Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Samvel Gevorgyan
CEO, CYBER GATES
MSc Information Systems & Cyber Security
Information Security
Management System in
the B...
Information Security Management
System
(design)
PDCA Model applied to ISMS processes
Security measures meta-framework
Image source: www.enisa.europa.eu
Information security risks
Image source: www.enisa.europa.eu
Information security
governance approaches
(comparison)
Image source: ibimapublishing.com
Information Security Management
System
(implementation)
The biggest threats
1. Malicious software
• Infecting critical systems with ransomware
• Installing keyloggers to get sens...
Malicious software
Infecting critical systems with malwares
IoT devices and botnets
Hacking CCTV cameras to perform DoS/DDoS attacks
Phishing and social engineering
Anomaly of phishing attack against bank employees
Business process compromise attacks
Third party services and mobile banking
Exploiting critical infrastructure weaknesses
Unencrypted data
and data breaches
The Open Banking and PSD2
The future of banking
The next generation payment system
The challenges and future of banking
Targets for hacking in the near future:
• Online / mobile banking systems
• Initial C...
Cybersecurity solutions
for Financial Services
PinCat
PinCat is a unified threat management (UTM) solution that
combines multiple security features into a single platfor...
FireEye
The FireEye Threat Prevention Platform
provides real-time, dynamic threat
protection without the use of signatures...
Trend Micro
Coordinated threat defenses is a new approach
to enterprise security that helps address this
situation. It bui...
MaxPatrol
MaxPatrol gives an unbiased picture of the state of
protection at the system, department, node, and
application ...
Upcoming SlideShare
Loading in …5
×

Information Security Management System in the Banking Sector

717 views

Published on

Information Security Management System design. Information security governance approaches comparison. ISMS processes. ISMS implementation. The biggest threats in the Banking sector. The future of banking and payment systems. The challenges and future of banking. Cybersecurity solutions for Financial services.

Published in: Technology
  • Be the first to comment

Information Security Management System in the Banking Sector

  1. 1. Samvel Gevorgyan CEO, CYBER GATES MSc Information Systems & Cyber Security Information Security Management System in the Banking Sector COPYRIGHT 2017 © CYBER GATES WWW.CYBERGATES.ORG
  2. 2. Information Security Management System (design)
  3. 3. PDCA Model applied to ISMS processes
  4. 4. Security measures meta-framework Image source: www.enisa.europa.eu
  5. 5. Information security risks Image source: www.enisa.europa.eu
  6. 6. Information security governance approaches (comparison) Image source: ibimapublishing.com
  7. 7. Information Security Management System (implementation)
  8. 8. The biggest threats 1. Malicious software • Infecting critical systems with ransomware • Installing keyloggers to get sensitive data, etc. 2. IoT (Internet of Things) devices and botnets • Hacking CCTV cameras to perform DoS/DDoS attacks, etc. 3. Phishing and social engineering • Revealing confidential information relating to clients and employees • Hacking corporate email accounts to alter payment bank account numbers, etc. 4. Business process compromise attacks • Hacking processing system to redirect customers’ transactions 5. Third party services, unsecured mobile banking, unencrypted data, data breaches, etc.
  9. 9. Malicious software Infecting critical systems with malwares
  10. 10. IoT devices and botnets Hacking CCTV cameras to perform DoS/DDoS attacks
  11. 11. Phishing and social engineering Anomaly of phishing attack against bank employees
  12. 12. Business process compromise attacks
  13. 13. Third party services and mobile banking Exploiting critical infrastructure weaknesses
  14. 14. Unencrypted data and data breaches
  15. 15. The Open Banking and PSD2 The future of banking
  16. 16. The next generation payment system
  17. 17. The challenges and future of banking Targets for hacking in the near future: • Online / mobile banking systems • Initial Coin Offering (ICO) • Blockchain • Cryptocurrency The future of intrusion detection: • Machine learning for preventing data leakages • Artificial Intelligence for fighting financial fraud, malware anomalies, etc. The future of mobile banking security: • Biometric authentication for mobile banking (fingerprint, face and voice recognition, etc.)
  18. 18. Cybersecurity solutions for Financial Services
  19. 19. PinCat PinCat is a unified threat management (UTM) solution that combines multiple security features into a single platform to protect your network, web, email, applications, and users against advanced persistent threats (APT), DoS/DDoS attacks, viruses, spyware, ransomware and spam messages. • Protection against DDoS attack vectors up to 50 Gbit/s • Next generation Firewall • Data Loss Prevention • Anti-Ransomware • Advanced SPAM filter
  20. 20. FireEye The FireEye Threat Prevention Platform provides real-time, dynamic threat protection without the use of signatures to protect an organization across the primary threat vectors and across the different stages of an attack life cycle. • Staying ahead of issues that could endanger the bank’s mission • Identifying and blocking unknown cyber threats that are missed by traditional defenses • Preventing the potential compromise of critical operations and data
  21. 21. Trend Micro Coordinated threat defenses is a new approach to enterprise security that helps address this situation. It builds on the traditional tactic of relying on comprehensive domain-level countermeasures by emphasizing the additional need for: • Extensive, multi-way integration among domain- and management-level components • Overarching, cross-domain security data analysis, correlation, and visualization • Supplemental, global threat intelligence • Intelligent coordination and automation of essential threat response capabilities
  22. 22. MaxPatrol MaxPatrol gives an unbiased picture of the state of protection at the system, department, node, and application levels. Pentesting, auditing, and compliance verification—combined with support for diverse operating systems, databases, and web apps—make MaxPatrol the perfect choice for auditing security in real time, all the time, at all levels of a corporate information system. • All-in-one solution ensures consistent results • Multilevel reporting tells the whole story • Presets ease compliance

×