SlideShare une entreprise Scribd logo

Day 1 Coop Banks

V
vngundi

Presentation by CERT-Hungary

TechnologieÉconomie & financeBusiness
1  sur  8
Télécharger pour lire hors ligne
Working together with banks from a CERT perspective + CIIP Ferenc Suba LLM, MA Chairman of the Board, CERT-Hungary, Theodore Puskás Foundation Vice-Chair of the Management Board, European Network and Information Security Agency
PTA CERT-Hungary WHO WE ARE? PTA CERT-Hungary = Government network security center Within Theodore Puskás Foundation funded and supervised by the government CO-OPERATION AGREEMENT WITH FINANCIAL SUPERVISORY AUTHORITY: Scope: awareness raising (website, school class), recommendation (safe e-banking), ISAC (information sharing and analysis center) FINANCIAL ISAC HU: In co-op with FSA, BAH, Police SERVICE AGREEMENTS WIHT BANKS: - 5 concluded, 3 underway
Financial ISAC HU - History: joint comexes with banks since early 2006 - Great leap forward: large phising attacks in Dec 2006 - Constituents: CERT-HU, Law Enforcement, Banking Assoc. of HU, Financial Supervisory Authority - Activity: information sharing, exercises, recommendations, coordination - Results: TLP, Advisory, simulated DDos attack exercise - Future: prep for FSA recomm. on the security of internet banking, coop. with similar ISACs (GOVCERT.NL, AUSCERT, DHS)
COMEX07 The exercises -Goal: -to test the communication between the participants and the internal procedures of the banks in case of a Ddos attack -Tasks: -Two banks acting as victims, -Banking Association coordinating the exercise and representing the banks towards CERT-Hungary, -CERT-Hungary providing technical infrastructure, playing the attacker, ISP and server operator for one of the banks and itself - FSA, GIRO, Police: observers and evaluators
The exercises COMEX08: Goal: to test communication and internal procedures in case of an international malicious code collecting client’s data, password Tasks: 6 banks to eliminate the malicious code and changing passwords, requesting log-analysis form CERT-Hungary, identification of data leakage and malicious activity based on log- analysis, reporting to the police CERT-Hungary: reporting the malicious code to banks, log- analysis, identification and shutting down of collecting servers with the involvemen of the police FSA, Police: observers and evaluators
The exercises COMEX09: Goal: to test the protective reactions of the banks in case of a penetration Tasks: 2 banks to protect a simulated banking environment CERT-Hungary: provision of the simulated banking environment, serving as attacker Banking Association, FSA, Police: interactive players and evaluators
CIIP in Energy Sector USA: ISAC Model (branch specific co-op. under DHS) Europe: EU-SCSIE (Shell, Electrabell, Swissgrid, EDF, CERN, SEEMA, Melanie, CERT-Hungary) Global: Meridian Process Control WG Hungary: CIIP WG (MOL, Paks, MAVIR, Telco, CERT-Hungary) First exercise in May, 2009 (NHH, MOL, MAVIR, MEH, NFGM, PTA CHK) electricity outage having a spillover effect in oil, gas, and communications
Thank you for your attention! ferenc.suba@cert-hungary.hu PTA CERT-Hungary www.cert-hungary.hu Theodore Puskás Foundation www.neti.hu ENISA www.enisa.europa.eu

Recommandé

Day 1 From CERT To NCSC
Day 1 From CERT To NCSCDay 1 From CERT To NCSC
Day 1 From CERT To NCSC
vngundi
 
Internet of Things
Internet of ThingsInternet of Things
Internet of Things
Mphasis
 
Internet of Things
Internet of ThingsInternet of Things
Internet of Things
Mphasis
 
I-Infinity : Smart ATM centers
I-Infinity : Smart ATM centersI-Infinity : Smart ATM centers
I-Infinity : Smart ATM centers
Rakesh Galav
 
Internet of Things for Underground Drainage and Manhole monitoring System for...
Internet of Things for Underground Drainage and Manhole monitoring System for...Internet of Things for Underground Drainage and Manhole monitoring System for...
Internet of Things for Underground Drainage and Manhole monitoring System for...
Muragesh Kabbinakantimath
 
Day 1 Enisa Setting Up A Csirt
Day 1 Enisa Setting Up A CsirtDay 1 Enisa Setting Up A Csirt
Day 1 Enisa Setting Up A Csirt
vngundi
 
SMART DRAINAGE SYSTEM USING IOT
SMART DRAINAGE SYSTEM USING IOTSMART DRAINAGE SYSTEM USING IOT
SMART DRAINAGE SYSTEM USING IOT
GlobalSuperElite GlobalSuperElite
 
“CYBER DEFENCE” KEAMANAN INFORMASI DAN KEDAULATAN NKRI MELALUI BATALYON CYBER
“CYBER DEFENCE” KEAMANAN INFORMASI DAN KEDAULATAN NKRI MELALUI BATALYON CYBER“CYBER DEFENCE” KEAMANAN INFORMASI DAN KEDAULATAN NKRI MELALUI BATALYON CYBER
“CYBER DEFENCE” KEAMANAN INFORMASI DAN KEDAULATAN NKRI MELALUI BATALYON CYBER
IGN MANTRA
 

Recommandé

Day 1 From CERT To NCSC
Day 1 From CERT To NCSCDay 1 From CERT To NCSC
Day 1 From CERT To NCSC
vngundi
 
Internet of Things
Internet of ThingsInternet of Things
Internet of Things
Mphasis
 
Internet of Things
Internet of ThingsInternet of Things
Internet of Things
Mphasis
 
I-Infinity : Smart ATM centers
I-Infinity : Smart ATM centersI-Infinity : Smart ATM centers
I-Infinity : Smart ATM centers
Rakesh Galav
 
Internet of Things for Underground Drainage and Manhole monitoring System for...
Internet of Things for Underground Drainage and Manhole monitoring System for...Internet of Things for Underground Drainage and Manhole monitoring System for...
Internet of Things for Underground Drainage and Manhole monitoring System for...
Muragesh Kabbinakantimath
 
Day 1 Enisa Setting Up A Csirt
Day 1 Enisa Setting Up A CsirtDay 1 Enisa Setting Up A Csirt
Day 1 Enisa Setting Up A Csirt
vngundi
 
SMART DRAINAGE SYSTEM USING IOT
SMART DRAINAGE SYSTEM USING IOTSMART DRAINAGE SYSTEM USING IOT
SMART DRAINAGE SYSTEM USING IOT
GlobalSuperElite GlobalSuperElite
 
“CYBER DEFENCE” KEAMANAN INFORMASI DAN KEDAULATAN NKRI MELALUI BATALYON CYBER
“CYBER DEFENCE” KEAMANAN INFORMASI DAN KEDAULATAN NKRI MELALUI BATALYON CYBER“CYBER DEFENCE” KEAMANAN INFORMASI DAN KEDAULATAN NKRI MELALUI BATALYON CYBER
“CYBER DEFENCE” KEAMANAN INFORMASI DAN KEDAULATAN NKRI MELALUI BATALYON CYBER
IGN MANTRA
 
Day 1 Large Scale Attacks
Day 1 Large Scale AttacksDay 1 Large Scale Attacks
Day 1 Large Scale Attacks
vngundi
 
2016 02-14-nis directive-overview isc2 chapter
2016 02-14-nis directive-overview isc2 chapter2016 02-14-nis directive-overview isc2 chapter
2016 02-14-nis directive-overview isc2 chapter
isc2-hellenic
 
Information Security (Management) at Stake In Belgium v1.1
Information Security (Management) at Stake In Belgium v1.1Information Security (Management) at Stake In Belgium v1.1
Information Security (Management) at Stake In Belgium v1.1
Dominique Volon
 
B12: AMLO | FinTech Situation in Thailand and Offshore and Money Laundering R...
B12: AMLO | FinTech Situation in Thailand and Offshore and Money Laundering R...B12: AMLO | FinTech Situation in Thailand and Offshore and Money Laundering R...
B12: AMLO | FinTech Situation in Thailand and Offshore and Money Laundering R...
Kullarat Phongsathaporn
 
EDF2014: Talk of Ioannis Kotsiopoulos, European Dynamics: Semantics – Interop...
EDF2014: Talk of Ioannis Kotsiopoulos, European Dynamics: Semantics – Interop...EDF2014: Talk of Ioannis Kotsiopoulos, European Dynamics: Semantics – Interop...
EDF2014: Talk of Ioannis Kotsiopoulos, European Dynamics: Semantics – Interop...
European Data Forum
 
CCIS Brochure English (Nov 2014)
CCIS Brochure English (Nov 2014)CCIS Brochure English (Nov 2014)
CCIS Brochure English (Nov 2014)
Gry Helene Stavseng
 
Information security (management) at stake in belgium 2017 v1.2
Information security (management) at stake in belgium 2017 v1.2Information security (management) at stake in belgium 2017 v1.2
Information security (management) at stake in belgium 2017 v1.2
Dominique Volon
 
SC7 Workshop 2: Big Data Challenges in Cybersecurity
SC7 Workshop 2: Big Data Challenges in CybersecuritySC7 Workshop 2: Big Data Challenges in Cybersecurity
SC7 Workshop 2: Big Data Challenges in Cybersecurity
BigData_Europe
 
Information Security (Management) at Stake In Belgium
Information Security (Management) at Stake In BelgiumInformation Security (Management) at Stake In Belgium
Information Security (Management) at Stake In Belgium
Dominique Volon
 
E-group's pitch
E-group's pitchE-group's pitch
E-group's pitch
i7
 
European Cyber Crime Centre EC3
European Cyber Crime Centre EC3European Cyber Crime Centre EC3
European Cyber Crime Centre EC3
- Mark - Fullbright
 
A new approach to International Judicial Cooperation through secure ICT platf...
A new approach to International Judicial Cooperation through secure ICT platf...A new approach to International Judicial Cooperation through secure ICT platf...
A new approach to International Judicial Cooperation through secure ICT platf...
ePractice.eu
 
Addressing Cybersecurity and Cybercrime via a co-evolutionary approach to red...
Addressing Cybersecurity and Cybercrime via a co-evolutionary approach to red...Addressing Cybersecurity and Cybercrime via a co-evolutionary approach to red...
Addressing Cybersecurity and Cybercrime via a co-evolutionary approach to red...
Anna Gomez
 
Electronic Surveillance of Communications 100225
Electronic Surveillance of Communications 100225Electronic Surveillance of Communications 100225
Electronic Surveillance of Communications 100225
Klamberg
 
Electronic Surveillance Of Communications 100225
Electronic Surveillance Of Communications 100225Electronic Surveillance Of Communications 100225
Electronic Surveillance Of Communications 100225
Klamberg
 
North Lincolnshire and safer neighbourhoods
North Lincolnshire and safer neighbourhoodsNorth Lincolnshire and safer neighbourhoods
North Lincolnshire and safer neighbourhoods
localinsight
 
Cyber security
Cyber securityCyber security
Cyber security
Ирина Шевченко
 
Janusz Oczyp CV ENG Oct 2015
Janusz Oczyp CV ENG Oct 2015Janusz Oczyp CV ENG Oct 2015
Janusz Oczyp CV ENG Oct 2015
Janusz Oczyp
 
Cyber_Risk_in_Switzerland_February_2022.pdf
Cyber_Risk_in_Switzerland_February_2022.pdfCyber_Risk_in_Switzerland_February_2022.pdf
Cyber_Risk_in_Switzerland_February_2022.pdf
GeorgeLekatis2
 
Cyber security
Cyber securityCyber security
Cyber security
Ирина Шевченко
 
Anatomy of a CERT - Gordon Love, Symantec
Anatomy of a CERT - Gordon Love, SymantecAnatomy of a CERT - Gordon Love, Symantec
Anatomy of a CERT - Gordon Love, Symantec
vngundi
 
Dealing With Security Threats
Dealing With Security ThreatsDealing With Security Threats
Dealing With Security Threats
vngundi
 

Contenu connexe

Similaire à Day 1 Coop Banks

Information Security (Management) at Stake In Belgium v1.1
Information Security (Management) at Stake In Belgium v1.1Information Security (Management) at Stake In Belgium v1.1
Information Security (Management) at Stake In Belgium v1.1
Dominique Volon
 
Information Security (Management) at Stake In Belgium
Information Security (Management) at Stake In BelgiumInformation Security (Management) at Stake In Belgium
Information Security (Management) at Stake In Belgium
Dominique Volon
 
E-group's pitch
E-group's pitchE-group's pitch
E-group's pitch
i7
 
North Lincolnshire and safer neighbourhoods
North Lincolnshire and safer neighbourhoodsNorth Lincolnshire and safer neighbourhoods
North Lincolnshire and safer neighbourhoods
localinsight
 
Janusz Oczyp CV ENG Oct 2015
Janusz Oczyp CV ENG Oct 2015Janusz Oczyp CV ENG Oct 2015
Janusz Oczyp CV ENG Oct 2015
Janusz Oczyp
 

Similaire à Day 1 Coop Banks (20)

Day 1 Large Scale Attacks
Day 1 Large Scale AttacksDay 1 Large Scale Attacks
Day 1 Large Scale Attacks
 
2016 02-14-nis directive-overview isc2 chapter
2016 02-14-nis directive-overview isc2 chapter2016 02-14-nis directive-overview isc2 chapter
2016 02-14-nis directive-overview isc2 chapter
 
Information Security (Management) at Stake In Belgium v1.1
Information Security (Management) at Stake In Belgium v1.1Information Security (Management) at Stake In Belgium v1.1
Information Security (Management) at Stake In Belgium v1.1
 
B12: AMLO | FinTech Situation in Thailand and Offshore and Money Laundering R...
B12: AMLO | FinTech Situation in Thailand and Offshore and Money Laundering R...B12: AMLO | FinTech Situation in Thailand and Offshore and Money Laundering R...
B12: AMLO | FinTech Situation in Thailand and Offshore and Money Laundering R...
 
EDF2014: Talk of Ioannis Kotsiopoulos, European Dynamics: Semantics – Interop...
EDF2014: Talk of Ioannis Kotsiopoulos, European Dynamics: Semantics – Interop...EDF2014: Talk of Ioannis Kotsiopoulos, European Dynamics: Semantics – Interop...
EDF2014: Talk of Ioannis Kotsiopoulos, European Dynamics: Semantics – Interop...
 
CCIS Brochure English (Nov 2014)
CCIS Brochure English (Nov 2014)CCIS Brochure English (Nov 2014)
CCIS Brochure English (Nov 2014)
 
Information security (management) at stake in belgium 2017 v1.2
Information security (management) at stake in belgium 2017 v1.2Information security (management) at stake in belgium 2017 v1.2
Information security (management) at stake in belgium 2017 v1.2
 
SC7 Workshop 2: Big Data Challenges in Cybersecurity
SC7 Workshop 2: Big Data Challenges in CybersecuritySC7 Workshop 2: Big Data Challenges in Cybersecurity
SC7 Workshop 2: Big Data Challenges in Cybersecurity
 
Information Security (Management) at Stake In Belgium
Information Security (Management) at Stake In BelgiumInformation Security (Management) at Stake In Belgium
Information Security (Management) at Stake In Belgium
 
E-group's pitch
E-group's pitchE-group's pitch
E-group's pitch
 
European Cyber Crime Centre EC3
European Cyber Crime Centre EC3European Cyber Crime Centre EC3
European Cyber Crime Centre EC3
 
A new approach to International Judicial Cooperation through secure ICT platf...
A new approach to International Judicial Cooperation through secure ICT platf...A new approach to International Judicial Cooperation through secure ICT platf...
A new approach to International Judicial Cooperation through secure ICT platf...
 
Addressing Cybersecurity and Cybercrime via a co-evolutionary approach to red...
Addressing Cybersecurity and Cybercrime via a co-evolutionary approach to red...Addressing Cybersecurity and Cybercrime via a co-evolutionary approach to red...
Addressing Cybersecurity and Cybercrime via a co-evolutionary approach to red...
 
Electronic Surveillance of Communications 100225
Electronic Surveillance of Communications 100225Electronic Surveillance of Communications 100225
Electronic Surveillance of Communications 100225
 
Electronic Surveillance Of Communications 100225
Electronic Surveillance Of Communications 100225Electronic Surveillance Of Communications 100225
Electronic Surveillance Of Communications 100225
 
North Lincolnshire and safer neighbourhoods
North Lincolnshire and safer neighbourhoodsNorth Lincolnshire and safer neighbourhoods
North Lincolnshire and safer neighbourhoods
 
Cyber security
Cyber securityCyber security
Cyber security
 
Janusz Oczyp CV ENG Oct 2015
Janusz Oczyp CV ENG Oct 2015Janusz Oczyp CV ENG Oct 2015
Janusz Oczyp CV ENG Oct 2015
 
Cyber_Risk_in_Switzerland_February_2022.pdf
Cyber_Risk_in_Switzerland_February_2022.pdfCyber_Risk_in_Switzerland_February_2022.pdf
Cyber_Risk_in_Switzerland_February_2022.pdf
 
Cyber security
Cyber securityCyber security
Cyber security
 

Plus de vngundi

Anatomy of a CERT - Gordon Love, Symantec
Anatomy of a CERT - Gordon Love, SymantecAnatomy of a CERT - Gordon Love, Symantec
Anatomy of a CERT - Gordon Love, Symantec
vngundi
 

Plus de vngundi (8)

Anatomy of a CERT - Gordon Love, Symantec
Anatomy of a CERT - Gordon Love, SymantecAnatomy of a CERT - Gordon Love, Symantec
Anatomy of a CERT - Gordon Love, Symantec
 
Dealing With Security Threats
Dealing With Security ThreatsDealing With Security Threats
Dealing With Security Threats
 
Cyber Security Strategies and Approaches
Cyber Security Strategies and ApproachesCyber Security Strategies and Approaches
Cyber Security Strategies and Approaches
 
Day 2 Dns Cert 4 Scenarios
Day 2 Dns Cert 4 ScenariosDay 2 Dns Cert 4 Scenarios
Day 2 Dns Cert 4 Scenarios
 
Day 2 Dns Cert 4c Malicious Use
Day 2 Dns Cert 4c Malicious UseDay 2 Dns Cert 4c Malicious Use
Day 2 Dns Cert 4c Malicious Use
 
Day 2 Dns Cert 4b Name Server Redirection
Day 2 Dns Cert 4b Name Server RedirectionDay 2 Dns Cert 4b Name Server Redirection
Day 2 Dns Cert 4b Name Server Redirection
 
Day 2 Dns Cert 4a Cache Poisoning
Day 2 Dns Cert 4a Cache PoisoningDay 2 Dns Cert 4a Cache Poisoning
Day 2 Dns Cert 4a Cache Poisoning
 
Day 2 Dns Cert 3 Dns Organizations
Day 2 Dns Cert 3 Dns OrganizationsDay 2 Dns Cert 3 Dns Organizations
Day 2 Dns Cert 3 Dns Organizations
 

Dernier

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 

Dernier (20)

Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 

Day 1 Coop Banks

  • 1. Working together with banks from a CERT perspective + CIIP Ferenc Suba LLM, MA Chairman of the Board, CERT-Hungary, Theodore Puskás Foundation Vice-Chair of the Management Board, European Network and Information Security Agency
  • 2. PTA CERT-Hungary WHO WE ARE? PTA CERT-Hungary = Government network security center Within Theodore Puskás Foundation funded and supervised by the government CO-OPERATION AGREEMENT WITH FINANCIAL SUPERVISORY AUTHORITY: Scope: awareness raising (website, school class), recommendation (safe e-banking), ISAC (information sharing and analysis center) FINANCIAL ISAC HU: In co-op with FSA, BAH, Police SERVICE AGREEMENTS WIHT BANKS: - 5 concluded, 3 underway
  • 3. Financial ISAC HU - History: joint comexes with banks since early 2006 - Great leap forward: large phising attacks in Dec 2006 - Constituents: CERT-HU, Law Enforcement, Banking Assoc. of HU, Financial Supervisory Authority - Activity: information sharing, exercises, recommendations, coordination - Results: TLP, Advisory, simulated DDos attack exercise - Future: prep for FSA recomm. on the security of internet banking, coop. with similar ISACs (GOVCERT.NL, AUSCERT, DHS)
  • 4. COMEX07 The exercises -Goal: -to test the communication between the participants and the internal procedures of the banks in case of a Ddos attack -Tasks: -Two banks acting as victims, -Banking Association coordinating the exercise and representing the banks towards CERT-Hungary, -CERT-Hungary providing technical infrastructure, playing the attacker, ISP and server operator for one of the banks and itself - FSA, GIRO, Police: observers and evaluators
  • 5. The exercises COMEX08: Goal: to test communication and internal procedures in case of an international malicious code collecting client’s data, password Tasks: 6 banks to eliminate the malicious code and changing passwords, requesting log-analysis form CERT-Hungary, identification of data leakage and malicious activity based on log- analysis, reporting to the police CERT-Hungary: reporting the malicious code to banks, log- analysis, identification and shutting down of collecting servers with the involvemen of the police FSA, Police: observers and evaluators
  • 6. The exercises COMEX09: Goal: to test the protective reactions of the banks in case of a penetration Tasks: 2 banks to protect a simulated banking environment CERT-Hungary: provision of the simulated banking environment, serving as attacker Banking Association, FSA, Police: interactive players and evaluators
  • 7. CIIP in Energy Sector USA: ISAC Model (branch specific co-op. under DHS) Europe: EU-SCSIE (Shell, Electrabell, Swissgrid, EDF, CERN, SEEMA, Melanie, CERT-Hungary) Global: Meridian Process Control WG Hungary: CIIP WG (MOL, Paks, MAVIR, Telco, CERT-Hungary) First exercise in May, 2009 (NHH, MOL, MAVIR, MEH, NFGM, PTA CHK) electricity outage having a spillover effect in oil, gas, and communications
  • 8. Thank you for your attention! ferenc.suba@cert-hungary.hu PTA CERT-Hungary www.cert-hungary.hu Theodore Puskás Foundation www.neti.hu ENISA www.enisa.europa.eu