IT Security in Banque du Liban

Size: px

Start display at page:

Download "IT Security in Banque du Liban"

Franklin Nichols
10 years ago
Views:

IT Security in Banque du Liban Zeina AOUN Head of Security Division IT Department BANQUE DU LIBAN Workshop on Building Trust and Confidence in Arabic e-services 25-27 May 2010

1 IT Security in Banque du Liban Zeina AOUN Head of Security Division IT Department BANQUE DU LIBAN Workshop on Building Trust and Confidence in Arabic e-services May 2010 AGENDA BDL Security Drivers BDL Global Security Solutions BDL Secure e-banking Services Let us not look back in anger or forward in fear, but around in awareness James Thurber 1

AGENDA BDL Security Drivers BDL Global Security Solutions BDL Secure e-banking Services

2 BDL Security Drivers Risks Anticipation Vulnerability Management Risk Assessment Remediation Prioritization Global Expansion Follow technology evolution Rationalization Adapt to changing business ISO 27001/27002/27005 BS25999 Traceability & Audit Lebanese Law Open Standards Security aligned with business Business process improvement Efficiency Integrity Confidentiality Authentication Availability - Auditing BDL Global Security Solutions (1/4) BUILD MEASURE End to End Approach for Security 2

& Audit Lebanese Law Open Standards Security aligned with business Business process improvement Efficiency Integrity

3 BDL Global Security Solutions (2/4) Understand Analyze Measure Security Definition & Auditing ISO 27001, & Assessments, Risk Management Technical & Organizational Auditing Security Strategy, Security Policies, Security Insurance Plan, Security Awareness, Continuity & Disaster Recovery Plans Security technology Evaluation & Prototyping BDL Global Security Solutions (3/4) Design Build Architecture, Design & Implementation System Security: OS Hardening, Desktop Security Services (antivirus, anti-spam & NAC), Host IPS, Reverse Proxies, URL Control & Filtering Network Security: Firewalls, Network IPS, IPSec & SSL VPNs Application Security: E-Signature based on Public Key Infrastructure, Access Control Multi-factor authentication (smart cards & Biometric solutions) Added-Value Security: Security Information and Management Solutions (SIEM), Risk Management, Identity Acess Management 3

Build Architecture, Design & Implementation System Security: OS Hardening, Desktop Security Services (antivirus, anti-spam & NAC), Host IPS, Reverse Proxies, URL Control & Filtering Network Security:

4 BDL Global Security Solutions (4/4) Information Security Management Run Supervision, Administration & Monitoring of the Overall BDL IT environments Security Information & Event Management, Security Alerting & Reporting Security Watch Security Incident Analysis Vulnerability Management BDL e-banking Services (1/8) Business Objectives & Scope Empower Lebanon to play a major role in the Middle East as a provider of e-services including e-commerce, e- banking and e-financial services Platform for secure payments (banks, markets, governments & cross border) Electronic end-to-end processing at all levels of interaction Assured reliability & integrity of strategic information Appropriate regulatory environment Increased ability to manage market liquidity & risks 4

in the Middle East as a provider of e-services including e-commerce, e- banking and e-financial services Platform for secure payments (banks, markets, governments & cross border) Electronic

5 BDL e-banking Services (2/8) SEBIL Secure Elecronic Banking and Information for Lebanon Electronic payment & reporting systems Realtime Settlement System Automated Clearing House Treasury Management System Asset Management Decision support System BDL e-banking Services (3/8) SITI Secure IT Infrastructure to support SEBIL ISP, Internet High Availability Internet Access (Web, Mail) Secure Zones FireWalls Extranet Access (VPN, Application) PKI/CA, Antivirus, Mail Relay,Proxy IDS / IPS Security Management 5

e-banking Services (3/8) SITI Secure IT Infrastructure to support SEBIL ISP, Internet High Availability Internet Access (Web,

6 BDL e-banking Services (4/8) Infrastructure End-to-End Security Challenges BDL e-banking Services (5/8) BDL PKI Security Principles Highly Available & Secure PKI Infrastructure Distributed Architecture & Restricted Access Rules Detailed CP & CPS Policies Controlled Certificate Life-Cycle Management HSMs for securing CAs Private Keys Key Archive Services for recovery of user encryption keys End-to-End Process Control 6

Restricted Access Rules Detailed CP & CPS Policies Controlled Certificate Life-Cycle Management HSMs for

7 BDL e-banking Services (6/8) PKI-Enabled Applications Application-based electronic transactions signing Electronic Data Interchange Virtual Private Networks Client & Server Authentication Smart Card Logon Time stamping and non-repudiation services BDL e-banking Services (7/8) Certificate Life-Cycle Management Authentication & Encryption User Certificates / Device Certificates Smart Card Authentication Match-On-Card Biometric Authentication Card Issuance & Management System Certificate life-cycle management from issuance up to revocation 7

Services (7/8) Certificate Life-Cycle Management Authentication & Encryption User Certificates / Device Certificates Smart Card

Centralized & Efficient Security Management Conformity to Best

8 BDL e-banking Services (8/8) A Guaranteed Trust Security Infrastructure On-line with Business End-to-End Security Approach Centralized & Efficient Security Management Conformity to Best Practices & Security Standards Reliable & Scalable Architecture Thank You 8

Payment Card Industry Data Security Standard

Payment Card Industry Data Security Standard Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security