SlideShare a Scribd company logo
1 of 22
Samvel Gevorgyan
CEO, CYBER GATES
MSc Information Systems & Cyber Security
Information Security
Management System in
the Banking Sector
COPYRIGHT 2017 © CYBER GATES
WWW.CYBERGATES.ORG
Information Security Management
System
(design)
PDCA Model applied to ISMS processes
Security measures meta-framework
Image source: www.enisa.europa.eu
Information security risks
Image source: www.enisa.europa.eu
Information security
governance approaches
(comparison)
Image source: ibimapublishing.com
Information Security Management
System
(implementation)
The biggest threats
1. Malicious software
• Infecting critical systems with ransomware
• Installing keyloggers to get sensitive data, etc.
2. IoT (Internet of Things) devices and botnets
• Hacking CCTV cameras to perform DoS/DDoS attacks, etc.
3. Phishing and social engineering
• Revealing confidential information relating to clients and employees
• Hacking corporate email accounts to alter payment bank account numbers, etc.
4. Business process compromise attacks
• Hacking processing system to redirect customers’ transactions
5. Third party services, unsecured mobile banking, unencrypted data, data
breaches, etc.
Malicious software
Infecting critical systems with malwares
IoT devices and botnets
Hacking CCTV cameras to perform DoS/DDoS attacks
Phishing and social engineering
Anomaly of phishing attack against bank employees
Business process compromise attacks
Third party services and mobile banking
Exploiting critical infrastructure weaknesses
Unencrypted data
and data breaches
The Open Banking and PSD2
The future of banking
The next generation payment system
The challenges and future of banking
Targets for hacking in the near future:
• Online / mobile banking systems
• Initial Coin Offering (ICO)
• Blockchain
• Cryptocurrency
The future of intrusion detection:
• Machine learning for preventing data leakages
• Artificial Intelligence for fighting financial fraud, malware anomalies, etc.
The future of mobile banking security:
• Biometric authentication for mobile banking (fingerprint, face and voice
recognition, etc.)
Cybersecurity solutions
for Financial Services
PinCat
PinCat is a unified threat management (UTM) solution that
combines multiple security features into a single platform to
protect your network, web, email, applications, and users
against advanced persistent threats (APT), DoS/DDoS
attacks, viruses, spyware, ransomware and spam messages.
• Protection against DDoS attack vectors up to 50 Gbit/s
• Next generation Firewall
• Data Loss Prevention
• Anti-Ransomware
• Advanced SPAM filter
FireEye
The FireEye Threat Prevention Platform
provides real-time, dynamic threat
protection without the use of signatures
to protect an organization across the
primary threat vectors and across the
different stages of an attack life cycle.
• Staying ahead of issues that could
endanger the bank’s mission
• Identifying and blocking unknown
cyber threats that are missed by
traditional defenses
• Preventing the potential compromise
of critical operations and data
Trend Micro
Coordinated threat defenses is a new approach
to enterprise security that helps address this
situation. It builds on the traditional tactic of
relying on comprehensive domain-level
countermeasures by emphasizing the additional
need for:
• Extensive, multi-way integration among
domain- and management-level components
• Overarching, cross-domain security data
analysis, correlation, and visualization
• Supplemental, global threat intelligence
• Intelligent coordination and automation of
essential threat response capabilities
MaxPatrol
MaxPatrol gives an unbiased picture of the state of
protection at the system, department, node, and
application levels. Pentesting, auditing, and compliance
verification—combined with support for diverse operating
systems, databases, and web apps—make MaxPatrol the
perfect choice for auditing security in real time, all the time,
at all levels of a corporate information system.
• All-in-one solution ensures consistent results
• Multilevel reporting tells the whole story
• Presets ease compliance

More Related Content

What's hot

Cyber Security and Cloud Computing
Cyber Security and Cloud ComputingCyber Security and Cloud Computing
Cyber Security and Cloud ComputingKeet Sugathadasa
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessSirius
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness SnapComms
 
Employee Security Awareness Training
Employee Security Awareness TrainingEmployee Security Awareness Training
Employee Security Awareness TrainingDenis kisina
 
Cyber Security Standards Compliance
Cyber Security Standards ComplianceCyber Security Standards Compliance
Cyber Security Standards ComplianceDr. Prashant Vats
 
IAM Methods 2.0 Presentation Michael Nielsen Deloitte
IAM Methods 2.0 Presentation Michael Nielsen DeloitteIAM Methods 2.0 Presentation Michael Nielsen Deloitte
IAM Methods 2.0 Presentation Michael Nielsen DeloitteIBM Sverige
 
What is business continuity planning-bcp
What is business continuity planning-bcpWhat is business continuity planning-bcp
What is business continuity planning-bcpAdv Prashant Mali
 
Cybersecurity Risk Management Framework Strategy Workshop
Cybersecurity Risk Management Framework Strategy WorkshopCybersecurity Risk Management Framework Strategy Workshop
Cybersecurity Risk Management Framework Strategy WorkshopLife Cycle Engineering
 
Third-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyThird-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyNICSA
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehReZa AdineH
 
Cyber security awareness training by cyber security infotech(csi)
Cyber security awareness training by cyber security infotech(csi)Cyber security awareness training by cyber security infotech(csi)
Cyber security awareness training by cyber security infotech(csi)Cyber Security Infotech
 
What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance BOC Group
 
Governance risk and compliance
Governance risk and complianceGovernance risk and compliance
Governance risk and complianceMagdalena Matell
 
The Insider Threat
The Insider ThreatThe Insider Threat
The Insider ThreatPECB
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptOoXair
 

What's hot (20)

Cybersecurity in Banking Sector
Cybersecurity in Banking SectorCybersecurity in Banking Sector
Cybersecurity in Banking Sector
 
Cyber Security and Cloud Computing
Cyber Security and Cloud ComputingCyber Security and Cloud Computing
Cyber Security and Cloud Computing
 
GRC Fundamentals
GRC FundamentalsGRC Fundamentals
GRC Fundamentals
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to Success
 
Banks and cybersecurity v2
Banks and cybersecurity v2Banks and cybersecurity v2
Banks and cybersecurity v2
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness
 
Employee Security Awareness Training
Employee Security Awareness TrainingEmployee Security Awareness Training
Employee Security Awareness Training
 
Cyber Security Standards Compliance
Cyber Security Standards ComplianceCyber Security Standards Compliance
Cyber Security Standards Compliance
 
IAM Methods 2.0 Presentation Michael Nielsen Deloitte
IAM Methods 2.0 Presentation Michael Nielsen DeloitteIAM Methods 2.0 Presentation Michael Nielsen Deloitte
IAM Methods 2.0 Presentation Michael Nielsen Deloitte
 
What is business continuity planning-bcp
What is business continuity planning-bcpWhat is business continuity planning-bcp
What is business continuity planning-bcp
 
Cybersecurity Risk Management Framework Strategy Workshop
Cybersecurity Risk Management Framework Strategy WorkshopCybersecurity Risk Management Framework Strategy Workshop
Cybersecurity Risk Management Framework Strategy Workshop
 
Third-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyThird-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a Strategy
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza Adineh
 
Cyber security awareness training by cyber security infotech(csi)
Cyber security awareness training by cyber security infotech(csi)Cyber security awareness training by cyber security infotech(csi)
Cyber security awareness training by cyber security infotech(csi)
 
What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance What is GRC – Governance, Risk and Compliance
What is GRC – Governance, Risk and Compliance
 
Governance risk and compliance
Governance risk and complianceGovernance risk and compliance
Governance risk and compliance
 
Insider threat kill chain
Insider threat   kill chainInsider threat   kill chain
Insider threat kill chain
 
The Insider Threat
The Insider ThreatThe Insider Threat
The Insider Threat
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.ppt
 

Similar to Information Security Management System in the Banking Sector

Seguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesSeguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesisidro luna beltran
 
Advanced Approaches to Data Center Security.pdf
Advanced Approaches to Data Center Security.pdfAdvanced Approaches to Data Center Security.pdf
Advanced Approaches to Data Center Security.pdfmanoharparakh
 
Advanced Approaches to Data Center Security.pdf
Advanced Approaches to Data Center Security.pdfAdvanced Approaches to Data Center Security.pdf
Advanced Approaches to Data Center Security.pdfmanoharparakh
 
Cybersecurity Risk from User Perspective
Cybersecurity Risk from User PerspectiveCybersecurity Risk from User Perspective
Cybersecurity Risk from User PerspectiveAvinantaTarigan
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptxAkshayKhade21
 
Ibm security overview 2012 jan-18 sellers deck
Ibm security overview 2012 jan-18 sellers deckIbm security overview 2012 jan-18 sellers deck
Ibm security overview 2012 jan-18 sellers deckArrow ECS UK
 
CYBER SECURITY.pptx
CYBER SECURITY.pptxCYBER SECURITY.pptx
CYBER SECURITY.pptxParthYadav89
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationE.S.G. JR. Consulting, Inc.
 
Toward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationToward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationKen Flott
 
Endpoint Protection as a Service (EPaaS)
Endpoint Protection as a Service (EPaaS)Endpoint Protection as a Service (EPaaS)
Endpoint Protection as a Service (EPaaS)PT Datacomm Diangraha
 
Trend Micro - Hosted eMail Security
Trend Micro - Hosted eMail SecurityTrend Micro - Hosted eMail Security
Trend Micro - Hosted eMail SecurityTeddy Wijaya
 
SECURITY TOOLS AND PRACTICES THAT ARE MINIMISING THE SURGE IN SUPPLY CHAIN AT...
SECURITY TOOLS AND PRACTICES THAT ARE MINIMISING THE SURGE IN SUPPLY CHAIN AT...SECURITY TOOLS AND PRACTICES THAT ARE MINIMISING THE SURGE IN SUPPLY CHAIN AT...
SECURITY TOOLS AND PRACTICES THAT ARE MINIMISING THE SURGE IN SUPPLY CHAIN AT...VOROR
 
Cysecc.pptx
Cysecc.pptxCysecc.pptx
Cysecc.pptxjondon17
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for businessDaniel Thomas
 
Cyber Security: A Hands on review
Cyber Security: A Hands on reviewCyber Security: A Hands on review
Cyber Security: A Hands on reviewMiltonBiswas8
 
CYBER SECURITY.pptx
CYBER SECURITY.pptxCYBER SECURITY.pptx
CYBER SECURITY.pptxMalu704065
 

Similar to Information Security Management System in the Banking Sector (20)

Seguridad web -articulo completo- ingles
Seguridad web -articulo completo- inglesSeguridad web -articulo completo- ingles
Seguridad web -articulo completo- ingles
 
Advanced Approaches to Data Center Security.pdf
Advanced Approaches to Data Center Security.pdfAdvanced Approaches to Data Center Security.pdf
Advanced Approaches to Data Center Security.pdf
 
Advanced Approaches to Data Center Security.pdf
Advanced Approaches to Data Center Security.pdfAdvanced Approaches to Data Center Security.pdf
Advanced Approaches to Data Center Security.pdf
 
Cybersecurity Risk from User Perspective
Cybersecurity Risk from User PerspectiveCybersecurity Risk from User Perspective
Cybersecurity Risk from User Perspective
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx
 
Ibm security overview 2012 jan-18 sellers deck
Ibm security overview 2012 jan-18 sellers deckIbm security overview 2012 jan-18 sellers deck
Ibm security overview 2012 jan-18 sellers deck
 
CYBER SECURITY.pptx
CYBER SECURITY.pptxCYBER SECURITY.pptx
CYBER SECURITY.pptx
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network Automation
 
Toward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationToward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network Automation
 
Endpoint Protection as a Service (EPaaS)
Endpoint Protection as a Service (EPaaS)Endpoint Protection as a Service (EPaaS)
Endpoint Protection as a Service (EPaaS)
 
Trend Micro - Hosted eMail Security
Trend Micro - Hosted eMail SecurityTrend Micro - Hosted eMail Security
Trend Micro - Hosted eMail Security
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
SECURITY TOOLS AND PRACTICES THAT ARE MINIMISING THE SURGE IN SUPPLY CHAIN AT...
SECURITY TOOLS AND PRACTICES THAT ARE MINIMISING THE SURGE IN SUPPLY CHAIN AT...SECURITY TOOLS AND PRACTICES THAT ARE MINIMISING THE SURGE IN SUPPLY CHAIN AT...
SECURITY TOOLS AND PRACTICES THAT ARE MINIMISING THE SURGE IN SUPPLY CHAIN AT...
 
Managing security threats in today’s enterprise
Managing security threats in today’s enterpriseManaging security threats in today’s enterprise
Managing security threats in today’s enterprise
 
Cysecc.pptx
Cysecc.pptxCysecc.pptx
Cysecc.pptx
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for business
 
Cyber Security: A Hands on review
Cyber Security: A Hands on reviewCyber Security: A Hands on review
Cyber Security: A Hands on review
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx
 
CYBER SECURITY.pptx
CYBER SECURITY.pptxCYBER SECURITY.pptx
CYBER SECURITY.pptx
 
Cyber.pptx
Cyber.pptxCyber.pptx
Cyber.pptx
 

More from Samvel Gevorgyan

Websecurity fundamentals for beginners
Websecurity fundamentals for beginnersWebsecurity fundamentals for beginners
Websecurity fundamentals for beginnersSamvel Gevorgyan
 
Content Management System Security
Content Management System SecurityContent Management System Security
Content Management System SecuritySamvel Gevorgyan
 
Five Ways to Improve Yandex.Taxi Service
Five Ways to Improve Yandex.Taxi ServiceFive Ways to Improve Yandex.Taxi Service
Five Ways to Improve Yandex.Taxi ServiceSamvel Gevorgyan
 
Բախումներ Լեռնային Ղարաբաղում. Քառօրյա պատերազմը կիբեռ տարածքում
Բախումներ Լեռնային Ղարաբաղում. Քառօրյա պատերազմը կիբեռ տարածքումԲախումներ Լեռնային Ղարաբաղում. Քառօրյա պատերազմը կիբեռ տարածքում
Բախումներ Լեռնային Ղարաբաղում. Քառօրյա պատերազմը կիբեռ տարածքումSamvel Gevorgyan
 
Nagorno-karabakh clashes - four-day war in cyberspace
Nagorno-karabakh clashes - four-day war in cyberspaceNagorno-karabakh clashes - four-day war in cyberspace
Nagorno-karabakh clashes - four-day war in cyberspaceSamvel Gevorgyan
 
What is the Cybersecurity plan for tomorrow?
What is the Cybersecurity plan for tomorrow?What is the Cybersecurity plan for tomorrow?
What is the Cybersecurity plan for tomorrow?Samvel Gevorgyan
 
Can you predict who will win the US election?
Can you predict who will win the US election?Can you predict who will win the US election?
Can you predict who will win the US election?Samvel Gevorgyan
 
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011Samvel Gevorgyan
 
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011Samvel Gevorgyan
 
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYAN
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYANBEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYAN
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYANSamvel Gevorgyan
 

More from Samvel Gevorgyan (11)

Websecurity fundamentals for beginners
Websecurity fundamentals for beginnersWebsecurity fundamentals for beginners
Websecurity fundamentals for beginners
 
Content Management System Security
Content Management System SecurityContent Management System Security
Content Management System Security
 
Five Ways to Improve Yandex.Taxi Service
Five Ways to Improve Yandex.Taxi ServiceFive Ways to Improve Yandex.Taxi Service
Five Ways to Improve Yandex.Taxi Service
 
Բախումներ Լեռնային Ղարաբաղում. Քառօրյա պատերազմը կիբեռ տարածքում
Բախումներ Լեռնային Ղարաբաղում. Քառօրյա պատերազմը կիբեռ տարածքումԲախումներ Լեռնային Ղարաբաղում. Քառօրյա պատերազմը կիբեռ տարածքում
Բախումներ Լեռնային Ղարաբաղում. Քառօրյա պատերազմը կիբեռ տարածքում
 
Nagorno-karabakh clashes - four-day war in cyberspace
Nagorno-karabakh clashes - four-day war in cyberspaceNagorno-karabakh clashes - four-day war in cyberspace
Nagorno-karabakh clashes - four-day war in cyberspace
 
What is the Cybersecurity plan for tomorrow?
What is the Cybersecurity plan for tomorrow?What is the Cybersecurity plan for tomorrow?
What is the Cybersecurity plan for tomorrow?
 
Can you predict who will win the US election?
Can you predict who will win the US election?Can you predict who will win the US election?
Can you predict who will win the US election?
 
MAPY
MAPYMAPY
MAPY
 
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011
 
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011
 
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYAN
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYANBEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYAN
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYAN
 

Recently uploaded

The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Scott Andery
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditSkynet Technologies
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 

Recently uploaded (20)

The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance Audit
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 

Information Security Management System in the Banking Sector

  • 1. Samvel Gevorgyan CEO, CYBER GATES MSc Information Systems & Cyber Security Information Security Management System in the Banking Sector COPYRIGHT 2017 © CYBER GATES WWW.CYBERGATES.ORG
  • 3. PDCA Model applied to ISMS processes
  • 4. Security measures meta-framework Image source: www.enisa.europa.eu
  • 5. Information security risks Image source: www.enisa.europa.eu
  • 8. The biggest threats 1. Malicious software • Infecting critical systems with ransomware • Installing keyloggers to get sensitive data, etc. 2. IoT (Internet of Things) devices and botnets • Hacking CCTV cameras to perform DoS/DDoS attacks, etc. 3. Phishing and social engineering • Revealing confidential information relating to clients and employees • Hacking corporate email accounts to alter payment bank account numbers, etc. 4. Business process compromise attacks • Hacking processing system to redirect customers’ transactions 5. Third party services, unsecured mobile banking, unencrypted data, data breaches, etc.
  • 10. IoT devices and botnets Hacking CCTV cameras to perform DoS/DDoS attacks
  • 11. Phishing and social engineering Anomaly of phishing attack against bank employees
  • 13. Third party services and mobile banking Exploiting critical infrastructure weaknesses
  • 15. The Open Banking and PSD2 The future of banking
  • 16. The next generation payment system
  • 17. The challenges and future of banking Targets for hacking in the near future: • Online / mobile banking systems • Initial Coin Offering (ICO) • Blockchain • Cryptocurrency The future of intrusion detection: • Machine learning for preventing data leakages • Artificial Intelligence for fighting financial fraud, malware anomalies, etc. The future of mobile banking security: • Biometric authentication for mobile banking (fingerprint, face and voice recognition, etc.)
  • 19. PinCat PinCat is a unified threat management (UTM) solution that combines multiple security features into a single platform to protect your network, web, email, applications, and users against advanced persistent threats (APT), DoS/DDoS attacks, viruses, spyware, ransomware and spam messages. • Protection against DDoS attack vectors up to 50 Gbit/s • Next generation Firewall • Data Loss Prevention • Anti-Ransomware • Advanced SPAM filter
  • 20. FireEye The FireEye Threat Prevention Platform provides real-time, dynamic threat protection without the use of signatures to protect an organization across the primary threat vectors and across the different stages of an attack life cycle. • Staying ahead of issues that could endanger the bank’s mission • Identifying and blocking unknown cyber threats that are missed by traditional defenses • Preventing the potential compromise of critical operations and data
  • 21. Trend Micro Coordinated threat defenses is a new approach to enterprise security that helps address this situation. It builds on the traditional tactic of relying on comprehensive domain-level countermeasures by emphasizing the additional need for: • Extensive, multi-way integration among domain- and management-level components • Overarching, cross-domain security data analysis, correlation, and visualization • Supplemental, global threat intelligence • Intelligent coordination and automation of essential threat response capabilities
  • 22. MaxPatrol MaxPatrol gives an unbiased picture of the state of protection at the system, department, node, and application levels. Pentesting, auditing, and compliance verification—combined with support for diverse operating systems, databases, and web apps—make MaxPatrol the perfect choice for auditing security in real time, all the time, at all levels of a corporate information system. • All-in-one solution ensures consistent results • Multilevel reporting tells the whole story • Presets ease compliance