IT Security in Banque du Liban
Transcription
IT Security in Banque du Liban
IT Security in Banque du Liban Zeina AOUN Head of Security Division IT Department BANQUE DU LIBAN Workshop on Building Trust and Confidence in Arabic e-Services 25-27 May 2010 BANQUE DU LIBAN – IT Department AGENDA BDL Security Drivers BDL Global Security Solutions BDL Secure e-Banking Services Let us not look back in anger or forward in fear, but around in awareness James Thurber BANQUE DU LIBAN – IT Department 1 BDL Security Drivers Risks Anticipation Vulnerability Management Risk Assessment Remediation Prioritization ISO 27001/27002/27005 BS25999 Traceability & Audit Lebanese Law Global Expansion Follow technology evolution Rationalization Adapt to changing business Open Standards Security aligned with business Business process improvement Efficiency Integrity – Confidentiality – Authentication – Availability - Auditing BANQUE DU LIBAN – IT Department BDL Global Security Solutions (1/4) BU D IL EA M E R SU End to End Approach for Security BANQUE DU LIBAN – IT Department 2 BDL Global Security Solutions (2/4) Understand Analyze Measure Security Definition & Auditing ISO 27001, 27002 & 27005 Assessments, Risk Management Technical & Organizational Auditing Security Strategy, Security Policies, Security Insurance Plan, Security Awareness, Continuity & Disaster Recovery Plans Security technology Evaluation & Prototyping BANQUE DU LIBAN – IT Department BDL Global Security Solutions (3/4) Design Build Architecture, Design & Implementation System Security: OS Hardening, Desktop Security Services (antivirus, anti-spam & NAC), Host IPS, Reverse Proxies, URL Control & Filtering Network Security: Firewalls, Network IPS, IPSec & SSL VPNs Application Security: E-Signature based on Public Key Infrastructure, Access Control – Multi-factor authentication (smart cards & Biometric solutions) Added-Value Security: Security Information and Management Solutions (SIEM), Risk Management, Identity Acess Management BANQUE DU LIBAN – IT Department 3 BDL Global Security Solutions (4/4) Information Security Management Run Supervision, Administration & Monitoring of the Overall BDL IT environments Security Information & Event Management, Security Alerting & Reporting Security Watch Security Incident Analysis Vulnerability Management BANQUE DU LIBAN – IT Department BDL e-Banking Services (1/8) Business Objectives & Scope Empower Lebanon to play a major role in the Middle East as a provider of e-services including e-commerce, ebanking and e-financial services Platform for secure payments (banks, markets, governments & cross border) Electronic end-to-end processing at all levels of interaction Assured reliability & integrity of strategic information Appropriate regulatory environment Increased ability to manage market liquidity & risks BANQUE DU LIBAN – IT Department 4 BDL e-Banking Services (2/8) SEBIL – Secure Elecronic Banking and Information for Lebanon Electronic payment & reporting systems Realtime Settlement System Automated Clearing House Treasury Management System Asset Management Decision support System BANQUE DU LIBAN – IT Department BDL e-Banking Services (3/8) SITI –Secure IT Infrastructure to support SEBIL Extranet Access (VPN, Application) FireWalls Secure Zones PKI/CA, Antivirus, Mail Relay,Proxy Security Management Internet Access (Web, Mail) IDS / IPS High Availability ISP, Internet BANQUE DU LIBAN – IT Department 5 BDL e-Banking Services (4/8) Infrastructure End-to-End Security Challenges BANQUE DU LIBAN – IT Department BDL e-Banking Services (5/8) BDL PKI Security Principles Highly Available & Secure PKI Infrastructure Distributed Architecture & Restricted Access Rules Detailed CP & CPS Policies Controlled Certificate Life-Cycle Management HSMs for securing CAs Private Keys Key Archive Services for recovery of user encryption keys End-to-End Process Control BANQUE DU LIBAN – IT Department 6 BDL e-Banking Services (6/8) PKI-Enabled Applications Application-based electronic transactions signing Electronic Data Interchange Virtual Private Networks Client & Server Authentication Smart Card Logon Time stamping and non-repudiation services BANQUE DU LIBAN – IT Department BDL e-Banking Services (7/8) Certificate Life-Cycle Management Authentication & Encryption User Certificates / Device Certificates Smart Card Authentication Match-On-Card Biometric Authentication Card Issuance & Management System Certificate life-cycle management from issuance up to revocation BANQUE DU LIBAN – IT Department 7 BDL e-Banking Services (8/8) A Guaranteed Trust … Security Infrastructure On-line with Business End-to-End Security Approach Centralized & Efficient Security Management Conformity to Best Practices & Security Standards Reliable & Scalable Architecture BANQUE DU LIBAN – IT Department Thank You … BANQUE DU LIBAN – IT Department 8