BITS Initiatives 2001 2002

1
BITS Initiatives2001 - 2002
Catherine A. Allen Chief Executive Officer
BAFT 79th Annual Meeting The Westin Rio Mar
Beach Puerto Rico May 6 - 9, 2001
2
BITS Structure

• CEO Created and Driven
• Sister Organization to the Financial Services
• Roundtable Not for Profit Consortium
• Membership Made of CEOs, CIOs, CTOs of 100
  Largest Financial Services Organizations
• Over 800 Executives Actively Involved
• Four Years Old Located in Washington, DC
• Staff Of 17 Full Time Budget of 5MM

3
BITS Board of Directors
4
BITS Board of Directors
Founding Board Directors Emeritus
5
BITS ORGANIZATION
Steering Committees and Working Groups

• Security Lab
• FS/ISAC
• Security Alerts
• CIP
• Insurance
• IT Service Providers Working Group

• Privacy Research
• Education
• Government Liaison
• Public Policy

• ISTPA
• IFX Forum
• Authentication Standards
• Datafeeds Standards

• EA/ECP
• E Signature
• Value of Information
• Fraud Reduction

• Wireless Technologies
• Aggregation Services
• B-to-B E Commerce
• Business Method Patents

6
BITS Advisory Group
7
BITS Advisory Group
8
Market Forces that Drive FIs

• Rapid development/deployment of new technologies.
• Incidents, concerns and legislation/regulation
  related to privacy and security.
• Globalization of markets, competition and issues.
• Security and privacy practices of outsourcers,
  service providers and aggregators.
• Urgency to migrate legacy systems.

9
Market Forces, continued

• Growth of aggregation services that potentially
  disintermediate customers and commoditize
  products and services.
• Increased threats to the current and new payments
  systems.
• The need to identify and form alliances quickly
  and effectively.
• Powerful, well-capitalized players moving into
  financial services businesses.

10
BITS Mission Statement

• BITS Mission is to serve the financial services
  industrys needs at the interface between
  commerce, technology and financial services.

Commerce
Financial Services
Technology
11
Imperative for Collaborative Action Exists in a
Number of Areas

Privacy
e Commerce Market Development
Standards
Infrastructure Leverage
Security
12
How BITS Works
Identifies Critical Issues
Assesses Impact on Financial Institutions and
What to Do
Makes Recommendations to the BITS Board
Implements Action Steps
Monitors Results and Reports Back to BITS Board
13
BITS At-a-Glance
14
(No Transcript)
15
BITS Initiatives
Future
Value of Information
Authentication Issues


B-to-B E-Commerce Framework
EA/ECP
Wireless Technologies
Outsourcers Business Practices
Electronic Signatures
Aggregation Services
Business Method Patents
Security Lab and Related Initiatives
Today
Privacy
Fraud Reduction Program
Strategic
Operational
16
Current BITS Initiatives and Benefits to Members
BITS Contacts Gary Roboff
Leslie Mitchell
17
Current Initiatives and Benefits,continued
BITS Contacts Jennifer Dickerson
Peggy Lipps

18
Current Initiatives and Benefits,continued
BITS Contact Leslie Mitchell

19
Current Initiatives and Benefits,continued
BITS Contacts Cheryl Charles
John Burke
20
Current Initiatives and Benefits,continued
BITS Contacts Cheryl Charles
Gary Roboff
21
Current Initiatives and Benefits,continued
BITS Contact Robin Slade
22
Current Initiatives and Benefits,continued
BITS Contact Leslie Mitchell
Gary Roboff

23
Current Initiatives and Benefits,continued
BITS Contacts Jennifer Dickerson Peggy
Lipps
John Burke
24
Current Initiatives and Benefits,continued
BITS Contact Robin Slade
25
Current Initiatives and Benefits,continued
BITS Contact Laura
Lundin
Jennifer Dickerson
26
Current Initiatives and Benefits,continued
BITS Contacts Faith Boettger Peggy
Lipps
27
Current Initiatives and Benefits,continued
BITS Contacts Laura Lundin
Peggy Lipps

28
Internet connection is increasingly cited as a
frequent point of attack
2000 443 Respondents/68 1999 324
Respondents/62 1998 279 Respondents/54 1997
391 Respondents/69 1996 174 Respondents/40
CSI/FBI 2000 Computer Crime and security
Survey Source Computer Security Institute
29
Financial losses by type of attack or misuse
2000 477 Respondents/74 1999 265
Respondents/51 1998 376 Respondents/73 1997
422 Respondents/75
CSI/FBI 2000 Computer Crime and security
Survey Source Computer Security Institute
30
Dollar amount of losses by type
2000 273 Respondents/42
CSI/FBI 2000 Computer Crime and security
Survey Source Computer Security Institute
31
Likely sources of attack
2000 583 Respondents/90 1999 460
Respondents/88 1998 428 Respondents/83 1997
503 Respondents/89
CSI/FBI 2000 Computer Crime and security
Survey Source Computer Security Institute
32
Strategic GoalsSecurity and Risk Assessment

• Increase public and private sector confidence in
  the security of e-commerce.
• Provide leadership in addressing security issues
  for all financial services companies.
• Partner with government agencies and regulators
  in the assessment of needed legislation and
  regulation.
• Influence key technology providers on security
  aspects of product and service development.

33
SRA Major Initiatives

• Security Briefings allow members to quickly come
  together to address current security exposures
  and review security issues as they arise.
• The BITS Outsourcers/Service Providers Working
  Group will research the control, security
  privacy, and reporting requirements for
  outsourcers.
• The BITS Financial Services Security Lab tests
  e-commerce products and services against defined
  security criteria and awards a BITS Tested Mark
  upon successful testing
• The Financial Services Information Sharing and
  Analysis Center (FS/ISAC) provides a secure
  facility for authenticated and anonymous sharing
  of information on threats, incidents,
  vulnerabilities and solutions.

34
Security and Risk Assessment Steering Committee

• American Bankers Association
• ABN Amro
• Aegon USA
• Allfirst
• AMSouth Bank
• BBT
• Bank of America
• Bank One Corporation
• Bank of New York
• Capital One
• Centura
• Chase Manhattan Bank
• Citigroup
• Comerica
• Credit Suisse First Boston
• Fidelity
• First Union Corporation
• First Virginia
• Fortis/Assurant Group

• HSBC
• Huntington National
• IBJ Whitehall
• KeyCorp
• MI Corporation
• MT Bank
• Mellon Bank
• Mercantile Bankshares
• Nationwide
• Northern Trust Bank
• PNC Bank Corporation
• Raymond James Financial
• Regions Financial
• State Farm
• Summit Bank
• SunTrust Banks
• Synovus
• USAA
• Wells Fargo

35
BITS Financial Services Security Lab Benefits to
the Industry

• Maintain and enhance the security of e-commerce
  and payments technology
• Cost and time savings on individual institution
  product testing and through product life cycle
  extensions
• Shared knowledge of successful security
  infrastructure
• Proactive, private sector leadership eases the
  need for regulatory body action

36
BITS Security Lab Criteria

• Security Features
• Identification
• Non-repudiation
• Authentication
• Authorization
• Confidentiality
• Data Integrity
• Audit
• Data Disposal
• System Integrity
• Security Administration
• Guidance
• Functionality
• Usability
• Scalability

37
BITS Security LabProduct Class Examples

• Applications Client and Server
• Electronic Bill Payment/Presentment Clients,
  Servers and Gateways
• Browsers
• E-mail and Messaging Clients
• ERP Clients and Servers
• Web Servers
• Authentication Systems
• Smartcards
• Public Key Infrastructure (PKI)
• Biometrics

• Access Control and Administration Systems
• Security Administration Tools
• Authorization Systems
• Operating System Access Control Products
• Monitoring and Intrusion Detection Systems
• Intrusion Detection Systems

38
BITS Security Lab Product Class Examples

• Network Security Products
• Firewalls
• VPNs
• Network Encryption Systems
• Application Security Products
• Email Security Tools
• Content Filters
• Databases
• Assessment Tools
• Network Security Scanners
• System Security Scanners
• Desktop Audit Tools

• APIs
• Security APIs
• Desktop Security Products
• Anti-virus Products
• Operating Systems
• Routers
• Messaging Systems
• Middleware Systems
• Transaction Processing Systems

39
Product Security Profile Development
Financial Institution Profile Leader

• Profile will be constructed from various
  criteria
• Common Criteria (ISO/IEC 15408)
• OCC Bulletins 98-03, 98-38
• Sound Practices Guidelines on Information
  Security, Federal Reserve Bank of New York
• ANX Certification Criteria
• Bellcore GR-1332, TR-815
• BS-7799, Code of Practice for Information
  Security Management
• ANSI X9 and IETF Working Group Standard, where
  appropriate

40
Product Security Profile Development
Initial Strawman Draft
Financial Services Work Group Review
Profile Workshop with All Stakeholders
Revised Draft Posted for Public Comment Period
Working Group Analyzes Incorporates Comments
Finalized Profile Presented to LGC for Approval
Ready for Product Testing
Profile Criteria is Maintained
41
Current Initiatives and Benefits,continued

BITS Contact Jennifer Dickerson
42
Current Initiatives and Benefits,continued
BITS Contacts Cheryl Charles
Gary Roboff
43
Key Initiatives With Global Impact

• Aggregation Services Guidelines
• Standards
• Basel Committee on E-Banking
• OECD
• Canadian Payments Association
• Security and Risk Management
• Security Lab Criteria Development
• CIP
• FS/ISAC
• Privacy Research
• EU Directive
• ISTPA

44
Key Initiatives With Global Impact (Cont)

• Outsourcers Business Practices
• Framework Standards
• Wireless Technologies
• RFIs Standards
• Business Method Patents
• Prior Art
• Authentication
• Standards

45
For More Information BITS_at_fsround.orgTel.(202)
289-4322 www.BITSinfo.orgBITS Staff
ContactCatherine A. Allen, CEO
cathy_at_fsround.orgCatherine Anderson,
Communications Manager cmarie_at_fsround.org Tanya
Bailey, Director, Meetings tanya_at_fsround.orgWatti
e Bennett, Executive Assistant wattie_at_fsround.org
Faith Boettger, Senior Director
faith_at_fsround.orgJohn Burke, Outside Counsel
jburke_at_foleyhoag.comCheryl Charles, Senior
Director cheryl_at_fsround.orgJennifer Dickerson,
Senior Director Jennd_at_fsround.orgJennifer
Houghton, Administrative Assistant
Jennh_at_fsround.orgTeresa Lindsey, Chief of Staff,
Senior Director teresa_at_fsround.orgPeggy Lipps,
Senior Director peggy_at_fsround.orgLaura Lundin,
Senior Director laura_at_fsround.orgStefanie Meeks,
Manager, Member Relations Stefanie_at_fsround.orgLes
lie Mitchell, Director leslie_at_fsround.orgGary
Roboff, Senior Consultant garyrobof1_at_aol.com
Iris Simpson, Administrative Assistant
iris_at_fsround.orgRobin Slade, Project Manager
robin_at_fsround.orgBen Stafford, Project Manager
ben_at_fsround.orgKeviar Warner, Administrative
Assistant keviar_at_fsround.orgHeather Wyson,
Administrative Assistant heather_at_rsround.org