Samvel Gevorgyan, profile picture
Uploaded bySamvel Gevorgyan
2,707 views

Information Security Management System in the Banking Sector

The document outlines the importance of information security management systems in the banking sector, highlighting major threats such as malware, IoT vulnerabilities, and phishing. It discusses future trends in banking security, including biometric authentication and the integration of AI and machine learning for fraud prevention. Additionally, it presents various cybersecurity solutions and tools like Pincat and Maxpatrol, which enhance protection against advanced threats.

Embed presentation

Samvel Gevorgyan CEO, CYBER GATES MSc Information Systems & Cyber Security Information Security Management System in the Banking Sector COPYRIGHT 2017 © CYBER GATES WWW.CYBERGATES.ORG
Information Security Management System (design)
PDCA Model applied to ISMS processes
Security measures meta-framework Image source: www.enisa.europa.eu
Information security risks Image source: www.enisa.europa.eu
Information security governance approaches (comparison) Image source: ibimapublishing.com
Information Security Management System (implementation)
The biggest threats 1. Malicious software • Infecting critical systems with ransomware • Installing keyloggers to get sensitive data, etc. 2. IoT (Internet of Things) devices and botnets • Hacking CCTV cameras to perform DoS/DDoS attacks, etc. 3. Phishing and social engineering • Revealing confidential information relating to clients and employees • Hacking corporate email accounts to alter payment bank account numbers, etc. 4. Business process compromise attacks • Hacking processing system to redirect customers’ transactions 5. Third party services, unsecured mobile banking, unencrypted data, data breaches, etc.
Malicious software Infecting critical systems with malwares
IoT devices and botnets Hacking CCTV cameras to perform DoS/DDoS attacks
Phishing and social engineering Anomaly of phishing attack against bank employees
Business process compromise attacks
Third party services and mobile banking Exploiting critical infrastructure weaknesses
Unencrypted data and data breaches
The Open Banking and PSD2 The future of banking
The next generation payment system
The challenges and future of banking Targets for hacking in the near future: • Online / mobile banking systems • Initial Coin Offering (ICO) • Blockchain • Cryptocurrency The future of intrusion detection: • Machine learning for preventing data leakages • Artificial Intelligence for fighting financial fraud, malware anomalies, etc. The future of mobile banking security: • Biometric authentication for mobile banking (fingerprint, face and voice recognition, etc.)
Cybersecurity solutions for Financial Services
PinCat PinCat is a unified threat management (UTM) solution that combines multiple security features into a single platform to protect your network, web, email, applications, and users against advanced persistent threats (APT), DoS/DDoS attacks, viruses, spyware, ransomware and spam messages. • Protection against DDoS attack vectors up to 50 Gbit/s • Next generation Firewall • Data Loss Prevention • Anti-Ransomware • Advanced SPAM filter
FireEye The FireEye Threat Prevention Platform provides real-time, dynamic threat protection without the use of signatures to protect an organization across the primary threat vectors and across the different stages of an attack life cycle. • Staying ahead of issues that could endanger the bank’s mission • Identifying and blocking unknown cyber threats that are missed by traditional defenses • Preventing the potential compromise of critical operations and data
Trend Micro Coordinated threat defenses is a new approach to enterprise security that helps address this situation. It builds on the traditional tactic of relying on comprehensive domain-level countermeasures by emphasizing the additional need for: • Extensive, multi-way integration among domain- and management-level components • Overarching, cross-domain security data analysis, correlation, and visualization • Supplemental, global threat intelligence • Intelligent coordination and automation of essential threat response capabilities
MaxPatrol MaxPatrol gives an unbiased picture of the state of protection at the system, department, node, and application levels. Pentesting, auditing, and compliance verification—combined with support for diverse operating systems, databases, and web apps—make MaxPatrol the perfect choice for auditing security in real time, all the time, at all levels of a corporate information system. • All-in-one solution ensures consistent results • Multilevel reporting tells the whole story • Presets ease compliance

More Related Content

PDF
Cybersecurity roadmap : Global healthcare security architecture
byPriyanka Aash
 
PPTX
PPT-Security-for-Management.pptx
byRSAArcher
 
PPSX
Next-Gen security operation center
byMuhammad Sahputra
 
PDF
10 Steps to Building an Effective Vulnerability Management Program
byBeyondTrust
 
PPTX
Domain 5 - Identity and Access Management
byMaganathin Veeraragaloo
 
PDF
Building an effective Information Security Roadmap
byElliott Franklin
 
PDF
The New Pentest? Rise of the Compromise Assessment
byInfocyte
 
PDF
IBM Security Strategy Overview
byxband
 
Cybersecurity roadmap : Global healthcare security architecture
byPriyanka Aash
 
PPT-Security-for-Management.pptx
byRSAArcher
 
Next-Gen security operation center
byMuhammad Sahputra
 
10 Steps to Building an Effective Vulnerability Management Program
byBeyondTrust
 
Domain 5 - Identity and Access Management
byMaganathin Veeraragaloo
 
Building an effective Information Security Roadmap
byElliott Franklin
 
The New Pentest? Rise of the Compromise Assessment
byInfocyte
 
IBM Security Strategy Overview
byxband
 

What's hot

PPT
Roadmap to IT Security Best Practices
byGreenway Health
 
PPTX
SOC Architecture Workshop - Part 1
byPriyanka Aash
 
PPTX
Cybersecurity
byA. Shamel
 
PPT
Information security
byLJ PROJECTS
 
PPTX
Identity and access management
byPiyush Jain
 
PDF
1. Security and Risk Management
bySam Bowne
 
PDF
Building a Next-Generation Security Operations Center (SOC)
bySqrrl
 
PDF
ISO27001: Implementation & Certification Process Overview
byShankar Subramaniyan
 
PDF
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
byIBM Security
 
PDF
ISO 27001 How to use the ISMS Implementation Toolkit.pdf
byAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
PDF
Cyber Resilience
byIan-Edward Stafrace
 
PDF
Rothke secure360 building a security operations center (soc)
byBen Rothke
 
PDF
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
byEdureka!
 
PPTX
Roadmap to security operations excellence
byErik Taavila
 
PDF
Overview of the Cyber Kill Chain [TM]
byDavid Sweigert
 
PPTX
An introduction to SOC (Security Operation Center)
byAhmad Haghighi
 
PPTX
Effective Security Operation Center - present by Reza Adineh
byReZa AdineH
 
PPTX
Got SIEM? Now what? Getting SIEM Work For You
byAnton Chuvakin
 
PPTX
Cyber Defense Matrix: Revolutions
bySounil Yu
 
PDF
Introduction to Cybersecurity
byKrutarth Vasavada
 
Roadmap to IT Security Best Practices
byGreenway Health
 
SOC Architecture Workshop - Part 1
byPriyanka Aash
 
Cybersecurity
byA. Shamel
 
Information security
byLJ PROJECTS
 
Identity and access management
byPiyush Jain
 
1. Security and Risk Management
bySam Bowne
 
Building a Next-Generation Security Operations Center (SOC)
bySqrrl
 
ISO27001: Implementation & Certification Process Overview
byShankar Subramaniyan
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
byIBM Security
 
ISO 27001 How to use the ISMS Implementation Toolkit.pdf
byAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Cyber Resilience
byIan-Edward Stafrace
 
Rothke secure360 building a security operations center (soc)
byBen Rothke
 
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
byEdureka!
 
Roadmap to security operations excellence
byErik Taavila
 
Overview of the Cyber Kill Chain [TM]
byDavid Sweigert
 
An introduction to SOC (Security Operation Center)
byAhmad Haghighi
 
Effective Security Operation Center - present by Reza Adineh
byReZa AdineH
 
Got SIEM? Now what? Getting SIEM Work For You
byAnton Chuvakin
 
Cyber Defense Matrix: Revolutions
bySounil Yu
 
Introduction to Cybersecurity
byKrutarth Vasavada
 

Similar to Information Security Management System in the Banking Sector

PPTX
2024 Most Influential Cyber Security Technologies_ A Detailed Recap.pptx
byinfosprintseo
 
PPT
PCTY 2012, Threat landscape and Security Intelligence v. Michael Andersson
byIBM Danmark
 
PPTX
CIO Summit: Data Security in a Mobile World
byiMIS
 
PPTX
CIO Summit: Data Security in a Mobile World
byiMIS
 
PPTX
Information security trends and concerns
byJohn Napier
 
PDF
Latest Cybersecurity Trends
byIRJET Journal
 
PDF
Solutions for PCI DSS Compliance
byTrend Micro
 
PDF
Cybersecurity Challenges - Identifying Key Threats and Trends.pdf
bySeasiaInfotech2
 
PDF
Cybersecurity in Banking Sector
byQuick Heal Technologies Ltd.
 
PDF
Top 5 Cybersecurity Risks in Banking
bySeqrite
 
PDF
“8th National Biennial Conference on Medical Informatics 2012”
byAshu Ash
 
PDF
Revolutionizing Advanced Threat Protection
byBlue Coat
 
PDF
Top Security Threats to Look Out for in 2023
byK7 Computing Pvt Ltd
 
PDF
Top 10 Cyber Threats in 2025 _ Main Types of Cyber Threats.pdf
bymanisha06650
 
PDF
Security Industry Overview
byThomvest Ventures
 
PDF
Advanced IT and Cyber Security for Your Business
byInfopulse
 
PPTX
Augusta gen v presentation adapture v2
byGreg Wartes, MCP
 
PDF
Protect your hybrid workforce across the attack chain
byDavid J Rosenthal
 
PPT
PCTY 2012, IBM Security and Strategy v. Fabio Panada
byIBM Danmark
 
PPTX
5 Cybersecurity threats in Public Sector
bySeqrite
 
2024 Most Influential Cyber Security Technologies_ A Detailed Recap.pptx
byinfosprintseo
 
PCTY 2012, Threat landscape and Security Intelligence v. Michael Andersson
byIBM Danmark
 
CIO Summit: Data Security in a Mobile World
byiMIS
 
CIO Summit: Data Security in a Mobile World
byiMIS
 
Information security trends and concerns
byJohn Napier
 
Latest Cybersecurity Trends
byIRJET Journal
 
Solutions for PCI DSS Compliance
byTrend Micro
 
Cybersecurity Challenges - Identifying Key Threats and Trends.pdf
bySeasiaInfotech2
 
Cybersecurity in Banking Sector
byQuick Heal Technologies Ltd.
 
Top 5 Cybersecurity Risks in Banking
bySeqrite
 
“8th National Biennial Conference on Medical Informatics 2012”
byAshu Ash
 
Revolutionizing Advanced Threat Protection
byBlue Coat
 
Top Security Threats to Look Out for in 2023
byK7 Computing Pvt Ltd
 
Top 10 Cyber Threats in 2025 _ Main Types of Cyber Threats.pdf
bymanisha06650
 
Security Industry Overview
byThomvest Ventures
 
Advanced IT and Cyber Security for Your Business
byInfopulse
 
Augusta gen v presentation adapture v2
byGreg Wartes, MCP
 
Protect your hybrid workforce across the attack chain
byDavid J Rosenthal
 
PCTY 2012, IBM Security and Strategy v. Fabio Panada
byIBM Danmark
 
5 Cybersecurity threats in Public Sector
bySeqrite
 

More from Samvel Gevorgyan

PPTX
Websecurity fundamentals for beginners
bySamvel Gevorgyan
 
PPTX
Content Management System Security
bySamvel Gevorgyan
 
PDF
Five Ways to Improve Yandex.Taxi Service
bySamvel Gevorgyan
 
PDF
Բախումներ Լեռնային Ղարաբաղում. Քառօրյա պատերազմը կիբեռ տարածքում
bySamvel Gevorgyan
 
PPTX
Nagorno-karabakh clashes - four-day war in cyberspace
bySamvel Gevorgyan
 
PPTX
What is the Cybersecurity plan for tomorrow?
bySamvel Gevorgyan
 
PPTX
Can you predict who will win the US election?
bySamvel Gevorgyan
 
PPTX
MAPY
bySamvel Gevorgyan
 
PPTX
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011
bySamvel Gevorgyan
 
DOCX
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011
bySamvel Gevorgyan
 
PPTX
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYAN
bySamvel Gevorgyan
 
Websecurity fundamentals for beginners
bySamvel Gevorgyan
 
Content Management System Security
bySamvel Gevorgyan
 
Five Ways to Improve Yandex.Taxi Service
bySamvel Gevorgyan
 
Բախումներ Լեռնային Ղարաբաղում. Քառօրյա պատերազմը կիբեռ տարածքում
bySamvel Gevorgyan
 
Nagorno-karabakh clashes - four-day war in cyberspace
bySamvel Gevorgyan
 
What is the Cybersecurity plan for tomorrow?
bySamvel Gevorgyan
 
Can you predict who will win the US election?
bySamvel Gevorgyan
 
MAPY
bySamvel Gevorgyan
 
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011
bySamvel Gevorgyan
 
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011
bySamvel Gevorgyan
 
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYAN
bySamvel Gevorgyan
 

Recently uploaded

PPTX
AI in Marine Insurance Future of Smarter Risk, Faster Claims & Safer Shipping...
byAutomationEdge Technologies
 
PPTX
apidays Australia 2025 | Building AI RAG Applications with No Code.pptx
byapidays
 
PPTX
Achieve enterprise automation with SAP BTP solutions and SAP Signavio
bydarrellkiwi
 
PDF
Ethical AI applied to publishing: Presenting wâsikan kisewâtisiwin, an AI too...
byBookNet Canada
 
PDF
Teaching Robots how to Read 1/2: AI Center & Classic Document Understanding (...
byanabulhac
 
PDF
Azure DevOps Managed Services: Driving Speed, Security, and Business Growth
byjohncarterjn
 
PDF
Kubernetes Cloud Native Indonesia Meetup - January 2026
byPrasta Maha
 
PDF
LUXHUB: a detailed look at 2025...and fast forward to 2026
byalexandrekeilmann1
 
PDF
How PayPal Account Verification Works – Complete Guide for Online Businesses
byjhdhj3989
 
PDF
What ONIX can do: Leveraging metadata to support the discoverability of First...
byBookNet Canada
 
PPTX
SOFTWARE DEVELOPMENT PROCESS - INTRODUCTION
byParithi Thamizh
 
PDF
10 Best AI Tools for Fashion Brands in 2026
bymockitseo
 
PPTX
Apache Kafka 101 for Techies in IT dep.pptx
byamulyareddyk97
 
PPTX
Storage-and-HCI-Positioning-update-sales.pptx
byhungungphu123
 
PPTX
Strategic Shelf Planning for the New Year Turning Resolutions into Revenue .pptx
byAnoop Ashok
 
PDF
Enterprise Data Services_ A Development Guide with Use Cases, Trends and Impl...
by2601harsh23
 
PDF
apidays Australia 2025 | User Brainpower vs. AI Blind Spots in API Docs
byapidays
 
PDF
Deploying Windows Clients & Managing Identities
byVICTOR MAESTRE RAMIREZ
 
PPTX
Understanding-Search-Algorithms_09-12-25.pptx
byshaikmahammedtauheed
 
PPTX
AI Meets DBA Transforming Database Administration with Intelligence
byGeoPITS Global Pvt Ltd
 
AI in Marine Insurance Future of Smarter Risk, Faster Claims & Safer Shipping...
byAutomationEdge Technologies
 
apidays Australia 2025 | Building AI RAG Applications with No Code.pptx
byapidays
 
Achieve enterprise automation with SAP BTP solutions and SAP Signavio
bydarrellkiwi
 
Ethical AI applied to publishing: Presenting wâsikan kisewâtisiwin, an AI too...
byBookNet Canada
 
Teaching Robots how to Read 1/2: AI Center & Classic Document Understanding (...
byanabulhac
 
Azure DevOps Managed Services: Driving Speed, Security, and Business Growth
byjohncarterjn
 
Kubernetes Cloud Native Indonesia Meetup - January 2026
byPrasta Maha
 
LUXHUB: a detailed look at 2025...and fast forward to 2026
byalexandrekeilmann1
 
How PayPal Account Verification Works – Complete Guide for Online Businesses
byjhdhj3989
 
What ONIX can do: Leveraging metadata to support the discoverability of First...
byBookNet Canada
 
SOFTWARE DEVELOPMENT PROCESS - INTRODUCTION
byParithi Thamizh
 
10 Best AI Tools for Fashion Brands in 2026
bymockitseo
 
Apache Kafka 101 for Techies in IT dep.pptx
byamulyareddyk97
 
Storage-and-HCI-Positioning-update-sales.pptx
byhungungphu123
 
Strategic Shelf Planning for the New Year Turning Resolutions into Revenue .pptx
byAnoop Ashok
 
Enterprise Data Services_ A Development Guide with Use Cases, Trends and Impl...
by2601harsh23
 
apidays Australia 2025 | User Brainpower vs. AI Blind Spots in API Docs
byapidays
 
Deploying Windows Clients & Managing Identities
byVICTOR MAESTRE RAMIREZ
 
Understanding-Search-Algorithms_09-12-25.pptx
byshaikmahammedtauheed
 
AI Meets DBA Transforming Database Administration with Intelligence
byGeoPITS Global Pvt Ltd
 

Information Security Management System in the Banking Sector

  • 1.
    Samvel Gevorgyan CEO, CYBERGATES MSc Information Systems & Cyber Security Information Security Management System in the Banking Sector COPYRIGHT 2017 © CYBER GATES WWW.CYBERGATES.ORG
  • 2.
  • 3.
    PDCA Model appliedto ISMS processes
  • 4.
    Security measures meta-framework Imagesource: www.enisa.europa.eu
  • 5.
    Information security risks Imagesource: www.enisa.europa.eu
  • 6.
  • 7.
  • 8.
    The biggest threats 1.Malicious software • Infecting critical systems with ransomware • Installing keyloggers to get sensitive data, etc. 2. IoT (Internet of Things) devices and botnets • Hacking CCTV cameras to perform DoS/DDoS attacks, etc. 3. Phishing and social engineering • Revealing confidential information relating to clients and employees • Hacking corporate email accounts to alter payment bank account numbers, etc. 4. Business process compromise attacks • Hacking processing system to redirect customers’ transactions 5. Third party services, unsecured mobile banking, unencrypted data, data breaches, etc.
  • 9.
  • 10.
    IoT devices andbotnets Hacking CCTV cameras to perform DoS/DDoS attacks
  • 11.
    Phishing and socialengineering Anomaly of phishing attack against bank employees
  • 12.
  • 13.
    Third party servicesand mobile banking Exploiting critical infrastructure weaknesses
  • 14.
  • 15.
    The Open Bankingand PSD2 The future of banking
  • 16.
    The next generationpayment system
  • 17.
    The challenges andfuture of banking Targets for hacking in the near future: • Online / mobile banking systems • Initial Coin Offering (ICO) • Blockchain • Cryptocurrency The future of intrusion detection: • Machine learning for preventing data leakages • Artificial Intelligence for fighting financial fraud, malware anomalies, etc. The future of mobile banking security: • Biometric authentication for mobile banking (fingerprint, face and voice recognition, etc.)
  • 18.
  • 19.
    PinCat PinCat is aunified threat management (UTM) solution that combines multiple security features into a single platform to protect your network, web, email, applications, and users against advanced persistent threats (APT), DoS/DDoS attacks, viruses, spyware, ransomware and spam messages. • Protection against DDoS attack vectors up to 50 Gbit/s • Next generation Firewall • Data Loss Prevention • Anti-Ransomware • Advanced SPAM filter
  • 20.
    FireEye The FireEye ThreatPrevention Platform provides real-time, dynamic threat protection without the use of signatures to protect an organization across the primary threat vectors and across the different stages of an attack life cycle. • Staying ahead of issues that could endanger the bank’s mission • Identifying and blocking unknown cyber threats that are missed by traditional defenses • Preventing the potential compromise of critical operations and data
  • 21.
    Trend Micro Coordinated threatdefenses is a new approach to enterprise security that helps address this situation. It builds on the traditional tactic of relying on comprehensive domain-level countermeasures by emphasizing the additional need for: • Extensive, multi-way integration among domain- and management-level components • Overarching, cross-domain security data analysis, correlation, and visualization • Supplemental, global threat intelligence • Intelligent coordination and automation of essential threat response capabilities
  • 22.
    MaxPatrol MaxPatrol gives anunbiased picture of the state of protection at the system, department, node, and application levels. Pentesting, auditing, and compliance verification—combined with support for diverse operating systems, databases, and web apps—make MaxPatrol the perfect choice for auditing security in real time, all the time, at all levels of a corporate information system. • All-in-one solution ensures consistent results • Multilevel reporting tells the whole story • Presets ease compliance