Can I Sign Rhode Island Banking Document

Can i industry sign banking rhode island document computer

in this position we are going to talk about the cybersecurity and how it really helps the bank's executives what all regarding the cybersecurity a bank executive needs to be aware of so the focus is more on that and whenever we are bringing in the word cybersecurity we are referring to the ability to protect or defend the use of the fiber space more to the Internet related space from fiber attack so our data getting stolen right the networks getting attacked all these things come under the cyber attacks now the article which primarily focuses on what all the cyber security related aspects fell apart needs to be comfortable with so as a part of this session I want to look at the various functions that go important pystep functions that go as a part of the cybersecurity framework when we talk about identifying all the different kinds of information rips so what is the process of identifying the various information rips how can a bank get into the protection what are the various measures available to protect the various systems of the bank various data that is collected from various sources so what are the mechanisms that are available to protect them comes the third major aspect where that detection comes up what kind of intrusions can happen what kind of data breaches can happen what kind of unauthorized access can happen through to the binding system so having some amount of an understanding of these different kinds of inclusions how do you detect them then how do you respond to all those kind of attacks so what kind of plan do you have in place to respond to those attacks what kind of things do you need to have where do you need to react immediately after a kind of a cyber attack and finally we talked about the recovery stage okay we are attacked now how do we get back now that is what talks about a recovery plan so that is what we are going to look at so as a part of the five core functions and the part of the security framework we talk about first how to identify different kinds of cyber risk so one kind of risk could be internal means done by the employees systems processes etc sometimes the attacks are external there could be an from outside there could be a raid on the banking data there could be a intrusion into the security framework right so we need to identify what are the different kinds of cyber risks that the bank can face then what are different items especially the systems and the data that needs to be protected how do you detect all these intrusions Preachers unauthorized access what are the different ways to detect them how do you respond in case there is a cyber threat that has occurred and finally what is your recovery process so that how quickly are you able to restore your operations how quickly are you able to get back to your services now the first step identifying the information threat so for that we need to have a detailed risk assessment process in place we know the definition of the risks we know it's a potential for loss all we can lose some kind of a damaged connector destruction of an asset can occur some kind of an exploitation or vulnerability resulting in a loss and especially a financial loss that is what we are defining the riskless now so how do you define or what are the different kinds of attacks that can happen especially here our focuses with respect to information well because we are only focusing on cyberattacks so our risk assessment process first should get into classification of the information different kinds of information right first make a broad classification of the different kinds of information that you have probably when I say classification some information could be crown jewels like something extremely important and known to only one or two few people then comes the next layer confidential only a few people know it should know that information but not everyone but it is very crucial information or sometimes that we require the information only for the internal use we don't want the external guys to really know about that information some information is restricted and the final is public whatever is the information that even an outsider can know so we have to really get into the classification of the information into all these kind of categories so crown jewels is very very restricted kind of an information to a public information where everyone can typically access then for each kind of information get into the identification of threats and vulnerabilities what all different threads can occur to each of this information in some cases natural disasters can spoil the information they are not in a in our hands they are external similarly I can have sometimes internal threads this information some kind of malicious software can come out are probably I can have employees because of their evil intent or it could be because of their unawareness trying to steal the information of the company or in some cases it could be even a physical attack right they could be your internet threat some kind of viruses coming up hacking happening all these things are the different threats and vulnerabilities that can occur to our information so first we are classified the information for each classified information we are trying to find out what are the threats and vulnerabilities then we need to have a measure so each of the information initially I will give a value is it a highly valued information is it a media or is it low very highly critical information will be categorized as high and normal information will be categorized as look even the risk level in case if it gets stolen what is it it is that risk associated is the chance that it can be stolen is high medium low and based on these the prioritization of the action plan will happen so the final level whether it is risky or moderate risky or low risky depends on what kind of actions that we are taking and the entire risk assessment process need to be communicated to the board and the senior management appropriately so this is where the whole first step of risk identification lights first thing classify all your information assets then identify what kind of threats and vulnerabilities are possible to each kind of information have a proper process in place to measure the risk and communicate the same to the board and the senior management right so in short if you are seeing so as a part of the risk assessment we are doing the threat the vulnerability getting into the mitigating activity is the control based on that we are identifying and prioritizing the gaps in our current process so we will update the policies built on this assessment will update the procedures will update the control and again comes a new set of processes controls etcetera that is how the whole risk identification process helps us in achieving better goals of the organization then comes the next step protecting now that we have identified different kinds of information we have classified it so now we had planned what kind of measures for what then we are trying to predict so there could be different protection mechanisms we can bring in an authentication username password now in many cases a single factor authentication may be inadequate probably I may need to have two three methods of authentication probably I may I may be after a user name password but at the same time and I also have to enter a one-time password which I get on my mobile phone or through my email or on I have to do two kinds of validation one through a mobile phone and one through an email so there could be multi factors that can come in as a part of the authentication especially for high-risk transaction don't just keep one kind of identification kind of authentication port let there be multiple factors getting into the authentication process the main intention is money laundering needs to be prevented terrorist financing needs to be stopped so probably if the access to these kind of systems come up all these kinds of new ends activities can come up the fraud can be one of the major drivers for commend one of the major modules for getting into the authentication of the customer so we can stop all these things by pro taking more and more authentication authentication strong authentication to some simply we can inhibit the identify the tip all these things can very well happen through proper customer authentication then we are talking about not just authentication we are also looking at the access control yes this person user ID and password are valid but what all can I access can he access the reports of the fever can he access all the internal reports so that is where the access controls also needs to be very strong the groundswell information which can be accessed only by some of the very very crucial people in the organization I need to separate that from less sensitive asset something which can be accessed by everyone I can't keep both of them in the same location and other people not to view this information I have to have a kind of a barrier in place which will separate the crown jewel from the less than to give effect right and I have to decide what kind of employees have what kind of access so what is the role of the employee in the organization and what is the axils that he is having towards what kind of information very very crucial aspect because that is where the tips are attached and misuse are very much possible then we are talking about security to the data instance we have different kinds of loss prevention techniques right we can do a data encryption we can get into a wireless network so there should be a very solid information security program in place which can protect the data to a large extent and configuration for our hardware software they really need to be updated if there are any unnecessary accounts people leaving the organization etc they need to be removed any kind of unnecessary services because there will be a of being part services that come as a part of the installation so we need to be very careful that any kind of unwanted services we can very well remove its any particular operating system or any particular antivirus internet security is if they have released some kind of patches expect let's make sure that we update automatically all the patches tools processes and make sure that this entire administrative rights to the entire system network is given to only a few people who are held responsible for any kind of attack that happens on the systems and then we can even have a protection through a firewall which is more like protect from the intruders put a kind of a shield against the intruder so kind of a barrier so between our network and the external it's a kind of a barrier that shields information to be accessed from our network to the outside web right so we will not get the malicious or unnecessary Internet traffic so I can make it either software based or in some cases that can be protected through a hardware as well so there should be a clear plan in place how to protect different system as the X and data from the cyber attacks that's the step number two in a cyber security framework then moving on to the step three we are looking at now comes the proactive part detecting how do I really detect if an intrusion has occurred or not if my data has been hacked or not if someone had an unauthorized access to my networks are not so this is where we really need to have a few process in place any kind of a deviation that is occurring from the normal operations right I need to have some kind of super systems in place intrusion detection systems again there are different kinds of technologies that are available to address but someone intruding into my system I need to get an information if my network is not behaving in the usual manner light eyes or more bandwidth is being consumed or whatever in that case I need to have some kind of detection system if there is any kind of an anomaly and then it was behavior I should be the team should be informed on that the log analyzer write different kinds of transactions that are performed there needs to be a clear reporting on that all kinds of configuration management version management kind of tools need to be in place and the integrity monitoring the complete monitoring of the network we need to have a few kind of tools in place so all these things if I look at the intrusion detection they look at the various areas of the computer from the computer network they look at the print various like the windows folder like the networks all these things they try to see wherever a security breach is possible they try to identify that if you are talking about network behavior anomaly detection tool they are monitoring the network if there are any kind of unusual events or trends they look at the network characteristics in real time if at all any kind of an anomalous event is identified then probably there is an alarm that is generated so there is a real-time monitoring notification reporting of the log data which will really help us in identifying at the right time if there is any kind of a breach that has on our system some of the things if I look at the common federal taxes that happened with the packs denial-of-service right some kind of an online service becomes unavailable because of too much of a traffic what purely because of the breach it is the systems are loaded with too much of a profit and a couple of online services which are highly critical online services become unavailable now nowadays these are becoming very very dangerous the intensity is the sophistication of the imprudence is becoming so high that they are coming up with some way or the other creating this kind of a denial of a service it comes under operation risk as well as reputation if services get - high priority services get heightened mission critical services get heighted probably the the reputation of the companies are at risk so it's a very very critical aspect similarly we talk about Cato corporate account takeover kind of attacks so the company's account the bank account will be your act taken over and from there some kind of unauthorized messages and transactions are being sent the whole attack is in the whole account is with the theme which will create all kinds of confusion on all kinds of worries among the customers similarly ATM cashout attacks so this is a straightforward one they are finding out ways in terms of getting cash out of the ATM so they gain the access to either the settings of the ATM and probably the steal in millions so that's the kind of a loss that could occur and then we are talking about the cryptolocker attacks it's a kind of a malware right some kind of we're virus it is sent through the mails and it has some kind of attachment and in case you open the attachment it tries to eat up all your data across all your files in the system it entered that entire data and if at all you want to decrypt it back it asks for a charge so all these kinds of attacks are very much possible on the fine sir are not just on the bank but here our focus is more on the bank that's where we are talking about it so these things need to be detected through various tools and and probably all the proactive measures need to be taken at appropriate time then comes the fourth step the response ok we have done all that is needed but still the attack has occurred how do I respond now this is where we need to have a plan in place even how do we respond initially it's willfully to have a plan in place that's why we talk about a team a core team consisting of SIBO head ite legal which are people from all critical departments of the organization should comprise property and a leader needs to be selected from that team especially for any kind of an event which is treated as a cyber attack so there should be a proper process in place how do you report it one of the different kinds of steps in it so what are the timelines when do we do what and the checklist of the items that entire thing needs to be prepared which is what we call as a incident response plan the moment we see that some attack has occurred what needs to be done there should be a proper plan in place with clear detailed steps timeline checklist etc so how to address if a damage has occurred how to address it so how much of loss e cannot incur and now go ahead mitigate that kind of a loss right to what extent I can prevent it so do we really need to capture the evidence for this right do we go home will we be going for legal aspect so what kind of evidence do we need to capture from that internet somewhere in what cases we will be typically informing this to the forensic team and getting their expert advice on it now what kind of services got affected especially network connectivity what kind of services that we are providing to the third party is not affected because of this attack so how much time we will need to get back what color how many resources what kind of resources are needed to implement the recovery strategy now what kind of strategy we need to implement and how effective it is going to be and how long the solutions are intended to last all these things need to be very clearly documented as a part of the plan and it has to be communicated across to all the key parties in the organization so whatever a data breach occurred it has to be communicated but there should be a plan in place what part of it will be reported to the media so what is the way of recording reporting this incident to all the affected individuals what is the best medium of notifying the stakeholders to recall her do we give a press notice of what is the appropriate mechanism so obvious the media responding to this breach so basically having some kind of guideline for writing and analyzing the media related stuff and who I used to be provided information and in what form that entire communication scheme should be present as a part of the incident response plan so there is a kind of protective which has to be a which has to be adhere to probably the moment the breach has occurred within 24 hours of a breach occurring all these terms need to be done find out record the date and time when the breach first has occurred when it was discovered and when the response effect effort started beginning now whoever needs to be informed especially the response team give a message to each one as quickly as possible activates everyone on the response team because the response has to be much much quicker so the entire premises needs to be secured especially where the data breaches occurred because if required remove the network correction so that further attacks can very well be prevented and at the same time the evidence needs to be preserved so there should be a quick action around the area where the data breach has occurred so stop additional for the data losses occurring which means affect all the server network whatever it is make them offline and whatever you know about the beach just document it who discovered it who reported it there are so many things that you can think of about the beach when did it happen how did you notice it all that stuff typically needs to be documented and whosoever were involved in that discovering of that breach so just have an interview with them find out how they came to know about it what prompted them to say that there is a breach and anyone else whom you think will know about the incident try interviewing them get as much of information as possible and find out what are the kind of protocols to whom we need to communicate the breach in what so identified and actually communicate the same right as us all the priorities and the risk regarding the breach so all the authorities there should be a proper communication especially the regulator of the bank and all needs to be communicated as early as possible and if required even a legal opinion also need to be taken as early as possible so that if required and in the in-depth investigation can very well be initiated and once everything is done okay the first 24 hours gone we need to have a detailed recovery plan ok the investigation will take its own time that says the incident response but in a long run we are also looking at the recovery so how do we rebuild the server how do we rebuild the database how do we rebuild the network what all things have to be brought back into place how do we restore the baseline configuration right all what is the backup procedures all needs to be in place how will we reconnect the services without too much of distortion disruption and once the recovery is done lessons learned what improvements really need to be made how do we make sure that these kind of attacks do not occur in future right - or whatever is the team which has been involved in the recovery process just review it did they respond on time so identify how much they have contributed to what extent they have stopped the further damage is there anywhere that the incident response plan can be improved is there any new learnings that we can get and make sure that the next time these kind of breaches would occur all these things can very well be of done as a part of the post recovery meeting so that there could be a continuous improvement in the so this is what a bank executives and implies me to be aware of regarding the cybersecurity so although is the area's all these aspects which I mentioned as a part of the agenda I think I've covered them in the last few minutes so if you have any further queries you can very well give me a column the number given below or you can send in an email at once is the red page gurus dot-com thanks a lot for listening to this video thank you very much