Risk Assigment BIS12FT

8/10/2019 Risk Assigment BIS12FT

1/26

University of Technology Mauritius

Assignment on:

Risk Assessment and Mitigation Strategiesof HSBC bank

Submitted By:

Burthen Muhammad Nawfal

Geerutsing Govind Kumar

Avikesh Gookooluk

Roham Muhammad Mouzammil

Course: BS!"#!$T Module name: nformation Risk

Module Code: SM #"#%C

Table of Content:


2/26

1. Introduction

Page:

1. Introduction:

1.1 Background of HSBC Bank: 3

1.2 Introduction to Risk assessment of the HSBC Bank: 31.3 Risk Categories of HSBC Bank: 4 10

Done By: Burthen Muhaad !a"fal ID: 1#0$3% &ign:

2

Page:

#. 'i() Manageent

2.1 Risk Management of Internet Banking: 11 * 1#

2.2 Risk Management Framework of internet anking and !o"ic#: 13 * 1$

Page: 3. Threat(

3.1 $hreats to risk assessment of HSBC Bank: 1/

3.2 Ma"icious %cti&it# 1

3.3 'atura" and $echnica" (isasters 1 * #0

3.) Internet anking threats #1

Done B : ,i)e(h +oo)oolu) ID: 1#0$4 &i n:

Page:

4. Mitigation &trategie(

).1 Mitigating Risks from Insiders attacks ##

).2 Strategies #3 * #/

Conc"usion #/

Done By: 'oha Muhaad Mou2ail ID: 1#0$$ &ign:


3/26

1.1 Bac)ground of ong -ong and &hanghai Ban)ing Cororation:

HSBC was orn from one sim!"e idea * a "oca" ank ser&ing internationa" needs. In

March 1+,- HSBC o!ened its doors for usiness in Hong /ong and toda# we ser&e

around -- mi""ion customers in around +0 countries and territories.

$he e!eriences of the !ast 1)+ #ears ha&e formed the character of HSBC. % g"ance at

our histor# e!"ains wh# we e"ie&e in ca!ita" strength in strict cost contro" and in

ui"ding "ongterm re"ationshi!s with customers. HSBC has weathered change in a""

forms * re&o"utions economic crises new techno"ogies * and ada!ted to sur&i&e. $he

resu"ting cor!orate character ena"es HSBC to meet the cha""enges of the 21st centur#.

1.# Introduction to 'i() a((e((ent of the &BC Ban):

HSBC ank effecti&e risk assessment is fundamenta" to the usiness acti&ities of the

grou!. hi"e we remain committed to increasing shareho"der &a"ue # de&e"o!ing and

growing our usiness within our oarddetermined risk a!!etite we are mindfu" of

achie&ing this o4ecti&e in "ine with the interests of a"" stakeho"ders. e seek to achie&e

an a!!ro!riate a"ance etween risk and reward in our usiness and continue to ui"d

and enhance the risk assessment ca!ai"ities that assist in de"i&ering our growth !"ans in a

contro""ed en&ironment. Risk assessment is at the core of the o!erating structure of the

grou!. 5ur risk assessment a!!roach inc"udes minimi6ing undue concentrations of

e!osure "imiting !otentia" "osses from stress e&ents and ensuring the continued

ade7uac# of a"" our financia" resources.

5ur risk assessment !rocesses ha&e continued to !ro&e effecti&e des!ite a tough

economic en&ironment. 8ecuti&e assessment remained c"ose"# in&o"&ed in im!ortant

risk assessment initiati&es which ha&e focused !articu"ar"# on !reser&ing a!!ro!riate

"e&e"s of "i7uidit# and ca!ita" and effecti&e"# managing the risk !ortfo"ios. Res!onsii"it#

and accountai"it# for risk assessment resides at a"" "e&e"s within the grou! from the

oard down through the organi6ation to each usiness manager and risk s!ecia"ist.

1.3 'i() categorie( of &BC Ban):

3


4/26

1. Credit ri()

9I. Credit risk com!rises counter!art# risk sett"ement risk and concentration risk. $hese

risk t#!es are defined as fo""ows:

Counter!art# risk is the risk of credit "oss to the grou! as a resu"t of fai"ure # a

counter!art# to meet its financia" and;or contractua" o"igations to the grou!. $his risk

t#!e has three com!onents:


5/26

Credit ri() (uary

In genera" standardi6ed R% densities show a greater consistenc# across regions and

e!osure c"asses than ad&anced IRB as the ad&anced IRB a!!roach ref"ects the re"ati&e

risks of the different !ortfo"ios to a greater etent.

-


6/26

#. Country ri()

Crossorder transfer risk in the HSBC ank herein referred to as countr# risk is the

uncertaint# that a c"ient or counter!art# inc"uding the re"e&ant so&ereign wi"" e a"e to

fu"fi"" its o"igations to the grou! outside the host countr# due to !o"itica" or economic

conditions in the host countr#.

$he countr# risk mode" a"so rates so&ereigns. So&ereign ratings are distinct from countr#

risk ratings in that the# focus on so&ereign counter!art# creditworthiness whereas

countr# risk ratings !ro&ide a more ho"istic &iew co&ering transfer and con&ertii"it#

risk economic 9or credit !ortfo"io risk as we"" as so&ereign risk. %s with countr# risk

ratings an interna" rating mode" is used to determine so&ereign ratings. $he so&ereign

mode" is an etension of the countr# mode" with so&ereign in!uts u!dated in tandem

with u!dates to the countr# mode". >ike the countr# risk mode" the so&ereign risk mode"

!ro&ides an interna" risk grade which is ca"irated to a 1 to 2- rating sca"e. So&ereign risk

re&iews occur in tandem with countr# re&iews with the research !rocess under!inning

so&ereign re&iews com!ara"e with the countr# risk !rocess.

Countries and so&ereigns rated + and higher referred to as medium and high risk

countries and so&ereigns are su4ect to increased centra" monitoring. For those with an

interna" risk grade of ? and "ower referred to as "ow risk countries and so&ereigns a

"esser degree of ana"#sis is genera""# !erformed.

Countr# concentration risk is managed

and monitored # geogra!hic region

and countr#.

3.5i6uidity ri()

>i7uidit# risk arises when the grou!

des!ite eing so"&ent cannot maintain

or generate sufficient cash resources to

meet its !a#ment o"igations as the#

fa"" due or can on"# do so at materia""# disad&antageous terms $his t#!e of e&ent ma#

,


7/26

arise where counter!arties who !ro&ide the ank with funding withdraw or do not ro""

o&er that funding or as a resu"t of a genera"i6ed disru!tion in asset markets which resu"ts

in norma""# "i7uid assets ecoming i""i7uid.

5i6uidity and funding anageent

$he grou! manages "i7uidit# in accordance with a!!"ica"e regu"ations and internationa"

est !ractice. %s !art of a consistent "i7uidit# management !rocess the grou! is re7uired

to:

maintain a sufficient"# "arge "i 7uidit# uffer=

ensure a structura""# sound statement of financia" !osition=

manage short and "ongterm cash f"ow=

manage foreign currenc# "i7uidit#=

!reser&e a di&ersified funding ase=

undertake regu"ar "i7uidit# stress testing and scenario ana"#sis= and

maintain ade7uate contingenc# funding !"ans.

5i6uidity buffer

C5defined "imits on the asis of di&ersification and "i7uidit#

4. Mar)et ri()

$his is the risk of a change in the actua" or effecti&e market &a"ue or earnings of a

!ortfo"io of financia" instruments caused # ad&erse mo&ements in market &aria"es such

?


8/26

as e7uit# ond and commodit# !rices= currenc# echange and interest rates= credit

s!reads= reco&er# rates and corre"ations= as we"" as im!"ied &o"ati"ities in a"" of the ao&e.

Overview and objectives of HSBC Bank:

e se!arate e!osures to market risk into trading and nontrading !ortfo"ios. $rading

!ortfo"ios inc"ude !ositions arising from marketmaking from !ositiontaking and others

designated as markedto market. 'ontrading !ortfo"ios inc"ude !ositions that !rimari"#

arise from the interest rate management of our retai" and CMB assets and "iai"ities

financia" in&estments designated as a&ai"a"e for sa"e and those he"d to maturit#. here

a!!ro!riate we a!!"# simi"ar risk management !o"icies and measurement techni7ues to

oth trading and nontrading !ortfo"ios. 5ur o4ecti&e is to manage and contro" market

risk e!osures in order to o!timi6e return on risk whi"e maintaining a market !rofi"e

consistent with our status as one of the wor"d@s "argest anking and financia" ser&ices

organi6ations.

Mar)et ri() table:

$. 7erational ri()

+


9/26

5!erationa" risk is the risk of "oss resu"ting from inade7uate or fai"ed interna" !rocesses

!eo!"e and s#stems or from eterna" e&ents. $his inc"udes information and "ega" risk ut

ec"udes re!utation and strategic risk.

Overview and objectives of HSBC Bank:

5!erationa" risk is defined as Athe risk of "oss resu"ting from inade7uate or fai"ed interna"

!rocesses !eo!"e and s#stems or from eterna" e&ents inc"uding "ega" risk@.

5!erationa" risk is re"e&ant to e&er# as!ect of our usiness and co&ers a wide s!ectrum

of issues in !articu"ar "ega" com!"iance securit# and fraud. >osses arising from reaches

of regu"ation and "aw unauthori6ed acti&ities error omission inefficienc# fraud

s#stems fai"ure or eterna" e&ents a"" fa"" within the definition of o!erationa" risk. e

ha&e historica""# e!erienced o!erationa" risk "osses in the fo""owing ma4or categories:

fraudu"ent and other eterna" crimina" acti&ities=

reakdowns in !rocesses;!rocedures due to human error mis4udgment or ma"ice=

terrorist attacks=

s#stem fai"ure or nona&ai"ai"it#=

in certain !arts of the wor"d &u"nerai"it# and natura" disasters.

Table rere(enting the 7erational ri():

/. 'eutational ri():


10/26


11/26

#.1 'i() Manageent of Internet Ban)ing of the &BC Ban):

Internet anking risks can ad&erse"# im!act on an institution@s earnings and ca!ita".

$herefore an institution offering Internet anking ser&ices is re7uired to im!"ement

!ro!er and effecti&e !o"icies !rocedures and contro"s to !rotect information and ensure

its integrit# a&ai"ai"it# and confidentia"it#.

$o assist institutions to !ro!er"# identif# 7uantif# and manage risks associated with

Internet anking it is recommended that such risks e categori6ed as fo""ows:

&trategic ri()

Strategic risk stems from ina!!ro!riate usiness decision and;or incorrect im!"ementation

of decisions. %n institution ma# incur sustantia" "oss;wastage of its resources as a resu"t

of incorrect choices or decisions regarding its Internet anking strateg#. $he institutionshou"d conduct a feasii"it# stud# !rior to initiating on Internet financia" ser&ices.

Tran(action ri()

$ransaction risk resu"ts from f"aws in s#stem design im!"ementation or ineffecti&e

monitoring "eading to frauds errors and fai"ures to !ro&ide anking !roducts and

ser&ices= to contro" transaction risk there is need for ade7uate securit# and monitoring of

the Internet anking s#stem. %n institution must ha&e in !"ace !re&enti&e and detecti&e

contro"s to ward off its Internet anking s#stems from an# unauthori6ed use oth

interna""# and eterna""#. %de7uate o!erating !o"icies and !rocedures auditing standards

effecti&e risk monitoring !rocesses inc"uding contingenc# and usiness resum!tion !"ans

shou"d e im!"emented.

Coliance ri()

Com!"iance risk arises from fai"ure to oser&e "aws ru"es and regu"ations !rescried

!ractices or ethica" standards when de"i&ering Internet anking ser&ices. $he Internet

anking ser&ice shou"d e designed and o!erated in such a manner that it a"wa#s

com!"ies with a"" re"e&ant "aws and guide"ines. 8&er# institution shou"d state c"ear"# in its

$erms and Conditions for Internet Banking Ser&ices and on its wesite that the go&erning

"aw is the Mauritian "aw.

11


12/26

'eutation ri()

Re!utation risk occurs when s#stems or !roducts do not work as e!ected and cause

wides!read negati&e !u"ic reaction. Internet anking s#stems that are !oor"# eecuted

wou"d !resent this risk. %n institution@s re!utation ma# a"so e affected if its Internet

anking s#stem is unre"ia"e or inefficient or the !roducts and ser&ices offered are not

!resented in a fair and accurate manner. %d&erse !u"ic o!inion ma# create a "asting

negati&e !u"ic image on the institutions@ o&era"" o!erations which ma# im!air the

institution@s ai"it# to esta"ish new re"ationshi!s or ser&ices or continue ser&icing

eisting customers and usiness re"ationshi!s. %n institution shou"d undertake immediate

and effecti&e remedies to address o!erationa" fai"ures or unauthori6ed intrusions and

ensure that time"# ste!s are taken to address ad&erse customer and media reaction.

Traditional ban)ing ri()

%n institution offering Internet anking ser&ices is faced with the same t#!es of

traditiona" anking risk such as credit risk interest rate risk "i7uidit# risk !rice risk and

foreign echange risk. $he Internet ma# howe&er heighten some of these risks. %n

institution !ro&iding Internet ser&ices shou"d therefore de&e"o! a!!ro!riate and ade7uate

s#stems to manage the &arious t#!es of traditiona" anking risks and maintain those

s#stems on a regu"ar asis.

12


13/26

#.# 'i() Manageent 8rae"or) of internet ban)ing

8orulation of a olicy

$he de&e"o!ment of Internet anking widens the sco!e for increased interaction etween

institutions and their customers and o!ens u! new a&enues for crossorder anking

transactions e!osing institutions to additiona" risks. Man# as!ects of risks associated

with Internet anking are neither fu""# discerni"e nor readi"# measura"e. %ccording"#

each institution shou"d de&e"o! a risk management framework that is com!rehensi&e

enough to dea" with known risks and f"ei"e enough to accommodate changes. It shou"d

e su4ect to a!!ro!riate o&ersight # the oard of directors and senior management. $he

so!histication of the risk management !rocesses shou"d e a!!ro!riate for the

institution@s "e&e" of risk e!osure.

'ole of Board of Director(

$he oard of directors sha"" e the fo""owing:

a. %!!ro&e the Internet anking strateg# of the institution to ensure that it is

consistent with the institution@s strategic and usiness !"an=

. %!!ro&e contingenc# and usiness resum!tion !"ans that shou"d e in !"ace efore

an institution "aunches the Internet anking ser&ices.

c. Set the "e&e" of Internet anking risk and re&iew a!!ro&e and monitor Internet

anking techno"og# re"ated !ro4ects that ma# ha&e significant im!act on the institution

d. ensure that the Internet anking s#stems are o!erated in a safe and sound manner

inc"uding the a&ai"ai"it# of contingenc# and usiness resum!tion !"ans=

e. Re&iew and a!!ro&e the information securit# !o"icies=

13


14/26

f. 8nsure that an ade7uate s#stem of interna" contro"s is esta"ished and maintained=

g. 8nsure that 7ua"ified and com!etent !ersons at senior "e&e" are em!"o#ed to identif#

monitor and contro" Internet anking risks and that the effecti&eness of the interna"

contro" s#stem is monitored on a regu"ar asis=

h. Carr# out an acti&e o&ersight of the management of Internet anking risk of the

institution # regu"ar"# recei&ing com!rehensi&e written re!orts identif#ing materia"

risks. In carr#ing out the ao&e res!onsii"ities the oard ma# engage the ser&ices of

outside e!erts as needed.

Internet ban)ing (ecurity rogra

Institution sha"" esta"ish a written !o"ic# on the o&era"" securit# of its Internet anking

s#stem. 8ach institution sha"" further im!"ement an o&era"" securit# !rogram which

shou"d incor!orate the institution@s risk management contro"s. $he securit# !rogram

shou"d set out the !o"icies !rocedures and contro"s to safeguard the institution@s

information define indi&idua" res!onsii"ities and descrie enforcement and disci!"inar#

actions for noncom!"iance.

$he securit# !rogram shou"d esta"ish the necessar# organi6ation structure and

accountai"it# in the !rocess of the management of risks associated with Internet

anking. $he need to create awareness throughout the organi6ation that securit# is an

im!ortant cu"tura" &a"ue shou"d a"so e ingrained in the securit# !rogram. 8&er#

institution shou"d ensure that ade7uate training is !ro&ided to the re"e&ant staff to kee!

them u!dated on new securit# risks and methods of mitigating such risks.

Senior management shou"d carr# out regu"ar securit# risk assessments to track down

interna" and eterna" threats that ma# undermine data integrit# interfere with ser&ice of

resu"t in the destruction of information. 8&er# institution shou"d esta"ish s!ecific

re!orting re7uirements for securit# reaches. Senior management shou"d ensure that the

1)


15/26

securit# measures instituted are current and !ro!er"# im!"emented and com!rehensi&e

securit# !o"icies and !rocedures are stringent"# enforced.

%n institution shou"d ado!t a securit# awareness !rogram to gi&e users a c"ear

understanding of the !rocedures and contro"s necessar# for a secure en&ironment. $his

securit# awareness !rogram shou"d strengthen the institution@s securit# !o"ic# and

!rogram and ma# inc"ude for eam!"e instructions regarding !assword !rotection

Internet securit# !rocedures user res!onsii"ities and em!"o#ee disci!"inar# actions.

1-


16/26

Threat( to ri() a((e((ent of &BC Ban):

% threatis an act of coercion wherein an act is !ro!osed to e"icit a negati&e res!onse. It

is a communicated intent to inf"ict harm or "oss. It can e a crime in man# 4urisdictions.

For the ank there can e interna" and eterna" threats.

Regarding interna" attacks there are "ots of them: theft of !ro!rietar# information

accidenta" or nonma"icious reaches saotage fraud &iruses and

ea&esdro!!ing;snoo!ing. $hese attacks can e !remeditated de"ierate or ma"e&o"ent.

$here are four main categories of insider threat: 91


17/26

Maliciou( cti,ity

8raud9 Theft9 or Blac)ail

Since fraud theft or "ackmai" is !er!etrated more easi"# # insiders im!"ementation of

em!"o#ee awareness !rograms and com!uter securit# !o"icies is essentia". $hese threats

causes the "oss corru!tion or una&ai"ai"it# of information resu"ting in a disru!tion of

ser&ice to customers. Restricting access to information that ma# e a"tered or

misa!!ro!riated reduces e!osure.

&abotage


18/26

!atural Di(a(ter(

8ire

% fire can resu"t in "oss of "ife e7ui!ment and data. $he Bank !ersonne" must know

what to do in the e&ent of a fire to minimi6e these risks. Instructions and e&acuation

!"ans shou"d e !osted in !rominent "ocations shou"d inc"ude the designation of an

outside meeting !"ace so !ersonne" can e accounted for in an emergenc# and shou"d

!ro&ide guide"ines for securing or remo&ing media if time !ermits. Fire dri""s shou"d e

!eriodica""# conducted to ensure that !ersonne" understand their res!onsii"ities. Fire

a"arm oes and emergenc# !ower switches shou"d e c"ear"# &isi"e and unostructed.

%"" !rimar# and acku! faci"ities shou"d e e7ui!!ed with heat or smoke detectors.

Idea""# these detectors shou"d e "ocated in the cei"ing in ehaust ducts and under raised

f"ooring. (etectors situated near air conditioning or intake ducts that hinder the ui"du!

of smoke ma# not trigger the a"arm. $he emergenc# !ower shutdown shou"d deacti&ate

the air conditioning s#stem. a""s doors !artitions and f"oors shou"d e fireresistant.

%"so the ui"ding and e7ui!ment shou"d e grounded correct"# to !rotect against

e"ectrica" ha6ards. >ightning can cause ui"ding fires so "ightning rods shou"d e

insta""ed as a!!ro!riate. >oca" fire ins!ections can he"! in !re!aration and training.

$hese s#stems shou"d e the staged t#!e where the action triggered # a fire detector

!ermits time for o!erator inter&ention efore it shuts down the !ower or re"eases fire

su!!ressants.


19/26

&e,ere ;eather

% disaster resu"ting from an earth7uake hurricane tornado or other se&ere weather

t#!ica""# wou"d ha&e its !roai"it# of occurrence defined # geogra!hic "ocation. Ei&en

the random nature of these natura" disasters institutions "ocated in an area that

e!eriences an# of these e&ents shou"d consider inc"uding a!!ro!riate scenarios in their

usiness continuit# !"anning !rocess. In instances where ear"# warning s#stems are

a&ai"a"e management shou"d im!"ement !rocedures !rior to the disaster to minimi6e

"osses.

Technical Di(a(ter(


20/26

e&ent of !ower fai"ure institutions shou"d use an a"ternati&e !ower source such as an

uninterru!ti"e !ower su!!"# 9


21/26

Internet ban)ing threat(

Phi(hing

$hese attacks use socia" engineering to tra! !eo!"e into gi&ing u! their !ersona"

information. sers are sent ogus emai"s that "ure users to Internet sites that mimic

"egitimate sites. Man# users unaware that crimina" intent is ehind the emai" o!en

them fa"" into the tra! and "and u! entering !ersona" information into a fraudu"ent e

site.

Pa(("ord &tealing and Identity Theft

$hese t#!es of attacks re"# on the ai"it# of the attacker to foo" users into gi&ing u! their

!ersona" information and credentia"s. Since users are t#!ica""# &u"nera"e to these t#!es

of attacks an# method that re"ies on a credentia" that can e disc"osed is &u"nera"e to

socia" engineering attacks. 'ote howe&er that this does not inc"ude a !h#sica" transfer

ecause users can e rather easi"# foo"ed o&er the !hone or &ia emai" and the Internet to

disc"ose !ersona" information ut 4ust "ike the ke#s to their house or their %$M card

!eo!"e are "ess "ike"# to hand someone the# donDt know their !h#sica" smart card or token

de&ice.

21


22/26

4. Mitigating &trategie(:

4.1 Mitigating 'i()( fro In(ider( attac)(

$oda#@s distriuted en&ironments and ra!id"# changing usiness conditions 9such as

mergers and ac7uisitions "a#offs and g"oa" sourcing make for a wide geogra!hic

distriution of users a s#stem of mu"ti!"e entr# !oints and the !otentia" for disgrunt"ed

em!"o#ees. %s a resu"t toda#@s organi6ations carr# greater risk of insider attacks. 8&er#

organi6ation must ado!t a strateg# that can he"! manage that risk effecti&e"# striking a

a"ance etween end user accessii"it# and !rotection against securit# reaches.

hen watching for insider attacks 9as o!!osed to eterna" threats the securit# 7uestion

changes from GIs the access authori6ed to GIs the eha&ior acce!ta"e hereas the

former 7uestion asks for a sim!"e #esorno answer at a sing"e !oint in time the "atter

7uestion addresses much more com!"eit#.

% user@s eha&ior encom!asses a"" e&ents in a gi&en session from eginning to end and

in&o"&es "ongterm !atterns and sut"e &ariations. %nswering this 7uestion re7uires more

so!histication and granu"arit# on the !art of the securit# s#stems. %s we intend to show in

the net few !ages there are four asic e"ements J eha&iora" ana"#sis integrated

securit# com!onents automatic res!onse and an iterati&e mode"ing !rocess J that as

!art of a com!rehensi&e a!!roach to the threat of insider attacks can he"! !ro&ide this

"e&e" of securit# so!histication.

22


23/26

4.# &trategie(:

Beha,ioral analy(i(

$he ke# to thwarting an insider attack "ies in understanding the range of norma" eha&ior

in a gi&en usiness !rocess and !in!ointing eha&ior that de&iates from the norm. $hus

one of the first ste!s must in&o"&e !o"ic# making J the definition of !arameters for

acce!ta"e eha&ior within a !eer grou!. $hese !arameters wi"" ser&e as the ase"ine for

com!arati&e ana"#sis so it is im!ortant to esta"ish user !rofi"es ased on historica" data

or concrete e!erience J not 4ust usiness e!ectations that ma# or ma# not e rea"istic.


24/26

ank t#!ica""# accesses 10 to 1- records !er da# it ma# e reasona"e to in&estigate an

agent who accesses 30 or more. >ikewise an organi6ation ma# deem a situation

sus!icious if an agent &iews information that is not norma""# re7uired for customer

interactions. 5n"# through ongoing contro""ed eha&iora" ana"#sis can an organi6ation

identif# these de&iations.

Integrated (ecurity coonent(

Man# organi6ations ha&e at "east some of the securit# e"ements needed to !rotect against

ma"icious interna" attacks: authentication s#stems asset tracking software de&ice and

Internet usage monitoring ca!ai"ities and other too"s. It is critica" howe&er for these

!ieces to interact as seam"ess"# as !ossi"e. Indeed one reason organi6ations find it

difficu"t to detect insider attacks is the time it takes to ana"#6e a &ast amount of data

coming from a wide arra# of de&ices entr# !oints and user accounts.

$he ank need to ena"e communication corre"ation and ana"#sis at a granu"ar "e&e"

among a wide range of securit# com!onents inc"uding authentication gatewa#s !h#sica"

securit# s#stems asset management too"s network monitoring ca!ai"ities and e

securit# !"atforms. $hese s#stems shou"d communicate in rea" time so the organi6ation

can react 7uick"# efore data can e used for i""egitimate !ur!oses J and !otentia""#

e&en !redict and !re&ent ma"icious attacks.

$he s#stems an organi6ation !uts in !"ace to monitor user eha&ior shou"d a"so e

designed to sim!"if# monitoring and !attern detection tasks for administrators.

%dministrators shou"d e a"e to access a centra" conso"e that com!i"es messages and

e&ents from s#stems that monitor e&er#thing from network de&ices to a!!"ication usage.

Manua""# re&iewing historica" "ogs and searching for com!"e re"ationshi!s across

s#stems can di&ert too much effort awa# from acti&ities of higher &a"ue and !riorit#.

Consider how much more !owerfu" an organi6ation@s !attern detection ca!ai"ities can

ecome when e&ents are corre"ated across the I$ en&ironment. For eam!"e an

organi6ation ma# run a sensiti&e a!!"ication that genera""# shou"d not e accessed

remote"#. If an em!"o#ee "ogs on to that a!!"ication without ha&ing !assed through

!h#sica" access !oints such as a adge reader or an onsite workstation an integrated

s#stem can immediate"# identif# the eha&ior as unusua" and !otentia""# harmfu".

2)


25/26

ithout this automatic rea"time corre"ation the remote access ma# not e detected

7uick"# enough. % de"a# of e&en a few hours can !ro&ide an am!"e window of

o!!ortunit# for a wou"de attacker.

utoatic re(on(e

$he ank needs to recogni6e and res!ond to de&iations from norma" eha&ior as 7uick"#

as !ossi"e. Re"#ing on"# on human detection and res!onse ma# not suffice es!ecia""# if

an attack occurs during nonusiness hours.

$o !re&ent or mitigate damage the s#stems themse"&es must e ca!a"e of acting

immediate"# in res!onse to unacce!ta"e eha&ior. 5nce the eha&ior de!arts from the

standard e#ond a certain thresho"d for eam!"e the s#stem shou"d den# access to a

re7uested a!!"ication or data resource. $his nearimmediate res!onse a""ows time for

network administrators to recei&e an a"ert ana"#6e the !atterns and choose an a!!ro!riate

course of action. %nd the network administrator shou"d not ha&e to maintain dee!

securit# e!ertise to inter!ret the data or determine the net ste!s. $he securit# s#stems

shou"d automatica""# suggest a range of re"e&ant res!onses that are ased on the "atest

research and insight into securit# threats. In addition the s#stems shou"d e ca!a"e of

sorting through fa"se !ositi&es. %n a"ert s#stem that sim!"# !asses information a"ong

without asic "e&e"s of ana"#sis fai"s to add &a"ue to the monitoring !rocess.

Iterati,e odeling roce((

'o matter how much an organi6ation !re!ares for toda#@s securit# threats the risks

continue to e&o"&e. 8m!"o#ees come and go. I$ infrastructures grow and incor!orate new

techno"ogies that can introduce unforeseen &u"nerai"ities.

$o kee! sensiti&e data !rotected organi6ations must work continuous"# to remain a ste!

ahead of !otentia" attacks. Securit# s#stems shou"d !"a# a significant ro"e in theseongoing efforts. It is im!ortant not to "imit detection s#stems to narrow s!ecific ru"es

ecause the range of &a"id eha&ior shifts o&er time. Instead organi6ations shou"d

institute se"ftuning s#stems that can react a!!ro!riate"# and inte""igent"# to d#namic

usiness conditions J without the need for a fu"" redefinition of ru"es. For eam!"e a

marketing cam!aign might re7uire agents to access data that is not norma""# needed.

2-


26/26

ithout the ai"it# to ada!t d#namica""# to these kinds of changes the securit# s#stems

ma# inundate administrators with fa"se !ositi&es J thus reducing the &a"ue of the a"erts.

%t the same time the s#stems need thresho"ds that are sensiti&e enough to detect sut"e

de&iations within "arge sam!"es of eha&iora" data. Striking a a"ance etween the two

etremes can e done on"# through an iterati&e mode"ing !rocess= where in monitoring

s#stems can "earn the organi6ation@s natura" rh#thms and sort through se&era" o&er"a!!ing

"a#ers of acce!ta"e eha&ior.

Conclu(ion:

$he g"oa" econom# continues to e &o"ati"e and under stress and our continued

commitment to sound risk management has !ro&ed to e effecti&e as ref"ected in our

strong ca!ita" and "i7uidit# !osition. e recogni6e that maintaining and continua""#

enhancing our risk management ca!ai"ities wi"" e critica" in the months ahead to ensure

that the grou!@s financia" and strategic o4ecti&es are achie&ed within a!!ro&ed "e&e"s of

risk a!!etite.

Risk Assigment BIS12FT

Documents

Transcript of Risk Assigment BIS12FT