Cyber Security
Know your vulnerabilities and take control over it.
SWIFT Cyber Security
Cyber attacks are becoming increasingly sophisticated in the financial community. The persistence of such threats underlines the importance of remaining vigilant and proactive over the long term. While customers are responsible for protecting their own environments and access to SWIFT, SWIFT’s Customer Security Programme (CSP) has been introduced to support customers in the fight against cyber fraud.
The CSP establishes a common set of security controls designed to help customers to secure their local environments and to foster a more secure financial ecosystem. The SWIFT Customer Security Controls Framework describes a set of mandatory and advisory security controls for SWIFT users. Mandatory security controls establish a security baseline for the entire community, and must be implemented by all users on their local SWIFT infrastructure. SWIFT has chosen to prioritise these mandatory controls to set a realistic goal for near-term, tangible security gain and risk reduction. Advisory controls are based on good practice that SWIFT recommends users to implement. Over time, mandatory controls may change due to the evolving threat landscape, and some advisory controls may become mandatory.
To ensure adoption of the controls, SWIFT has developed an attestation and compliance process that will require users to self-attest compliance against the mandatory and, optionally, the advisory security controls. Users will be asked to submit self-attestation status information into a dedicated security attestation folder of the KYC Registry. All users must self-attest compliance against the mandatory security controls outlined in a specific release at first by the end of the version year (as an example, by the end of 2019 at the latest for v2019). Users will be required to resubmit their attestation on an annual basis thereafter.
Security audits
The objective of a security audit is to provide management with an assessment of an organization’s security policies and procedures and their operating effectiveness. Additionally, security audits identify internal control and regulatory deficiencies that could put the organization at risk.
Audit gives answers to hundreds of questions organization might ask every day, e.g. how to keep compliance with international and local regulations? How to develop a security policy for organization ‘s business? How to protect sensitive data of organization?
Security audit focuses on security standards, guidelines and procedures, as well as the implementation of these controls.
Audit helps enterprises with the challenges of managing threats, by providing an objective evaluation of the controls and making recommendations to improve them as well as assisting the senior management and the board of directors understand and respond to risks.
Security audit includes:
- Determining scope and gathering information about processes, assets, and support information systems,
- Analysis of the current documentation on security measures,
- Performing the assessment and analysis of implemented security measures,
- Identify instances of non-compliance and design measures to eliminate them,
- Make the report from the assessment of compliance with the proposed measures.
Corrective measures
If organization already passed any audit, Digital Systems can help them with implementation of corrective measures according to result of an audit.
Within corrective measures Digital Systems also provides support or outsourcing of information and cybersecurity manager.
The service is aimed to providing qualified, expert knowledges, advice on the execution of some operational activities in the field of information and cyber security. The goal of the service is to provide to an internal information and cyber security manager in the organization with regular professional support of experts who have practical multi-year (7 to 10 years) experience in this field without the need to work full-time.
The areas of professional support services provided are mainly:
- Comprehensive guidance for information and physical security management processes in the organization.
- Creating an organization’s security strategy according to regulatory requirements, organization needs and focus, or other criteria
- Implementation of processes for managing information security and development of management documentation (policies, guidelines).
- Creating, updating additional sub-controlling documents for each area of information and cyber security in accordance with the organization’s options and needs.
- Assessing projects, products, changes and other activities from a safety perspective, identifying risks and proposing safety measures.
- Internal customer support for information and cyber security.
- Performing selected control activities for information security.
- Addressing security incidents, investigating internal external frauds (individual).
- Advice on selecting security technologies and services and coordinating their suppliers.
- Ensuring compliance with the required SWIFT – CSF, ISO 27001, PCI DSS, SOX and valid regulatory standards.
- Security management in relation to third parties.