1. A R Mankodi
Faculty- NIIT IFBI
JAIIB-CAIIB (SSBF)
URICM -HDCM
EX Faculty- GLS University
IPPB
IBPS
Ex Director- Karnavati Coop Bank
Ex CEO- Guj State Coop Union
Ex DGM- A D C Bank
AMCO Bank
Secretary- Ahmadabad Bankers’ Club
Cyber Security & IT Policy
2. What it is Security?
• Cyber security is the protection of internet-connected systems,
including hardware, software and data, from cyber attacks
• In a computing context, security comprises cyber security and
physical security
• Both are used by enterprises to protect against unauthorized
access to data centres and other computerized systems.
• Information security, (IT) which is designed to maintain the
confidentiality, integrity and availability of data to only
authorised owner. Mean Identity, Login and password, PIN and
MPIN
Stealing or getting through unauthorized means somebody's physical or intellectual asset
without one’s knowledge or approval and use it for benefit
What is Cyber Security ?
3. Understand the importance
Hackers managed to siphon off over Rs 94 crore through a malware
attack on the server of Pune based cosmos bank
Transactions were carried out on August 11 and August 13 in 2018
In two days – 79 crore from various ATMs in 28 countries and
another 2.5 crore were taken out within India
Security breaches at Indian banks have happened in the past, too. In
2016, in one of the biggest ever breaches of financial data in India,
credit and debit cards of 3.2 million banking customers were
compromised. This was caused by a malware in the systems
Of Payments Services, which runs and manages ATM networks. Ninety
of Yes Bank ATMs that were affected and data from cards used at these
ATMs were stolen.
Between 2015 and 2017, digital payment transactions have grown at an
average annual pace of more than 50%, and instances of data thefts like
these can be a huge deterrent
4. What is Cyber Crime
• Cyber crime encompasses any criminal act dealing with
computers and networks (called hacking).
• Additionally, cyber crime also includes traditional crimes
conducted through the Internet
• For example; hate crimes, telemarketing and Internet
fraud, identity theft, and credit card account thefts etc.
when the illegal activities are committed
through the use of a computer and the
Internet they are Known as Cyber Crime
5. Types Of Cyber Crime
• Hacking – Compromise Identity
• Virus dissemination
• Logic bomb Set of commands harmful on execution
• Denial-of-Service attack
• Email bombing and spamming
• Web Jacking-Control web of some other
• Identity theft and Credit Card Fraud
• Ransom ware Data hostage for Ransom(Money)
• Phishing –Sending E mails of some others mail, stealing
Identity and password
6. Major Cyber security Threats in
Banking Sector
• Unencrypted Data
• New automation technology without Security
• Unprotected Third Party Services
• Unsecured Mobile banking
• A constantly changing threat landscape
• False Positives
• The Big Breach
7. Types of Cyber Securities
• Information security
• Disaster recovery
• Network security
Banks need to be on their guard more than most
businesses.
That's the cost of holding onto the kind of
valuable personal data that banks do.
Your data with the bank can be breached if not
protected from cybercrime threats
8. The Key to Fast Remediation
• Here’s the bottom line:
• Breaches are unavoidable.
• While preventing attacks will always be critical, the goal
has shifted to locating and terminating breaches as quickly
as possible to mitigate damage. This hinges upon achieving
fully contextualized visibility across the security footprint.
Simplify: Threat Nexus ingests all data from all tools across
the SOC, allowing analysts to quickly understand the
context behind events in order to build a true end-to-end
perspective.
9. Security Tools
• Cyber Security Policy to be distinct from the IT policy
• The Cyber Security Policy should be distinct from the
IT/IS policy so that it highlights the risks from cyber
threats and the measures to address/reduce these
risks. Rate each of these risks as Low, Medium, High
and Very High.
1 Technologies: Security incident event management (SIEM), Privilege
Identity Management (PIM), database activity
monitoring, etc.
2 Delivery Channel: ATM, PoS, IMPS, etc.
3 Digital products: m-Banking, UPI, e-Wallet, etc.
4 Internal threats: Critical & sensitive data compromise, password
theft, internal source code review, etc.
5 External threat: DDoS, Ransom ware, etc.
10. Cyber Security Requirement
• Network Management and Security
• Secure Configuration
• Application Security Life Cycle (ASLC)
• Change Management
• Periodic Testing –Web, Mobile and Net(VA/PT)
• Vulnerability Assessment/ Penetration Testing
• VA six monthly/PT Yearly
• Control / Management
• Authentication Framework for Customers
• Anti-Phishing
• Data Leak Prevention Strategy
• Audit Logs
• Incident Response and Management
• Anti Virus Software and updating
• Inventory Management