1 / 10

Money Transmission Association

Money Transmission Association. THE CHALLENGE OF INFORMATION SECURITY – An independent view. Session Agenda. What is Information Security Business/IT partnerships Lessons from enforcement actions. Session Agenda. What is Information Security Business/IT partnerships

rafael-duke
Télécharger la présentation

Money Transmission Association

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Money Transmission Association THE CHALLENGE OF INFORMATION SECURITY – An independent view

  2. Session Agenda What is Information Security Business/IT partnerships Lessons from enforcement actions

  3. Session Agenda What is Information Security Business/IT partnerships Lessons from enforcement actions

  4. What is Information Security? Not to be confused with ‘Computer Security’. Secure storage and or encryption as applicable of relevant information whatever the media. Senior Management must understand relevant systems and controls. Outsourcing Responsibility may be acceptable, but ‘Accountability’ will always remain

  5. Session Agenda What is Information Security Business/IT partnerships Lessons from enforcement actions

  6. Business/ IT Partnerships Risks differ in each firm, but common internal and or external themes are noted in relation to deliberate, malicious and or accidental loss or compromise, including: User permissions to systems & building(s) in addition to access rights and Audit trails/ Print logs External email, sites & messaging in addition to email screening Use of USB and other mass storage, data transfer or copying devises Asset records and controls of computers/laptops/blackberries etc Logical access controls to systems Passwords/ physical tokens/biometrics etc Reliance on external sources and client data Knowing when and who to make a report to Conduct a relevant risk and gap assessment – Mitigate the risk and show consideration.

  7. Session Agenda What is Information Security Business/IT partnerships Lessons from enforcement actions

  8. Lessons from Enforcement Actions Extract of a speech by Margret Cole Director FSA Enforcement & Financial Crime – November 2009: “And data security is another area where we can, and will, use enforcement action to support the work of our supervisors.  We expect firms to consider how their actions or failures leave others open to the threat of fraud.  We continue to learn of data security lapses that put customers’ personal information at risk.  This summer’s enforcement action against three units of HSBC saw substantial fines paid for weak controls over the security of customer data.  And we will follow up with further enforcement cases to demonstrate the importance of this subject.”

  9. Additional reading/ Information sources DPA http://www.opsi.gov.uk/Acts/Acts1998/ukpga_19980029_en_1 Data Commissioner http://www.ico.gov.uk/ FSA (Data Security in Financial Services) http://www.fsa.gov.uk/pubs/other/data_security.pdf Fraud Managers Reference Guide http://www.bba.org.uk/bba/jsp/polopoly.jsp?d=146&a=5257

  10. Money Transmission Association THE CHALLENGE OF INFORMATION SECURITY – An independent view Questions? Mark Winters 07881 512 001

More Related