx
 
CYBER SECURITY.pptx
CYBER SECURITY.pptxCYBER SECURITY.pptx
CYBER SECURITY.pptx
 
Cyber.pptx
Cyber.pptxCyber.pptx
Cyber.pptx
 

More from Samvel Gevorgyan

Can you predict who will win the US election?
Can you predict who will win the US election?Can you predict who will win the US election?
Can you predict who will win the US election?
Samvel Gevorgyan
 

More from Samvel Gevorgyan (11)

Websecurity fundamentals for beginners
Websecurity fundamentals for beginnersWebsecurity fundamentals for beginners
Websecurity fundamentals for beginners
 
Content Management System Security
Content Management System SecurityContent Management System Security
Content Management System Security
 
Five Ways to Improve Yandex.Taxi Service
Five Ways to Improve Yandex.Taxi ServiceFive Ways to Improve Yandex.Taxi Service
Five Ways to Improve Yandex.Taxi Service
 
Բախումներ Լեռնային Ղարաբաղում. Քառօրյա պատերազմը կիբեռ տարածքում
Բախումներ Լեռնային Ղարաբաղում. Քառօրյա պատերազմը կիբեռ տարածքումԲախումներ Լեռնային Ղարաբաղում. Քառօրյա պատերազմը կիբեռ տարածքում
Բախումներ Լեռնային Ղարաբաղում. Քառօրյա պատերազմը կիբեռ տարածքում
 
Nagorno-karabakh clashes - four-day war in cyberspace
Nagorno-karabakh clashes - four-day war in cyberspaceNagorno-karabakh clashes - four-day war in cyberspace
Nagorno-karabakh clashes - four-day war in cyberspace
 
What is the Cybersecurity plan for tomorrow?
What is the Cybersecurity plan for tomorrow?What is the Cybersecurity plan for tomorrow?
What is the Cybersecurity plan for tomorrow?
 
Can you predict who will win the US election?
Can you predict who will win the US election?Can you predict who will win the US election?
Can you predict who will win the US election?
 
MAPY
MAPYMAPY
MAPY
 
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011
 
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011
 
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYAN
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYANBEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYAN
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYAN
 

Recently uploaded

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 

Recently uploaded (20)

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 

Information Security Management System in the Banking Sector

  • 1. Samvel Gevorgyan CEO, CYBER GATES MSc Information Systems & Cyber Security Information Security Management System in the Banking Sector COPYRIGHT 2017 © CYBER GATES WWW.CYBERGATES.ORG
  • 3. PDCA Model applied to ISMS processes
  • 4. Security measures meta-framework Image source: www.enisa.europa.eu
  • 5. Information security risks Image source: www.enisa.europa.eu
  • 8. The biggest threats 1. Malicious software • Infecting critical systems with ransomware • Installing keyloggers to get sensitive data, etc. 2. IoT (Internet of Things) devices and botnets • Hacking CCTV cameras to perform DoS/DDoS attacks, etc. 3. Phishing and social engineering • Revealing confidential information relating to clients and employees • Hacking corporate email accounts to alter payment bank account numbers, etc. 4. Business process compromise attacks • Hacking processing system to redirect customers’ transactions 5. Third party services, unsecured mobile banking, unencrypted data, data breaches, etc.
  • 10. IoT devices and botnets Hacking CCTV cameras to perform DoS/DDoS attacks
  • 11. Phishing and social engineering Anomaly of phishing attack against bank employees
  • 13. Third party services and mobile banking Exploiting critical infrastructure weaknesses
  • 15. The Open Banking and PSD2 The future of banking
  • 16. The next generation payment system
  • 17. The challenges and future of banking Targets for hacking in the near future: • Online / mobile banking systems • Initial Coin Offering (ICO) • Blockchain • Cryptocurrency The future of intrusion detection: • Machine learning for preventing data leakages • Artificial Intelligence for fighting financial fraud, malware anomalies, etc. The future of mobile banking security: • Biometric authentication for mobile banking (fingerprint, face and voice recognition, etc.)
  • 19. PinCat PinCat is a unified threat management (UTM) solution that combines multiple security features into a single platform to protect your network, web, email, applications, and users against advanced persistent threats (APT), DoS/DDoS attacks, viruses, spyware, ransomware and spam messages. • Protection against DDoS attack vectors up to 50 Gbit/s • Next generation Firewall • Data Loss Prevention • Anti-Ransomware • Advanced SPAM filter
  • 20. FireEye The FireEye Threat Prevention Platform provides real-time, dynamic threat protection without the use of signatures to protect an organization across the primary threat vectors and across the different stages of an attack life cycle. • Staying ahead of issues that could endanger the bank’s mission • Identifying and blocking unknown cyber threats that are missed by traditional defenses • Preventing the potential compromise of critical operations and data
  • 21. Trend Micro Coordinated threat defenses is a new approach to enterprise security that helps address this situation. It builds on the traditional tactic of relying on comprehensive domain-level countermeasures by emphasizing the additional need for: • Extensive, multi-way integration among domain- and management-level components • Overarching, cross-domain security data analysis, correlation, and visualization • Supplemental, global threat intelligence • Intelligent coordination and automation of essential threat response capabilities
  • 22. MaxPatrol MaxPatrol gives an unbiased picture of the state of protection at the system, department, node, and application levels. Pentesting, auditing, and compliance verification—combined with support for diverse operating systems, databases, and web apps—make MaxPatrol the perfect choice for auditing security in real time, all the time, at all levels of a corporate information system. • All-in-one solution ensures consistent results • Multilevel reporting tells the whole story • Presets ease compliance