IT Security in Banque du Liban

IT Security
in Banque du Liban
Zeina AOUN
Head of Security Division
IT Department
BANQUE DU LIBAN
Workshop on Building Trust and Confidence in Arabic e-Services
25-27 May 2010
BANQUE DU LIBAN – IT Department
AGENDA
BDL Security Drivers
BDL Global Security Solutions
BDL Secure e-Banking Services
Let us not look back in anger or forward in fear, but around in awareness
James Thurber
BANQUE DU LIBAN – IT Department
1
BDL Security Drivers
Risks Anticipation
Vulnerability Management
Risk Assessment
Remediation Prioritization
ISO 27001/27002/27005
BS25999
Traceability & Audit
Lebanese Law
Global Expansion
Follow technology evolution
Rationalization
Adapt to changing business
Open Standards
Security aligned with business
Business process improvement
Efficiency
Integrity – Confidentiality – Authentication – Availability - Auditing
BANQUE DU LIBAN – IT Department
BDL Global Security Solutions (1/4)
BU
D
IL
EA
M
E
R
SU
End to End Approach for Security
BANQUE DU LIBAN – IT Department
2
BDL Global Security Solutions (2/4)
Understand
Analyze
Measure
Security Definition & Auditing
ISO 27001, 27002 & 27005 Assessments, Risk
Management
Technical & Organizational Auditing
Security Strategy, Security Policies, Security
Insurance Plan, Security Awareness, Continuity
& Disaster Recovery Plans
Security technology Evaluation & Prototyping
BANQUE DU LIBAN – IT Department
BDL Global Security Solutions (3/4)
Design
Build
Architecture, Design & Implementation
System Security: OS Hardening, Desktop Security
Services (antivirus, anti-spam & NAC), Host IPS,
Reverse Proxies, URL Control & Filtering
Network Security: Firewalls, Network IPS, IPSec &
SSL VPNs
Application Security: E-Signature based on Public Key
Infrastructure, Access Control – Multi-factor
authentication (smart cards & Biometric solutions)
Added-Value Security: Security Information and
Management Solutions (SIEM), Risk Management,
Identity Acess Management
BANQUE DU LIBAN – IT Department
3
BDL Global Security Solutions (4/4)
Information Security Management
Run
Supervision, Administration & Monitoring of the
Overall BDL IT environments
Security Information & Event Management,
Security Alerting & Reporting
Security Watch
Security Incident Analysis
Vulnerability Management
BANQUE DU LIBAN – IT Department
BDL e-Banking Services (1/8)
Business Objectives & Scope
Empower Lebanon to play a major role in the Middle
East as a provider of e-services including e-commerce, ebanking and e-financial services
Platform for secure payments (banks, markets,
governments & cross border)
Electronic end-to-end processing at all levels of
interaction
Assured reliability & integrity of strategic information
Appropriate regulatory environment
Increased ability to manage market liquidity & risks
BANQUE DU LIBAN – IT Department
4
BDL e-Banking Services (2/8)
SEBIL – Secure Elecronic Banking and Information for Lebanon
Electronic payment & reporting systems
Realtime Settlement System
Automated Clearing House
Treasury Management System
Asset Management
Decision support System
BANQUE DU LIBAN – IT Department
BDL e-Banking Services (3/8)
SITI –Secure IT Infrastructure to support SEBIL
Extranet Access
(VPN, Application)
FireWalls
Secure Zones
PKI/CA, Antivirus,
Mail Relay,Proxy
Security Management
Internet Access
(Web, Mail)
IDS / IPS
High Availability
ISP, Internet
BANQUE DU LIBAN – IT Department
5
BDL e-Banking Services (4/8)
Infrastructure End-to-End Security Challenges
BANQUE DU LIBAN – IT Department
BDL e-Banking Services (5/8)
BDL PKI Security Principles
Highly Available & Secure PKI Infrastructure
Distributed Architecture & Restricted Access Rules
Detailed CP & CPS Policies
Controlled Certificate Life-Cycle Management
HSMs for securing CAs Private Keys
Key Archive Services for recovery of user encryption
keys
End-to-End Process Control
BANQUE DU LIBAN – IT Department
6
BDL e-Banking Services (6/8)
PKI-Enabled Applications
Application-based electronic transactions signing
Electronic Data Interchange
Virtual Private Networks
Client & Server Authentication
Smart Card Logon
Time stamping and non-repudiation services
BANQUE DU LIBAN – IT Department
BDL e-Banking Services (7/8)
Certificate Life-Cycle Management
Authentication & Encryption
User Certificates / Device
Certificates
Smart Card Authentication
Match-On-Card Biometric
Authentication
Card Issuance & Management
System
Certificate life-cycle
management from issuance up
to revocation
BANQUE DU LIBAN – IT Department
7
BDL e-Banking Services (8/8)
A Guaranteed Trust …
Security Infrastructure On-line with Business
End-to-End Security Approach
Centralized & Efficient Security Management
Conformity to Best Practices & Security Standards
Reliable & Scalable Architecture
BANQUE DU LIBAN – IT Department
Thank You …
BANQUE DU LIBAN – IT Department
8