IT Security in Banque du Liban



Similar documents
Payment Card Industry Data Security Standard

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

We are Passionate about Total Security Management Architecture & Infrastructure Optimisation Review

Larry Wilson Version 1.0 November, University Cyber-security Program Critical Asset Mapping

The Information Security Problem

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0

Egyptian Best Practices Securing E-Services

Fortinet Solutions for Compliance Requirements

Unified Threat Management, Managed Security, and the Cloud Services Model

Solving the Desktop Dilemma

Vendor Audit Questionnaire

Introduction to Cyber Security / Information Security

Implementing Cisco IOS Network Security v2.0 (IINS)

Symantec Consulting Services

Copyright Telerad Tech RADSpa. HIPAA Compliance

Clavister InSight TM. Protecting Values

White Paper: Meeting and Exceeding GSI/GCSx Information Security Monitoring Requirements

Overcoming PCI Compliance Challenges

Security from a customer s perspective. Halogen s approach to security

FBLA Cyber Security aligned with Common Core FBLA: Cyber Security RST RST RST RST WHST WHST

Chapter 1 The Principles of Auditing 1

Achieving PCI-Compliance through Cyberoam

GE Measurement & Control. Cyber Security for NEI 08-09

Danske Bank Group Certificate Policy

Strong Authentication for Secure VPN Access

QRadar SIEM 6.3 Datasheet

MCSA Objectives. Exam : TS:Exchange Server 2007, Configuring

Breaking down the Barriers: Implementing Vaulting Technologies

RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief

How To Protect Your Network From Attack

How To Control Vcloud Air From A Microsoft Vcloud (Vcloud)

Security Frameworks. An Enterprise Approach to Security. Robert Belka Frazier, CISSP

APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST

Internet Banking Internal Control Questionnaire

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

University of Pittsburgh Security Assessment Questionnaire (v1.5)

McAfee Security Architectures for the Public Sector

H.I.P.A.A. Compliance Made Easy Products and Services

Cloud Security and Managing Use Risks

Dr. Cunsheng DING HKUST, Hong Kong. Security Protocols. Security Protocols. Cunsheng Ding, HKUST COMP685C

IT Security. Securing Your Business Investments

Securing the Service Desk in the Cloud

Managed Security Services for Data

Client Security Risk Assessment Questionnaire

Fear Not What Security Can Do to Your Firm; Instead, Imagine What Your Firm Can Do When Secured!

Certified Information Systems Auditor (CISA)

Security Controls What Works. Southside Virginia Community College: Security Awareness

Using Entrust certificates with VPN

APPENDIX C - PRICING INDEX DIR-SDD-2514 VERIZON BUSINESS NETWORK SERVICES, INC SERVICES

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

Network Security Administrator

70-647: Windows Server Enterprise Administration

Alcatel-Lucent Services

74% 96 Action Items. Compliance

Generic Aspects and Special Issues for High Speed Networks. Carsten Benecke, DFN-FWL, University of Hamburg

Cyber Security solutions

Vendor Questionnaire

Evaluating the Cisco ASA Adaptive Security Appliance VPN Subsystem Architecture

PortWise Access Management Suite

I. Introduction to Privacy: Common Principles and Approaches

Training Name Installing and Configuring Windows Server 2012

Automation Suite for. 201 CMR Compliance

Cyber Security. Smart Grid

Unified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES

SMS. Cloud Computing. Systems Management Specialists. Grupo SMS option 3 for sales

Case Study for Layer 3 Authentication and Encryption

NERC Cyber Security. Compliance Consulting. Services. HCL Governance, Risk & Compliance Practice

Anypoint Platform Cloud Security and Compliance. Whitepaper

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Security + Certification (ITSY 1076) Syllabus

REVOLUTIONIZING ADVANCED THREAT PROTECTION

by New Media Solutions 37 Walnut Street Wellesley, MA p f Avitage IT Infrastructure Security Document

An introduction to EJBCA and SignServer

Total Security Solution Essential Security for Net Businesses

PierianDx - Clinical Genomicist Workstation Software as a Service FAQ s

Building Reference Security Architecture

Addressing Cloud Computing Security Considerations

Security Threat Risk Assessment: the final key piece of the PIA puzzle

IBM Connections Cloud Security

You Can Survive a PCI-DSS Assessment

How To Achieve Pca Compliance With Redhat Enterprise Linux

(Instructor-led; 3 Days)

BMC Remedy OnDemand. Product Overview

ADMINISTRATIVE POLICY # (2014) Remote Access. Policy Number: ADMINISTRATIVE POLICY # (2014) Remote Access

ISO COMPLIANCE WITH OBSERVEIT

Enterprise Security Architecture Concepts and Practice

Altus UC Security Overview

Securing Networks with Cisco Routers and Switches 1.0 (SECURE)

Request for Proposal INFORMATION SECURITY ASSESSMENT SERVICES RFP # Addendum 1.0

MCSE Objectives. Exam : TS:Exchange Server 2007, Configuring

Transcription:

IT Security in Banque du Liban Zeina AOUN Head of Security Division IT Department BANQUE DU LIBAN Workshop on Building Trust and Confidence in Arabic e-services 25-27 May 2010 AGENDA BDL Security Drivers BDL Global Security Solutions BDL Secure e-banking Services Let us not look back in anger or forward in fear, but around in awareness James Thurber 1

BDL Security Drivers Risks Anticipation Vulnerability Management Risk Assessment Remediation Prioritization Global Expansion Follow technology evolution Rationalization Adapt to changing business ISO 27001/27002/27005 BS25999 Traceability & Audit Lebanese Law Open Standards Security aligned with business Business process improvement Efficiency Integrity Confidentiality Authentication Availability - Auditing BDL Global Security Solutions (1/4) BUILD MEASURE End to End Approach for Security 2

BDL Global Security Solutions (2/4) Understand Analyze Measure Security Definition & Auditing ISO 27001, 27002 & 27005 Assessments, Risk Management Technical & Organizational Auditing Security Strategy, Security Policies, Security Insurance Plan, Security Awareness, Continuity & Disaster Recovery Plans Security technology Evaluation & Prototyping BDL Global Security Solutions (3/4) Design Build Architecture, Design & Implementation System Security: OS Hardening, Desktop Security Services (antivirus, anti-spam & NAC), Host IPS, Reverse Proxies, URL Control & Filtering Network Security: Firewalls, Network IPS, IPSec & SSL VPNs Application Security: E-Signature based on Public Key Infrastructure, Access Control Multi-factor authentication (smart cards & Biometric solutions) Added-Value Security: Security Information and Management Solutions (SIEM), Risk Management, Identity Acess Management 3

BDL Global Security Solutions (4/4) Information Security Management Run Supervision, Administration & Monitoring of the Overall BDL IT environments Security Information & Event Management, Security Alerting & Reporting Security Watch Security Incident Analysis Vulnerability Management BDL e-banking Services (1/8) Business Objectives & Scope Empower Lebanon to play a major role in the Middle East as a provider of e-services including e-commerce, e- banking and e-financial services Platform for secure payments (banks, markets, governments & cross border) Electronic end-to-end processing at all levels of interaction Assured reliability & integrity of strategic information Appropriate regulatory environment Increased ability to manage market liquidity & risks 4

BDL e-banking Services (2/8) SEBIL Secure Elecronic Banking and Information for Lebanon Electronic payment & reporting systems Realtime Settlement System Automated Clearing House Treasury Management System Asset Management Decision support System BDL e-banking Services (3/8) SITI Secure IT Infrastructure to support SEBIL ISP, Internet High Availability Internet Access (Web, Mail) Secure Zones FireWalls Extranet Access (VPN, Application) PKI/CA, Antivirus, Mail Relay,Proxy IDS / IPS Security Management 5

BDL e-banking Services (4/8) Infrastructure End-to-End Security Challenges BDL e-banking Services (5/8) BDL PKI Security Principles Highly Available & Secure PKI Infrastructure Distributed Architecture & Restricted Access Rules Detailed CP & CPS Policies Controlled Certificate Life-Cycle Management HSMs for securing CAs Private Keys Key Archive Services for recovery of user encryption keys End-to-End Process Control 6

BDL e-banking Services (6/8) PKI-Enabled Applications Application-based electronic transactions signing Electronic Data Interchange Virtual Private Networks Client & Server Authentication Smart Card Logon Time stamping and non-repudiation services BDL e-banking Services (7/8) Certificate Life-Cycle Management Authentication & Encryption User Certificates / Device Certificates Smart Card Authentication Match-On-Card Biometric Authentication Card Issuance & Management System Certificate life-cycle management from issuance up to revocation 7

BDL e-banking Services (8/8) A Guaranteed Trust Security Infrastructure On-line with Business End-to-End Security Approach Centralized & Efficient Security Management Conformity to Best Practices & Security Standards Reliable & Scalable Architecture Thank You 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information