Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Information Security Management System in the Banking Sector


Published on

Information Security Management System design. Information security governance approaches comparison. ISMS processes. ISMS implementation. The biggest threats in the Banking sector. The future of banking and payment systems. The challenges and future of banking. Cybersecurity solutions for Financial services.

Published in: Technology
  • Did u try to use external powers for studying? Like ⇒ ⇐ ? They helped me a lot once.
    Are you sure you want to  Yes  No
    Your message goes here
  • please send the ppt of your presentation to my email:
    Are you sure you want to  Yes  No
    Your message goes here

Information Security Management System in the Banking Sector

  1. 1. Samvel Gevorgyan CEO, CYBER GATES MSc Information Systems & Cyber Security Information Security Management System in the Banking Sector COPYRIGHT 2017 © CYBER GATES WWW.CYBERGATES.ORG
  2. 2. Information Security Management System (design)
  3. 3. PDCA Model applied to ISMS processes
  4. 4. Security measures meta-framework Image source:
  5. 5. Information security risks Image source:
  6. 6. Information security governance approaches (comparison) Image source:
  7. 7. Information Security Management System (implementation)
  8. 8. The biggest threats 1. Malicious software • Infecting critical systems with ransomware • Installing keyloggers to get sensitive data, etc. 2. IoT (Internet of Things) devices and botnets • Hacking CCTV cameras to perform DoS/DDoS attacks, etc. 3. Phishing and social engineering • Revealing confidential information relating to clients and employees • Hacking corporate email accounts to alter payment bank account numbers, etc. 4. Business process compromise attacks • Hacking processing system to redirect customers’ transactions 5. Third party services, unsecured mobile banking, unencrypted data, data breaches, etc.
  9. 9. Malicious software Infecting critical systems with malwares
  10. 10. IoT devices and botnets Hacking CCTV cameras to perform DoS/DDoS attacks
  11. 11. Phishing and social engineering Anomaly of phishing attack against bank employees
  12. 12. Business process compromise attacks
  13. 13. Third party services and mobile banking Exploiting critical infrastructure weaknesses
  14. 14. Unencrypted data and data breaches
  15. 15. The Open Banking and PSD2 The future of banking
  16. 16. The next generation payment system
  17. 17. The challenges and future of banking Targets for hacking in the near future: • Online / mobile banking systems • Initial Coin Offering (ICO) • Blockchain • Cryptocurrency The future of intrusion detection: • Machine learning for preventing data leakages • Artificial Intelligence for fighting financial fraud, malware anomalies, etc. The future of mobile banking security: • Biometric authentication for mobile banking (fingerprint, face and voice recognition, etc.)
  18. 18. Cybersecurity solutions for Financial Services
  19. 19. PinCat PinCat is a unified threat management (UTM) solution that combines multiple security features into a single platform to protect your network, web, email, applications, and users against advanced persistent threats (APT), DoS/DDoS attacks, viruses, spyware, ransomware and spam messages. • Protection against DDoS attack vectors up to 50 Gbit/s • Next generation Firewall • Data Loss Prevention • Anti-Ransomware • Advanced SPAM filter
  20. 20. FireEye The FireEye Threat Prevention Platform provides real-time, dynamic threat protection without the use of signatures to protect an organization across the primary threat vectors and across the different stages of an attack life cycle. • Staying ahead of issues that could endanger the bank’s mission • Identifying and blocking unknown cyber threats that are missed by traditional defenses • Preventing the potential compromise of critical operations and data
  21. 21. Trend Micro Coordinated threat defenses is a new approach to enterprise security that helps address this situation. It builds on the traditional tactic of relying on comprehensive domain-level countermeasures by emphasizing the additional need for: • Extensive, multi-way integration among domain- and management-level components • Overarching, cross-domain security data analysis, correlation, and visualization • Supplemental, global threat intelligence • Intelligent coordination and automation of essential threat response capabilities
  22. 22. MaxPatrol MaxPatrol gives an unbiased picture of the state of protection at the system, department, node, and application levels. Pentesting, auditing, and compliance verification—combined with support for diverse operating systems, databases, and web apps—make MaxPatrol the perfect choice for auditing security in real time, all the time, at all levels of a corporate information system. • All-in-one solution ensures consistent results • Multilevel reporting tells the whole story • Presets ease compliance