compliance management u bankarstvu tsiem - nina ugrinovska
DESCRIPTION
TRANSCRIPT
![Page 1: Compliance management u bankarstvu tsiem - nina ugrinovska](https://reader031.vdocument.in/reader031/viewer/2022020713/546c2887af79596c298b4e99/html5/thumbnails/1.jpg)
PRESENTATION TITLE:Compliance Management u bankarstvu - TSIEM
PRESENTER’S NAME:Nina Ugrinoska
![Page 2: Compliance management u bankarstvu tsiem - nina ugrinovska](https://reader031.vdocument.in/reader031/viewer/2022020713/546c2887af79596c298b4e99/html5/thumbnails/2.jpg)
Agenda
• Problemi i inicijativa
• Sigurnost podataka - regulativa ili potreba
• Priprema, analiza rizika, izbor produkta
• TSIEM (Tivoli Security Information and Event Management)
• Definisanje procesa, privilegija i odgovornosti
• Sta obuhvatiti, koje rezultate ocekivati i alerting
• Implementacija, testiranje I konsolidacija
• Operativni rad, razvoj I unapredjenje sistema, reporting
• Summary : Dali smo sigurni da smo sada SIGURNI?
• Q & A
![Page 3: Compliance management u bankarstvu tsiem - nina ugrinovska](https://reader031.vdocument.in/reader031/viewer/2022020713/546c2887af79596c298b4e99/html5/thumbnails/3.jpg)
Problemi i inicijativaAwareness
-How would you stop the flood?
Communication is vital
-Hi, I came to ask you about the M procedure.
-M procedure?!
-Yes. The procedure you wrote about M.
-Oh, that M procedure. Yes there is an M procedure.
-Can I take a look at it?
-Yes, it is on public file server.
-Could you please give me some details? Number, name, folder?
-Oh, wait... it is here somewhere...
no... maybe here... ...
Hey guys who wrote the M procedure?
Maybe Nick... Where is Nick?
- Never mind, sorry to bother you, bye.
![Page 4: Compliance management u bankarstvu tsiem - nina ugrinovska](https://reader031.vdocument.in/reader031/viewer/2022020713/546c2887af79596c298b4e99/html5/thumbnails/4.jpg)
Problemi i inicijativa
• Transformation of organization
• - Business process
• - Corporate culture (International and multicultural)
• Myths about IS
• - It is too expensive! (Can we afford it?)
• - IS = IT Security
- Many security problems can’t be solved with technology.
- It happens to somebody else
- “More than 30% of those polled by the National Cyber Security Alliance (NCSA) think they'll take a
bolt of lightning through the chest before they see their computers violated in an Internet attack.”
- “I’ve got brand new, 10000$ firewall system. I’M SAFE!”
- 90% of security breaches are results of bad configuration
- 70% of security breaches may come from inside
- Common sense, not a rocket science!
• - Cool! I wrote it so everybody knows it!
• - If they sign the policy when they get hired, they will remember it always.
• - Employees think about information security policy before they go to sleep.
![Page 5: Compliance management u bankarstvu tsiem - nina ugrinovska](https://reader031.vdocument.in/reader031/viewer/2022020713/546c2887af79596c298b4e99/html5/thumbnails/5.jpg)
Problemi i inicijativa
2010 Top Security Threats
1. Cyber/Communication Security: Internet/Intranet Security
2. Workplace Violence Prevention/Response
3. Business Continuity Planning/Organizational Flexibility
4. Employee Selection/Screening
5. Unethical Business Conduct
6. Crisis Management and Response: Political Unrest/Regional Instability/National
Disasters
7. Property Crime
8. General Employee Theft
9. Travel Security
10. Fraud/White-Collar Crime
![Page 6: Compliance management u bankarstvu tsiem - nina ugrinovska](https://reader031.vdocument.in/reader031/viewer/2022020713/546c2887af79596c298b4e99/html5/thumbnails/6.jpg)
Sigurnost podataka (Information Security) – regulativa ili potreba
“Information is the result of processing, manipulating and organizing data in a way that adds to the knowledge of the person receiving it.”
“The security of a system is the extent of protection against some unwanted occurrence such as the invasion of privacy, theft, and the corruption of information or physical damage.”
“The protection of information against unauthorized disclosure, transfer, modification, or destruction, whether accidental or intentional.“
“Protection of information for confidentiality, integrity and availability.”
"4 P's" of security: People, Policy, Process and Product.
Compliance with obligatory legislatives and accepted standards
Risk mitigation
ROI Business damage
Ensure BC&DR
![Page 7: Compliance management u bankarstvu tsiem - nina ugrinovska](https://reader031.vdocument.in/reader031/viewer/2022020713/546c2887af79596c298b4e99/html5/thumbnails/7.jpg)
Sigurnost podataka (Information Security) – regulativa ili potreba
There is a risk in any usage of information system
Every manager developing or using IS should understand the risks and steps involved in risk aversion to confront them.
News and magazines are covered with stories about hackers and viruses. But there is little or no detail about companies suffering from the attacks or profit losses because of IS breakdowns.
Term “Information security” has different meaning for different people. For vendors security is a product, for many organizations it is something IT manager must take care of, for most of the users it means involuntary limits of what they can do with the corporate computers. All of these views are dangerously narrow.
Information's are the heart of modern economy. Confidentiality, integrity and availability of these information's are fundamental for any organizations' survival in the market.
We can not predict when, where, what, how and how long will be attacked, but when it happens we must be ready and willing to defend from the attack.
![Page 8: Compliance management u bankarstvu tsiem - nina ugrinovska](https://reader031.vdocument.in/reader031/viewer/2022020713/546c2887af79596c298b4e99/html5/thumbnails/8.jpg)
Sigurnost podataka (Information Security) – regulativa ili potreba
ADVICE
Draw on the right expertise to understand the security threats you face and your legal responsibilities
Integrate security into normal business practice, through a clear security policy and staff education
Invest appropriately in security controls (to mitigate risks), or in insurance (to transfer them)
Check your key security defences (such as operating system patches, disaster recovery plans, etc.) are robust and up to date.
Respond to security incidents efficiently and effectively, to minimise business disruption.
![Page 9: Compliance management u bankarstvu tsiem - nina ugrinovska](https://reader031.vdocument.in/reader031/viewer/2022020713/546c2887af79596c298b4e99/html5/thumbnails/9.jpg)
Sigurnost podataka (Information Security) – regulativa ili potreba
No information system is immune to cyber criminal.
Each and every organisation will experience, one or more, disruptions, misuses or attacks.
Disasters can and will happen. Discontinuity is not an option in doing business. Recovery is always costly and takes time. There is always an option of permanent data loss.
Theft or loss of business plans, client data, contracts, intellectual property, project design and industrial technology may deliver long term financial damage to the organization.
Information system resource misuse has direct financial impact.
Privacy can be compromised and company would be subject to legal measures.
Reputation can be destroyed. Organizations that are unable to protect the privacy of the staff and client information will suffer the penalties and pay the fines. Partnership relations will be damaged, brand and public image will be shaken.
Question is not whether we can afford our defence, it is whether we can afford not to defend against information security threats.
There is no security without business requirement.
Better safe than sorry!
![Page 10: Compliance management u bankarstvu tsiem - nina ugrinovska](https://reader031.vdocument.in/reader031/viewer/2022020713/546c2887af79596c298b4e99/html5/thumbnails/10.jpg)
Sigurnost podataka (Information Security) – regulativa ili potreba
SUMMARY
Incidenti
Rizici
Privilegirani korisnici
Heterogena struktura
Forenzik i menadzerski zahtevi
Revizorski izvestaji
Supervizorski izvestaji Centralne Banke
Regulativa Centralne Banke
Ostali regulatorni organi
![Page 11: Compliance management u bankarstvu tsiem - nina ugrinovska](https://reader031.vdocument.in/reader031/viewer/2022020713/546c2887af79596c298b4e99/html5/thumbnails/11.jpg)
Priprema, analiza rizika, izbor produkta
• Analiza rizika (risk assesment) – osnova za
implementaciju sigurnosti
• Menadziranje rizika (risk management & risk
threatment )
• Implementacija kontrola
• Prihvatanje rizika (risk acceptance)
• Prenos rizika na druge subjekte
![Page 12: Compliance management u bankarstvu tsiem - nina ugrinovska](https://reader031.vdocument.in/reader031/viewer/2022020713/546c2887af79596c298b4e99/html5/thumbnails/12.jpg)
Priprema, analiza rizika, izbor produkta
• Projektni Tim – Information Security Officer, Risk Officer,
Compliance Officer, IT Manager, Internal Audit, Controling
Officer, Top Management, Middle Management……
• Definicija zahteva i potrebe za kontroliranje odredjenih
sistema
• Definicija sistem ownera za kontrolu za svaki sistem
• Definisanje privilegija u odnosu koriscenje sistema
• Postavljanje zahteva za tender
• Velika razlika u Log Management Produktima
• Evaluacija dobijenih ponuda
• Izbor produkta koji zadovaljava sve zahteve
![Page 13: Compliance management u bankarstvu tsiem - nina ugrinovska](https://reader031.vdocument.in/reader031/viewer/2022020713/546c2887af79596c298b4e99/html5/thumbnails/13.jpg)
Priprema, analiza rizika, izbor produkta
Zasto IBM Tivoli Securitu Information and Event Management?
• Odgovarao je nasim zahtevima
• Tim strucnih konsultanta
• Reference u bankarskim sistemi
• Implementacija i support
• Post produkciski support
• IT alati
• Compliance izvestaji
• Forenzik
• On-line interakcija
• Ostali produkti na trzistu
![Page 14: Compliance management u bankarstvu tsiem - nina ugrinovska](https://reader031.vdocument.in/reader031/viewer/2022020713/546c2887af79596c298b4e99/html5/thumbnails/14.jpg)
TSIEM Tivoli Security Information and Event Management
![Page 15: Compliance management u bankarstvu tsiem - nina ugrinovska](https://reader031.vdocument.in/reader031/viewer/2022020713/546c2887af79596c298b4e99/html5/thumbnails/15.jpg)
TSIEM
Struktura normalizovanih logova W7 Metodologija
![Page 16: Compliance management u bankarstvu tsiem - nina ugrinovska](https://reader031.vdocument.in/reader031/viewer/2022020713/546c2887af79596c298b4e99/html5/thumbnails/16.jpg)
TSIEM
TCIM – Tivoli Compliance Insight Manager
• TCIM – Tivoli Compliance Insight Manager –
Windows Server so DB2
• Cuva raw logs koji su potpisani u depo
• Proces normalizacije i cuvanje u DB2
• GEM (generic event module) za srodne baze logova
• Radi sa agentima koji se instaliraju na serverima
• Kolektori
• Podrzani produkti – Microsoft produkti, Check Point,
Cisco ….
![Page 17: Compliance management u bankarstvu tsiem - nina ugrinovska](https://reader031.vdocument.in/reader031/viewer/2022020713/546c2887af79596c298b4e99/html5/thumbnails/17.jpg)
TSIEM
• Razlicni event source (jedan device moze imati
vise event source)
• User information source (AD)
• Srodni event source sa razlicitih device idu u
istu bazu
• Router and switch – syslog server events
• Politika za svaku bazu (na nivou baze)
• Self audit TSIEM baze
![Page 18: Compliance management u bankarstvu tsiem - nina ugrinovska](https://reader031.vdocument.in/reader031/viewer/2022020713/546c2887af79596c298b4e99/html5/thumbnails/18.jpg)
TSIEM
Event Source View
![Page 19: Compliance management u bankarstvu tsiem - nina ugrinovska](https://reader031.vdocument.in/reader031/viewer/2022020713/546c2887af79596c298b4e99/html5/thumbnails/19.jpg)
TSIEM
Dashboard
![Page 20: Compliance management u bankarstvu tsiem - nina ugrinovska](https://reader031.vdocument.in/reader031/viewer/2022020713/546c2887af79596c298b4e99/html5/thumbnails/20.jpg)
TSIEM
Reports
![Page 21: Compliance management u bankarstvu tsiem - nina ugrinovska](https://reader031.vdocument.in/reader031/viewer/2022020713/546c2887af79596c298b4e99/html5/thumbnails/21.jpg)
TSIEM
Reports
![Page 22: Compliance management u bankarstvu tsiem - nina ugrinovska](https://reader031.vdocument.in/reader031/viewer/2022020713/546c2887af79596c298b4e99/html5/thumbnails/22.jpg)
Definiranje procesa, privilegija i
odgovornosti
OO + NT = EOOBusiness process reengineering
![Page 23: Compliance management u bankarstvu tsiem - nina ugrinovska](https://reader031.vdocument.in/reader031/viewer/2022020713/546c2887af79596c298b4e99/html5/thumbnails/23.jpg)
Definiranje procesa, privilegija i odgovornosti
Business Model for IS
![Page 24: Compliance management u bankarstvu tsiem - nina ugrinovska](https://reader031.vdocument.in/reader031/viewer/2022020713/546c2887af79596c298b4e99/html5/thumbnails/24.jpg)
Definiranje procesa, privilegija i odgovornosti
Business Model for IS
Organization Design / Strategy
• Organization is a network of people interacting with each other - contains
interactions between people & elements (it drives culture, governance &
architecture). IS as a component needs to map to the whole organization
• Strategy specifies the goals & objectives to be achieved as well as the
values & missions to be pursued. (business formula for success, setting
the basic direction).
• Design relates to the formal organization structure
![Page 25: Compliance management u bankarstvu tsiem - nina ugrinovska](https://reader031.vdocument.in/reader031/viewer/2022020713/546c2887af79596c298b4e99/html5/thumbnails/25.jpg)
Definiranje procesa, privilegija i odgovornosti
Business Model for IS
Process
• Includes formal & informal mechanisms to get things done
• Provides vital link to all of the dynamic interconnections
• Process is designed to identify, measure, manage, & control risk,
availability, integrity & confidentiality, & to ensure accountability
• Can be COBIT; ITIL; ISO27002 or a combination
Technology
• Organizational Infrastructure
• Tools that make processes more efficient.
• Used to meet organization’s mission
• The ‘glue’ for IS issues
![Page 26: Compliance management u bankarstvu tsiem - nina ugrinovska](https://reader031.vdocument.in/reader031/viewer/2022020713/546c2887af79596c298b4e99/html5/thumbnails/26.jpg)
Definiranje procesa, privilegija i odgovornosti
Business Model for IS
People
• Represents the human resources & IS issues that surround them
• Collective of human actors inc. values & behaviors
• All whose efforts must be coordinated to accomplish the organization’s
goals
• Not just units of “one” since each individual comes with all their
experiences, values, etc
• Need to harness ‘human intelligence’
![Page 27: Compliance management u bankarstvu tsiem - nina ugrinovska](https://reader031.vdocument.in/reader031/viewer/2022020713/546c2887af79596c298b4e99/html5/thumbnails/27.jpg)
Definiranje procesa, privilegija i
odgovornosti • Lista servera, produkta i uredjaja za logiranje
• Odgovorni zaposleni za pojedine sisteme (system owners) i njihove
privilegije
• Odgovornosti za dnevne ili periodincne taskove na Log Management
sistemu
• Usaglasenost za internim politikama i procedurama
• Business Continuity & Disaster Recovery
• Definiranje inicijalnih politika I grupa:
• Podela na grupe : korisnici, administratori, srodni serveri, srodne
aktivnosti….
Korelacije izmedju odredjenih sistema
Policy Rules – gde daje alert na “policy exception”
Special Attention Rules – gde daje alert kada se dogodi definisana
aktivnost
![Page 28: Compliance management u bankarstvu tsiem - nina ugrinovska](https://reader031.vdocument.in/reader031/viewer/2022020713/546c2887af79596c298b4e99/html5/thumbnails/28.jpg)
Definiranje procesa, privilegija i
odgovornosti
![Page 29: Compliance management u bankarstvu tsiem - nina ugrinovska](https://reader031.vdocument.in/reader031/viewer/2022020713/546c2887af79596c298b4e99/html5/thumbnails/29.jpg)
Definiranje procesa, privilegija i odgovornosti
Grupiranje u TCIM
![Page 30: Compliance management u bankarstvu tsiem - nina ugrinovska](https://reader031.vdocument.in/reader031/viewer/2022020713/546c2887af79596c298b4e99/html5/thumbnails/30.jpg)
Sta obuhvatiti, koje rezultate ocekivati,
alerting
• Koji sistemi nas interesuju
– DB
– aplikacije
– OS
– devices
– desktop
• Koji eventi sa sistema
– Tipicni
– Netipicni
• Kako reagirati na odredjene evente
• Koji su incidenti za koje treba postaviti alert
• Kakve rezultate ocekivati od Tivoli-ja
• Bez prethodnog definisanja potreba, nemozemo ocekivati zeljeni output
![Page 31: Compliance management u bankarstvu tsiem - nina ugrinovska](https://reader031.vdocument.in/reader031/viewer/2022020713/546c2887af79596c298b4e99/html5/thumbnails/31.jpg)
Implementacija, testiranje I konsolidacija
• Implemetacija u saradnji sa vendorima na bazi nasih
zahteva
• Best practice
• Definisanje svih politika
• Instalacija agenta na sistemima
• Izrada tehnicke dokumentacije
• Izrada korisnicke dokumentacije
• Testiranje sistema, dali se dobijaju zeljeni rezultati I
alerti
![Page 32: Compliance management u bankarstvu tsiem - nina ugrinovska](https://reader031.vdocument.in/reader031/viewer/2022020713/546c2887af79596c298b4e99/html5/thumbnails/32.jpg)
Operativni rad, razvoj i unapredjenje
sistema, reporting
• Dediciran full time job position
• Odrzavanje sistema, redovni bekapi,
availability sistema
• Razvoj i dopuna politika prema potrebama
izvestajnog dela
• Uciti na greskama definicija grupa, politika,
alertinga
![Page 33: Compliance management u bankarstvu tsiem - nina ugrinovska](https://reader031.vdocument.in/reader031/viewer/2022020713/546c2887af79596c298b4e99/html5/thumbnails/33.jpg)
Operativni rad, razvoj i
unapredjenje sistema, reporting
• Forenzicke analize
• Implementiranje novih zahteva
• Definicija izvestaja
• Compliance izvestaji
• Custom izvestaji
• Adhoc izvestaji
![Page 34: Compliance management u bankarstvu tsiem - nina ugrinovska](https://reader031.vdocument.in/reader031/viewer/2022020713/546c2887af79596c298b4e99/html5/thumbnails/34.jpg)
Kako resiti sigurnost i regulativu?!?!
Trust
(Pray)
Open source
(Is it really free of charge?)
Commercial
(OK, How many zeroes?)
Outsource
(“I’m Winston Wolf, I solve problems.”)
![Page 35: Compliance management u bankarstvu tsiem - nina ugrinovska](https://reader031.vdocument.in/reader031/viewer/2022020713/546c2887af79596c298b4e99/html5/thumbnails/35.jpg)
Summary : Dali smo sigurni da smo sada
SIGURNI
• Dali nam je Tivoli resio probleme?
• Ili nam generirao nove?
• Uz implementaciju Tivolija smo naucili da je
osnova sigurnosti detaljna analiza biznis
procesa (organizacije, zaposlenih i
tehnologije)
• Sa implementacijom Tivolija smo unapredili i
struktuirali celokupno poslovanje.
![Page 36: Compliance management u bankarstvu tsiem - nina ugrinovska](https://reader031.vdocument.in/reader031/viewer/2022020713/546c2887af79596c298b4e99/html5/thumbnails/36.jpg)
Q & A