1 © 2002 Point Tiburon Group Operational Risk, Privacy & Security Jonathan Rosenoer Point Tiburon...

1© 2002 Point Tiburon Group

Operational Risk, Privacy & Security

Jonathan Rosenoer

Point Tiburon Group

May 2002


Content

Operational risk management overview

Trust as a design imperative and solution requirement

Illustrative solution components for security and privacy in an operational risk management system


The drive to manage and improve operational risk

Operational risk is “the risk of loss resulting from inadequate or failed processes, people and systems or from external events”

The Basel Committee on Banking Supervision, Bank for International Settlements, seeks to provide strong incentive to improve operational risk management in light of recent changes in Banks

– Growth of E-commerce

– Use of more highly automated technology

– Increased prevalence of outsourcing

– Emergence of banks as very large-scale service providers


“Banks should be aware that increased automation can transform high-frequency, low severity losses into low-frequency, high severity losses.”

Bank of New York (1985): 28 hour mainframe failure causes Bank of New York to borrow $20B to manage sale of securities, at an interest cost of $4M

Barings (1995): Unauthorized and concealed derivatives trading by Nick Leeson leads to $1.2B loss and collapse of Barings

First National Bank of Chicago (1996): ATM software error inflates 800 customer balances by sum of $763.9B

BancBoston (1998): 20-year employee, Ricardo Carrasco, disappears leaving behind $73M in irregular loans and credit extensions secured by fraudulent or non-existent collateral

PULSE (2000): 22-state EFT/ATM network disabled when Tropical Storm Allison floods main and backup power systems in Houston

Bank of New York (1999): Investigators allege that up to $15B was laundered out of Russia via the Bank of New York

Mellon Bank (2001): 40,000 federal tax returns and tax payment checks totaling $800M are lost or destroyed at processing center operated for the IRS

9-11-01: Cost of NY Financial Services business disruption -- lost revenues due to market closure and dislocation expense -- was about $1.8B

Allied Irish Banks (2/7/02): Foreign exchange trader, John Rusnak, is suspected of $750M fraud

J.P. Morgan Chase (2/27/02): Insurers deny claim for $965M on surety bonds arising from Enron failure on grounds the bonds were procured though fraud


A meaningful solution is multi-dimensional and flexible

Multi-dimensional: To implement and demonstrate appropriate risk management systems and processes, financial institutions require a holistic solution that provides a:

– Methodology to identify and capture loss event data

– Reporting framework

– Tool for root-cause analysis and alerting

Flexible: To implement and demonstrate appropriate risk management systems and processes, financial institutions require a flexible solution:

– Any data… Any control objective….In Real Time


An early vision of an operational risk management dashboard

XYZ Bank ORM Dashboard Period: 5/01/02 - 5/31/02Business Unit: All Business Line: All

Internal fraud

External fraud

Employment practices and workplace safety

Clients, products, and business practices

Damage to physical assets

Business disruption and system failures

Execution, delivery, and process management

XYZ Bank ORM Dashboard Period: 5/01/02 - 5/31/02Business Unit: Banking Business Line: Retail Banking

Event-type Category: Clients, Products, and Business Practices

Suitability, Disclosure and FiduciaryFiduciary breaches / guideline violations

Suitability / disclosure issues (KYK etc.)

Retail consumer disclosure violations

Breach of privacy

Aggressive sales

Account churning

Misuse of confidential information

Lender liability

Improper Business or Market PracticesAntitrust

Improper trade/market practices

Market manipulation

Insider trading (on firm's account)

Unlicensed activity

Money laundering

Product FlawsProduct defects (unauthorized, etc.)

Model errors

Selection, Sponsorship and ExposureFailure to investigate client per guidelines

Exceeding client exposure limits

Advisory ActivitiesDisputes over performance of advisory activities

NANA

NA

NANA

NA


Illustration: Control objective definition (powered by Digital Fuel)


Illustration: Event correlation


Illustration: Root source analysis


Illustration: What-If analysis


Looking at the problem from the bottom up

DataReports

Run-Time Engine

•Data collection•Correlation•Root cause analysis•What-If•Forecasting•…

Management Console

Web presentation

Data Adaptors•Network perf. mgt.•PBX•Billing•Ticketing•CRM•SFA•…

Rules Repository

•Control objectives•Data collection rules•Calculation rules•Presentation rules

Tools

•Data identification/mapping•Control objective constructor•Report authoring

: User : User

: User

: User

Source: Digital Fuel


Content


Trust as a design imperative and solution requirement



Required: Security and privacy

Office of the Comptroller of the Currency– A bank’s use of third parties to achieve its strategic goals does not diminish the responsibility of the

board of directors and management to ensure that the third-party activity is conducted in a safe and sound manner and in compliance with applicable laws.

– The OCC expects bank management to engage in a rigorous analytical process to identify, measure, monitor, and establish controls to manage the risks associated with third-party relationships and, as with all other risks, to avoid excessive risk-taking that may threaten the safety and soundness of a national bank. The OCC will review the bank’s information security and privacy protection programs regardless of

whether the activity is conducted directly by the bank or by a third party.

Gramm-Leach-Bliley Act– Ensure the security and confidentiality of customer records and information– Protect against any anticipated threats or hazards to the security or integrity of such records– Protect against unauthorized access to or use of such records or information that would result in

substantial harm or inconvenience to any customer


Source: Common Criteria

A threat assessment is a traditional starting place for building trust


Source: Common Criteria

Trust is a function of confidence in countermeasures


DataReports

Run-Time Engine

•Data collection•Correlation•Root cause analysis•What-If•Forecasting•…

Management Console

Web presentation

Data Extractors•Network perf. mgt.•PBX•Billing•Ticketing•CRM•SFA•…

Rules Repository

•Control objectives•Data collection rules•Calculation rules•Presentation rules

Tools

•Data identification/mapping•Control objective constructor•Report authoring

: User : User

: User

: User

!

! !

!

Systems thinking is key


Content


Trust as a design imperative and solution requirements



Remote login and SSH

SSH Secure Shell is used for remote logins. It seeks to solve the problem of hackers stealing passwords. Typical applications include 'lite VPN' applications, remote system administration, automated file transfers, and access to corporate resources over the Internet.

SSH Secure Shell allows you to – securely login to remote host computers– execute commands safely in a remote computer– securely copy remote files– provide secure encrypted and authenticated communications between two non-trusted hosts– TCP/IP ports can be forwarded over the secure channel, enabling secure connection, for

example, to an e-mail service.

SSH2 is designed against threats that include– Eavesdropping – Hijacking– IP spoofing

Source: SSH Communications Security


VPNs to connect offices and partners

Source: Check Point

VPNs securely extend corporate networks and reduce the costs that are incurred by leased lines and frame relay networks


An application layer “VPN” seeks to provide access to applications without exposing an internal network

The Yakatus Secure Global Relay supports simultaneous, secure, bi-directional data transmission from multiple services, applications, and protocols through a single port - and a single server. This feature seeks to obviate security issues generated by numerous open ports, tiered firewalls and multiple servers.

FirewallData MiningApplication

Server

SGR

Firewall

UCC

Laptop B

PDA A

Workstation A

Workstation B

Corporate network B

Corporate network A

WANInternet

SGR Modules

VPA

SGR Modules

VPA

Laptop A

PDA B

SGR


Trusted e-mail is repositioning for enterprise information exchange


New messaging systems seek to enable enterprise applications to communicate securely and reliably with one another over the Internet

Kenamea messaging operates in real time, securely delivering messages from any application end point to any other. At the core of the Kenamea offering is the Kenamea Message Switch, which acts as a hub, coordinating communication between application end-points.


Integration middleware offers another level of streamlining

The SeeBeyond Business Integration Suite centers on business processes in order to provide an integration solution that first streamlines business from end-to-end, then drills down into the next level of detail for application integration, data transformation, routing and messaging by generating the necessary technical components that manage the transformation and flow of information.


Enterprise security management provides a holistic view at the center

The ArcSight architecture is comprised of a data collection and storage system to consolidate network-wide alarms and alerts, analysis tools to detect multi-source and multi-target threats, and a display and report function to manage the results.


Integrated enterprise management provides another level of assurance

10

Single Action

Management

Task Profile

Management by

Subscription

Tivoli Software Distribution

Tivoli Inventory

Tivoli Distributed Monitoring

Tivoli Remote Control

Tivoli Business Systems Manager

Tivoli Enterprise Console (TEC)

Tivoli Manager for: Domino, DB2, Oracle, MQSeries, ...

Tivoli Enterprise Suite

Configuration and Operations

Management

Performanceand Availability

Management

Tivoli Enterprise FrameworkFoundation to establish

consistent management policies across heterogeneous platforms:

UNIX, Windows NT / 2000 / XP, Linux, NetWare, AS/400

Secure Authority

Delegation

Tivoli provides a common framework and single management agent for the core IT infrastructure.

IBM Tivoli Access Manager for Business Integration is a comprehensive security solution for IBM WebSphere MQ


At the presentation layer, secure relationship management

Netegrity Secure Relationship Management PlatformTM combines identity management, single sign-on and access control, provisioning, with portal presentation and integration services.

Netegrity SRM provides customers with a platform for securing, delivering and presenting enterprise resources for the interactive e-business.


: User

Credential Management

PKI

ComplianceChecker

Application

: Policy author

Request, Credential, Policy

Policy Compliance Value

Policy, Security Credential

Action Request, secure user ID

Security Credential

Security Credential

Process action / deny Request

Security Credential, secure user ID verification

Policy StoreRoot Policy

Policy

Action Request, secure user ID

In the future …?


Questions?

Jonathan RosenoerPresident

Point Tiburon GroupPh. 415.789.1354

[email protected]

1 © 2002 Point Tiburon Group Operational Risk, Privacy & Security Jonathan Rosenoer Point Tiburon...

Documents

Transcript of 1 © 2002 Point Tiburon Group Operational Risk, Privacy & Security Jonathan Rosenoer Point Tiburon...