產業視野下的 InfoSec 勤業眾信風險管理諮詢股份有限公司 萬幼筠 總經理
InfoSec
2
Peer-Review
(Review)
APP
IOT
/Gateway
&
IT
3
P2P
IOTP2P
()
Fintech (UX)
4
Fintech
01
02
03
04
05
/
//
1st
2nd
3rd
5
Fintech()
1
2
3
Fintech
Fintech
()
6
? ? /?
Gartner20154.7%Gartner20157544.7%
Gartner
http://technews.tw/2015/09/23/gartner-information-security-cost-in-2015/
Organizations spent
$ 75.4 billionOn information Security in 2015
According to Gartner
7
, NSAS PRISM
PRISMForeign Intelligence Surveillance CourtPRISMPRISM
7
Main-wayMarinaNucleon
Plans Since 2007
PRISM | Boundless Informant | X-Keyscore | Dropmire | Fairview | Surveillance
Detection Unit | Bullrun | GCHQ | collaboration | MUSCULAR | IMP | Tempora |
Mastering the Internet | Global Telecoms Exploitation Discontinued Trailblazer
Project | ThinThread | President's Surveillance Program ( Terrorist Surveillance
Program, STELLARWIND)
8
PRISM
PRISM2007US-984XN8
9
9
()
10
Fintech
1
()
11
20162016
8,100
DAO3607200
8686
ATM
120
SevenEnet18.6
RCBC
321 54 7 86
Bitfinex127800
DDoS
9
OBU7
12
Fintech
13
SWIFT
14
Fintech (bypass)
Fintech/
()
15
()Cyber Security
2017190 201635%
16
(), IT (FFIEC) Fintech I -
/
/
17
NIST / FFIEC /
/
18
Fintech III
/
19
Fintech IV Cyber Space
/
/
/
20
/
Fintech IV Cyber Security
1
&
2
3
4
5
21
Payment Card Industry Data Security Standard(PCI DSS) (self-regulated)
European Banking Authority Guidelines on the security of internet payments ENISA
UK Government-Distributed Ledger Technology: beyond block chain
NIST-Big Data Interoperability Framework Volume 4, Security and Privacy
EU Data Protection Regulation
Online Trust Alliance- IoT Trust Framework
ENISA-Securing Europe IoT Devices and Services
CSA-Security Guidance for Critical Areas of Focus in Cloud Computing
ENISA-Cloud Computing: Benefits, Risks and Recommendations for Information Security
ISO/IEC 27017 -Information security controls based on ISO/IEC 27002 for cloud services
ISO/IEC 27018 -Protection of personally identifiable information (PII) in public clouds acting as PII processors
22
Fintech V
:
SaaS
: & SaaS
IaaS
?
3
7
1
6
4
1
2
3
4
5
6
7
Public
Internet5
2
23
Fintech VI IT
STEP 1
Define war
game goals
STEP 4
STEP 5
STEP 7
STEP 6
STEP 2
STEP 1
STAGE 1
STAGE 2
STAGE 3
STAGE 4
STEP 3
24
802015916(Securities and Industry and Financial Markets Association, SIFMA)3Quantum Dawn
SIFMA20113650((SEC)()
35
: , (3)
25
1.2.
1.2.
Fintech VII
: 96
26
Fintech VIII
- Knowledge bases- Open &
subscription based Malware repositories
- Honeynets- Tracking websites - Phishing
repositories - Trap email accounts- Domain databases- Social media sites- Paste sites
- Subversive media - Mainstream news- TOR sites- Forums - IRC channel
monitoring- Security research
sites blogs- Vulnerability
databases - Think tanks- Blog sites
Cyber Security
(Cyber Intelligence)
Agent-based
Web-based//
27
FintechISAC
Security Research Intelligence Shared Industry Intelligence
Dark Web Monitoring Open Source Threat IntelligenceCommercial Threat Intelligence
Corporate Brand Intelligence
/know-how
know-how
Cyber/Physical Alerts from Govt, Partners, other ISACs
Cyber/Physical Alerts from Members
Critical Notifications 24x7 Monitoring (dashboard)CINS Crisis Notifications
Anonymous Submissions
Risk Mitigation Toolkit Threat Viewpoints
Portal Access Credentials Member Contact DirectoryDocument Repository
Regular Report
Complimentary Webinars Professional Meetings
Cyber Security Tip Newsletter Conduct SurveysParticipate in Community Institution Council
Teleconferences
Complimentary Regional Workshops
Inclusion in Threat Exercises Meets Regulatory Compliance Requirement
ISAC
Human Resource Intelligence Organization Analytics National Security
Deloitte""("DTTL"))"" www.deloitte.com/about 150220,000
Deloitte & ToucheDeloitte Touche Tohmatsu Limited
("")
2016