Information Security Update Threats - PowerPoint PPT Presentation

1 / 16
About This Presentation
Title:

Information Security Update Threats

Description:

Bank Supervision. What. Oversee the safety and soundness of US ... Decentralized element of the US central bank comprised of 12 separately incorporated Banks ... – PowerPoint PPT presentation

Number of Views:62
Avg rating:3.0/5.0
Slides: 17
Provided by: hostSou
Category:

less

Transcript and Presenter's Notes

Title: Information Security Update Threats


1
Information Security UpdateThreats
Opportunities
  • Atlanta ARMA Meeting
  • May 20, 2008
  • Brad Joiner
  • Information Security Officer
  • Federal Reserve Bank of Atlanta

2
Information Security Update Threats
Opportunities
  • Agenda
  • Federal Reserve System Overview
  • Functions
  • Structure
  • Information Security Threats
  • 2008 Trends and Observations
  • Information Security Opportunities
  • People
  • Processes
  • Technology
  • Questions and Answers

3
Information Security Update Threats
Opportunities
  • Federal Reserve System Overview
  • Functions
  • Monetary Policy
  • What
  • Manage the availability and cost of money and
    credit
  • Why
  • Protect dollar purchasing power, encourage
    economic growth and high levels of employment,
    and foster reasonable balance in transactions
    with other nations
  • How
  • Open Market Operations
  • Purchase and sale of government securities in the
    open market
  • Discount Rate
  • Interest rate charged to depository institutions
    for short-term loans
  • Reserve Requirements
  • Percentage of deposits that depository
    institutions must set aside as reserves

4
Information Security Update Threats
Opportunities
  • Federal Reserve System Overview
  • Functions
  • Bank Supervision
  • What
  • Oversee the safety and soundness of US commercial
    banks
  • Why
  • Ensure commercial banks serve their depositors
    and communities and are operated in accordance
    with sound banking principles
  • How
  • Regulation
  • In conjunction with other federal and state
    regulatory agencies, create regulations
    applicable to commercial banks
  • Approve mergers and acquisitions
  • Regulate US bank foreign activity and activities
    of foreign banks operating in US
  • Supervision
  • In conjunction with other federal and state
    regulatory agencies, examine commercial bank
    compliance with all applicable regulations and
    laws

5
Information Security Update Threats
Opportunities
  • Federal Reserve System Overview
  • Functions
  • Services to Depository Institutions
  • What
  • Provide payment system services and assist with
    safekeeping and transfer of securities
  • Why
  • Ensure the safe and efficient operations of US
    payment system services
  • How
  • Check Collection
  • Collect and process inter-bank checks
  • Electronic Payments and Funds Transfers
  • Process automated clearinghouse electronic
    payments
  • Facilitate inter-bank electronic funds transfer
    activity
  • Cash
  • Store and distribute notes and coins to
    depository institutions

6
Information Security Update Threats
Opportunities
  • Federal Reserve System Overview
  • Functions
  • Services to the US Treasury
  • What
  • Serve as US Treasurys checking account and
    fiscal agent
  • Why
  • Ensure efficient operations of US Treasury
  • How
  • Checking Account
  • Facilitate the transfer of funds between the US
    Treasury and depository institutions
  • Fiscal Agent
  • Facilitate the auction of US Treasury securities
    and bonds

7
Information Security Update Threats
Opportunities
  • Federal Reserve System Overview
  • Structure
  • Board of Governors
  • Independent government agency led by 7 governors
  • Participates in formulation of monetary policy,
    sets reserve requirements, and approves discount
    rate changes
  • Establishes and administers financial safety and
    soundness and consumer protection regulations,
    and administers bank consolidation regulations
  • Oversees Reserve Banks services to depository
    institutions, bank supervision functions, and
    accounting procedures and approves Reserve Banks
    budgets

8
Information Security Update Threats
Opportunities
  • Federal Reserve System Overview
  • Structure
  • Reserve Banks
  • Decentralized element of the US central bank
    comprised of 12 separately incorporated Banks
  • Boston, New York, Philadelphia, Cleveland,
    Richmond, Atlanta, Chicago, St. Louis,
    Minneapolis, Kansas City, Dallas, and San
    Francisco
  • Monitor national and international economic
    conditions and provide monetary policy input
  • Hold reserve requirements, set the discount rate,
    and serve as the lender of last resort to
    depository institutions
  • Provide payment services to depository
    institutions and the US Treasury
  • Examine and supervise certain types of depository
    institutions

9
Information Security Update Threats
Opportunities
  • Information Security Threats
  • 2008 Trends and Observations
  • Hackers
  • Increased involvement of organized crime,
    state-sponsored, and terrorist groups from across
    the world
  • Less experience required due to increased
    availability of tools and shared knowledge
  • Increased emphasis on for profit and political
    hacking activities
  • Vulnerabilities
  • Commoditization
  • Increased number of market places where security
    research is bought and sold
  • Zero-Day
  • Increased number of previously unknown computer
    system vulnerabilities for which no patch or fix
    is currently available

10
Information Security Update Threats
Opportunities
  • Information Security Threats
  • 2008 Trends and Observations
  • Malware
  • Proliferation
  • Six-fold increase in identified malware from 2006
    to 2007 with 2008 expected to surpass all
    previous years
  • Sophistication
  • Anti-virus and malware scanning tool
    effectiveness greatly reduced as the number of
    stealthy and sophisticated malware exponentially
    increases
  • Commoditization
  • Increased number of market places where malware
    is bought and sold

11
Information Security Update Threats
Opportunities
  • Information Security Threats
  • 2008 Trends and Observations
  • Client-side Attacks
  • Web browser exploitation increasingly used as a
    means of compromising computer systems
  • Wireless Networks
  • Increased usage of corporate and private wireless
    networks provides additional opportunities for
    hackers to attack mobile computers
  • Remote Access
  • Remote access connectivity via virtual private
    networks (VPN) increases risk of compromise for
    both mobile devices and corporate computer
    systems
  • Denial of Service (DoS)
  • Proliferation of unknowingly compromised systems
    (botnets) and broadband connectivity increases
    risk of attacks designed to prevent legitimate
    users from accessing a systems services

12
Information Security Update Threats
Opportunities
  • Information Security Threats
  • 2008 Trends and Observations
  • Spear Phishing
  • Increased use of email attacks leveraging readily
    available personal data and common file
    attachments (Word, Excel, PowerPoint) to gain
    confidential information or compromise computer
    systems
  • Mobile Devices
  • Increased use of laptop computers and portable
    storage devices raises risk of stolen or lost data

13
Information Security Update Threats
Opportunities
  • Information Security Opportunities
  • People
  • Training and Awareness
  • Mandatory on-line information security training
    and acknowledgment of computer roles,
    responsibilities, and policies for all staff
  • Processes
  • Information Security Policy
  • Comprehensive body of information security
    principles, practices, standards, and controls
  • Risk Management Structure
  • Standardized processes for identifying and
    centrally tracking computer system risks across
    the organization
  • Testing
  • Ongoing testing of compliance with standards and
    controls

14
Information Security Update Threats
Opportunities
  • Information Security Opportunities
  • Technology
  • Data Encryption
  • Encryption of network storage, notebook
    computers, flash drives, and BlackBerry devices
  • Two-Factor Authentication
  • Muti-factor authentication (something you
    know/something you have) required for
    workstation, network, and remote connectivity
    access
  • Least User Access
  • Users provided with the minimum level of access
    to computer systems required to perform their
    jobs
  • Information Flow Control
  • Segregation of computer system users and devices
    based on business need or function

15
Information Security Update Threats
Opportunities
  • Information Security Opportunities
  • Technology
  • Vulnerability and Compliance Assessment Tools
  • Automated tools used to identify vulnerabilities
    and assess compliance with standards and controls
  • Patch Management and Remediation Tools
  • Automated tools used to patch computer systems
    and remediate instances of noncompliance with
    standards and controls
  • Web Filtering Tools
  • Automated tools used to block access to dangerous
    or questionable categories of web sites

16
Information Security Update Threats
Opportunities
  • Questions and Answers
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Information Security Update Threats" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!