Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

Day 1 Coop Banks

Presentation by CERT-Hungary

  • Sé el primero en comentar

  • Sé el primero en recomendar esto

Day 1 Coop Banks

  1. 1. Working together with banks from a CERT perspective + CIIP Ferenc Suba LLM, MA Chairman of the Board, CERT-Hungary, Theodore Puskás Foundation Vice-Chair of the Management Board, European Network and Information Security Agency
  2. 2. PTA CERT-Hungary WHO WE ARE? PTA CERT-Hungary = Government network security center Within Theodore Puskás Foundation funded and supervised by the government CO-OPERATION AGREEMENT WITH FINANCIAL SUPERVISORY AUTHORITY: Scope: awareness raising (website, school class), recommendation (safe e-banking), ISAC (information sharing and analysis center) FINANCIAL ISAC HU: In co-op with FSA, BAH, Police SERVICE AGREEMENTS WIHT BANKS: - 5 concluded, 3 underway
  3. 3. Financial ISAC HU - History: joint comexes with banks since early 2006 - Great leap forward: large phising attacks in Dec 2006 - Constituents: CERT-HU, Law Enforcement, Banking Assoc. of HU, Financial Supervisory Authority - Activity: information sharing, exercises, recommendations, coordination - Results: TLP, Advisory, simulated DDos attack exercise - Future: prep for FSA recomm. on the security of internet banking, coop. with similar ISACs (GOVCERT.NL, AUSCERT, DHS)
  4. 4. COMEX07 The exercises -Goal: -to test the communication between the participants and the internal procedures of the banks in case of a Ddos attack -Tasks: -Two banks acting as victims, -Banking Association coordinating the exercise and representing the banks towards CERT-Hungary, -CERT-Hungary providing technical infrastructure, playing the attacker, ISP and server operator for one of the banks and itself - FSA, GIRO, Police: observers and evaluators
  5. 5. The exercises COMEX08: Goal: to test communication and internal procedures in case of an international malicious code collecting client’s data, password Tasks: 6 banks to eliminate the malicious code and changing passwords, requesting log-analysis form CERT-Hungary, identification of data leakage and malicious activity based on log- analysis, reporting to the police CERT-Hungary: reporting the malicious code to banks, log- analysis, identification and shutting down of collecting servers with the involvemen of the police FSA, Police: observers and evaluators
  6. 6. The exercises COMEX09: Goal: to test the protective reactions of the banks in case of a penetration Tasks: 2 banks to protect a simulated banking environment CERT-Hungary: provision of the simulated banking environment, serving as attacker Banking Association, FSA, Police: interactive players and evaluators
  7. 7. CIIP in Energy Sector USA: ISAC Model (branch specific co-op. under DHS) Europe: EU-SCSIE (Shell, Electrabell, Swissgrid, EDF, CERN, SEEMA, Melanie, CERT-Hungary) Global: Meridian Process Control WG Hungary: CIIP WG (MOL, Paks, MAVIR, Telco, CERT-Hungary) First exercise in May, 2009 (NHH, MOL, MAVIR, MEH, NFGM, PTA CHK) electricity outage having a spillover effect in oil, gas, and communications
  8. 8. Thank you for your attention! PTA CERT-Hungary Theodore Puskás Foundation ENISA