MAINTAINING CUSTOMER LOYALTY THROUGH BUSINESS …...MAINTAINING CUSTOMER LOYALTY THROUGH BUSINESS RESILIENCE . Thomas E. Williams Business Continuity/Cyber Security Strategy Manager

MAINTAINING CUSTOMER LOYALTY THROUGH BUSINESS RESILIENCE

Thomas E. Williams Business Continuity/Cyber Security Strategy Manager

Gladiator - A Division of Jack Henry & AssociatesNorthville, Michigan

towilliams@jackhenry.com 313-318-3839

August 8 & 9, 2019

Maintaining Customer Loyalty Through Business Resilience

Tom WilliamsBusiness Continuity/Cyber Security Strategy Manager

Jack Henry & Associates, Inc.®

Presented byGladiator - A Division of Jack Henry & Associates &

The Graduate School of BankingAugust 9-10, 2019

Tom Williams

Jack Henry & Associates

(Gladiator Division)Business Continuity-Cyber Security Strategy Manager

313-318-3839

towilliams@jackhenry.com

Agenda

Information Security Program Components

Executing the Business Continuity / Cyber Incident Response Plan

Gladiator Cyber-Attack Mock Drill

Key Cyber Threats Facing Financial Institutions Today

The FFIEC Guidelines on Business Continuity and Cyber Security

Jack Henry & AssociatesThree Successful Brands

• Community and Multi-Billion Dollar Banks

• Core Processing Systems• Integrated Complementary

Products• In-House or Outsourced

Services

• Credit Unions of All Sizes• Core Processing Systems• Integrated Complementary

Products• In-House or Outsourced

Services

• Financial Institutions of All Sizes

• Corporate Entities and Strategic Partnerships

• Core Processor Agnostic• Best-of-Breed Niche Solutions

Brief Introduction to Gladiator Services

Gladiator®

CoreDEFENSEManaged Security

Services™

Gladiator® IT Regulatory Compliance/Policy

Products™

Centurion Business Continuity

Planning™/ Centurion Disaster

Recovery®

Gladiator® Hosted Network Solutions™

Gladiator® Managed IT Services™

In the News

CNN Headline - March 23rd

The FBI is investigating a ransomware attack on the city of Atlanta

Every business is at risk from …Natural Disasters, Accidents, & Environmental Events

Cyber Attacks and Terrorism

Power & Energy Disruptions

Internal / External Fraud

Physical Security

Human Error

The Information Security Program Components

Information Security Defined

• The processes and methodologies involved with keeping information Confidential, Available, and assuring its Integrity.

• Includes the following:– Access controls: Unauthorized access.– Protecting information: In transit, storage or idle state.– Resolution: Detection and remediation of breaches.

Three Principles of Information Security

• Confidentiality• Integrity• Availability

Compliance/ Risk

Committee

Compliance / Risk Committee

• Board Representation• Executive Management• Information Technology• Compliance / BSA / Information

Security Officers• Human Resources• Business Unit Managers /

Representatives

PoliciesCompliance/

RiskCommittee

Policies

• Information Security – Cyber-Security– Assignment of Responsibilities– Data Classification– Risk Management & Control – Vendor Oversight– Training– Incident Response– Program Review & Testing

Policies

• Tech Mgt & Responsibilities• Physical / Logical Security• Core Processing Services &

Security• Data Classification• Audit & Review• Education• Change Management

• Data Storage & Backup• Technology Usage (Wireless-

Email-VoIP-Remote Access-Mobile)

• Technology Management (Hardware/Software Inventory & Licensing-Patch Management-Lifecycle Management)

• Monitoring & Reporting

Policies

Compliance/ Risk

CommitteeRisk/Vulnerability

Assessments

Risk/Vulnerability Assessments• Information Security• IT Risk Assessment• E-banking

– Internet Banking – Authentication – Wires/ACH Origination – Remote Deposit Capture/Mobile Deposit Capture

• ID Theft Prevention– Fraud Alerts – Close Compromised Accounts

• External Penetration Testing• Internal Vulnerability Testing• Social Engineering Testing

Risk/VulnAssessmentsPolicies

Compliance/ Risk

Committee

Business Continuity &

Incident Response

Business Continuity / Incident Response Plan TOCBusiness Continuity Plan TOC1. Team Information

1. BU Recovery Team - Recovery Organization Charts

2. Workspace & Equip. Summary - Facilities & Locations

2. Notifications1. Personnel Notification Script - Business

Unit Call List2. Call List Team Leaders – External/Internal

Notifications3. Recovery Tasks

1. Recovery Phases – Recovery Tasks for Rec. Team

4. Business Impact Analysis Reports5. Process & Resources Reports6. Recovery Forms7. Appendix

Incident Response Plan TOC

Compliance/ Risk

Committee

Incident Handling & Reporting

Incident Response

• Identify Roles & Responsibilities• Recognize & Identify Event• Inform Appropriate Personnel• Initiate Documentation Process• Assign Incident Severity Level• Contain & Eradicate Event• Implement Preventative

Measures

• Recover• Notify Law Enforcement /

Customers / Regulators• Establish Media Communications• Perform Forensic Follow-up

Analysis• Create Executive Report• Store Documentation & Evidence• Post Mortem Review

Compliance/ Risk

Committee

Vendor Management

Incident Response

Vendor Management

• Vendor Evaluation and Selection • Contract Negotiations• Service Level Agreements (SLA)• Risk Management• Ongoing Due Diligence• Contingency Planning / Termination

Compliance/ Risk

Committee

Vendor Management

Security Awareness

Training

Incident Response

Security Awareness Training

• For Employees, Board & Management & Customers– Social Engineering (Pre-text calling – Phishing)– Acceptable Use– Incident Response– BCP – ID Theft Prevention / Handling

Compliance/ Risk

Committee

Incident Response

Vendor Management

IncidentReporting

Audits & Testing

Risk AssessmentsDefine ScopeControl Design and Operational Effectiveness TestingReportingRemediation Tracking

Compliance/ Risk

Committee

Incident Reporting &

Handling

Vendor Management

Security Awareness

Training

Audits & Testing

Regulatory Exams

Incident Response Plan

Regulatory Exams

• FFIEC (Federal Financial Institution Examination Council)– OCC (Office of Comptroller Currency)– FRB (Federal Reserve Bank)– FDIC (Federal Deposit Insurance Corporation)– NCUA (National Credit Union Administration)– CFPB (Consumer Financial Protection Bureau)

Compliance/ Risk

Committee

Incident Reporting Vendor

Management

Security Awareness

Training

Audits Regulatory Exams

Incident Response Plan

Today’s Focus

Detailed Status of InfoSec tasks

IS Ongoing Compliance Management – Status Report – Security Monitoring

IS Ongoing Compliance Management – Status Report – BCP/Disaster Recovery

IS Ongoing Compliance Management – Status Report – Vendor Management

IS Ongoing Compliance Management – Status Report – Policies

Remediation tracking

IS Ongoing Compliance Management – Status Report – Remediation Activities

Information Security Officer Responsibilities

Responsible for the Administration and Execution of the Information Security Program

Audits & Exams

Maximizing Effectiveness

Structure of Accountability

Skills and Expertise

Time Allocation

Governance Risk & Compliance

Effective Information

Security Program

Examiners position on Information Security Officer (ISO)

Independent ISO or Committee

Sufficient knowledge and training

Separate InfoSec oversight from IT

Rightsized InfoSec program

Source: FFIEC Guidelines, 2006

Examiners ISO methodologies

• Hire an ISO

• Appoint ISO Committee

• Outsource ISOAccepted by FFIEC

Information Security

Program Position

What is your Bank’s Information Security Program Position?

Limited Information Security Program

Effective Information Security Program

Moderate Risk

Each organization should continually strive to move toward the Low Risk area

Semi-High

Semi-Low

Low Risk

High Risk

What is Business Continuity Planning?

Business Continuity Planning is a proactive planning process that ensures critical services or products are delivered during a disruption.

Business ContinuityBusiness Unit Plans to

restore Critical Business Functions / Processes that the Business Units

are responsible for

Incident Response Plan used by the

Incident Response Team to prevent,

mitigate and recover from a cyber incident

Business Continuity Planning

encompasses Incident Response

Planning

People/ProcessesEmployeesMembersProcessesVendorsFire / PoliceUtilitiesRegulatorsPlans / ProceduresDocumentation

FacilitiesAlternate work areasRepaired facilitiesRecovery centersHospitalsShelter areasMobile Recovery UnitsOff-site storage facilities

TechnologySystemsServersApplicationsDataTelecommunications

People/Processes Facilities Technology

RISK MONITORING

SINESS

ALYSISRISK

ASSESSMENT

BCP Lifecycle

Business Functions-Recovery Window-Resources-Contingency StrategiesDi-Impact

Threats-Natural -Human-Technical-Cyber Attacks

Documentation-Emergency Management Plans

-Crisis Management Plans-Business Unit Plans-Incident Response Plan

Plan Maintenance-Phased approach-Tabletop exercises-Mock drills-Functional testing

FFIEC BCP Guidelines

Process for Recovering from a Disaster Event

Recovery Phases & Plan Execution

RECOVERY TIMELINE

CRISIS MANAGEMENT• Evacuation &

safety• Liaison• Stabilize• Incident

Response• Damage

assessment• Communications• Disaster

declaration

2CRISIS MANAGEMENT1

RELOCATE & RESTORE

• Notifications• Salvage• Establish

Command Centers

• Determine alternate workspaces

• Acquire resources

• Restore resources

2CRISIS MANAGEMENT1

RELOCATE & RESTORE

RECOVER BUSINESS FUNCTIONS3

• Recreate lost work

• Implement contingency strategies

• Resume business functions

2CRISIS MANAGEMENT1

RELOCATE & RESTORE

RECOVER BUSINESS FUNCTIONS3

REBUILD & RETURN4

• Repair or replace damaged equipment an/or facilities

• Formulate a plan for returning to normal operations

• Execute the plan

• Perform a debrief session

Locations, Personnel,

Recovery Teams, Departments

Business Functions, Process, Resources

Vendors, External Contacts

IT & Application Recovery Procedures

Custom Documentation

Testing

BCP Maintenance/

TestingProcess

Documentation

Emergency Management Plans• Evacuation procedures• Scenarios

Crisis Management Team Plan

Business Unit Recovery Team Plans

Team Responsibilities

MANAGEMENT ADMINISTRATIVE DAMAGE ASSESSMENT

INFORMATION SYSTEMS

BUSINESS UNITS

CRISIS MANAGEMENT

BUSINESS UNIT RECOVERY

Business Units• Recover business functions

- Relocate to assigned workspaces- Acquire and restore resources - Recreate lost work- Implement Contingency Strategies

Cyber-Attack Recovery Process

• Identify• Protect • Detect• Respond• Recover

Beyond Cybersecurity: Cyber Resilience

NIST Framework

• People – Board awareness, Educate all stakeholders, Trusted Advisor Partnerships

• Processes – Cyber Risk Appetite Statement, Test Incident Response Plan with DR/BCP; Succession Plan

• Technology – Monitor transactions and layer services to prevent, detect and respond to attacks; partner with trusted TSPs

Defense in Depth

Defense in Depth - TechnologyCore

Provider

Gladiator Research

Threat Intelligence Process

US-CERT

FBI FS-ISAC

iSIGHT

PlatformVendorsJHA

3rd Party

OtherPartners

Identify current methods attackers are using to infiltrate networks and infect systems

Locate and track hostile domains, botnets, and hosts on the Internet

Reverse engineer malware to learn new behaviors and infection methods

Assess current financial fraud methods

Incident Response Process

Cyber Incident

1.Report Incident

• Technical Support / Help Desk

2.Incident

Classification• Validation and Severity

of Incident

3.Notification/Escalation

• Who to contact, internal-external

4.Assessment

• Entry point of virus• Systems affected• Time to close incident• Regulatory - Law agencies

5.Documentation

• Phone conversations• System logs• Meeting minutes• Screen shots

6.Containment

• Shut down system• Disconnect from network• Monitor system/network• Set traps• Disable functions, etc.

Incident Response Process7.

Protecting Evidence

• Preserving hard drives• Documenting incidents

8.Eradication &

Recovery• Anti-virus software• System rebuilds

9.Follow-up Analysis

• System monitoring• Sequence of events• Method of discovery• Lessons learned

10.Incident

Prevention• Technology• Policies, procedures• Training on security awareness• Technical configurations• Access permissions, logs, etc.

11Vendor

Management• Tier 1 vendors must report all Incidents• T1 vendors must have Incident Response Plans• T1 Vendors must have Business Continuity Plans

Top Cyber Threats facing Financial Institutions

Top Cyber Threats

Social Engineering

Encrypted Traffic

Malicious Code

Variants

Supply Chain

Infections

Patches/ Vulnerabilities Ransomware

Honorable Mention

Internal Threats

Internet of Things(IOT)

Wireless/ Mobile

Evaluating Your Business Continuity Program

Evaluate your Business Continuity Program

Gladiator Risk Mitigation Services

• Business Continuity

• Disaster Avoidance – Disaster Recovery

• Multilayered security to mitigate cybersecurity risk

• 24/7 security monitoring

• Provide visibility into security and controls

• Certified security and compliance staff

• Empower management oversight

• Protect your reputation

RISK Mitigation

Centurion -BC/DR

CoreDEFENSE

IT Regulatory Compliance Managed IT

Hosted Network Solutions

Centurion BCP Services

• Enterprise-Wide BCP– Deluxe Engagement– Remote Engagement– Plan Maintenance Service

• BCP Software– COPE (Centurion’s Online Planning Expert)– SQL Database

• BC / DR Plan Reviews– DR Testing Assistance i.e., Replication Testing

• Mock Disaster Drills– Natural and Manmade Disasters– Cyber Attack

Gladiator Risk Mitigation Services

• Business Continuity

• Disaster Avoidance – Disaster Recovery

• Multilayered security to mitigate cybersecurity risk

• 24/7 security monitoring

• Provide visibility into security and controls

• Certified security and compliance staff

• Empower management oversight

• Protect your reputation

RISK Mitigation

Centurion -BC/DR

CoreDEFENSE

IT Regulatory Compliance Managed IT

Hosted Network Solutions

BCP/DR Support Organizations Websites• www.centuriondr.com

– Centurion Disaster Recovery • www.ready.gov

– US Department of Homeland Security• www.drj.com

– Disaster Recovery Journal (free magazine)• www.ffiec.gov

– Federal Financial Institutions Examination Council’s site• www.redcross.org

– American Red Cross• www.fema.gov

– Federal Emergency Management Agency• www.citizenscorps.gov/cert/

– Community Emergency Response Team• http://www.operationhope.org/effak/effak_english.pdf• Emergency Financial First Aid Kit – Supported by Operation Hope & FEMA

• Provide an interactive experience based on decisions associated with a cyber incident.

• Better understand your financial institution’s vulnerability toward cyber incidents.

• Assess your financial institution’s Incident Response Plan (IRP).

• Identify the major milestones associated with a cyber incident.

• Collaborate with your peers to share approaches to dealing with cyber incidents.

Cyber Incident Response Drill Objectives

• This is a test exercise, based on the probability of a real-world scenario.

• Treat scenario details as fact.

• Think about how your bank’s cyber program would measure up to a similar, but real incident.

• Consider what improvements may be required to your IRP resulting from the drill.

Cyber-Attack Drill Information

• You will be assigned to the Incident Response Team (IRT) of The Financial Institution of Madison.

• Your team will be given a scenario resulting in a cyber incident to The Financial Institution of Madison.

• Please assume the role that you are assigned to as an Incident Response Team Member.

• As the IRT your team must adhere to the appropriate steps required to navigate through the cyber incident.

Cyber-Attack Drill Information

Incident Response Drill Challenges

Situational events that your IRT has to make decisions on

Share ideas and learn from your peers

Challenges are derived from real-world situations

Poll Everywhere will display team challenge results

Creates group discussion and collaboration

• $757 million in assets

• Main office is located in downtown Madison, WI

• 9 additional branch office locations throughout Madison

• 211 employees and 511,000 customers

Financial Institution of Madison Bank Profile

• Core processing – Outsourced• Windows® infrastructure runs at main office• VMware Snapshots taken once per day and replicated off-

site at another branch twenty-five miles away• Uses a MPLS common network between branches• Thirty days of historical backups

Financial Institution of Madison Technology Profile

• More information will be provided during the class section to maintain the overall integrity of the exercise

• Be prepared to play an active role on the Incident Response Team that you are assigned to

• Regardless of your current role at your bank, the drill will provide insight to the fact that cyber-security is the responsibility of all employees

Tom Williams

Jack Henry & Associates

(Gladiator Division)Business Continuity-Cyber Security Strategy Manager

313-318-3839

towilliams@jackhenry.com

MAINTAINING CUSTOMER LOYALTY THROUGH BUSINESS …...MAINTAINING CUSTOMER LOYALTY THROUGH BUSINESS RESILIENCE . Thomas E. Williams Business Continuity/Cyber Security Strategy Manager

Documents

Instant Loyalty - actioncoachignite.co.za · The Nature Of....

IBM WebSphere Customer Loyalty Offering Business Partner...

ROLE OF CUSTOMER LOYALTY IN MAINTAINING SUSTAINABLE ...

E-Book - Loyalty System for Small Business

And Retaining tactics to address Customers Building...

Customer Loyalty · 2020. 4. 12. · Customer Loyalty...

Business Loyalty Apps

Creating and Maintaining Business Objects Universes

The Loyalty Easy Button, Loyalty Programs for Small Business...

Loyalty Marketing Business Model - Team Effort

ONLINE SUSTAINABILITY SUPPLEMENTS 2017...markets through...

Brand loyalty through your business channel

SDS5 - Business Case for Maintaining Agency Business...

Gaining and Maintaining IT & Business...

Maintaining Business Continuity During Your Lab Relocation

ORM Services Packages maintaining business image