SlideShare une entreprise Scribd logo

Critical Security And Compliance Issues In Internet Banking

Télécharger en tant que PPT, PDF
T
Thomas Donofrio
Technologie
1  sur  30
Presented By: Thomas A. Donofrio Director of Technology Audit and Consulting Services CRITICAL SECURITY AND COMPLIANCE ISSUES IN INTERNET BANKING
Regulatory Guidelines and Suggested Practices - Electronic Banking Environment FFIEC, OCC, FRB, FDIC and OTS have issued joint and separate guidance such as: ,[object Object],[object Object],[object Object],[object Object]
Regulatory Guidelines and Suggested Practices - Electronic Banking Environment “ Living” risk-based management plan and enterprise-wide security program. ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],4. Compliance risks Regulatory Guidelines and Suggested Practices - Electronic Banking Environment
[object Object],Due diligence in selection of vendor Risk assessment of application and services is critical Ongoing evidence of vendor oversight Regulatory Guidelines and Suggested Practices - Electronic Banking Environment
Regulatory Guidelines and Suggested Practices - Electronic Banking Environment ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Technology Risk Management: Components of an E-Banking Risk Assessment Model and Security Guidelines Enterprise-wide technology universe ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
[object Object],[object Object],[object Object],Three essential elements for planned new technologies Technology Risk Management: Components of an E-Banking Risk Assessment Model and Security Guidelines
Risk assessment document ,[object Object],[object Object],[object Object],[object Object],[object Object],Technology Risk Management: Components of an E-Banking Risk Assessment Model and Security Guidelines
Risk assessment document that addresses evidence of: ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Technology Risk Management: Components of an E-Banking Risk Assessment Model and Security Guidelines
[object Object],[object Object],[object Object],[object Object],[object Object],Privacy and Information Security Policy Technology Risk Management: Components of an E-Banking Risk Assessment Model and Security Guidelines
Privacy and Information Security Policy suggested additional guidelines (in addition to those already addressed prior to GLBA) ,[object Object],[object Object],[object Object],[object Object],Technology Risk Management: Components of an E-Banking Risk Assessment Model and Security Guidelines
Privacy and Information Security Policy suggested additional guidelines (in addition to those already addressed prior to GLBA) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Technology Risk Management: Components of an E-Banking Risk Assessment Model and Security Guidelines
Privacy and Information Security Policy suggested additional guidelines (in addition to those already addressed prior to GLBA) ,[object Object],[object Object],[object Object],[object Object],[object Object],Technology Risk Management: Components of an E-Banking Risk Assessment Model and Security Guidelines 8. Effective February 28, 2001, contracts with third party service providers must contain appropriate language
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Responsibility for services provided by third party vendors ,[object Object],Technology Risk Management: Components of an E-Banking Risk Assessment Model and Security Guidelines
New E-customer verification, if not face to face, requires: Positive verification Logical verification with customer of general information Use of digital certificates Authentication of E-customers Technology Risk Management: Components of an E-Banking Risk Assessment Model and Security Guidelines
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Authentication of E-customers Technology Risk Management: Components of an E-Banking Risk Assessment Model and Security Guidelines
[object Object],[object Object],[object Object],[object Object],[object Object],Network and Web-based Security and System Monitoring Network and web site security maintenance
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Other control initiatives include: Network and Web-based Security and System Monitoring
[object Object],[object Object],[object Object],Penetration/Intrusion Testing Tests electronic environments ,[object Object],[object Object],Zero-knowledge attacks versus full-knowledge attacks
[object Object],[object Object],[object Object],Penetration/Intrusion Testing Typical goals of testing: Insider attacks Remote access exploits (telnet, pc anywhere, secure shell) E-mail exploits Back doors Frontal assaults Evidence and monitoring destruction
Penetration/Intrusion Testing Typical goals of testing: ,[object Object],[object Object],[object Object],[object Object]
Penetration/Intrusion Testing Testing limitations ,[object Object],[object Object]
Network versus E-Commerce intrusion Outsourced web hosting and applications Skill set to exploit the vulnerabilities Penetration/Intrusion Testing Choose a service provider wisely ,[object Object],[object Object],[object Object],[object Object],[object Object]
Security Issues with Other Web Site Initiatives Weblinking/Portals ,[object Object],content compliance customer confusion security policies compliance (e.g., RESPA and Privacy) ,[object Object]
Security Issues with Other Web Site Initiatives Weblinking/Portals ,[object Object],[object Object]
Security Issues with Other Web Site Initiatives Aggregation - web-based consolidation of customer information ,[object Object],Erroneous data gathered Concentration of data increases risk of intrusion Reliance on third party security over information Liability for disputed transactions ,[object Object]
Security Issues with Other Web Site Initiatives Aggregation - web-based consolidation of customer information ,[object Object],Wireless Banking
Needs Assessment - E-Insurance Analysis of your current commercial coverage Determine if new e-insurance offerings duplicate Customer privacy violations, specific business interruptions or denial of access may have limited coverage or no coverage at all
Does current business coverage meet needs if modified? If new coverage is needed, how does it work and how are losses valued? When will coverage in proposal be available? Needs Assessment - E-Insurance Coverage questions to assist in determining e-insurance needs Require outsourcing partners e-insurance as part of contract SLA

Recommandé

Clifford wilke
Clifford wilkeClifford wilke
Clifford wilkeLanka Praneeth
 
Security Management Strategies and Defense and their uses.
Security Management Strategies and Defense and their uses.Security Management Strategies and Defense and their uses.
Security Management Strategies and Defense and their uses.Computer engineering company
 
Security management and tools
Security management and toolsSecurity management and tools
Security management and toolsVibhor Raut
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010joevest
 
6 e commerce security
6 e commerce security6 e commerce security
6 e commerce securityNaveed Ahmed Siddiqui
 
Security Management | System Administration
Security Management | System AdministrationSecurity Management | System Administration
Security Management | System AdministrationLisa Dowdell, MSISTM
 
Banking and Modern Payments System Security Analysis
Banking and Modern Payments System Security AnalysisBanking and Modern Payments System Security Analysis
Banking and Modern Payments System Security AnalysisCSCJournals
 
Task 3
Task 3Task 3
Task 3BIBEKCHAUDHARYBScHon
 

Recommandé

Clifford wilke
Clifford wilkeClifford wilke
Clifford wilkeLanka Praneeth
 
Security Management Strategies and Defense and their uses.
Security Management Strategies and Defense and their uses.Security Management Strategies and Defense and their uses.
Security Management Strategies and Defense and their uses.Computer engineering company
 
Security management and tools
Security management and toolsSecurity management and tools
Security management and toolsVibhor Raut
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010joevest
 
6 e commerce security
6 e commerce security6 e commerce security
6 e commerce securityNaveed Ahmed Siddiqui
 
Security Management | System Administration
Security Management | System AdministrationSecurity Management | System Administration
Security Management | System AdministrationLisa Dowdell, MSISTM
 
Banking and Modern Payments System Security Analysis
Banking and Modern Payments System Security AnalysisBanking and Modern Payments System Security Analysis
Banking and Modern Payments System Security AnalysisCSCJournals
 
Task 3
Task 3Task 3
Task 3BIBEKCHAUDHARYBScHon
 
Info Security & PCI(original)
Info Security & PCI(original)Info Security & PCI(original)
Info Security & PCI(original)NCTechSymposium
 
Powerpoint v7
Powerpoint v7Powerpoint v7
Powerpoint v7Veronica Pereira
 
E-Commerce Security: A Primer
E-Commerce Security: A PrimerE-Commerce Security: A Primer
E-Commerce Security: A PrimerJohn ILIADIS
 
Ch19 E Commerce Security
Ch19 E Commerce SecurityCh19 E Commerce Security
Ch19 E Commerce Securityphanleson
 
Threats of E-Commerce in Database
Threats of E-Commerce in DatabaseThreats of E-Commerce in Database
Threats of E-Commerce in DatabaseMentalist Akram
 
Assessment and Mitigation of Risks Involved in Electronics Payment Systems
Assessment and Mitigation of Risks Involved in Electronics Payment Systems Assessment and Mitigation of Risks Involved in Electronics Payment Systems
Assessment and Mitigation of Risks Involved in Electronics Payment Systems International Journal of Science and Research (IJSR)
 
Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Dinesh O Bareja
 
Information Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your BusinessInformation Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your BusinessLaura Perry
 
Security@ecommerce
Security@ecommerceSecurity@ecommerce
Security@ecommerceOm Vikram Thapa
 
Secure Your Career Shift With Computer-Security Training
Secure Your Career Shift With Computer-Security TrainingSecure Your Career Shift With Computer-Security Training
Secure Your Career Shift With Computer-Security TrainingCCI Training Center
 
Cyber security guide
Cyber security guideCyber security guide
Cyber security guideMark Bennett
 
E-commerce Security and Threats
E-commerce Security and ThreatsE-commerce Security and Threats
E-commerce Security and ThreatsBPalmer13
 
Chapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessChapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessnewbie2019
 
bankauditinITEnv
bankauditinITEnvbankauditinITEnv
bankauditinITEnvDr Vijay Pithadia Director
 
Information Security Management
Information Security ManagementInformation Security Management
Information Security ManagementBhadra Gowdra
 
Information systems audit and control
Information systems audit and controlInformation systems audit and control
Information systems audit and controlKashif Rana ACCA
 
Heartlandpt3
Heartlandpt3Heartlandpt3
Heartlandpt3grimesjo
 
Ecommerce security
Ecommerce securityEcommerce security
Ecommerce securitypolitegcuf
 
Access Control Systems
Access Control SystemsAccess Control Systems
Access Control Systemsarnoldpeter01
 
IS4799 Final Project (1)
IS4799 Final Project (1)IS4799 Final Project (1)
IS4799 Final Project (1)Mark Milburn
 
MATERI KRIPTOGRAFI
MATERI KRIPTOGRAFIMATERI KRIPTOGRAFI
MATERI KRIPTOGRAFIUniversitas Bina Darma Palembang
 
DISSERTATION_40096050
DISSERTATION_40096050DISSERTATION_40096050
DISSERTATION_40096050Pamela Dempster
 

Contenu connexe

Tendances

Info Security & PCI(original)
Info Security & PCI(original)Info Security & PCI(original)
Info Security & PCI(original)NCTechSymposium
 
E-Commerce Security: A Primer
E-Commerce Security: A PrimerE-Commerce Security: A Primer
E-Commerce Security: A PrimerJohn ILIADIS
 
Ch19 E Commerce Security
Ch19 E Commerce SecurityCh19 E Commerce Security
Ch19 E Commerce Securityphanleson
 
Threats of E-Commerce in Database
Threats of E-Commerce in DatabaseThreats of E-Commerce in Database
Threats of E-Commerce in DatabaseMentalist Akram
 
Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Dinesh O Bareja
 
Information Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your BusinessInformation Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your BusinessLaura Perry
 
Secure Your Career Shift With Computer-Security Training
Secure Your Career Shift With Computer-Security TrainingSecure Your Career Shift With Computer-Security Training
Secure Your Career Shift With Computer-Security TrainingCCI Training Center
 
Cyber security guide
Cyber security guideCyber security guide
Cyber security guideMark Bennett
 
E-commerce Security and Threats
E-commerce Security and ThreatsE-commerce Security and Threats
E-commerce Security and ThreatsBPalmer13
 
Chapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessChapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessnewbie2019
 
Information Security Management
Information Security ManagementInformation Security Management
Information Security ManagementBhadra Gowdra
 
Information systems audit and control
Information systems audit and controlInformation systems audit and control
Information systems audit and controlKashif Rana ACCA
 
Heartlandpt3
Heartlandpt3Heartlandpt3
Heartlandpt3grimesjo
 
Ecommerce security
Ecommerce securityEcommerce security
Ecommerce securitypolitegcuf
 
Access Control Systems
Access Control SystemsAccess Control Systems
Access Control Systemsarnoldpeter01
 
IS4799 Final Project (1)
IS4799 Final Project (1)IS4799 Final Project (1)
IS4799 Final Project (1)Mark Milburn
 

Tendances (20)

Info Security & PCI(original)
Info Security & PCI(original)Info Security & PCI(original)
Info Security & PCI(original)
 
Powerpoint v7
Powerpoint v7Powerpoint v7
Powerpoint v7
 
E-Commerce Security: A Primer
E-Commerce Security: A PrimerE-Commerce Security: A Primer
E-Commerce Security: A Primer
 
Ch19 E Commerce Security
Ch19 E Commerce SecurityCh19 E Commerce Security
Ch19 E Commerce Security
 
Threats of E-Commerce in Database
Threats of E-Commerce in DatabaseThreats of E-Commerce in Database
Threats of E-Commerce in Database
 
Assessment and Mitigation of Risks Involved in Electronics Payment Systems
Assessment and Mitigation of Risks Involved in Electronics Payment Systems Assessment and Mitigation of Risks Involved in Electronics Payment Systems
Assessment and Mitigation of Risks Involved in Electronics Payment Systems
 
Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing
 
Information Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your BusinessInformation Security Program & PCI Compliance Planning for your Business
Information Security Program & PCI Compliance Planning for your Business
 
Security@ecommerce
Security@ecommerceSecurity@ecommerce
Security@ecommerce
 
Secure Your Career Shift With Computer-Security Training
Secure Your Career Shift With Computer-Security TrainingSecure Your Career Shift With Computer-Security Training
Secure Your Career Shift With Computer-Security Training
 
Cyber security guide
Cyber security guideCyber security guide
Cyber security guide
 
E-commerce Security and Threats
E-commerce Security and ThreatsE-commerce Security and Threats
E-commerce Security and Threats
 
Chapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessChapter 12 iso 27001 awareness
Chapter 12 iso 27001 awareness
 
bankauditinITEnv
bankauditinITEnvbankauditinITEnv
bankauditinITEnv
 
Information Security Management
Information Security ManagementInformation Security Management
Information Security Management
 
Information systems audit and control
Information systems audit and controlInformation systems audit and control
Information systems audit and control
 
Heartlandpt3
Heartlandpt3Heartlandpt3
Heartlandpt3
 
Ecommerce security
Ecommerce securityEcommerce security
Ecommerce security
 
Access Control Systems
Access Control SystemsAccess Control Systems
Access Control Systems
 
IS4799 Final Project (1)
IS4799 Final Project (1)IS4799 Final Project (1)
IS4799 Final Project (1)
 

En vedette

An Analytical Approach To Analyze The Impact Of Gray Hole Attacks In Manet
An Analytical Approach To Analyze The Impact Of Gray Hole Attacks In ManetAn Analytical Approach To Analyze The Impact Of Gray Hole Attacks In Manet
An Analytical Approach To Analyze The Impact Of Gray Hole Attacks In Manetidescitation
 
Compiler Design File
Compiler Design FileCompiler Design File
Compiler Design FileArchita Misra
 
introduction to cryptography and its role in information technology era
introduction to cryptography and its role in information technology eraintroduction to cryptography and its role in information technology era
introduction to cryptography and its role in information technology eraBudi Sulistyo
 
Bruteforce basic presentation_file - linx
Bruteforce basic presentation_file - linxBruteforce basic presentation_file - linx
Bruteforce basic presentation_file - linxidsecconf
 
Original image (Unification Thought)
Original image (Unification Thought)Original image (Unification Thought)
Original image (Unification Thought)derek dey
 
Pembelajaran Berbasis Riset (Hukum Gossen I)
Pembelajaran Berbasis Riset (Hukum Gossen I)Pembelajaran Berbasis Riset (Hukum Gossen I)
Pembelajaran Berbasis Riset (Hukum Gossen I)Antonius Suranto
 
7 compiler lab
7 compiler lab 7 compiler lab
7 compiler lab MashaelQ
 
Compiler Design Lab File
Compiler Design Lab FileCompiler Design Lab File
Compiler Design Lab FileKandarp Tiwari
 
Information System Security - Kriptografi
Information System Security - KriptografiInformation System Security - Kriptografi
Information System Security - KriptografiDudy Ali
 
Network security attacks
Network security attacksNetwork security attacks
Network security attacksHoang Nguyen
 
Fuzzy Set Theory
Fuzzy Set TheoryFuzzy Set Theory
Fuzzy Set TheoryAMIT KUMAR
 
Internet Banking Attacks (Karel Miko)
Internet Banking Attacks (Karel Miko)Internet Banking Attacks (Karel Miko)
Internet Banking Attacks (Karel Miko)DCIT, a.s.
 
20080916 kriptografi
20080916 kriptografi20080916 kriptografi
20080916 kriptografirohzali
 

En vedette (20)

MATERI KRIPTOGRAFI
MATERI KRIPTOGRAFIMATERI KRIPTOGRAFI
MATERI KRIPTOGRAFI
 
DISSERTATION_40096050
DISSERTATION_40096050DISSERTATION_40096050
DISSERTATION_40096050
 
An Analytical Approach To Analyze The Impact Of Gray Hole Attacks In Manet
An Analytical Approach To Analyze The Impact Of Gray Hole Attacks In ManetAn Analytical Approach To Analyze The Impact Of Gray Hole Attacks In Manet
An Analytical Approach To Analyze The Impact Of Gray Hole Attacks In Manet
 
Compiler Design File
Compiler Design FileCompiler Design File
Compiler Design File
 
introduction to cryptography and its role in information technology era
introduction to cryptography and its role in information technology eraintroduction to cryptography and its role in information technology era
introduction to cryptography and its role in information technology era
 
Bruteforce basic presentation_file - linx
Bruteforce basic presentation_file - linxBruteforce basic presentation_file - linx
Bruteforce basic presentation_file - linx
 
Original image (Unification Thought)
Original image (Unification Thought)Original image (Unification Thought)
Original image (Unification Thought)
 
Plagiarisme
PlagiarismePlagiarisme
Plagiarisme
 
Pembelajaran Berbasis Riset (Hukum Gossen I)
Pembelajaran Berbasis Riset (Hukum Gossen I)Pembelajaran Berbasis Riset (Hukum Gossen I)
Pembelajaran Berbasis Riset (Hukum Gossen I)
 
Sosdarkam SMKN 1 cibinong 13 April 2016
Sosdarkam SMKN 1 cibinong 13 April 2016Sosdarkam SMKN 1 cibinong 13 April 2016
Sosdarkam SMKN 1 cibinong 13 April 2016
 
Cd lab manual
Cd lab manualCd lab manual
Cd lab manual
 
7 compiler lab
7 compiler lab 7 compiler lab
7 compiler lab
 
Compiler Design Lab File
Compiler Design Lab FileCompiler Design Lab File
Compiler Design Lab File
 
Information System Security - Kriptografi
Information System Security - KriptografiInformation System Security - Kriptografi
Information System Security - Kriptografi
 
Network security attacks
Network security attacksNetwork security attacks
Network security attacks
 
Plagiarisme
PlagiarismePlagiarisme
Plagiarisme
 
Fuzzy Set Theory
Fuzzy Set TheoryFuzzy Set Theory
Fuzzy Set Theory
 
Internet Banking Attacks (Karel Miko)
Internet Banking Attacks (Karel Miko)Internet Banking Attacks (Karel Miko)
Internet Banking Attacks (Karel Miko)
 
20080916 kriptografi
20080916 kriptografi20080916 kriptografi
20080916 kriptografi
 
Compiler Design Material
Compiler Design MaterialCompiler Design Material
Compiler Design Material
 

Similaire à Critical Security And Compliance Issues In Internet Banking

Application Security Review 5 Dec 09 Final
Application Security Review 5 Dec 09 FinalApplication Security Review 5 Dec 09 Final
Application Security Review 5 Dec 09 FinalManoj Agarwal
 
Lunch and Learn: June 29, 2010
Lunch and Learn: June 29, 2010Lunch and Learn: June 29, 2010
Lunch and Learn: June 29, 2010prevalentnetworks
 
Questions for a Risk Analyst Interview - Get Ready for Success.pdf
Questions for a Risk Analyst Interview - Get Ready for Success.pdfQuestions for a Risk Analyst Interview - Get Ready for Success.pdf
Questions for a Risk Analyst Interview - Get Ready for Success.pdfinfosecTrain
 
𝐑𝐢𝐬𝐤 𝐀𝐧𝐚𝐥𝐲𝐬𝐭 𝐈𝐧𝐭𝐞𝐫𝐯𝐢𝐞𝐰 𝐐𝐮𝐞𝐬𝐭𝐢𝐨𝐧𝐬
𝐑𝐢𝐬𝐤 𝐀𝐧𝐚𝐥𝐲𝐬𝐭 𝐈𝐧𝐭𝐞𝐫𝐯𝐢𝐞𝐰 𝐐𝐮𝐞𝐬𝐭𝐢𝐨𝐧𝐬𝐑𝐢𝐬𝐤 𝐀𝐧𝐚𝐥𝐲𝐬𝐭 𝐈𝐧𝐭𝐞𝐫𝐯𝐢𝐞𝐰 𝐐𝐮𝐞𝐬𝐭𝐢𝐨𝐧𝐬
𝐑𝐢𝐬𝐤 𝐀𝐧𝐚𝐥𝐲𝐬𝐭 𝐈𝐧𝐭𝐞𝐫𝐯𝐢𝐞𝐰 𝐐𝐮𝐞𝐬𝐭𝐢𝐨𝐧𝐬priyanshamadhwal2
 
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...abhichowdary16
 
S nandakumar
S nandakumarS nandakumar
S nandakumarIPPAI
 
S nandakumar_banglore
S nandakumar_bangloreS nandakumar_banglore
S nandakumar_bangloreIPPAI
 
Third Party Risk Management
Third Party Risk ManagementThird Party Risk Management
Third Party Risk ManagementEC-Council
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubKaushal Trivedi
 
Web Application Security Testing
Web Application Security TestingWeb Application Security Testing
Web Application Security TestingMarco Morana
 
Emerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityEmerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityJessica Santamaria
 
Emerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityEmerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityJessica Santamaria
 
CRS Company Overview -Feb 6 2017
CRS Company Overview -Feb 6 2017CRS Company Overview -Feb 6 2017
CRS Company Overview -Feb 6 2017Joseph John
 
ByteCode pentest report example
ByteCode pentest report exampleByteCode pentest report example
ByteCode pentest report exampleIhor Uzhvenko
 

Similaire à Critical Security And Compliance Issues In Internet Banking (20)

Application Security Review 5 Dec 09 Final
Application Security Review 5 Dec 09 FinalApplication Security Review 5 Dec 09 Final
Application Security Review 5 Dec 09 Final
 
It Audit And Forensics
It Audit And ForensicsIt Audit And Forensics
It Audit And Forensics
 
David Whitaker: Managing Your Vendors
David Whitaker: Managing Your VendorsDavid Whitaker: Managing Your Vendors
David Whitaker: Managing Your Vendors
 
Core.co.enterprise.deck.06.16.10
Core.co.enterprise.deck.06.16.10Core.co.enterprise.deck.06.16.10
Core.co.enterprise.deck.06.16.10
 
IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security Audit
 
Lunch and Learn: June 29, 2010
Lunch and Learn: June 29, 2010Lunch and Learn: June 29, 2010
Lunch and Learn: June 29, 2010
 
Questions for a Risk Analyst Interview - Get Ready for Success.pdf
Questions for a Risk Analyst Interview - Get Ready for Success.pdfQuestions for a Risk Analyst Interview - Get Ready for Success.pdf
Questions for a Risk Analyst Interview - Get Ready for Success.pdf
 
𝐑𝐢𝐬𝐤 𝐀𝐧𝐚𝐥𝐲𝐬𝐭 𝐈𝐧𝐭𝐞𝐫𝐯𝐢𝐞𝐰 𝐐𝐮𝐞𝐬𝐭𝐢𝐨𝐧𝐬
𝐑𝐢𝐬𝐤 𝐀𝐧𝐚𝐥𝐲𝐬𝐭 𝐈𝐧𝐭𝐞𝐫𝐯𝐢𝐞𝐰 𝐐𝐮𝐞𝐬𝐭𝐢𝐨𝐧𝐬𝐑𝐢𝐬𝐤 𝐀𝐧𝐚𝐥𝐲𝐬𝐭 𝐈𝐧𝐭𝐞𝐫𝐯𝐢𝐞𝐰 𝐐𝐮𝐞𝐬𝐭𝐢𝐨𝐧𝐬
𝐑𝐢𝐬𝐤 𝐀𝐧𝐚𝐥𝐲𝐬𝐭 𝐈𝐧𝐭𝐞𝐫𝐯𝐢𝐞𝐰 𝐐𝐮𝐞𝐬𝐭𝐢𝐨𝐧𝐬
 
ISACA ISSA Presentation
ISACA ISSA PresentationISACA ISSA Presentation
ISACA ISSA Presentation
 
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
 
S nandakumar
S nandakumarS nandakumar
S nandakumar
 
S nandakumar_banglore
S nandakumar_bangloreS nandakumar_banglore
S nandakumar_banglore
 
Third Party Risk Management
Third Party Risk ManagementThird Party Risk Management
Third Party Risk Management
 
Risk Assessment Methodologies
Risk Assessment MethodologiesRisk Assessment Methodologies
Risk Assessment Methodologies
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit Club
 
Web Application Security Testing
Web Application Security TestingWeb Application Security Testing
Web Application Security Testing
 
Emerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityEmerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and Security
 
Emerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityEmerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and Security
 
CRS Company Overview -Feb 6 2017
CRS Company Overview -Feb 6 2017CRS Company Overview -Feb 6 2017
CRS Company Overview -Feb 6 2017
 
ByteCode pentest report example
ByteCode pentest report exampleByteCode pentest report example
ByteCode pentest report example
 

Dernier

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 

Dernier (20)

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 

Critical Security And Compliance Issues In Internet Banking

  • 1. Presented By: Thomas A. Donofrio Director of Technology Audit and Consulting Services CRITICAL SECURITY AND COMPLIANCE ISSUES IN INTERNET BANKING
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16. New E-customer verification, if not face to face, requires: Positive verification Logical verification with customer of general information Use of digital certificates Authentication of E-customers Technology Risk Management: Components of an E-Banking Risk Assessment Model and Security Guidelines
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29. Needs Assessment - E-Insurance Analysis of your current commercial coverage Determine if new e-insurance offerings duplicate Customer privacy violations, specific business interruptions or denial of access may have limited coverage or no coverage at all
  • 30. Does current business coverage meet needs if modified? If new coverage is needed, how does it work and how are losses valued? When will coverage in proposal be available? Needs Assessment - E-Insurance Coverage questions to assist in determining e-insurance needs Require outsourcing partners e-insurance as part of contract SLA