What s happening in the area of E-security for the Financial Transactions in China



Similar documents
ICANWK406A Install, configure and test network security

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

IT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results

CHIS, Inc. Privacy General Guidelines

Security Controls What Works. Southside Virginia Community College: Security Awareness

Solutions and IT services for Oil-Gas & Energy markets

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL

Security from a customer s perspective. Halogen s approach to security

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

REGULATIONS FOR THE SECURITY OF INTERNET BANKING

University of Central Florida Class Specification Administrative and Professional. Information Security Officer

Security aspects of e-tailing. Chapter 7

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

IBM Connections Cloud Security

Supplier Security Assessment Questionnaire

External Supplier Control Requirements

Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np

Network Security Policy

FINAL May Guideline on Security Systems for Safeguarding Customer Information

Critical Controls for Cyber Security.

Information Technology Security Standards. Effective Date: November 20, 2000 OFM Guidelines for Economic Feasibility Revision Date: January 10, 2008

INFORMATION SECURITY GOVERNANCE ASSESSMENT TOOL FOR HIGHER EDUCATION

Certified Information Systems Auditor (CISA)

NCUA LETTER TO CREDIT UNIONS

Guidelines for Website Security and Security Counter Measures for e-e Governance Project

Big Data, Big Risk, Big Rewards. Hussein Syed

The Protection Mission a constant endeavor

Managing IT Security with Penetration Testing

Introduction...3. Conclusion White paper: IT SECURITY FOR SMART SCHOOLS

ACCEPTING PAYMENT CARD ASSESSMENT Pre-Selection Questionnaire

Data Security and Healthcare

White Paper: Librestream Security Overview

GE Measurement & Control. Cyber Security for NEI 08-09

Module 1: Overview. Module 2: AlienVault USM Solution Deployment. Module 3: AlienVault USM Basic Configuration

Course: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems

Information Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis

Cisco Advanced Services for Network Security

Developing the Corporate Security Architecture. Alex Woda July 22, 2009

INFORMATION SECURITY PROGRAM

Evaluate the Usability of Security Audits in Electronic Commerce

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Data Security Incident Response Plan. [Insert Organization Name]

Business ebanking Fraud Prevention Best Practices

INFORMATION S ECURI T Y

Complying with the Federal Information Security Management Act. Parallels with Sarbanes-Oxley Compliance

Larry Wilson Version 1.0 November, University Cyber-security Program Critical Asset Mapping

Ohio Supercomputer Center

Information Security Basic Concepts

BUDGET LETTER PEER-TO-PEER FILE SHARING , , EXECUTIVE ORDER S-16-04

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

Information Security Policy

SECURITY PRACTICES FOR ADVANCED METERING INFRASTRUCTURE Elif Üstündağ Soykan, Seda Demirağ Ersöz , ICSG 2014

INFORMATION TECHNOLOGY SECURITY STANDARDS

TOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE. ebook Series

State of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD Effective Date: April 7, 2005

Deploying secure wireless network services The Avaya Identity Engines portfolio offers flexible, auditable management for secure wireless networks.

Injazat s Managed Services Portfolio

MASTER OF SCIENCE IN INFORMATION ASSURANCE PROGRAM DEPARTMENT OF COMPUTER SCIENCE HAMPTON UNIVERSITY

Instructions for Completing the Information Technology Officer s Questionnaire

Information Technology Security Review April 16, 2012

Information Technology Branch Access Control Technical Standard

IBX Business Network Platform Information Security Controls Document Classification [Public]

Chapter 7 Information System Security and Control

ACE Advantage PRIVACY & NETWORK SECURITY

INFORMATION SECURITY California Maritime Academy

Exam 1 - CSIS 3755 Information Assurance

Information Technology General Controls Review (ITGC) Audit Program Prepared by:

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist,

OCC BULLETIN OCC Purpose. Summary of Key Points. Administrator of National Banks. Subject: Technology Risk Management: PC Banking

Unified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES

Network Security. Introduction. Security services. Players. Conclusions. Distributed information Distributed processing Remote smart systems access

ICAB5238B Build a highly secure firewall

Research Imperatives

security policy Purpose The purpose of this paper is to outline the steps required for developing and maintaining a corporate security policy.

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0

plantemoran.com What School Personnel Administrators Need to know

Security Issues in Cloud Computing

micros MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) August, 2013 Revision 8.0 MICROS Systems, Inc. Version 8.

INFORMATION TECHNOLOGY ENGINEER V

Nationwide Review of CMS s HIPAA Oversight. Brian C. Johnson, CPA, CISA. Wednesday, January 19, 2011

General Computer Controls

Information Blue Valley Schools FEBRUARY 2015

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

Enterprise K12 Network Security Policy

Network and Security Controls

Ohio Supercomputer Center

RL Solutions Hosting Service Level Agreement

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

SUPPLIER SECURITY STANDARD

IT SERVICE MANAGEMENT FAQ

Using Automated, Detailed Configuration and Change Reporting to Achieve and Maintain PCI Compliance Part 4

BEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO

APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST

SITA Security Requirements for Third-Party Service Providers that Access, Process, Store or Transmit Data on Behalf of SITA

How are we keeping Hackers away from our UCD networks and computer systems?

University of Illinois at Chicago Health Sciences Colleges Information Technology Group Security Policies Summary

HughesNet Broadband VPN End-to-End Security Using the Cisco 87x

Transcription:

What s happening in the area of E-security for the Financial Transactions in China Dr. Wang Jun Head of E-banking Division, Bank of China Sep. 26, 2002

A Tremendous Potential E-financing Market is is coming in China Service Telephone Unit (person) Ten thousand Existed Customers 20352.9 Increased Customers 2316.1 Mobile Ten thousand 18485.5 3963.4 Internet Ten thousand 4331.9 675.7 Penetration of Telephone /100 persons 30.22 Penetration of internet /100 persons 3.25 Penetration of Mobile /100 persons 13.86 Internet banking Ten thousand 250.2 Internet Stockjobbing Ten thousand 491.8

What s happening in the Chinese Finance Industry Almost all the financial industries including retail banks, insurance agents, stockjobbers, etc. have been delivering their products and services by internet and telephone. Almost all the banks are launching more money into developing Internet banking, telephone banking, mobile banking and Call Center. Three major banks are to role out Internet banking with Call Center collaboration. E-security as a key component to the delivery of electronic finance benefits is getting more and more attentions!

Technology-based Banking Products & Services Balance inquiry Transaction information Funds transfer Cash Management Bill payment Bill presentment Loan applications Stored Value Aggregation Electronic Finder Automated clearinghouse (ACH) transactions Internet Payments Wireless Banking Certification Authority Data Storage

Technology and Risk Considerations Legal liabilities Strategic and Business Risks Business Continuity Planning and Continuity of Services Cross Border and International Banking Monetary Loss Direct Lost Productivity (due to Denial of Services) Cost to recreate lost information

Key Technology Risks Authentication, Identity Verification, and Authorization Transactions errors Data Corruption Repudiation of transactions Intercept of data -- privacy and confidentiality Hacking Fraud and illegal acts Virus intrusion

E-Security Framework and Mechanism Policies & Standards Classification & Control Configuration Management Organization Infrastructure Management Administration Procedures Systems Planning Development & Maintenance Monitoring Logging & Reporting Validated Access Authorization Authentication Administration Environment Access Perimeter Network Internal Network Application Facility Internet Extranet Wireless Dial-Up Access Control Secure Communications Workstation Servers LAN WAN Confidentiality email & eforms Web Enterprise Middleware Database Reliable Transactions Integrity Non-Repudiation Accountability Areas Equipment Media Personnel Roles & Responsibility Training & Awareness Incident Response Compliance Virus Operating Systems Infrastructure Integrity Protection Content Configuration Network Devices Intrusion / Misuse Physical Segmentation Third-Party Access Risk Management Recovery Continuity Availability Backup Redundancy

Procedure of E-Security implementation Risk Analysi s Technical Technical Requirements Technical Specifications Hardware Software Systems Management Vulnerability Assessment Intrusion Detection Policies and Strategies Integrated Architecture Execution, Measurement, Feedback, Refinement Management Management Requirement s Management & Administrative Techniques Standards Procedures Guidelines Missions/Roles Job Descriptions Organization

Key Elements of Security Program Reviewing physical and logical security: Review intrusion detection and response capabilities to ensure that intrusions will be detected and controlled Seek necessary expertise and training, as needed, to protect physical locations and networks from unauthorized access Maintain knowledge of current threats facing the bank and the vulnerabilities to systems Assess firewalls and intrusion detection programs at both primary and back-up sites to make sure they are maintained at current industry best practice levels

Key Elements of Security Program Reviewing physical and logical security (cont d): Verify the identity of new employees, contractors, or third parties accessing your systems or facilities. If warranted, perform background checks. Appropriate backup and recovery Evaluate whether physical access to all facilities is adequate. Work with service provider(s) and other relevant customers to ensure effective logical and physical security controls. Proactive network security that effectively prevents, detects, and responds to intrusions Effective authentication can help banks reduce fraud, reputation risk, disclosure of customer information, and promote the legal enforceability of their electronic agreements

Key Elements of E-Security Program 89. 78 86. 11 Integrity Access cont rol 84 81. 33 72. 56 72. 44 76. 11 74 68. 44 Encrypt i on Ant i -vi r us Authentication Moni t or i ng Recover y Digital si gnat ure Non-r epudi at i on Access control is the most crucial to E- security program

Thank you for your attention!

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information