Monthly Archives: January 2014

Customer protection and education

Overview Direct attacks on online financial systems have caused customer PINs to become increasingly vulnerable. Through targeted attacks, customer PINs are under constant threats from various types of systems vulnerabilities, security flaws, exploits and scams. The FI should ensure that … Continue reading

MAS Technology Risk Management Guidelines ,

Security measures for online systems

Overview A MITMA refers to a scenario where an interloper is able to read, insert and modify at will, messages between two communicating parties without either one knowing that the link between them has been compromised.  There are many possible … Continue reading

MAS Technology Risk Management Guidelines

Distributed denial-of-service protection

Overview Although DDoS attacks have always posed a formidable threat to internet systems, the proliferation of botnets and the advent of new attack vectors together with the rapid adoption of broadband globally in recent years have fuelled the potency of … Continue reading

MAS Technology Risk Management Guidelines , ,

Cryptography

Principles of Cryptography The primary application of cryptography is to protect the integrity and privacy of sensitive or confidential information. Cryptography is also commonly used in FIs to protect sensitive customer information such as PINs relating to critical applications (e.g. … Continue reading

MAS Technology Risk Management Guidelines

Storage system resiliency

Storage system resiliency Overview Storage systems are key IT infrastructure components that house critical data. The resiliency and availability of these storage systems are crucial to the continuous operation of critical applications and online systems used by FIs. Reliability and … Continue reading

MAS Technology Risk Management Guidelines

Systems security testing and source code review

For systems security testing and source code review, the FI should conduct rigorous testing of systems to verify the security, reliability and availability of its systems under normal and extreme conditions. However, security testing by itself is ineffective in identifying … Continue reading

MAS Technology Risk Management Guidelines

IT audit

As technology risks evolve with the growing complexity of the IT environment, there is an increasing need for FIs to develop effective internal control systems to manage technology risks. IT audit provides the board of directors and senior management with … Continue reading

MAS Technology Risk Management Guidelines

Payment card security (automated teller machines, credit and debit cards)

Payment cardsallow cardholders the flexibility to make purchases wherever they are. Cardholders may choose to make purchases by physically presenting these cards for payments at the merchant or they could choose to purchase their items over the internet, through mail-order … Continue reading

MAS Technology Risk Management Guidelines

Online financial services

Whilst the internet presents opportunities for FIs to reach new markets and expand its range of products and services, being an open network, it also brings about security risks that are more sophisticated and dynamic than closed networks and proprietary … Continue reading

MAS Technology Risk Management Guidelines

Access control

Three of the most basic internal security principles for protecting systems are: Never alone principle – Certain systems functions and procedures are of such sensitive and critical nature that FIs should ensure that they are carried out by more than … Continue reading

MAS Technology Risk Management Guidelines , , , ,