Risk Assigment BIS12FT
-
Upload
richard-lane -
Category
Documents
-
view
219 -
download
0
Transcript of Risk Assigment BIS12FT
-
8/10/2019 Risk Assigment BIS12FT
1/26
University of Technology Mauritius
Assignment on:
Risk Assessment and Mitigation Strategiesof HSBC bank
Submitted By:
Burthen Muhammad Nawfal
Geerutsing Govind Kumar
Avikesh Gookooluk
Roham Muhammad Mouzammil
Course: BS!"#!$T Module name: nformation Risk
Module Code: SM #"#%C
Table of Content:
-
8/10/2019 Risk Assigment BIS12FT
2/26
1. Introduction
Page:
1. Introduction:
1.1 Background of HSBC Bank: 3
1.2 Introduction to Risk assessment of the HSBC Bank: 31.3 Risk Categories of HSBC Bank: 4 10
Done By: Burthen Muhaad !a"fal ID: 1#0$3% &ign:
2
Page:
#. 'i() Manageent
2.1 Risk Management of Internet Banking: 11 * 1#
2.2 Risk Management Framework of internet anking and !o"ic#: 13 * 1$
Page: 3. Threat(
3.1 $hreats to risk assessment of HSBC Bank: 1/
3.2 Ma"icious %cti&it# 1
3.3 'atura" and $echnica" (isasters 1 * #0
3.) Internet anking threats #1
Done B : ,i)e(h +oo)oolu) ID: 1#0$4 &i n:
Page:
4. Mitigation &trategie(
).1 Mitigating Risks from Insiders attacks ##
).2 Strategies #3 * #/
Conc"usion #/
Done By: 'oha Muhaad Mou2ail ID: 1#0$$ &ign:
-
8/10/2019 Risk Assigment BIS12FT
3/26
1.1 Bac)ground of ong -ong and &hanghai Ban)ing Cororation:
HSBC was orn from one sim!"e idea * a "oca" ank ser&ing internationa" needs. In
March 1+,- HSBC o!ened its doors for usiness in Hong /ong and toda# we ser&e
around -- mi""ion customers in around +0 countries and territories.
$he e!eriences of the !ast 1)+ #ears ha&e formed the character of HSBC. % g"ance at
our histor# e!"ains wh# we e"ie&e in ca!ita" strength in strict cost contro" and in
ui"ding "ongterm re"ationshi!s with customers. HSBC has weathered change in a""
forms * re&o"utions economic crises new techno"ogies * and ada!ted to sur&i&e. $he
resu"ting cor!orate character ena"es HSBC to meet the cha""enges of the 21st centur#.
1.# Introduction to 'i() a((e((ent of the &BC Ban):
HSBC ank effecti&e risk assessment is fundamenta" to the usiness acti&ities of the
grou!. hi"e we remain committed to increasing shareho"der &a"ue # de&e"o!ing and
growing our usiness within our oarddetermined risk a!!etite we are mindfu" of
achie&ing this o4ecti&e in "ine with the interests of a"" stakeho"ders. e seek to achie&e
an a!!ro!riate a"ance etween risk and reward in our usiness and continue to ui"d
and enhance the risk assessment ca!ai"ities that assist in de"i&ering our growth !"ans in a
contro""ed en&ironment. Risk assessment is at the core of the o!erating structure of the
grou!. 5ur risk assessment a!!roach inc"udes minimi6ing undue concentrations of
e!osure "imiting !otentia" "osses from stress e&ents and ensuring the continued
ade7uac# of a"" our financia" resources.
5ur risk assessment !rocesses ha&e continued to !ro&e effecti&e des!ite a tough
economic en&ironment. 8ecuti&e assessment remained c"ose"# in&o"&ed in im!ortant
risk assessment initiati&es which ha&e focused !articu"ar"# on !reser&ing a!!ro!riate
"e&e"s of "i7uidit# and ca!ita" and effecti&e"# managing the risk !ortfo"ios. Res!onsii"it#
and accountai"it# for risk assessment resides at a"" "e&e"s within the grou! from the
oard down through the organi6ation to each usiness manager and risk s!ecia"ist.
1.3 'i() categorie( of &BC Ban):
3
-
8/10/2019 Risk Assigment BIS12FT
4/26
1. Credit ri()
9I. Credit risk com!rises counter!art# risk sett"ement risk and concentration risk. $hese
risk t#!es are defined as fo""ows:
Counter!art# risk is the risk of credit "oss to the grou! as a resu"t of fai"ure # a
counter!art# to meet its financia" and;or contractua" o"igations to the grou!. $his risk
t#!e has three com!onents:
-
8/10/2019 Risk Assigment BIS12FT
5/26
Credit ri() (uary
In genera" standardi6ed R% densities show a greater consistenc# across regions and
e!osure c"asses than ad&anced IRB as the ad&anced IRB a!!roach ref"ects the re"ati&e
risks of the different !ortfo"ios to a greater etent.
-
-
8/10/2019 Risk Assigment BIS12FT
6/26
#. Country ri()
Crossorder transfer risk in the HSBC ank herein referred to as countr# risk is the
uncertaint# that a c"ient or counter!art# inc"uding the re"e&ant so&ereign wi"" e a"e to
fu"fi"" its o"igations to the grou! outside the host countr# due to !o"itica" or economic
conditions in the host countr#.
$he countr# risk mode" a"so rates so&ereigns. So&ereign ratings are distinct from countr#
risk ratings in that the# focus on so&ereign counter!art# creditworthiness whereas
countr# risk ratings !ro&ide a more ho"istic &iew co&ering transfer and con&ertii"it#
risk economic 9or credit !ortfo"io risk as we"" as so&ereign risk. %s with countr# risk
ratings an interna" rating mode" is used to determine so&ereign ratings. $he so&ereign
mode" is an etension of the countr# mode" with so&ereign in!uts u!dated in tandem
with u!dates to the countr# mode". >ike the countr# risk mode" the so&ereign risk mode"
!ro&ides an interna" risk grade which is ca"irated to a 1 to 2- rating sca"e. So&ereign risk
re&iews occur in tandem with countr# re&iews with the research !rocess under!inning
so&ereign re&iews com!ara"e with the countr# risk !rocess.
Countries and so&ereigns rated + and higher referred to as medium and high risk
countries and so&ereigns are su4ect to increased centra" monitoring. For those with an
interna" risk grade of ? and "ower referred to as "ow risk countries and so&ereigns a
"esser degree of ana"#sis is genera""# !erformed.
Countr# concentration risk is managed
and monitored # geogra!hic region
and countr#.
3.5i6uidity ri()
>i7uidit# risk arises when the grou!
des!ite eing so"&ent cannot maintain
or generate sufficient cash resources to
meet its !a#ment o"igations as the#
fa"" due or can on"# do so at materia""# disad&antageous terms $his t#!e of e&ent ma#
,
-
8/10/2019 Risk Assigment BIS12FT
7/26
arise where counter!arties who !ro&ide the ank with funding withdraw or do not ro""
o&er that funding or as a resu"t of a genera"i6ed disru!tion in asset markets which resu"ts
in norma""# "i7uid assets ecoming i""i7uid.
5i6uidity and funding anageent
$he grou! manages "i7uidit# in accordance with a!!"ica"e regu"ations and internationa"
est !ractice. %s !art of a consistent "i7uidit# management !rocess the grou! is re7uired
to:
maintain a sufficient"# "arge "i 7uidit# uffer=
ensure a structura""# sound statement of financia" !osition=
manage short and "ongterm cash f"ow=
manage foreign currenc# "i7uidit#=
!reser&e a di&ersified funding ase=
undertake regu"ar "i7uidit# stress testing and scenario ana"#sis= and
maintain ade7uate contingenc# funding !"ans.
5i6uidity buffer
C5defined "imits on the asis of di&ersification and "i7uidit#
4. Mar)et ri()
$his is the risk of a change in the actua" or effecti&e market &a"ue or earnings of a
!ortfo"io of financia" instruments caused # ad&erse mo&ements in market &aria"es such
?
-
8/10/2019 Risk Assigment BIS12FT
8/26
as e7uit# ond and commodit# !rices= currenc# echange and interest rates= credit
s!reads= reco&er# rates and corre"ations= as we"" as im!"ied &o"ati"ities in a"" of the ao&e.
Overview and objectives of HSBC Bank:
e se!arate e!osures to market risk into trading and nontrading !ortfo"ios. $rading
!ortfo"ios inc"ude !ositions arising from marketmaking from !ositiontaking and others
designated as markedto market. 'ontrading !ortfo"ios inc"ude !ositions that !rimari"#
arise from the interest rate management of our retai" and CMB assets and "iai"ities
financia" in&estments designated as a&ai"a"e for sa"e and those he"d to maturit#. here
a!!ro!riate we a!!"# simi"ar risk management !o"icies and measurement techni7ues to
oth trading and nontrading !ortfo"ios. 5ur o4ecti&e is to manage and contro" market
risk e!osures in order to o!timi6e return on risk whi"e maintaining a market !rofi"e
consistent with our status as one of the wor"d@s "argest anking and financia" ser&ices
organi6ations.
Mar)et ri() table:
$. 7erational ri()
+
-
8/10/2019 Risk Assigment BIS12FT
9/26
5!erationa" risk is the risk of "oss resu"ting from inade7uate or fai"ed interna" !rocesses
!eo!"e and s#stems or from eterna" e&ents. $his inc"udes information and "ega" risk ut
ec"udes re!utation and strategic risk.
Overview and objectives of HSBC Bank:
5!erationa" risk is defined as Athe risk of "oss resu"ting from inade7uate or fai"ed interna"
!rocesses !eo!"e and s#stems or from eterna" e&ents inc"uding "ega" risk@.
5!erationa" risk is re"e&ant to e&er# as!ect of our usiness and co&ers a wide s!ectrum
of issues in !articu"ar "ega" com!"iance securit# and fraud. >osses arising from reaches
of regu"ation and "aw unauthori6ed acti&ities error omission inefficienc# fraud
s#stems fai"ure or eterna" e&ents a"" fa"" within the definition of o!erationa" risk. e
ha&e historica""# e!erienced o!erationa" risk "osses in the fo""owing ma4or categories:
fraudu"ent and other eterna" crimina" acti&ities=
reakdowns in !rocesses;!rocedures due to human error mis4udgment or ma"ice=
terrorist attacks=
s#stem fai"ure or nona&ai"ai"it#=
in certain !arts of the wor"d &u"nerai"it# and natura" disasters.
Table rere(enting the 7erational ri():
/. 'eutational ri():
-
8/10/2019 Risk Assigment BIS12FT
10/26
-
8/10/2019 Risk Assigment BIS12FT
11/26
#.1 'i() Manageent of Internet Ban)ing of the &BC Ban):
Internet anking risks can ad&erse"# im!act on an institution@s earnings and ca!ita".
$herefore an institution offering Internet anking ser&ices is re7uired to im!"ement
!ro!er and effecti&e !o"icies !rocedures and contro"s to !rotect information and ensure
its integrit# a&ai"ai"it# and confidentia"it#.
$o assist institutions to !ro!er"# identif# 7uantif# and manage risks associated with
Internet anking it is recommended that such risks e categori6ed as fo""ows:
&trategic ri()
Strategic risk stems from ina!!ro!riate usiness decision and;or incorrect im!"ementation
of decisions. %n institution ma# incur sustantia" "oss;wastage of its resources as a resu"t
of incorrect choices or decisions regarding its Internet anking strateg#. $he institutionshou"d conduct a feasii"it# stud# !rior to initiating on Internet financia" ser&ices.
Tran(action ri()
$ransaction risk resu"ts from f"aws in s#stem design im!"ementation or ineffecti&e
monitoring "eading to frauds errors and fai"ures to !ro&ide anking !roducts and
ser&ices= to contro" transaction risk there is need for ade7uate securit# and monitoring of
the Internet anking s#stem. %n institution must ha&e in !"ace !re&enti&e and detecti&e
contro"s to ward off its Internet anking s#stems from an# unauthori6ed use oth
interna""# and eterna""#. %de7uate o!erating !o"icies and !rocedures auditing standards
effecti&e risk monitoring !rocesses inc"uding contingenc# and usiness resum!tion !"ans
shou"d e im!"emented.
Coliance ri()
Com!"iance risk arises from fai"ure to oser&e "aws ru"es and regu"ations !rescried
!ractices or ethica" standards when de"i&ering Internet anking ser&ices. $he Internet
anking ser&ice shou"d e designed and o!erated in such a manner that it a"wa#s
com!"ies with a"" re"e&ant "aws and guide"ines. 8&er# institution shou"d state c"ear"# in its
$erms and Conditions for Internet Banking Ser&ices and on its wesite that the go&erning
"aw is the Mauritian "aw.
11
-
8/10/2019 Risk Assigment BIS12FT
12/26
'eutation ri()
Re!utation risk occurs when s#stems or !roducts do not work as e!ected and cause
wides!read negati&e !u"ic reaction. Internet anking s#stems that are !oor"# eecuted
wou"d !resent this risk. %n institution@s re!utation ma# a"so e affected if its Internet
anking s#stem is unre"ia"e or inefficient or the !roducts and ser&ices offered are not
!resented in a fair and accurate manner. %d&erse !u"ic o!inion ma# create a "asting
negati&e !u"ic image on the institutions@ o&era"" o!erations which ma# im!air the
institution@s ai"it# to esta"ish new re"ationshi!s or ser&ices or continue ser&icing
eisting customers and usiness re"ationshi!s. %n institution shou"d undertake immediate
and effecti&e remedies to address o!erationa" fai"ures or unauthori6ed intrusions and
ensure that time"# ste!s are taken to address ad&erse customer and media reaction.
Traditional ban)ing ri()
%n institution offering Internet anking ser&ices is faced with the same t#!es of
traditiona" anking risk such as credit risk interest rate risk "i7uidit# risk !rice risk and
foreign echange risk. $he Internet ma# howe&er heighten some of these risks. %n
institution !ro&iding Internet ser&ices shou"d therefore de&e"o! a!!ro!riate and ade7uate
s#stems to manage the &arious t#!es of traditiona" anking risks and maintain those
s#stems on a regu"ar asis.
12
-
8/10/2019 Risk Assigment BIS12FT
13/26
#.# 'i() Manageent 8rae"or) of internet ban)ing
8orulation of a olicy
$he de&e"o!ment of Internet anking widens the sco!e for increased interaction etween
institutions and their customers and o!ens u! new a&enues for crossorder anking
transactions e!osing institutions to additiona" risks. Man# as!ects of risks associated
with Internet anking are neither fu""# discerni"e nor readi"# measura"e. %ccording"#
each institution shou"d de&e"o! a risk management framework that is com!rehensi&e
enough to dea" with known risks and f"ei"e enough to accommodate changes. It shou"d
e su4ect to a!!ro!riate o&ersight # the oard of directors and senior management. $he
so!histication of the risk management !rocesses shou"d e a!!ro!riate for the
institution@s "e&e" of risk e!osure.
'ole of Board of Director(
$he oard of directors sha"" e the fo""owing:
a. %!!ro&e the Internet anking strateg# of the institution to ensure that it is
consistent with the institution@s strategic and usiness !"an=
. %!!ro&e contingenc# and usiness resum!tion !"ans that shou"d e in !"ace efore
an institution "aunches the Internet anking ser&ices.
c. Set the "e&e" of Internet anking risk and re&iew a!!ro&e and monitor Internet
anking techno"og# re"ated !ro4ects that ma# ha&e significant im!act on the institution
d. ensure that the Internet anking s#stems are o!erated in a safe and sound manner
inc"uding the a&ai"ai"it# of contingenc# and usiness resum!tion !"ans=
e. Re&iew and a!!ro&e the information securit# !o"icies=
13
-
8/10/2019 Risk Assigment BIS12FT
14/26
f. 8nsure that an ade7uate s#stem of interna" contro"s is esta"ished and maintained=
g. 8nsure that 7ua"ified and com!etent !ersons at senior "e&e" are em!"o#ed to identif#
monitor and contro" Internet anking risks and that the effecti&eness of the interna"
contro" s#stem is monitored on a regu"ar asis=
h. Carr# out an acti&e o&ersight of the management of Internet anking risk of the
institution # regu"ar"# recei&ing com!rehensi&e written re!orts identif#ing materia"
risks. In carr#ing out the ao&e res!onsii"ities the oard ma# engage the ser&ices of
outside e!erts as needed.
Internet ban)ing (ecurity rogra
Institution sha"" esta"ish a written !o"ic# on the o&era"" securit# of its Internet anking
s#stem. 8ach institution sha"" further im!"ement an o&era"" securit# !rogram which
shou"d incor!orate the institution@s risk management contro"s. $he securit# !rogram
shou"d set out the !o"icies !rocedures and contro"s to safeguard the institution@s
information define indi&idua" res!onsii"ities and descrie enforcement and disci!"inar#
actions for noncom!"iance.
$he securit# !rogram shou"d esta"ish the necessar# organi6ation structure and
accountai"it# in the !rocess of the management of risks associated with Internet
anking. $he need to create awareness throughout the organi6ation that securit# is an
im!ortant cu"tura" &a"ue shou"d a"so e ingrained in the securit# !rogram. 8&er#
institution shou"d ensure that ade7uate training is !ro&ided to the re"e&ant staff to kee!
them u!dated on new securit# risks and methods of mitigating such risks.
Senior management shou"d carr# out regu"ar securit# risk assessments to track down
interna" and eterna" threats that ma# undermine data integrit# interfere with ser&ice of
resu"t in the destruction of information. 8&er# institution shou"d esta"ish s!ecific
re!orting re7uirements for securit# reaches. Senior management shou"d ensure that the
1)
-
8/10/2019 Risk Assigment BIS12FT
15/26
securit# measures instituted are current and !ro!er"# im!"emented and com!rehensi&e
securit# !o"icies and !rocedures are stringent"# enforced.
%n institution shou"d ado!t a securit# awareness !rogram to gi&e users a c"ear
understanding of the !rocedures and contro"s necessar# for a secure en&ironment. $his
securit# awareness !rogram shou"d strengthen the institution@s securit# !o"ic# and
!rogram and ma# inc"ude for eam!"e instructions regarding !assword !rotection
Internet securit# !rocedures user res!onsii"ities and em!"o#ee disci!"inar# actions.
1-
-
8/10/2019 Risk Assigment BIS12FT
16/26
Threat( to ri() a((e((ent of &BC Ban):
% threatis an act of coercion wherein an act is !ro!osed to e"icit a negati&e res!onse. It
is a communicated intent to inf"ict harm or "oss. It can e a crime in man# 4urisdictions.
For the ank there can e interna" and eterna" threats.
Regarding interna" attacks there are "ots of them: theft of !ro!rietar# information
accidenta" or nonma"icious reaches saotage fraud &iruses and
ea&esdro!!ing;snoo!ing. $hese attacks can e !remeditated de"ierate or ma"e&o"ent.
$here are four main categories of insider threat: 91
-
8/10/2019 Risk Assigment BIS12FT
17/26
Maliciou( cti,ity
8raud9 Theft9 or Blac)ail
Since fraud theft or "ackmai" is !er!etrated more easi"# # insiders im!"ementation of
em!"o#ee awareness !rograms and com!uter securit# !o"icies is essentia". $hese threats
causes the "oss corru!tion or una&ai"ai"it# of information resu"ting in a disru!tion of
ser&ice to customers. Restricting access to information that ma# e a"tered or
misa!!ro!riated reduces e!osure.
&abotage
-
8/10/2019 Risk Assigment BIS12FT
18/26
!atural Di(a(ter(
8ire
% fire can resu"t in "oss of "ife e7ui!ment and data. $he Bank !ersonne" must know
what to do in the e&ent of a fire to minimi6e these risks. Instructions and e&acuation
!"ans shou"d e !osted in !rominent "ocations shou"d inc"ude the designation of an
outside meeting !"ace so !ersonne" can e accounted for in an emergenc# and shou"d
!ro&ide guide"ines for securing or remo&ing media if time !ermits. Fire dri""s shou"d e
!eriodica""# conducted to ensure that !ersonne" understand their res!onsii"ities. Fire
a"arm oes and emergenc# !ower switches shou"d e c"ear"# &isi"e and unostructed.
%"" !rimar# and acku! faci"ities shou"d e e7ui!!ed with heat or smoke detectors.
Idea""# these detectors shou"d e "ocated in the cei"ing in ehaust ducts and under raised
f"ooring. (etectors situated near air conditioning or intake ducts that hinder the ui"du!
of smoke ma# not trigger the a"arm. $he emergenc# !ower shutdown shou"d deacti&ate
the air conditioning s#stem. a""s doors !artitions and f"oors shou"d e fireresistant.
%"so the ui"ding and e7ui!ment shou"d e grounded correct"# to !rotect against
e"ectrica" ha6ards. >ightning can cause ui"ding fires so "ightning rods shou"d e
insta""ed as a!!ro!riate. >oca" fire ins!ections can he"! in !re!aration and training.
$hese s#stems shou"d e the staged t#!e where the action triggered # a fire detector
!ermits time for o!erator inter&ention efore it shuts down the !ower or re"eases fire
su!!ressants.
-
8/10/2019 Risk Assigment BIS12FT
19/26
&e,ere ;eather
% disaster resu"ting from an earth7uake hurricane tornado or other se&ere weather
t#!ica""# wou"d ha&e its !roai"it# of occurrence defined # geogra!hic "ocation. Ei&en
the random nature of these natura" disasters institutions "ocated in an area that
e!eriences an# of these e&ents shou"d consider inc"uding a!!ro!riate scenarios in their
usiness continuit# !"anning !rocess. In instances where ear"# warning s#stems are
a&ai"a"e management shou"d im!"ement !rocedures !rior to the disaster to minimi6e
"osses.
Technical Di(a(ter(
-
8/10/2019 Risk Assigment BIS12FT
20/26
e&ent of !ower fai"ure institutions shou"d use an a"ternati&e !ower source such as an
uninterru!ti"e !ower su!!"# 9
-
8/10/2019 Risk Assigment BIS12FT
21/26
Internet ban)ing threat(
Phi(hing
$hese attacks use socia" engineering to tra! !eo!"e into gi&ing u! their !ersona"
information. sers are sent ogus emai"s that "ure users to Internet sites that mimic
"egitimate sites. Man# users unaware that crimina" intent is ehind the emai" o!en
them fa"" into the tra! and "and u! entering !ersona" information into a fraudu"ent e
site.
Pa(("ord &tealing and Identity Theft
$hese t#!es of attacks re"# on the ai"it# of the attacker to foo" users into gi&ing u! their
!ersona" information and credentia"s. Since users are t#!ica""# &u"nera"e to these t#!es
of attacks an# method that re"ies on a credentia" that can e disc"osed is &u"nera"e to
socia" engineering attacks. 'ote howe&er that this does not inc"ude a !h#sica" transfer
ecause users can e rather easi"# foo"ed o&er the !hone or &ia emai" and the Internet to
disc"ose !ersona" information ut 4ust "ike the ke#s to their house or their %$M card
!eo!"e are "ess "ike"# to hand someone the# donDt know their !h#sica" smart card or token
de&ice.
21
-
8/10/2019 Risk Assigment BIS12FT
22/26
4. Mitigating &trategie(:
4.1 Mitigating 'i()( fro In(ider( attac)(
$oda#@s distriuted en&ironments and ra!id"# changing usiness conditions 9such as
mergers and ac7uisitions "a#offs and g"oa" sourcing make for a wide geogra!hic
distriution of users a s#stem of mu"ti!"e entr# !oints and the !otentia" for disgrunt"ed
em!"o#ees. %s a resu"t toda#@s organi6ations carr# greater risk of insider attacks. 8&er#
organi6ation must ado!t a strateg# that can he"! manage that risk effecti&e"# striking a
a"ance etween end user accessii"it# and !rotection against securit# reaches.
hen watching for insider attacks 9as o!!osed to eterna" threats the securit# 7uestion
changes from GIs the access authori6ed to GIs the eha&ior acce!ta"e hereas the
former 7uestion asks for a sim!"e #esorno answer at a sing"e !oint in time the "atter
7uestion addresses much more com!"eit#.
% user@s eha&ior encom!asses a"" e&ents in a gi&en session from eginning to end and
in&o"&es "ongterm !atterns and sut"e &ariations. %nswering this 7uestion re7uires more
so!histication and granu"arit# on the !art of the securit# s#stems. %s we intend to show in
the net few !ages there are four asic e"ements J eha&iora" ana"#sis integrated
securit# com!onents automatic res!onse and an iterati&e mode"ing !rocess J that as
!art of a com!rehensi&e a!!roach to the threat of insider attacks can he"! !ro&ide this
"e&e" of securit# so!histication.
22
-
8/10/2019 Risk Assigment BIS12FT
23/26
4.# &trategie(:
Beha,ioral analy(i(
$he ke# to thwarting an insider attack "ies in understanding the range of norma" eha&ior
in a gi&en usiness !rocess and !in!ointing eha&ior that de&iates from the norm. $hus
one of the first ste!s must in&o"&e !o"ic# making J the definition of !arameters for
acce!ta"e eha&ior within a !eer grou!. $hese !arameters wi"" ser&e as the ase"ine for
com!arati&e ana"#sis so it is im!ortant to esta"ish user !rofi"es ased on historica" data
or concrete e!erience J not 4ust usiness e!ectations that ma# or ma# not e rea"istic.
-
8/10/2019 Risk Assigment BIS12FT
24/26
ank t#!ica""# accesses 10 to 1- records !er da# it ma# e reasona"e to in&estigate an
agent who accesses 30 or more. >ikewise an organi6ation ma# deem a situation
sus!icious if an agent &iews information that is not norma""# re7uired for customer
interactions. 5n"# through ongoing contro""ed eha&iora" ana"#sis can an organi6ation
identif# these de&iations.
Integrated (ecurity coonent(
Man# organi6ations ha&e at "east some of the securit# e"ements needed to !rotect against
ma"icious interna" attacks: authentication s#stems asset tracking software de&ice and
Internet usage monitoring ca!ai"ities and other too"s. It is critica" howe&er for these
!ieces to interact as seam"ess"# as !ossi"e. Indeed one reason organi6ations find it
difficu"t to detect insider attacks is the time it takes to ana"#6e a &ast amount of data
coming from a wide arra# of de&ices entr# !oints and user accounts.
$he ank need to ena"e communication corre"ation and ana"#sis at a granu"ar "e&e"
among a wide range of securit# com!onents inc"uding authentication gatewa#s !h#sica"
securit# s#stems asset management too"s network monitoring ca!ai"ities and e
securit# !"atforms. $hese s#stems shou"d communicate in rea" time so the organi6ation
can react 7uick"# efore data can e used for i""egitimate !ur!oses J and !otentia""#
e&en !redict and !re&ent ma"icious attacks.
$he s#stems an organi6ation !uts in !"ace to monitor user eha&ior shou"d a"so e
designed to sim!"if# monitoring and !attern detection tasks for administrators.
%dministrators shou"d e a"e to access a centra" conso"e that com!i"es messages and
e&ents from s#stems that monitor e&er#thing from network de&ices to a!!"ication usage.
Manua""# re&iewing historica" "ogs and searching for com!"e re"ationshi!s across
s#stems can di&ert too much effort awa# from acti&ities of higher &a"ue and !riorit#.
Consider how much more !owerfu" an organi6ation@s !attern detection ca!ai"ities can
ecome when e&ents are corre"ated across the I$ en&ironment. For eam!"e an
organi6ation ma# run a sensiti&e a!!"ication that genera""# shou"d not e accessed
remote"#. If an em!"o#ee "ogs on to that a!!"ication without ha&ing !assed through
!h#sica" access !oints such as a adge reader or an onsite workstation an integrated
s#stem can immediate"# identif# the eha&ior as unusua" and !otentia""# harmfu".
2)
-
8/10/2019 Risk Assigment BIS12FT
25/26
ithout this automatic rea"time corre"ation the remote access ma# not e detected
7uick"# enough. % de"a# of e&en a few hours can !ro&ide an am!"e window of
o!!ortunit# for a wou"de attacker.
utoatic re(on(e
$he ank needs to recogni6e and res!ond to de&iations from norma" eha&ior as 7uick"#
as !ossi"e. Re"#ing on"# on human detection and res!onse ma# not suffice es!ecia""# if
an attack occurs during nonusiness hours.
$o !re&ent or mitigate damage the s#stems themse"&es must e ca!a"e of acting
immediate"# in res!onse to unacce!ta"e eha&ior. 5nce the eha&ior de!arts from the
standard e#ond a certain thresho"d for eam!"e the s#stem shou"d den# access to a
re7uested a!!"ication or data resource. $his nearimmediate res!onse a""ows time for
network administrators to recei&e an a"ert ana"#6e the !atterns and choose an a!!ro!riate
course of action. %nd the network administrator shou"d not ha&e to maintain dee!
securit# e!ertise to inter!ret the data or determine the net ste!s. $he securit# s#stems
shou"d automatica""# suggest a range of re"e&ant res!onses that are ased on the "atest
research and insight into securit# threats. In addition the s#stems shou"d e ca!a"e of
sorting through fa"se !ositi&es. %n a"ert s#stem that sim!"# !asses information a"ong
without asic "e&e"s of ana"#sis fai"s to add &a"ue to the monitoring !rocess.
Iterati,e odeling roce((
'o matter how much an organi6ation !re!ares for toda#@s securit# threats the risks
continue to e&o"&e. 8m!"o#ees come and go. I$ infrastructures grow and incor!orate new
techno"ogies that can introduce unforeseen &u"nerai"ities.
$o kee! sensiti&e data !rotected organi6ations must work continuous"# to remain a ste!
ahead of !otentia" attacks. Securit# s#stems shou"d !"a# a significant ro"e in theseongoing efforts. It is im!ortant not to "imit detection s#stems to narrow s!ecific ru"es
ecause the range of &a"id eha&ior shifts o&er time. Instead organi6ations shou"d
institute se"ftuning s#stems that can react a!!ro!riate"# and inte""igent"# to d#namic
usiness conditions J without the need for a fu"" redefinition of ru"es. For eam!"e a
marketing cam!aign might re7uire agents to access data that is not norma""# needed.
2-
-
8/10/2019 Risk Assigment BIS12FT
26/26
ithout the ai"it# to ada!t d#namica""# to these kinds of changes the securit# s#stems
ma# inundate administrators with fa"se !ositi&es J thus reducing the &a"ue of the a"erts.
%t the same time the s#stems need thresho"ds that are sensiti&e enough to detect sut"e
de&iations within "arge sam!"es of eha&iora" data. Striking a a"ance etween the two
etremes can e done on"# through an iterati&e mode"ing !rocess= where in monitoring
s#stems can "earn the organi6ation@s natura" rh#thms and sort through se&era" o&er"a!!ing
"a#ers of acce!ta"e eha&ior.
Conclu(ion:
$he g"oa" econom# continues to e &o"ati"e and under stress and our continued
commitment to sound risk management has !ro&ed to e effecti&e as ref"ected in our
strong ca!ita" and "i7uidit# !osition. e recogni6e that maintaining and continua""#
enhancing our risk management ca!ai"ities wi"" e critica" in the months ahead to ensure
that the grou!@s financia" and strategic o4ecti&es are achie&ed within a!!ro&ed "e&e"s of
risk a!!etite.