CSBS网络风险管理

fiyafinal
1 ℃
2019-05-15

整理文档很辛苦，赏杯茶钱您下走！

还剩 ... 页未读，继续阅读 >>

免费阅读已结束，点击下载阅读编辑剩下 ... 页

阅读已结束，您可以下载文档离线阅读编辑

资源描述

CYBERSECURITYAResourceGuideforBANKEXECUTIVESExecutiveLeadershipofCybersecurityCEOLETTERIamproudtopresenttoyoutheCSBSExecutiveLeadershipofCybersecurityResourceGuide.Thenumberofcyber-attacksdirectedatfinancialinstitutionsofallsizesisgrowing.AddressingthisnewthreatrequiresaconcertedeffortbycommunitybankCEOs.ThisiswhytheConferenceofStateBankSupervisors,onbehalfofstateregulators,launchedtheExecutiveLeadershipofCybersecurityinitiative(ELOC).TheELOCinitiativeisdesignedtoengagebankexecutivesandprovideyouthetoolstoaddresscybersecuritythreats.TheinformationprovidedwithinthisguideistailoredtofurnishCEOswiththenecessarytoolstobetterunderstandthethreatsyourinstitutionfacesandhowtoprepareforthem.Italsoprovidesquestionstoaskyourstafftoensuretheyareproactiveinidentifyingandaddressingcybersecurityrisks.Thankyoufortakingtheinitiativetomakeyourbank,yourcustomers,andyourcommunitysaferwhileonline.Yourleadership,determination,andwillingnesstoadaptareinstrumentaltomaintainingarobust,securefinancialsystem.JohnW.RyanPresident&CEO,ConferenceofStateBankSupervisorsCYBERSECURITY101:AResourceGuideforBANKEXECUTIVESTABLEOFCONTENTSIntroduction.....................................................................2Identify.............................................................................3Protect..............................................................................9Detect.............................................................................15CyberThreats.................................................................188MobileBankingRecommendations............................20Respond..........................................................................22Recover...........................................................................27Glossary..........................................................................31Sources...........................................................................35=8a22924CYBERSECURITY:Theabilitytoprotectordefendtheuseofcyberspacefromcyber-attacks.(NationalInstituteofStandardsandTechnology,NIST)THEPERSISTENTTHREATOFINTERNETATTACKSISASOCIETALISSUEFACINGALLINDUSTRIES,ESPECIALLYTHEFINANCIALSERVICESINDUSTRY.ONCELARGELYCONSIDEREDANITPROBLEM,THERISEINFREQUENCYANDSOPHISTICATIONOFCYBER-ATTACKSNOWREQUIRESASHIFTINTHINKINGONTHEPARTOFBANKCEOSTHATMANAGEMENTOFABANK’SCYBERSECURITYRISKISNOTSIMPLYANITISSUE,BUTACEOANDBOARDOFDIRECTORSISSUE.2CYBERSECURITY101:AResourceGuideforBANKEXECUTIVESINTRODUCTIONCybersecurityexpertsexpectthetrendtowardincreasinglysophisticatedcyber-attackstocontinueinthenearfuture.Andthefinancialservicesindustry,avitalcomponentofthenation’scriticalinfrastructure,remainsaprimetargetforcybercriminals.Cyberrisks,likereputationalandfinancialrisks,havetheabilitytoaffectabank’sbottomline.Itcanbecostly,compromisingtocustomerconfidence,and,insomecases,thebankcouldbeheldlegallyresponsible.Beyondtheimpacttoanindividualbank,cyberriskshavefar-reachingeconomicconsequences.DuetotheinherentinterconnectednessoftheInternet,asecuritybreachatafewfinancialinstitutionscanposeasignificantthreattomarketconfidenceandthenation’sfinancialstability.Thisreinforcesthenotionthatsafeguardingagainstcybersecuritythreatsisnotaproblemthatcanbeaddressedbyanyonebank.Toadequatelydealwiththepersistentthreatofcyber-attacks,financialinstitutionsandbankregulatorsmustcometogether,collaborate,identifypotentialweaknesses,andshareindustrystandardsandbestpractices.Thegoalofthisdocumentistoprovideyou,thebankCEO,withanon-technical,easy-to-readresourceoncybersecuritythatyoumayuseasaguidetomitigatecybersecurityrisksatyourbank.Thisresourceguideputsinonedocumentindustryrecognizedstandardsforcybersecurity,bestpracticescurrentlyusedwithinthefinancialservicesindustry,andanorganizationalapproachusedbytheNationalInstituteofStandardsandTechnology(NIST).WhilethisresourceguideistailoredforthecommunitybankCEOandexecutivestaff,allbankCEOscanbenefitfromthisguideregardlessofabank’scybersecurityinherentrisk.Whilethisresourceguidedoesnotguaranteeprotectionagainstcybersecuritythreats,itattemptstoidentifyvariousresources—includingpeople,processes,toolsandtechnologies—thatfinancialinstitutionscanusetoreducethepotentialofapossiblecyber-attack.Cybersecurity101isorganizedaccordingtothefivecorecybersecurityfunctionsoftheNIST’sCybersecurityFramework.Thesefivefunctionsprovideorganizationandstructuretothehelpyourbanknavigateitswaytobetterprotectionagainstcyberthreats.Thefivecorefunctionsofcybersecurityinclude:IDENTIFYinternalandexternalcyberrisks.DETECTsystemintrusions,databreaches,andunauthorizedaccess.PROTECTorganizationalsystems,assets,anddata.Respondtoapotentialcybersecurityevent.RECOVERfromacybersecurityeventbyrestoringnormaloperationsandservices.Symantec’s2014InternetSecurityThreatReportrevealedthatatotalof253databreachestookplacein2013.Thisisanincreaseof62%from2012.CYBERSECURITYIDENTIFY4CYBERSECURITY101:AResourceGuideforBANKEXECUTIVESIDENTIFYThefirstcorecybersecurityfunc