1 / 21

Responding to Cyber Threat: Market Infrastructure Panel

Join our Cyber Security Workshop at ACSDA Miami on November 29-30, 2018. Explore the global and regional cyber threat outlook, learn about the actions taken by Chilean authorities, and understand the role of DCV. Discover the modus operandi of cyber attacks and the importance of cybersecurity in the financial sector. Don't miss this opportunity to enhance your knowledge and protect your organization.

moseb
Télécharger la présentation

Responding to Cyber Threat: Market Infrastructure Panel

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Respondiendo a la amenaza cibernética Responding to CyberThreat MarketInfrastructure Panel Taller Seguridad Informática Cyber Security Workshop ACSDAMiami / 29-30 de noviembre 2018

  2. Escenario Mundial y Regional • World and Latam Outlook • Regulador Chile • ChileanAuthorities • En que está el DCV • What are DCV doing?

  3. BCI 2018: HorizonScanReport

  4. Cyber Attack - Modus Operandi • Recognition • Vulnerability detection • Identify environments • Identify roles • Commitment of credentials • Identify VPN • etc. • (3) Preparation • Accounts Opening • Hire mules • Hire insider • C & C channel • Internal tunnels • Study internal processes • Identify fraud thresholds • They perform some tests • (4) Ejecution • Software alteration (malware) • Transfer from fake accounts • Alteration of real transactions • Alteration of rejected transactions • Impersonation of key roles • Elimination of traces • Business disruption (DoS) • (2) Auction • Hacker offers its assets in the darknet • It puts a price • Group counteroffer and ask for sample • Group tests the "Merchandise" • Close agreement

  5. NotPetya: El mayor Ciberataque (biggestcyberattack)

  6. OEA 2018: Status of Cybersecurity in Latam Bank Sector

  7. ISSA > Cybersecurity (What ISSA says)

  8. Global and Latam Outlook • Chilean Authorities • What is DCV doing?

  9. Cybersecurity - Chilean Authorities • Governmentinitiatives • Política Nacional / Ley de Delito informático / Instructivo Presidencial / Ley Marco (Nationalregulation / Computercrimelaw) • Otherareas • CriticalInfrastructureRegulation • Bank Superintendent (SBIF) New Rules • Cybersecurity / BoardresponsiRequirementsforcloudservices APT38 FancyBear 200,000 devices in Mirai Malware ATM Lazarouz Carbanak Ransomware APT28 TrojanRemcosattacksfinancialsector Trojan Mazain steals financial info Estados y criminales (Countries & Criminals) APT Financial industry Criptojacking attacks in various industries Extortion Financial sector Armada Collective La amenaza globalizada Global Treath

  10. Mirada Regulador – CMF (Comisión para el Mercado Financiero) (FMI’sAuthority)

  11. Mirada Regulador – BCCh (Banco Central de Chile) (Chilean Central Bank) Interconnected Capital Market • n

  12. Global and Latam Outlook • Chilean Authorities • What is DCV doing?

  13. Security Framework • Cybersecurity context and other domains ISO 27032 Information Security Application Security Cybersecurity Internet security Network Security Protection of Critical Information Infrastructure

  14. Security Management (Processes and Systems of Management) Governance Management 27001 (2013) IOSCO (Industry)

  15. ISMS status Criterion for acceptance of IS risks IS Risk Treatment Process Actions to address risks and opportunities High Level Commitment IS objectives SGSI Limits IS Risk Assessment Process Roles, responsibilities and authorities Evidence of competence IS policies Resources analysis Legal Requirements Risks and opportunities that must be addressed Scope Evidence of awareness Organisation Context Leadership Planning Support Stakeholder analysis Internal and external communication needs Internal / external issues / factors Documents control Management of non-conformities Operation Improvement Planning and operational control Management of corrective actions Results of the IS risk assessment Results of the treatment of risks of IS Continuous improvement Performance evaluation ISO 22301 reuse Implemented Partiallyimplemented Notimplemented Declaration of applicability Residual risk approval (Risk owners) Monitoring, measurement, analysis and evaluation Internal Audit Program Management review IS risk management plan (s) Results of monitoring and measurement Approval of treatment plans (risk owners) Results of Internal Audit Results of the management review

  16. Security and Cybersecurity Framework Governance IOSCO- Guidelines for Cyber resilience Tests Identification Situational awareness Protection Detection Aprendizaje y Evolución Recuperación NIST 1.1 Identification Protection Detection Defense Recuperation Cybersecurity Guidelines ISO 27032 Information Security Management Systems ISO 27001

  17. Conceptual Model of relations and risk assessment Information Security Management Systems Context, leadership, planning, support Operation Continuous improvement Evaluation ofperformance ISO 27.001

  18. Conceptual Model of relations and risk assessment • Controls • NIST • ISO 27.032 cybersecurity • Guía IOSCO cybersecurity • Stakeholders • Person or organization that may affect, be affected, or perceive oneself affected by a decision or activity. • Risks. Asset evaluation • ISO 31.000 • Vulnerability. • Weakness of an asset or control that can be exploited by a threat. Asset prioritisation Risk level of security threats – Cybersecurity Determination of residual (potential) and alive (materialized) risk • Strategies / Plans / Response • Business continuity management system. ISO 22.301 • Crisis management plan - cybersecurity. BS 11.200 CMC CCE CRT CAP CRI

  19. AdvancedPersistentThreatStrategy Access Control Block accessattempts and of communication. Defense of criticalassets Control of access and protectcriticalassetsand users Detection of Movement Identify lateral movement, escalation, privileges, Stolencredentials, etc Intelligence + Visibility + Response

  20. Cybersecurity new controls

  21. www.dcv.clDepósito Central de Valores, DCV • DCV - Av. Apoquindo 4001 Piso 12, Las Condes. • DCV Registros - Huérfanos 770 Piso 22, Santiago Centro.

More Related