Special Issue on the occasion of
APRIL 10, 2015 SWI Security Report Vol 4 Issue - 12 3 Special Issue on the occasion of rd SECURE BFSI CONCLAVE April 10th, 2015, Sofitel, Bandra Kurla Complex, Mumbai 3rd SECURE BFSI CONCLAVE 2015 - Special Issue 1 • • • • • • CONTENTS Introduction: Key Speakers: Pg 5 Pg 6-18 Bank Security: Securing Banks in the 21st Century Pg 21-25 10 Best Practices for Cyber Security in 2015 Pg 29-30 Tackling the Cyber Threat- Way Forward Pg 51-52 Technology News Segment : G20 Summit in Queensland Secured by Teleste’s Video Surveillance Solutions Videonetics bags ‘Best R&D effort of the year’ award by SECONA in association with Secutech India News Briefs: Pg 31 Pg 32-33 Pg 36-48 Cyber Security Frauds City Security and Police Modernisation Smart Cities Lead Writer: Pathikrit Payne Contributors: Shelly Bhasin, Shivani Lal Copyright © Security Watch India 2015 Security Watch India (SWI) is a non-partisan, not-for-profit organization that addresses issues in the space of the relatively new homeland security sector. SWI works towards a secure tomorrow by enhancing security awareness and consciousness in Indian industry and civil society. SWI also guides and facilitates potential investors interested in the Indian homeland security business. Security Watch India is not responsible for the facts, views or opinion expressed by the author(s) in this report. Republication or re-dissemination of the contents of this document are expressly prohibited without the written consent of Security Watch India. You can avail these reports for a year by joining Security Watch Indian Membership program or independent annual subscription for just Rs. 2500 (50USD). The subscription will afford you latest and most relevant information on Indian Homeland Security situation that will help you make right decisions for your business. For advertisement related queries please contact: Write for more information please contact Amit Siddhartha E: [email protected] Mob: +91 9953685326 Aniket Gupta E: [email protected] Mob: +919811319236 www.securitywatchindia.org.in 3 rd SECURE BFSI CONCLAVE April 10th, 2015, Sofitel, Bandra Kurla Complex, Mumbai Organised By: Lead Sponsor: Lanyard Sponsor: Cyber Security Partner Associate Sponsors: Exhibitors 4 3rd SECURE BFSI CONCLAVE 2015 - Special Issue Knowledge Partner INTRODUCTION Following the overwhelming success of previous events, Security Watch India is proud to present 3rd Secure BFSI Conclave on 10 April 2015 at Hotel Sofitel, BKC, Mumbai. PwC is the knowledge partner for the event. The key themes of the event are Cyber/Information security and Fraud Risk Management. Secure BFSI Conclave will traverse yet another milestone in presenting quality content, ensuring high level of deliberations matching the expectations and aspiration of security and privacy professionals. While doing so it will also host a comprehensive exhibition, showcasing cutting edge technologies and service innovations. The one day conclave will bring together cyber/information security and fraud prevention experts from across the financial sector to discuss security vulnerabilities as well as bring forward effective strategies and solutions to effectively mitigate them. For more details please visit www. banksecurityindia.com The event offers a unique one day, interactive thought leader forum full of relevant topics gleaned from extensive research, market intelligence and feedback from industry leaders, influencers and senior executives. In addition to expert panels, case studies and keynote addresses, the conference will integrate new session formats that encourage audience participation, including: Unconference Some of the discussions points include: • Critical Security Solutions for regulations and effective cyber defense • Next-Gen solutions on regulation for an effective and dynamic information technology framework • Using Analytics for Advance Security • Utilising software and technology for increased cyber security defence • Rethinking fundamentals of existing cyber security approach • Leveraging Actionable Security Intelligence to Defend Against Targeted Attacks • Insight, Investigation & Analysis - Securing the Perimeters • Authentication Technology To Drive Innovation in Identity Management Some of the key speakers at the event include: 3rd SECURE BFSI CONCLAVE 2015 - Special Issue 5 KEY SPEAKERS Mr. Agnelo Dsouza Chief Information Security Officer, Kotak Mahindra Bank Agnelo D’souza is a Post Graduate in Business Administration. He has twenty years of industry experience having worked with Indian Express Newspapers, Global Tele Systems and 3i Infotech prior to joining Kotak Mahindra Bank. At Kotak, he has worked in ITsecurity Operations before taking on the role of Chief Information Security Officer. He is responsible for formulating the Information Security strategy and driving its implementation at the Bank. Agnelo has built a robust Information Security framework and received several industry accolades. Mr. Ambarish Deshpande Managing Director – INDIA & SAARC, Blue Coat Systems India Ambarish is the Managing Director – India Sales at Blue Coat System Inc, and has been with the company for the past three years. He brings with him 19 years of experience in building teams, driving market expansion and putting successful channel strategies in place. Prior to Blue Coat, Ambarish was the director of alliance, channels and mid-market South Asia at McAfee. Prior to McAfee, he spent seven years in Symantec. He also had working stints with IronPort, Samsonite and JVC among others. Ambarish is a graduate of the University of Mumbai. He obtained his post graduate in management from NMIMS in Mumbai. Mrs. Ashalatha Govind General Manager & Group CISO, State Bank of India Ms Ashalatha Govind is currently General Manager & Group CISO in State Bank Group. She joined SBI as a probationary officer. She is an MBA graduate with additional qualifications of CISA, CIA(Certified Internal Auditor), Oracle certified DBA, CFP, CAIIB etc. She has handled various assignments in the Bank like Branch Management, Credit management, NPA management etc. She has also been a faculty member in the Bank’s staff learning centre. She 6 3rd SECURE BFSI CONCLAVE 2015 - Special Issue SPEAKERS joined the IT department (handling the CBS System development) in the year 2003 from where she was also deputed to the ‘Bank of China’ for giving a training on CBS. Thereafter, she had a stint in I&MA deptt as a Credit Auditor on mobile duty covering large domestic and international branches. She has also participated in various panel discussions including one on CTS system conducted by NPCI. Some of her papers are published in the IBA journal. Mr. Dilip Panjwani AVP Information Security, DBS Bank Dilip is a hard core IT professional with 12+ years of varied experience in the IT & IS domains. A Certified Information Systems Security Professional (CISSP), BS7799 - Lead ISMS Auditor and hands-on manager with expertise and proven record of developing and implementing Information Technology Systems and Information Security controls based on global best practices that improve and contribute to the organization’s efficiency & data security. Dilip’s experience encompasses various industry verticals, both in Indian corporate as well as multinationals. Dilip Panjwani currently is the AVP – IT and CISO for DBS Bank Ltd (India region). He is accountable and responsible for strategy, risk management, information security program management and identity management implementation for DBS Bank. He additionally is also responsible for Self Service Banking (SSB) and ATM Management from IT implementation and compliance perspective. Prior to joining DBS Bank, Dilip has worked at Kotak Mahindra Bank Ltd as Information Security Compliance and Governance Officer where he was responsible for security operations, new projects evaluation, security compliance and governance across the bank. Additionally, Dilip also managed business process security risk assessment, controls implementation and Information Security Awareness and Training across the entire Kotak group of companies. Mr. G K Gupta VP & Head - Fraud Management Distribution Assurance, Max Life Insurance A Risk and Audit professional with 22 years of Banking and Insurance sector experience in Max Life Insurance, American Express and Deutsche Bank. Head of Fraud Risk Management and Distribution Assurance. Experienced in Risk and Assurance Audits, Regulatory Compliance. Enterprise Risk Management, Operations Risk Management, Continuous Controls Monitoring, Data Forensics, Automation and System Development Projects, Financial Controls, Operations and Controls, Business Excellence and Quality Management. 3rd SECURE BFSI CONCLAVE 2015 - Special Issue 7 SPEAKERS Mr. K. S. Narayanan Head – Operational Risk Management & Chief Information Security Officer, ING Vysya Bank K.S.Narayanan has 19 years of industry experience having worked in IT Services and Banking industry. Prior to joining ING Vysya Bank in 2008, he has worked at HCL and Tech Mahindra in a variety of roles in IT Service delivery, Network Security, Information Security, Business Continuity Management and Risk Management. At ING Vysya Bank, Narayanan is the Head of Operational Risk Management & CISO. He is responsible for driving Operational Risk Governance & Management, Cyber Security, Data Governance, Fraud Risk, Information Security strategy, Business Continuity and its implementation across the Bank. Narayanan holds Bachelors of Science in Physics, Master in Financial Management (MFM) from K. J. Somaiya Institute of Management, Mumbai. He holds the following professional qualifications: CISA-Certified Information Systems Auditor, Certified Information Security Manager (CISM), CISSP, and SANS Certified Incident Handler (GCIH). Mr. Makesh Chandramohan Head – Information Security & Business Continuity, Birla Sun Life Insurance Company Limited Makesh Chandramohan is an experienced and qualified information security professional with more than 13 Yrs of professional experience across various industry verticals like BFSI, ITES, Telecom &manufacturing. He is currently heading the information Security and Business Continuity function at Birla Sun Life Insurance and he was instrumental in setting up IS functions in various large financial services organization. By qualification he holds a Master of Computer Application (MCA), CISA (Certified Information Systems Auditor) & CISM (Certified Information Security Manager) from ISACA (USA). He is an eminent speaker and participate in various forums. Mr. Mannan Godil Chief Information Security Officer - Information Security Group Heading Information Security Group, Mannan drives Information Security, Business Continuity, Technology Risk Management and Access Management for Edelweiss Financial Services Ltd. Edelweiss is identified as amongst India’s leading diversified financial services organization with business straddling across Credit, Capital Markets, Asset Management, Housing finance and Insurance. 8 3rd SECURE BFSI CONCLAVE 2015 - Special Issue SPEAKERS With 15+ years of overall experience, Mannan has served the domestic as well as International business in the field of Information Security. He is a Certified Chief Information Security Officer (EC Council), Certified Information Systems Auditor, Certified in Risk and Information Systems Control and a Certified Ethical Hacker. Mannan’s accolades include recognition as amongst Top 100 CISOs for risk management practices by CISO Platform, and being awarded with the title ‘InfoSec Maestros’ by Info Security group. He has also been awarded with the Risk Titan award by Edelweiss. Mr. Menny Barzilay Chief Security Evangelist, Uniken Menny Barzilay is a cybersecurity strategist and esteemed public speaker. Prior to joining Uniken, Menny has served as a CISO in the Israeli Defence Forces, Barzilay (Capt. (Res)) and head of the IT Audit department at Bank Hapoalim Group (Based in Israel). An evangelist of innovation, he meets and advises many startups and entrepreneurs from around the world. In addition, he lectures and serves as the host and panelist at cyber security conventions, conferences and professional work groups worldwide and his publications are featured in renowned computer magazines. Mr. Michael kehoe IBM WW i2 EIA Sales Leader, IBM Analytics Group IBM Michael kehoe is the IBM WW i2 EIA (Enterprise Insights Analyses) Sales Leader for the Commercial sector. His responsibilities are to work with clients and deliver solutions that solve their challenges caused by their overwhelming data. Currently he is working with WW clients in developing the next generation Security Operation Centers (SOC). Understanding your adversaries, their threats and their methods to actively prepare to detect and defend against them. Previously Mike was a senior global products manager for Smarter Cities, where he lead the delivery of product based solutions for world cities. His areas of expertise include industrial control, business intelligence, enterprise process design, business strategy, and technical opportunity realization. Mike has a honours degree in Electronic / Electrical Engineering from Trinity University Dublin and holds a Master of Business Administration (MBA) degree from the Open University. He has written Papers, redguides and has spoken around the world on what “becoming smarter” can achieve and is considered to be one of IBM’s foremost forward thinkers on this subject. 3rd SECURE BFSI CONCLAVE 2015 - Special Issue 9 SPEAKERS Mr. Mohan V Tanksale Chief Executive, Indian Banks’ Association Mr. Mohan V Tanksale is the Chief Executive of Indian Banks’ Association. Prior to this, Mr. Tanksale was the Chairman & Managing Director, Central Bank of India and before that Executive Director of Punjab National Bank. Mr. Tanksale started his career as an officer in Union Bank of India at Gwalior in 1974. Mr. Tanksale, a seasoned Banker having rich experience in Banking is backed by professional credentials like Associate Member of Institute of Cost & Work Accountants of India (ICWA), Company Secretary (Inter)of the Institute of Company Secretaries of India, CAIIB, a Bachelor degree of Science and a master degree in English literature. Mr. Pinaq Dudhwala Chief Manager - Financial Crime Prevention Group, ICICI Bank Ltd. Mr. Pinaq Dudhwala is working as Chief Manager, Financial Crime Prevention Group, in ICICI Bank Ltd. In this role, he is responsible for fraud prevention and detection for Cards, Payment products and Digital Channels. He manages strategy related to prevention and detection, vulnerability risk assessment of product, process and related policy formation. Mr. Dudhwala stint with ICICI bank is more than a decade. In ICICI bank, Mr. Dudhwala headed various roles in Fraud risk management which encompasses application and vendor screening, investigation in different segment of products like Cards, Payment Product, Retail Asset, Mortgages, Small Medium Enterprise, Rural and Priority Sector lending. Prior to taking Fraud risk management profile, Mr. Dudhwala has worked in business function and was responsible to deliver top lines target and set up distribution channels. He has also worked with General Electric Countrywide Consumer Financial Services for a stint of 3 years in sales and business management role. He is also an active core committee member of India Payment Risk Council (IPRC) and represent on behalf of IPRC in various industry forums that work to combat card and payment fraud. He is a regular speaker at academic university, industry forum and contributes actively to the industry. He holds post-graduation Business Management and is an Associate Certified Fraud Examiner. He is also a Certified Anti Money Laundering Expert. 10 3rd SECURE BFSI CONCLAVE 2015 - Special Issue SPEAKERS Mr. Ravikiran S. Mankikar Chief General Manager - Information Technology Department, The Shamrao Vithal Co- operative Bank Limited Ravikiran Mankikar is presently working as Chief General Manager – Information Technology at the Shamrao Vithal Co-operative Bank, Mumbai. He has a rich experience in the field of banking and implementation of technological projects. He is driving the IT initiatives at the SVC Bank. Implementation of in-house developed ‘Genius’ Banking applications. Earlier to this he has had stints with the technology departments of the IndusInd Bank and the Janakalyan Sahakari Bank. WHe has had experience in setting up Tier 3 Standard compliant data centre for the Bank and the Bank getting certified for ISO 27001 (Information Security) and ISO 22301 (Business Continuity) practices. A graduate in commerce, he has a Diploma in Systems Analysis. Recently he has acquired international certifications of BS7799 & Quality Management Systems. He is also a Certified Information Systems Auditor (CISA) and Certified in the Governance of Enterprise IT (CGEIT) and Certified Information System Banker (CeISB). He is the only awardee from the Co-operative Banking sector of the C.H.Bhabha Scholarship & Research Award for his dissertation “Impact & Implications of Computerisation in Banks” conferred by the Indian Banks Association in 1997. He has bagged various IT awards including the CTO of the Year & CIO Gold Award, CIO 100, Best CIO of the Year and the Outstanding Achiever of the Year Award, etc. He is actively involved with ISACA – Mumbai Chapter, has worked on the Managing Committee of the Chapter and has been the President of the Chapter. He is on the Executive Managing Committee of the Computer Society of India, and having also served on the Managing Committee of the Computer Society Of India – Mumbai Chapter in capacity of Treasurer and Secretary. He is also a regular speaker at various forums on Core Banking, Information Security and Information Systems Governance. Mr. Richard J.D. Collard WW Business Development - i2 Advanced Visual Analysis & SME Fraud, AML & Risk, IBM Richard Collard draws on a business-based career, with 2 of the major global fraud analytics organisations - specialising in the provision of detection solutions and consulting for credit and debit card issuers and for AML. Prior to joining IBM through its acquisition of ILOG, Richard worked to develop a radical, new approach to rules-based fraud detection through the automated generation of rules using genetic algorithms and evolutionary computing techniques. 3rd SECURE BFSI CONCLAVE 2015 - Special Issue 11 SPEAKERS His approach to financial crime management is, therefore, holistic and non-prescriptive - he espouses the belief that there is no such thing as a ‘one-size-fits-all solution’. This fits extremely well with the componentised nature of IBM’s approach to the challenges that the FSS industry faces in 2015 and beyond - especially with the fast-evolving threats in cyber-space. IBM’s ability to draw on ‘best-of-breed’ component sensures that an institution is not tied to a specific specialisation or paradigm - a key benefit when considering the specific nature of fraud and financial crimes within any single geography. He has worked on major operational reviews for card issuers in South Africa and Switzerland generating significant $ savings and operational efficiencies and has been instrumental in the recent adoption of Business Rules Management Systems (BRMS) technology as a major component of a hosted fraud detection capability at MasterCard. Current projects include driving a major transformational project with one of the major UK banks’ AML group to ensure effective resolution of entities across business units and geos using a combination of paradigms and technologies. Richard’s ability to draw on global experience allows significant knowledge transfer of global best practice. His approach is consultative and respectfulof geography and culture which ensures that the thoughtleadership that he provides is positively received - traits which have earned him significant respect through his engagements. He has a Bachelors degree in French and Economics and has published work by IBM. Mr. Saleem Javed Technical Director, Skybox Security Responsible for the technical leadership in Asia-Pacific markets, Saleem Javed has more than 15 years of Information Security experience. Prior to joining Skybox Security, Saleem Javed was a Security Architect at Hewlett-Packard Singapore Pte. Ltd. Previously, he held management & consulting positions at Citibank, Verisign, Wipro Technologies, General Motors, Datacraft. He is a CISSP, CISM, CRISC and holds a Bachelor’s degree in Engineering for Electronics & Communication. Mr. Sameer Ratolikar SVP & Chief Information Security Officer, HDFC Bank Sameer Ratolikar, presently working as SVP & Chief Information Security Officer, HDFC Bank. Before this he was CISO with AXIS Bank. Previously he was working with Bank Of India as CISO and CTO, and Ministry of IT on deputation to government of Gujarat as Principal Systems Analyst( Security & networks). He has 20 years of experience in IT and Information Security domain. He holds certificates such as CISA, ISO 27001LA, CEH, BS25999 LA, COBIT. ITIL v3, MCSE, CCNA, Cyber law. 12 3rd SECURE BFSI CONCLAVE 2015 - Special Issue SPEAKERS Sameer is Pioneer in Indian banking industry for achieving ISO 27001, PCI-DSS and BS25999 certification for the Bank; to establish ZACHMAN framework and SABSA based Information security architecture. He has implemented huge security projects like 2FA, Data leakage prevention, Identity & Access management, GRC, SOC, PCI-DSS , ISO 27001 , Business Continuity across major BUs of the Bank. Sameer is also on the panel of Regulators and IBA on developing “Security Standard for Indian banks”. He is also authoreda book “Information Security-Demystified” for bank’s users and employees. He is also an active Information Security, Privacy and Cyber Crime speaker in various national and international. Mr. Shailesh Verma SVP & Head Debt Management and FCU Retail Lending & Payments, Axis Bank Ltd. Shailesh Verma joined Axis Bank in 2008 and currently heads the Consumer Lending and Agriculture Debt Management and Fraud Control Unit. He has been instrumental in setting up and enhancing the Debt Management Framework for the bank. Today the Axis Bank Debt Management team is renowned for its Debt Management practices.Its strength is underscored by one of the lowest debt numbers on a portfolio growing at a scorching rate since the last 3 years. The Axis Fraud Control Team has also been recognized at various industry forums for scoring many Firsts in India. They have won the Best Acquiring Bank Award in South Asia at the Visa International Forum. Shailesh is spearheading a path-breaking project for using IT & IT Enabled Services for developing a complete automated ecosystem for Fraud Management & Debt Control. Shailesh is also the current Chairperson of India Payments Risk Council an interbank initiative to fight Fraud across the payments industry in India. Before joining Axis, Shailesh worked with Standard Chartered Bank in India handling various functions, the last ones being the Country Head – India for Fraud Control Practices Unit. Shailesh holds a Masters Degree in Business Administration. Ms. Shraddha Tickoo Technology Specialist, Trend Micro Shraddha Tickoo works as a Technology Specialist for Strategic Security products offered by Trend Micro. She works closely with the Sales, Marketing, and Presales Teams to provide Consultancy and best practices for implementing these products. She also works with Enterprise customers and helps them in deploying security solutions in the best possible manner. 3rd SECURE BFSI CONCLAVE 2015 - Special Issue 13 SPEAKERS Prior to her current assignment, Shraddha has worked for Reliance Communications and been a part of various security implementation projects. She holds Bachelor’s in Computer Science degree and carries with her extensive knowledge of IT Security challenges and solutions. Mr. Siddharth Vishwanath Partner, Cyber Security Services, PwC Siddharth is a Chartered Accountant and an MBA from Indian School of Business. He is a Partner with PwC’s Cyber Security Pactise. He has more than fifteen years of experience spanning across business and technology risk. Siddharth has led several projects across strategy, IT Risk, Vulnerability Management, ISMS, BCP and Information Secuirty awareness programs for Banks and Telcos. Siddharth is a keen speaker at academic institutes and other forums. He has authored reports on topics such as Insider Threat, Risks in Social Media, Managing risks i an interconnected world. Mr. Sivarama Krishnan Partner and Cyber Security Leader, PwC Sivarama Krishnan is a Partner and Cyber Security Leader, India at PricewaterhouseCoopers Pvt. Ltd. with more than 18 years of experience and has special focus on Financial Services, Telecommunications, Technology, and E-Governance areas. He advises organizations in the areas including Cyber Security, Information Security, Business Strategy, Regulatory Compliance, Risk Management, Process Improvement, e-Governance, IT Strategy, ERP and Application Selection, Project and Program Management, Vendor Evaluation and Bid Process Management. Siva has advised a number of Indian, MNC and Government clients on Cyber security, Information security, business strategy, business continuity, IT strategy, regulatory compliance, risk management, process improvement, program management. Siva is a known authority in the cyber security domain in India, speaking and publishing frequently on a number of security issues at various prestigious national and international forums. Siva has advised the Govt of India on the Information Technology Act 2000, he is on the Strategy Council of DSCI,NASSCOM, and on the board of several prestigious educational institutions pioneering security education in India. Siva has an MBA from the Indian School of Business (ISB), Hyderabad and is a qualified Chartered Accountant. 14 3rd SECURE BFSI CONCLAVE 2015 - Special Issue SPEAKERS . Mr. Sourabh Chatterjee Vice President Technology & Head -Applications, ICICI Lombard General Insurance Company Sourabh Chatterjee, in his current portfolio at ICICI Lombard, is managing the end to end application portfolio for core policy administration systems, centralised rules management, claims, reinsurance, accounting, money management and reporting. In addition, I have the accountability for systems and processes related to partner tie-ups, L1 support for all applications across the company, document management and workflow management systems across the company, reporting to the COO and Head of Ops and Technology with a dotted line to business heads for Retail Sales, Corporate Sales, Underwriting and Finance. Total team size managed including vendors is 220+ FTE’s. He has worked in diverse environments in Unisys and has managed the overall relationship and delivery for a USD 50M+ Fortune 100 Life Insurance carrier in US Midwest. Accountable for both revenue growth and profitability and single point ownership for all deliveries across Business and Process Consulting, Application development and maintenance and Infrastructure in a managed services model. Managed the account of 450+ FTE’s spread across India and US in various locations and having varied skillsets across various horizontal and vertical business units within Infosys. He has a 15+ years of Information Technology expertise, executing large/ complex multi million dollar IT programs with Fortune 500 clients across the globe. Currently accountable for a large portfolio of core Insurance applications, Partner Tie-ups and Allied ecosystem of apps including document management, workflow management, centralised rules management etc for India’s largest General Insurance company. Mr. Subhash Subramaniam Chief Information Security Officer, ICICI Bank Subhash has a total of 20 years of experience in diverse areas. He started his career with National Stock Exchange (NSE) and worked there for 3 years (part of core team which built & rolled out India’s first electronic exchange trading platform). In 1997, quit NSE and setup a technology startup specializing in web applications, e-commerce portals and eLearning solutions. He expanded the operations with development centers in Mumbai & Pune and clients spread across the world. After achieving scale, sold off the business to strategic investors and divested stake and joined ICICI Bank in 2004 and have been with the Bank for over 10 years with rich banking experience in diverse roles – Treasury Operations, Technology, Risk Management and Information Security. He is currently designated as the Chief Information Security Officer (CISO) for ICICI Group – responsible for ICICI Bank and all its Group companies in India and internationally. Subhash holds Bachelor in Computer Science from Fergusson College, University of Pune and MBA (Finance) from NMIMS (Bombay University). 3rd SECURE BFSI CONCLAVE 2015 - Special Issue 15 SPEAKERS Mr. Sundareshwar Krishnamurthy Associate Director, Cyber Security Services, PwC Sundar is an Associate Director with PwC’s Cyber practice. He has more than 12 years of experience in advising clients to build and sustain robust Security programs. He focuses on Banking and Telecom sector. He is currently working with one of the new banks that’s being setup to define and implement their Security program. Over the last decade, he has advised several public and private sector banks adhere to security conditions of regulatory requirements, Technology risk management, business continuity and disaster recovery, Information security policies and processes, Online banking security, IT strategy, application selection and bid management. Mr. S.V. Sunder Krishnan Executive Vice President and Chief Risk Officer, Reliance Life Insurance • • • • • • • Enterprise Risk Management (ERM) and oversight of Internal Audit, BCP, Information Security, Legal, Secretarial, Claims and Compliance functions. • Implemented risk based strategy in all the above functions with the use of technology. • First Insurance Company in India to rate the Enterprise Wide Risk Management and Solvency – through Brick Works Rating Agency – got a rating of AAA Investment Risk Management - Mid-Office Operations, Market Risk Management, Credit Risk Management, Asset Liability Management and Operations Risk Management A part of the Standing Committee on Accounting and Investments – IRDAI Review of dealing room operations and institute controls to check insider trading Coordinate Asset Liability Management and ERM (Control Committee) executive level meetings Coordination and reporting to the Board Risk Management Committee, Board Asset Liability Management Committee and Board Audit & Compliance Committee Won the Best Innovation Group Quality award for Post Issuance Risk Verification Experience of Three decades in various Organizations listed below Background as a senior and middle level manager with iexposure to Bank businesses and operations in more than 12 countries • Part of all the core groups – Managing Committee, Control Committee, Board Meetings, Product Committee, Investment Committee and the like. IT consulting & strategy, IT security and IT Audits for banks in India and abroad • Marketing of Assurance, IT security and consulting services during the managerial tenure in Ernst & Young for the years 1993–97 and during consultancy assignments 2002-03. Worked for various organizations such as: DSP Merrill Lynch for the Year 2005-06 as Senior Vice President - Corporate Audit Services for the 16 3rd SECURE BFSI CONCLAVE 2015 - Special Issue SPEAKERS entire DSP Merrill Lynch Group of Companies, Member of Risk and Audit Committees. This entailed review of business and operations of the investment banking company, Broking Company and the Asset Management Company ING Vysya for the years 2003-05 as Senior Vice President and Senior Audit Manager - Corporate Audit Services and a permanent invitee to various IT committees, Member of IT steering Committees, Risk and Audit Committees. This entailed review of business and operations of the Banking Company, Insurance Company and the Asset Management Company Credit Lyonnais as Vice President – Audit, Compliance and Integrated Risk Management and a member of the weekly Managing Committee for the years 2000-02. A Member of Weekly Management Committee responsible for running of the bank. Coordinate Concurrent Audit of Investments – which entails review all the investment transactions. Standard Chartered as Senior IT auditor responsible for IT audits, payments audit for 12 countries in Middle East and South Asia regions for the years 1998-2000, Handled two projects: Credit cards at Dubai and Car Loans in Mumbai. Bank Internasional Indonesia as Head of Audit and Compliance and a part of the weekly Management committee of the Bank, Member of weekly management committee responsible for running of the bank. ALCO committee and Coordinate concurrent audit of investments Ernst & Young – Audit Manager – Managing a number of Financial Services assignments Delloitte - Statutory audit of NOCIL, PIL, Tandon Group of companies in SEEPZ Professional Experience and Qualifications: Was a President of ISACA Mumbai Chapter for the year 2007-08 and was a member of Board of Advisors to Bombay Chartered Accountants Society for Internal Audit Studies for the year 2005-06. Was a Member of Board of Studies – NMIS for MBA – Actuary during the year FY-11. Am the Chairman of ISACA India Growth Task Force–ISACA International for the last two financial years. Qualifications: Bachelor in Commerce and Economics, Chartered Accountant, Certified Information Systems Auditor (CISA), Inter Company Secretary and Check Point Certified Security Administrator (CCSA); Enterprise Wide Risk Management Program from AIM – Asian Institute of Management – Manila Mr. Vaibhav Khandelwal Business Head - India / South Asia, IBM Trusteer Vaibhav Khandelwal has been working at intersection of Banking & Technology for over 10 years. He has worked in Microfinance in SriLanka, been a Trade Finance Banker with ABN AMRO Bank in Singapore and with IBM consulted large global banks in Europe and Africa on the channel transformation and customer engagement initiatives. Vaibhav is currently India and South Asia Head for IBM Trusteer - a cloud service that is enhancing consumer banking experience by protecting banks and their customers from cyberfraud. He is passionate about new technologies that are making banking more credible, accessible and efficient. Vaibhav has a Post Graduate Diploma in Management for Executives from IIM Ahmedabad. 3rd SECURE BFSI CONCLAVE 2015 - Special Issue 17 SPEAKERS Mr. Vishal Salvi Partner, Cyber Security Services, PwC Vishal Salvi is Partner for Cyber security in Price waterhouse Coopers Pvt. Ltd. Vishal has 21 years if industry experience IT Service Delivery and Cyber Security and has worked in Crompton Greaves, Development Credit Bank, Global Trust Bank, Standard Chartered Bank and HDFC Bank. He has been performing leadership roles in Cyber Security across these organisations for past 14 years. His last role was of being the Chief Information Security Officer of HDFC Bank for eight years. Vishal has extensive management and domain experience in driving the Information Security program in all key aspects i.e. Policy, Standards, Procedures, Awareness, Identity & Access Management, IT-GRC, Network Security, Incident Response, Security Monitoring, Malware protection, Security configuration, Compliance, On-line Banking and ecommerce, Cryptography, Data Protection, Third Party Management, Business Continuity Planning. Vishal has extensively travelled and well know leader in information security industry within India as well as globally. Vishal has rich experience in delivering simultaneous large scale, mission critical projects on time and under budget. Mr. Deepak Bhatia Head Enterprise Sales Indian Subcontinent, Nuance Deepak Bhatia heads Sales for Nuance in the Indian Subcontinent, responsible for its Enterprise business. In this role, Deepak leads Sales Performance, Partner Management and Solution Marketing. Deepak’s key focus is on continuing Nuance’s strong momentum in the Enterprise Accounts, assisting them to improve their customer’s experience, and at the same time, increase safety, security and reduce operational cost. Prior to joining Nuance, Deepak has been in various strategic and customer facing roles, with experiences at Nokia, Siemens, Aspect Communications where he managed high-profile BFSI, telecommunications accounts, and channel partners across India and Middle East. Deepak holds a Bachelor of Technology Degree (Electronics and Communications) from UPTU and has studied General Management from IIM Lucknow. 18 3rd SECURE BFSI CONCLAVE 2015 - Special Issue My voice is my password. Voice Biometrics authenticates your customers through natural voice patterns, not robotic PINs, passwords, and questions. It’s a level up in security. It’s a brand new user experience. By giving them the freedom to speak, you let the customers be themselves. voice is my password. Simpler authentication. Wipe out fraud. Almost-instant ROI. With much less pain and effort for Knowledge-based security is Whether it’s shorter call times, the customer, they feel more in nearing obsolescence. Voice increased functionality, or the ability control. And a happier customer is Biometrics is the chance to start to do amazing new things with your ometrics authenticates your customers through natural voice patterns, not robotic PINs, a more valuable customer. again from scratch. It’s not a patch. mobile apps, Voice Biometrics can ds, and questions. It’s a level up in security. It’s a brand new user experience. giving It’s not a reboot. deliverBy from day one. freedom to speak, you let the customers be themselves. Voice Biometrics Wipe out fraud.by the numbers. Almost-instant ROI. authentication. h less pain and effort for Knowledge-based security is mer, they feel more in nearing obsolescence. Voice Knowledge-Based Authentication nd a happier customer is Biometrics is the chance to start aluable customer. again from scratch. It’s not a patch. It’s not a reboot. 49% Whether it’s shorter call times, increased functionality, or the ability Voice Biometrics Authentication to do amazing new things with your mobile apps, Voice Biometrics can deliver from day one. of users say authentication is time-consuming. ce Biometrics by the numbers. average savings over a three-year period. of mobile users reset passwords at least once a month. of users say authentication is time-consuming. 80% 49% faster authentication in 5 seconds. of users are frustrated with existing authentication. of mobile users reset passwords at least once a month. 67% faster authentication in 5 seconds. Voice Biometrics Authentication $15M edge-Based Authentication 67% 85% 80% 90% of users prefer Voice Biometrics overa the status quo. average savings over three-year period. $15M What customers are saying about Nuance Voice Biometrics. 90% 85% of you users prefer “The ultimate are. Voice is actually the most secure form of users are frustrated with security measure is something Voice Biometrics existing authentication. Paul Heller, CIO, Vanguard. over the status quo. step.” spoken passphrase login through this technology is a logical next ne xt step.” ustomers are saying about Nuance Voice Biometrics. Nuance Communications Deepak Bhatia | 2015 - Special 3 SECURE BFSI CONCLAVE [email protected] | +91 99111 81052Issue rd “The ultimate security measure is something you are. Voice is actually the most secure form 19 20 3rd SECURE BFSI CONCLAVE 2015 - Special Issue BANK SECURITY Securing Banks in the 21st Century Indian Banking Sector is at a cusp of fundamental and tectonic shifts. It is time to make sure that this very key critical infrastructure remains protected from all kinds of physical security threats and not just cyber threats — Pathikrit Payne T he last one year had witnessed many positives as well as several new challenges have come up for the world and for India in particular. World over, the security scenario is no better than it was a year back. The constant threats of terror attacks have not subsided and on the contrary the spate of terror attacks and their dimensions continue to expand. In the last one year the scenario in Middle East, one of the most prominent regions for financial activities, witnessed a massive deterioration of with the civil wars in Syria and Iraq reaching an even worse situation. The meteoric rise of the dreaded terror group ISIS and its stealing of more than $400 million from the Central Bank of Mosul in Iraq vindicated not just the vulnerability of financial institutions in war prone regions but also how major heist in banking institutions have always been a major source of funding the nefarious activities of terror groups. That particular heist perhaps played a key role in making ISIS one of the richest terror organisations of the world. This apart, some shocking new trends of terror attacks could also be witnessed with terrorists now attacking soft targets such as schools, shopping malls and universities. Needless to say, banks across the world and especially in India continue to be extremely vulnerable and prone to terror attacks. Back in India, the last one year witnessed a certain amount of political stability in the country with the installation of Narendra Modi led NDA Government. While India has not witnessed any major terror attack over the last one year, the threat of something sinister remains clear and present. The multidimensional threat that India faces today have serious ramifications so far as security of India’s 3rd SECURE BFSI CONCLAVE 2015 - Special Issue 21 BANK SECURITY critical economic infrastructures are concerned. This multidimensional threat comes essentially from cross border non state actors like the Islamic terror groups that operate in India including the likes of LeT and JeM. This also includes several home-grown terror groups which allegedly have funding and training from outside especially from Pakistan and this list contains names like Indian Mujahideen and SIMI. Then there is this enormous and ever increasing threat to India’s economic infrastructure that emanates from the Maoists who have continued with their mayhem and have time and again been responsible for several major attacks on economic infrastructures including derailing of trains, destruction of telecom towers and power transmission systems as well as looting of banks. This apart, threat to India’s overall economic and physical security is also from organised crime syndicates involved in dealing with counterfeit currencies, extortion and kidnapping business as well as cyber terror groups who operate in a virtual world and have time and again proved their ability to create mayhem with the global financial system. Overall, as it stands today, the physical infrastructures of India’s financial sector face all these threats much in the same way as other critical infrastructures face. The Indian Banking Sector- Poised for the Next Big Leap The Indian economy is rightly poised today to reach greater heights over the next one decade. The story of the rise of Asia has just started. India along with several other major Asian players like China has both demand and demography on their side to continue with the economic growth story. India is already a $2 trillion economy and is expected to emerge as one of the fastest growing economies among emerging economies in the times to come. Further, the shift in the global economic theatre towards Asia would mean massive rise in the opportunities for the banking industry as well and needless to say Indian Banking sector is going to reap major benefits out of it. Already the steps taken by the incumbent government towards financial inclusion and also by initiating the process of opening MUDRA Bank for reaching out to a large section of micro units in India are positive steps. Today the Indian banking system handles more than $1. 5 trillion of assets and is perhaps the most prominent backbone of India’s economic growth. The resilience of Indian Banking industry is known world over. Be it the economic meltdown of the Southeast Asian economies in the late nineties or the subprime lending crisis in the American and European banking sector in 2008, on both occasions, Indian banking sector have been able to successfully meander through the crises without succumbing to them. The Indian stock markets too have made giant strides and are considered to be some of the most sophisticated in the world. Further, the Indian financial systems have made giant leaps in terms of technological adaption as well. One would have to give credit to it for its successful transformation from archetypal ledger book banking to net banking and mobile banking. There is also no doubt that the banking sector itself played a critical role in financing the growth of the Indian economy. With asset size of over $1.5 trillion and with more than 1 lakh ATMs, the Indian Banking Sector is poised to be the fifth largest in the world in terms of asset size as per KPMG and third largest in the world by 2025 as per Boston Consulting Group. Its asset size too is expected to grow to $28. 5 trillion Thus, there is no doubt about one thing that today, the Indian Banking and Financial Services sector is one of the most critical economic infrastructures of the country. Threat to Critical Financial Infrastructures – A Global Phenomenon Now World over, just as threat to critical infrastructures is a key area of concern for security establishments, so is the case of security of financial institutions. A case in point would be the 9/11 terror attack itself wherein the perpetrators targeted the twin towers of World Trade Centre whose destruction had a massive financial impact on the local New York economy as well as the financial sector of US. A 22 3rd SECURE BFSI CONCLAVE 2015 - Special Issue BANK SECURITY report prepared by the Fiscal Policy Institute for the New York City Central Labor Council and the Consortium for Worker Education, immediately in the aftermath of the 9/11 disaster had stated that the immediate impact of the 9/11 attack on the New York City economy was estimated to be $16.9 billion and it was also expected to have massive job impact in the securities, retail and restaurant business. As per Institute for Analysis of Global Security, ‘Counting the value of lives lost as well as property damage and lost production of goods and services, losses already exceed $100 billion. Including the loss in stock market wealth -- the market’s own estimate arising from expectations of lower corporate profits and higher discount rates for economic volatility -- the price tag approaches $2 trillion.’ This itself is a vindication of the fact that radical extremist groups now seek to create not just physical mayhem but also financial mayhem whose impact would be long term. There is thus the need for caution and preventive measures as threat to banking sector can have cataclysmic impact. The Indian Scenario- No Different and No Better The issues of terror threats to economic infrastructures are no different for India as it is for the rest of the world. From the time of the 1993 Mumbai serial blasts, terror organisations of various shades have systematically targeted economic infrastructures in India. The Bombay Stock Exchange was a prime target of the 1993 Mumbai blast and so were the Air India headquarters and prime hotels of the city. In 2006 terrorists had targeted the Mumbai suburban rails. The Maoists have likewise been responsible for more than a thousand attacks on India’s economic infrastructures including railways and telecom towers as well as attacks on factories. India’s major oil refineries, power plants and dams constantly remain under the threat of terror attacks. The 26/11 terror attack was a wake-up call for India. It was a clear signal that terror groups targeting India would no more be merely attacking military installations and government buildings but would also not spare economic installations and infrastructures in the private sector. The Government woke up to the reality and amended the CISF Act to also provide security to select vital installations in the private sector. This was followed by providing CISF cover to the Jamnagar refinery of Reliance Industries and Infosys facility in Bangalore. Security of Airports was rigorously improved. However India’s private sector industry is huge and a mere CISF with force strength of 1, 45,000 is not enough to provide security to all. Some of the states have too started making their own industrial security forces on the lines of CISF to provide security to vital economic installations. But is this enough? Will merely a few battalions in each state be good enough to secure hundreds of thousands of industrial units across India? Has enough been done to secure India’s banking sector? Physical Security in Indian Financial Institutions Banking in this era is increasingly getting technology intensive. And thus, like many other sectors, security of the banking sector essentially means in terms of both physical security as well as security in the virtual world. While the Indian Banking Sector have made reasonable strides in terms of making the Indian Banking System secure in the cyber world, the same perhaps cannot be stated in terms of physical security of the banks. Sadly, in spite of the enormity of potential panic, physical secrutiy in Bank branches remain rudimentary. There is perhaps no clear cut policy so far as physical security of banks in India is concerned. Unlike in many of the western countries, one can only find an odd or a couple of private security personnel who are either unarmed or at best armed with a single or a double barrel shot gun, and needless to say this is not good enough to thwart any major terror attack in banks. Also, it is a reality that Banks are extremely reluctant to make customers go through even the basic security check before allowing them to enter bank premises, for fear of making customers feel uncomfortable and or subsequently losing the customers to rivals. Today, given the enormity of threats to such critical hubs of commercial activities and public gathering, there is a strong need 3rd SECURE BFSI CONCLAVE 2015 - Special Issue 23 BANK SECURITY to create an institutional mechanism whereby it would be mandatory on the part of Banks to have a basic first line of defence in each branch to thwart any terror attack or any attempt of heist and hostage taking situation. The unfortunate part of the whole saga is the fact that in India, security is still considered as a governmental responsibility and physical security of banks in terms of having security personnel is at best a tokenism here. Most banks unfortunately still consider expenditure on deployment of professionally trained security manpower as an avoidable expenditure. Further, in the absence of any clear cut mandate or directive from the financial regulatory authorities like the Reserve Bank of India, banks still don’t take physical security as seriously as it ideally should have been. Ideally there should be clear cut guidelines from Reserve Bank of India and the Union Ministry of Home Affairs on this issue. Time to be Cautious--Bank Heist May Fund Terror Acts too.... Bank heist is not an uncommon phenomenon in India. Every year it is for sure a considerable amount of money is lost in theft and heist. In fact a few recent incidents have vindicated that there is often a clear linkage between bank heists and terror attacks. In fact it was reported in 2012 how Indian Mujahideen and other terror groups like Harkat Ul Jihad had been resorting to bank robberies for the purpose of funding acts of terror. Thus the reason for making sure that physical security of banks across the length and breadth of India is not just for making sure that financial assets of depositors are kept safe but also to ensure that such thefts do not end up in funding horrendous terror attacks in India. The Maoists too have often resorted to robbing banks for the purpose of funding their own version of Maoist terror. 26/11- If it can happen in hotels, it can happen in Banks too.... If a terror attack could have happened in some of the most iconic hotels of India, if terror attacks had happened in the past on critical financial institutions like the Bombay Stock Exchange, can 24 3rd SECURE BFSI CONCLAVE 2015 - Special Issue BANK SECURITY it ever be ruled out that perpetrators may target any major financial institution to create massive panic across India’s economy? A terror attack of a proportion of 26/11, if it had happened on any head office of any major bank or a series of banks, would have created massive ripples across the economy, the effect of which would have been too enormous for the nation to bear. And thus, it is of paramount importance that physical security of banks is given importance on a priority basis and on a war footing. Need for a more concerted effort to Secure Indian Banks It would perhaps need nothing less than strong directive from the government along with perhaps promulgation of a new law through a statutory act for taking physical security of banking sector to an altogether new and the much desired level. Much like Ministry of Railways have its own Railway Protection Force or RPF to secure the railways infrastructure, much like CISF is there to secure industrial infrastructure, there is a pertinent need for the Ministry of Finance or the Ministry of Home Affairs to set up a Banking Sector Security Force to secure India’s banking infrastructure. No matter how strong the vault in the bank branch is, if the banks keep lacking capable security manpower to thwart attempts of robberies, bank related crimes can never be contained. Reforming Physical Security of Indian Banks Apart from investments in technical surveillance in bank perimeters, there should be nothing less than a minimum of two or three armed security personnel or even more in every bank branch depending upon the size of the branch or the kind of risk that it faces. But here the definition of armed security personnel needs some drastic reengineering. The era of the hired unskilled, ubiquitous and often rustic guy with a single barrel who is even scared to frisk the person entering the branch lest it antagonises both the customer and the branch manager, needs to be replaced by a professionally trained security personnel preferably with defence background and adept at close quarter combat. He should be carrying nothing less than a .32 calibre or a .38 calibre revolver or an equivalent of a pistol. For a country where several thousand Army personnel retire every year after their completion of 20 years of service, it would never be a problem to find adequate number of already trained personnel who can be reemployed in the Financial Sector Security Force. Besides the armed personnel, there should also be unarmed personnel in each branch who would be engaged in surveillance. There should be a well laid Standard Operation Procedure for the personnel in case of any eventuality. Further there should be Quick Reaction Teams on operational readiness for effective response during emergency situations. Just as it is a norm in airports, frisking should be made mandatory for bank branches as well and not complying with basic security measures should be penalised. The Way Ahead- Make Customer Security Part of Overall Customer Service Compromising on the physical security of India’s financial sector may become self defeating in the long run. It has to be understood that the life of a customer when he enters the banking premise has to be protected and that too has to be become a critical part of the overall customer service. A terror attack or a bomb blast inside a bank premise would jeopardise the lives of customers as much as it did in 26/11 attack. If the Shopping Malls, Multiplexes and even Hotels can have frisking and scanning of bags, then there is no reason to believe that the same cannot be applied to Indian Banks. It has to be understood that the world is going through some tough times and under such situations it becomes imperative to take decisive preventive actions for making sure that no untoward incident happens. 3rd SECURE BFSI CONCLAVE 2015 - Special Issue 25 Security Policy Management Automated. Orchestrated. Simplified. Easily provision application connectivity 26 Process firewall changes 4x faster Avoid risky Demonstrate misconfigurations compliance in minutes 3rd SECURE BFSI CONCLAVE 2015 - Special Issue THE FUTURE OF TECHNOLOGY IS MORE SECURE THAN EVER. In today’s world, connected devices are advancing healthcare, transforming business, and evolving social connections in unprecedented ways. That’s why security must be ubiquitous—always on and on every device. That’s why Intel Security was formed. We’re combining the experience and expertise of McAfee with the performance, innovation, and trust of Intel to deliver secure computing to consumers and businesses worldwide. We want everyone to have the confidence to use technology to its full potential so they achieve their full potential. The future ahead is ripe with possibilities. Join us on this exciting journey. www.intelsecuritygroup.com 2014 © McAfee Inc. McAfee is a part of Intel Security. McAfee and the M-shield are trademarks or registered trademarks of McAfee, Inc. The Intel logo is the trademark of Intel Corporation in the U.S. and/or other countries. 3rd SECURE BFSI CONCLAVE 2015 - Special Issue 27 SECURITY EMPOWERS FINANCIAL INSTITUTIONS Unlock the Business Value of Safe, Optimized Data BANK SECURITY 10 Best Practices for Cyber Security in 2015 Everyone wishes their organization could be more secure. With the number of hackers, malware and other threats to cyber security out there, one can always find a new security practice to enact. 10 Best Practices for Cyber Security in 2015 1. Monitor Applications with Access to Data Applications are great. They give your business the tools it needs to function and be productive. But they also put your sensitive data at risk. When IT security attempts to protect critical information, it usually involves putting up firewalls and building your infrastructure around the data you want to protect. Then you give applications access to this data. When hackers look to steal your data, they won’t try to hammer their way through your firewall, they’ll look for the least secure system with access to the data they need. 2. Create Specific Access Controls Once your IT network is secure, you need to be very careful about who you give the keys to. Ideally, it shouldn’t be anyone. By creating specific access controls for all of your users you can limit their access to only the systems they need for their tasks and limit your sensitive data’s exposure. 3. Collect Detailed Logs For a complete record of what goes on in your systems – both for security and troubleshooting purposes – you should collect detailed logs and report data. This is especially the case for applications that don’t have internal logging. By adding tools that can log the activities of these applications you will be able to plug any security holes those applications may create. 3rd SECURE BFSI CONCLAVE 2015 - Special Issue 29 BANK SECURITY 4. Maintain Security Patches When cyber-criminals are constantly inventing new techniques and looking for new vulnerabilities, an optimized security network is only optimized for so long. To keep your network protected, make sure your software and hardware security is up to date with any new antimalware signatures or patches. 5. Beware of Social Engineering All of the technical IT security you implement can’t take the place of common sense and human error. Social engineering tactics have been used successfully for decades to gain login information and access to encrypted files. Attempts can come from phone, email or other communication with your users. 6. Educate and Train Your Users No matter how gifted, your users will always be your weakest link when it comes to information security. That doesn’t mean you can’t limit this risk through regularly educating your users on cyber security best practices. This training should include how to recognize a phishing email, how to create strong passwords, avoiding dangerous applications, taking information out of the company, and any other relevant user security risks. 7. Outline Clear Use Policies for New Employees and Vendors To strengthen and clarify the education you give your users, you should clearly outline the requirements and expectations your company has in regards to IT security when you first hire them. Make sure employment contracts and SLAs have sections that clearly define these security requirements. 8. User Activity Monitoring Trust but verify. While well trained users can be your security front line, you still need technology as your last line of defense. User activity monitoring allows you to monitor users to verify that their actions meet good security practices. If a malicious outsider gains access to their log-in information – or if an insider chooses to take advantage of their system access – you will be immediately notified of the suspicious activity. 9. Create a Data Breach Response Plan No matter how well you follow these best practices, you might get breached. In fact, nearly half of organizations suffered a security incident in the past year. If you do, having a response plan laid out ahead of time will allow you to close any vulnerabilities and limit the damage the breach can do. 10. Maintain Compliance Regulations like HIPAA, PCI DSS and ISO offer standards for how your business should conduct its security. More than a hassle which you need to prepare audit logs for, compliance can help guide your business. 30 3rd SECURE BFSI CONCLAVE 2015 - Special Issue Technology News Segment G20 Summit in Queensland Secured by Teleste’s Video Surveillance Solutions Teleste, an international technology group specialised in broadband video and data communication systems and services, today announced a deployment of its video surveillance solutions to Australian Federal Police and Queensland State Police. The deployment includes hardware and software to enforce security operations related to G20 leader’s summit in Australia, 15-16 November 2014. The equipment will be delivered and integrated by Optical Solutions Australia. The deployment of the solution is in progress, and based upon the Teleste VMX video management platform being used as an umbrella system for CCTV resources during the summit. The VMX platform will be used to interconnect in excess of 700 cameras, operating on a number of different video management platforms, sourced from more than 10 separate sites within the State of Queensland. The G20 summit will gather together the world’s top leaders and major governments, and providing adequate and appropriate security for the circumstances at the time is a major task for security authorities. Teleste’s video surveillance solution are worldwide appreciated for fulfilling high technical requirements and providing uncompromising reliability. Teleste’s solution also makes it possible to efficiently integrate separate security systems and operate them under a single umbrella. Teleste also has a global track record of successfully deploying video surveillance systems with similar complexity to the G20 security system. Teleste provides video surveillance applications, systems and services for security professionals in e.g. public sector, traffic and transportation, military and border control, industry, as well as police, fire and rescue service. Our segmented approach makes it possible to efficiently solve versatile customer challenges in demanding security segments. Teleste’s intelligent video management system fullfils the latest requirements and OCC standards for large scale systems integrations. About Teleste Teleste is an international technology company that develops and offers video and broadband technologies and related services. Our supply of technology contributes to the convenience and safety of daily living. Our core business is video - image and data processing, transfer and management. Our customer base consists of cable and telecom operators, as well as public sector organizations. Our business is divided into two divisions, which are Video and Broadband Solutions and Network Services. In both areas, we rank among the world’s leading companies and technological forerunners. Video and Broadband Solutions focuses on access networks and product solutions in video surveillance applications. Network Services offers comprehensive services for network design, construction and maintenance. In 2013, Teleste’s net sales totalled about USD 250 million, and the company employed more than 1,300 people. Teleste runs a worldwide network of offices and more than 90% of its sales are generated outside Finland. The company is listed on the NASDAQ OMX Helsinki Ltd. For more information see http://www.teleste.com and follow @telestecorp on Twitter. SOURCE Teleste Corporation 3rd SECURE BFSI CONCLAVE 2015 - Special Issue 31 TECHNOLOGY NEWS SEGMENT Videonetics bags ‘Best R&D effort of the year’ award by SECONA in association with Secutech India • Videonetics chosen amid stiff competition from Security, Surveillance & Safety biggies • Shield 2015 awards held at Mumbai during Secutech India exhibition • 500+ delegates from Security & safety industry attend the meet Mumbai: Amid stiff competition from numerous companies in the Electronic Security, Surveillance & Safety Industry, Videonetics has been chosen for the prestigious ‘Best R&D effort of the year’ award at the SECONA Shield Awards 2015. SECONA, the first Security Consultants’ Association from India, in association with Secutech, India’s most successful international exhibition & conference on Security & Safety, proudly presented India’s first annual awards, for recognizing excellence in the Indian Electronic Security & Safety Industry – the SHIELD Awards. The awards were presented at a glittering ceremony on 13th March 2015, during the Secutech exhibition, in front of about 500 to 600 decision makers, influencers and stakeholders in the Indian Security & Safety industry. Acknowledging the award, Dr Tinku Acharya, Founder & Managing Director of Videonetics, said: “Being named a winner in the ‘Best R & D of the year’ category, is a great honor for us. It shows off the dynamic team culture that has propelled us to where we are now. We take great pride in having a company culture that cultivates innovation, teamwork and success. Many thanks to SECONA for recognizing the R&D effort of an Indian enterprise like Videonetics. This recognition will further encourage Team Videonetics to build Indian Intellectual property and promote ‘Make in India’ in the global market and also to put its effort in bringing out new world class technology to make world a safer & smarter place to live. We thank all our clients for giving us an opportunity to work with them and achieve their security goals”. Applications received in the SECONA Shield Awards 2015 were judged by a prestigious panel of jury consisting of eminent personalities from the field of security, safety and governance• • • • • • Mr. Jayant Kumar Banthia, IAS Retd., former Chief Secretary, Maharashtra Mr. D. Sivanandhan, IPS Retd., former CP Mumbai & former DGP, Maharashtra, & Chairman SECONA Mr. K. L. Prasad, IPS, Commissioner of Police, Navi Mumbai Mr. Vijay Mukhi, Renowned Cyber Expert & President, FIST Mr. Sushil Jiwarajka, Chairman, Artheon Group of Companies Mr. M. V. Deshmukh, Director, Maharashtra Fire Services 32 3rd SECURE BFSI CONCLAVE 2015 - Special Issue TECHNOLOGY NEWS SEGMENT About Videonetics Videonetics is an Indian Company with world class technology in Intelligent Security and Surveillance industry with its deployment in India, USA, and Middle East. Headquartered in Kolkata, the company offers complete software solution including its unique and versatile Intelligent VMS (Video Management Software) embedded with Intelligent Video Analytics applications to the IP Video Security and Surveillance market, as well as Intelligent Traffic Management System, ANPR, Red Light Violation Detection etc. Videonetics was founded by Dr Tinku Acharya, who co-architect of the first webcam application from Intel, an IEEE Fellow and renowned domain expert who holds over 150 US, European and international patents, author of many books on technology. Videonetics controls 70% of the market share in verticals like aviation, where they manage security and surveillance for 73 airports across India. Videonetics has also installed its smart surveillance systems at 5 major railway stations on the South-Eastern Railway network. It was also entrusted with the pivotal task of putting in place a wide city surveillance network in the Alipore safe city in Kolkata. It also executed the setting-up of an Intelligent Traffic & Law Enforcement regulation system across Kerala- Trivandrum. Kochi, Calicut and Bhubaneshwar in Orissa. Videonetics has also installed Intelligent Video Surveillance cameras at Allahabad City, Chandigarh High Court, Anna Centenary Library, Indian Oil Corporation, AP Transco (Transmission Corporation of Andhra Pradesh), ITC Munger - Bihar, Exide Industries – Haldia, Welspun – Gujarat, Infinity IT Park, Salt Lake -Kolkata, Capital Plaza Mall and Mushriff Mall in Abu Dhabi UAE. Videonetics ITMS & Safe City Solution is also under deployment at Indore, the commercial capital of Madhya Pradesh. 3rd SECURE BFSI CONCLAVE 2015 - Special Issue 33 iVIS International Pvt. Ltd 34 3rd SECURE BFSI CONCLAVE 2015 - Special Issue 3rd SECURE BFSI CONCLAVE 2015 - Special Issue | www.winmagic.com Isn’t your organisation’s confidential data worth protecting? Enjoy Peace of Mind Ensure your data is safe in the event of a data breach Achieve Regulatory Compliance Adhere to local and global privacy laws Reduce IT Costs Simplify everyday tasks for IT Admins Improve User Experience Seamlessly secure critical data with virtually no impact for end-users Secure Confidential Data Protection for all sensitive information stored on desktops, laptops, mobile devices, removable media, servers and Self Encrypting Drives WinMagic’s award winning data security solution, SecureDoc, has helped organisations worldwide: Find out how we can help you secure your data today. Visit us at http://winmagic.com/products/contact-sales. Recognised Innovation Leader in Data Encryption and Key Management +44 (0) 1483 243511 | [email protected] 35 NEWS BRIEFS CYBER SECURITY Banking passwords stealing virus prowling in Indian cyberspace Cyber security sleuths have alerted e-banking users in the country against the infectious and destructive activity of a “worm” virus, which attacks and steals personal login secrets and passwords of an individual. The virus, of the deadly Trojan variant, has been identified and named as ‘Cridex’ and is considered notorious as it can assume as many as six aliases to perpetrate its activities. “It has been observed that the new variants of Cridex malware are spreading widely. Cridex is an information stealing e-banking Trojan that propagates via removable drives and targets users of online banking/social media for stealing user name, passwords among others,” the Computer Emergency Response Team of India (CERT-In) said in its latest advisory to e-banking users in the country. The virus spreads by simultaneously opening a backdoor for downloading a number of malicious files once it enters a user’s personal Internet working stream. Like the other major banking Trojans, the malware performs web injects into the HTML pages of financial institutions contained in the configuration file. The malware routes the users to fake banking sites for divulging user information and subsequently connects to the bank site from the victim IP address by bypassing IP reputation blocking,” the agency said in its alert. Some of the identified aliases of this banking virus are ‘Geodo’, ‘Dapato’, ‘W32/Kryptik.BVB’, ‘Worm.Win32.Cridex’, ‘PWS:Win32/Zbot’ and ‘Trojan.Gen.2’ and can be noticed by these names when they appear online. The agency said, once activated, the virus targets and steals login credentials of various banks and social networking sites like Facebook, Twitter and Instagram among others. The anti-sabotage cyber agency has also recommended some counter-measures for the users to deploy in their personal computers and Internet-enabled devices from where they perform their e-operations and online banking jobs. “Enable firewall at desktop and gateway level, keep up-to-date patches and fixes on the operating system and application software as well as anti-virus and anti-spyware signatures at entry points,” it said. It also suggested users to update and install the latest updates and softwares to protect computer from viruses, Trojans, guard against social engineering attacks, usage of strong passwords, limiting user privileges, exercising caution while opening attachments to emails received from known or unknown sources and avoiding downloading of pirated software. Bengaluru, India’s tech capital, has no cyber crime police station Bengaluru city, for all its claims to being India’s Silicon Valley, lacks a basic yet essential feature to back that up: A cybercrime police station. Bengaluru has a cyber-crime cell at the CID headquarters on Palace Road, but that’s the head office with jurisdiction across Karnataka. It doesn’t take routine cyber-crime complaints, its powers having been heavily diluted as its officers struggle to cope with a deluge of cases. According to Bengaluru Police Commissioner MN Reddi, office space for a cyber-crime police station has been allotted in the new commissioner’s building, and all the required technology and equipment have been installed, but the department is still searching for a suitable official to handle cyber-crime cases. 36 3rd SECURE BFSI CONCLAVE 2015 - Special Issue NEWS BRIEFS Gulshan Rai becomes first chief of cyber security The Indian government has created a cyber-security chief’s position under the Prime Minister’s Office and has appointed GulshanRai, said a top official in the IT ministry. Rai, who has been heading the computer emergency response team at the department of electronics and information technology (DeitY), will now take charge as special secretary for cyber security.Rai has been working since 1998 in the area of evolving legal framework to address issues arising out of cyberspace. He is also expected to head the national cyber coordination centre (NCCC) that the government is also setting up with a budget of Rs 1,000 crore. He was for a long time tipped to become the first national cyber security coordinator. Rai couldn’t be reached for comments. DeitY has already posted a vacancy for the post of director general for Indian computer emergency response team. Cyber security is fast becoming a nightmare for the government even as its Digital India initiative will increase the relevance of the internet and expose the country to large cyber-attacks.Reported attacks on Indian websites have increased nearly five times in the past four years. Until mid-2014, more than 60,000 incidents were recorded, according to the Indian Computer Emergency Response Team. Experts believe that a special secretary for cyber security under the PMO will help India secure its digital assets in a better way. Gujarat police to get anti-cyber crime cell Gujarat police will soon get a ‘Cyber SurakshaKavach’, a special cell for prevention, control and detection of the cyber-related crime in the state.Police officers will be trained under the aegis of the cell, which will help them solve cyber-related cases more efficiently. A ‘Digital Skills Academy’ will be also initiated, which will be governed by the state HomeDepartment.The cell will provide training and certification course to the police officers for the first time in India and the course will be completed in three years. Police and experts in the field of cyber security will work together in this cell, which will be headed by an ADG-rank officer. The first-of-its-kind of body will take assistance from Gujarat forensic Science University (GFSU). NASSCOM task force to work on cyber security A task force of NASSCOM (National Association of Software and Services Companies) will work exclusively on cyber security so that the Indian cyberspace is firewalled from attacks. Nasscom president R. Chandrashekar said the task force would be constituted in a month. The move comes in the wake of Prime Minister NarendraModi expressing concern over the country’s cyber security at an event held by NASSCOM.He said Centres of Excellence, specialising in Internet of Things (IOT), would come up in five cities across the country. Each centre, to be set up in collaboration with the government, is expected to work on solutions on problems using IOT in various sectors like healthcare, agriculture and others. NASSCOM will also undertake a global campaign to attract overseas business and create awareness on Indian IT capabilities. 3rd SECURE BFSI CONCLAVE 2015 - Special Issue 37 NEWS BRIEFS Powergrid to develop Grid Security Export System Grid Security Expert System (GSES) is proposed to be developed by POWERGRID and it involves installation of knowledge based Supervisory Control and Data Acquisition (SCADA) system, numerical relays and Remote Terminal units upto 132 kV stations and the reliable Optical fibre Ground wire (OPGW) communication system at an estimated cost of around Rupees 1200 crores. The objective of the GSES is implementation of the Automatic Defense mechanism to facilitate reliable and secure grid operation. This was stated by Sh. PiyushGoyal, Minister of state for Power, Coal & New and Renewable Energy (IC) in a written reply to a question in the Rajya Sabha. The Minister further stated that CERT-In (Computer Emergency Response Team-India), Department of Information Technology, Ministry of Communication and Information Technology, Government of India has prepared a Crisis Management Plan (CMP) for countering cyber-attacks and cyber terrorism for preventing the large scale disruption in the functioning of critical information systems of Government, public and private sector resources and services. The Crisis Management Plan (CMP) for Countering Cyber Attacks and Cyber Terrorism outlines a framework for dealing with cyber related incidents for rapid identification, swift response and remedial actions to mitigate and recover from cyber related incidents impacting critical national processes. In December 2010, Ministry of Power had constituted CERTs (Computer Emergency Response Teams) for power sector i.e.; CERT-Thermal (nodal agency- National Thermal Power Corporation (NTPC)), CERT-Hydro (nodal agency- National Hydroelectric Power Corporation (NHPC)) and CERT-Transmission (nodal agency- Power Grid Corporation of India Limited (PGCIL) to take necessary action to prevent cyber-attacks in their domains. The State Power Utilities have also been advised to prepare their own sectorial Crisis Management Plan (CMP) and align themselves with the Nodal Agencies i.e. NTPC, NHPC & PGCIL and CERT-In for the necessary actions. Now M-Tech Course in Cyber Security Paladion Networks, Asia’s largest information security provider, is partnering with Karnataka’s leading engineering college MS Ramaiah University of Applied Sciences to launch an M Tech program in Cyber security and Information Assurance. The two year course, co-designed by Paladion, offers a leading edge curriculum that covers security intelligence and analytics; governance, risk and compliance; security operation centre and much more. The program also offers a nine month internship with Paladion, which may involve being placed in its global client locations. Bright young graduates in B Tech or BE with a CGPA of 7 or above can apply for the course. An aptitude test and interview will be part of the selection process. India will require five lakh cyber security professionals by the end of 2015 to support its fast growing internet economy as per an estimate by the Indian Union Ministry of Information Technology. Cyber security center in Himachal Pradesh soon The Himachal Police is set to crackdown on increasing cybercrime by bringing best technical support under one roof at the center for cyber security after the success of the Crime and Criminal Tracking Network System (CCTNS) pilot project. The CCTNS was aimed at creating country-wide network to facilitate tracking of criminals. The center for cyber security for investigation and innovation will be set up at the state Police Headquarters in Shimla. Best technical support from the entire state will be brought under 38 3rd SECURE BFSI CONCLAVE 2015 - Special Issue NEWS BRIEFS one roof to develop synergy and keep constant vigil on cyber space.Expected to become functional within a year, the center would enable the police to put a tab on the mischievous elements in the virtual world invading private cyber space of individuals, government agencies, industrial houses and banks by indulging in hacking, phishing, cyber terror, cash cards electronic thefts, industrial spying, web defacements, stocking and publication of obscene contents. A cyber lab being developed at a cost of Rs 50 lakh would also be part of the “centre for cyber security”. Voice analysis and digital forensic, which would come up at the Forensic Lab in Junga would go a long way in speedy investigations and analysis of samples of computer files, voice recording and digital data being sent outside the state. Maharashtra Govt to set up labs for speedy probe of cyber crimes To aid investigation of cyber-crimes, the Maharashtra government has decided to set up forensic laboratories in each city of the state. The government will also create cyber-crime cells across the state, besides setting up a regional office of the Computer Emergency Response Team (CERT) in Mumbai. The state police, in association with National Association of Software and Services Companies (Nasscom), have set up a laboratory in Mumbai to trace cyber offences. The government will soon seek Nasscom’s participation for the establishment of such labs all over the state. Besides, a special force of 1,000 personnel will be dedicated to handle cyber-crimes, including online banking frauds, illegal money transfer especially through credit cards, cyber terrorism and social media harassment. The cyber force will even scan suspicious online posts for intelligence inputs. The cyber force will undergo training in partnership with industry experts and agencies, including Nasscom and the Centre for Development of Advanced Computing.The government has requested the Centre to make necessary amendments in the Information and Technology Act, to enable police officials in the rank of deputy commissioner of police to investigate cases of cyber-crime. Also the Reserve Bank of India had agreed to depute a senior official with the state government to help disposal of seized assets by police in various cases. FRAUDS RBI mandates 100% provisioning for fraud cases Alarmed by the growing number of fraud cases in the banking system, the Reserve Bank of India (RBI) has told lenders to make 100 per cent provisioning for such accounts if a wrongdoing is detected. central bank directed. The entire amount due to the bank (irrespective of the amount of security held against such assets) or for which the bank is liable (including cases of deposit accounts), is to be provided for over a period not exceeding four quarters, commencing with the quarter in which the fraud has been detected, the If a delay in reporting the fraud, the entire provisioning is required to be made at once. “In addition, RBI may also initiate appropriate supervisory action where there has been a delay by the bank in reporting a fraud or provisioning,” the notification added. Based on the Indian Penal Code provisions, RBI norms classify fraud in seven categories -- misappropriation and criminal breach of trust, fraudulent encashment through forged instruments/manipulation of books of account or through fictitious accounts and conversion of property, unauthorised credit facilities extended for reward or for illegal gratification, negligence and cash shortages, cheating and forgery, and irregularities in foreign exchange transactions. 3rd SECURE BFSI CONCLAVE 2015 - Special Issue 39 NEWS BRIEFS RBI to soon issue norms for Central Fraud Registry Reserve Bank of India (RBI) has almost finalised the structure of the Central Fraud Registry and will soon come up with guidelines to enable quick sharing of information about unscrupulous borrowers and help banks fight bad loans. RBI Deputy Governor S SMundra mentioned to press that the proposed institution, which will enable quick sharing of information on entities found to be defrauding banks, would work under the supervision of RBI. Currently, banks are advertising the list of wilfuldefaulterson their website and newspapers individually. With setting up of this registry, list of all unscrupulous borrowers will be available on a single platform. Thus, banks can take advantage of the registry at the time of sanctioning loan by checking the credentials of a borrower from the registry. “It is important for the system to weed out the unethical elements at the earliest opportunity to ensure the credibility and the efficiency of the credit system in the country,” he said. “Efforts also need to be made to alienate the wilful defaulters and fraudsters and debar them from accessing the banking system for further finance,” he added. As per RBI data, the gross NPAs (non-performing assets) of the PSU banks stood at Rs 2,60,531 crore, as on December 2014. The top 30 defaulters are sitting on bad loans of Rs 95,122 crore, which is more than one-third of the entire nonperforming assets (NPAs) of public sector banks as on December 2014. The total number of borrowers having defaulted on Rs 10 crore and above at the end of September 2014, stood at 2,897 with outstanding amount of Rs 1.60 lakh crore. RBI has issued instructions including designing framework for revitalising distress assets to improve the health of the financial sector, to reduce the NPAs, improve asset quality of the banks and to prevent slippages. As per the framework, each bank has a Board approved loans recovery policy and it requires a robust mechanism for early detection of signs of distress including prompt restructuring in the case of all viable accounts. It has been stipulated to review NPA accounts of Rs 1 crore and above by Board and top 300 NPA accounts by the management of the Board. Frauds worth Rs 11,022 crore detected in PSU banks during April-December PSU banks have reported over 2,100 fraud cases involving a sum of Rs 11,022 crore in the first nine months of the ongoing fiscal, with PNB reporting the maximum number of such instances. An analysis of the data available with the Reserve Bank shows fraud cases, involving amount of Rs 1 lakh and above, in 26 state-owned banks during April-December 2014 has already surpassed the 2013-14 figure. In 2013-14 fiscal, there were 2,593 such cases involving an amount of Rs 7,542 crore. The figure has shot up to Rs 11,022 crore from 2,166 cases in the nine-month period ending December 2014. Delhi-based Punjab National Bank (PNB) had 123 cases of fraud totallingRs 2,036 crore, followed by Central Bank of India with 147 cases involving an amount of Rs 1,783 crore. 40 3rd SECURE BFSI CONCLAVE 2015 - Special Issue NEWS BRIEFS Although the number of such fraud cases is the highest in country’s largest lender State Bank of India (SBI) at 474, the total amount involved was less at Rs 1,327 crore. Syndicate Bank reported 114 cases of frauds with total amount of Rs 749 crore involved, followed by Oriental Bank of Commerce (OBC) at 86 cases involving Rs 719 crore. PSU banks report fraud cases of Rs one lakh and above to banking regulator RBI. As per the data, Bank of Baroda (BoB) reported fraud worth Rs 597 crore, followed by IDBI Bank (Rs 507 crore), UCO Bank (Rs 424 crore) and United Bank of India (Rs 376 crore). India needs statute protecting common citizen against cyber frauds: RBI The Reserve Bank of India (RBI) executive director G Padmanabhan has called for the need for a statute protecting a common citizen against cyber fraud or cyber-crime. Cyber-attack is generally met with panic. A policy that clearly states the roles and responsibilities of each stake holder and the response that is required for each scenario will ensure that panic is replaced with decisive action said Padmanabhan. According to Padmanabhan the biggest challenge in making the financial sector cyber resilient is to first acknowledge the complexities and interdependencies and then to proactively address failures, adopt effective resilience techniques, and resolve problems through cooperation. Padmanabhan’s comments come at a time when the country is moving towards digital banking in a big way. RBI and government have been consistently making efforts over several years to encourage electronic banking and electronic financial transactions to bring the economy out of cash based system.There is also a need for the support of the insurance sector too in a bid to implement customer protection effectively he added. Team to monitor Aadhaar database The Indian government has put in place a dedicated fraud investigation and analytics team to monitor the database of Aadhaar, the unique identity project. This is to ensure compliance with various fraud detection rules in addition to the need for a periodic analysis of the database of the Unique Identification Authority of India (UIDAI) to detect any fraudulent patterns, said Rao Inderjit Singh, minister of state for planning, in a written reply in the Rajya Sabha. India launched the Aadhaar scheme in 2009 to give every one of its residents a unique identity number. According to the government data, by 2014 end, more than 700 million people were issued Aadhaar numbers. The data collected during enrolment process is immediately encrypted and transmitted to the Central Identities Data Repository (CIDR) of UIDAI for processing. The methodology for generation of the unique identity number involves using certain basic demographic (name, age, gender and address) and biometric information (10 finger prints, two iris images) with a photograph to uniquely identify a resident after a process of biometric de-duplication that ensures uniqueness of a record to a high degree of accuracy, exceeding 99%. After a series of validation and quality checks, the residents’ biometrics are matched against the existing database of UIDAI to determine if the resident has previously enrolled. 3rd SECURE BFSI CONCLAVE 2015 - Special Issue 41 NEWS BRIEFS City Security and Police Modernisation Modern & tech-savvy cops: Government plans smart police station A modern reception to receive visitors, gym for police personnel, lock-ups with CCTV cover and malkhana or records rooms with modern storage system and deep freezers for forensic samples. This is home ministry’s conception of a smart police station, as per a draft prepared after Prime Minister NarendraModi pitched for smart policing in December last year. Efforts have been made to make these police stations gender sensitive, modern, smart and techno-savvysays the 34-page concept paper prepared by the home ministry, which has come up with new standards for a modern police station There should be a separate investigation room with workstations as per the paper, a malkhana with modern storage system as developed by CBI and NIA and deep freeze facilities so as to keep biological, viscera and DNA samples preserved at low temperatures. The ministry has also asked for a briefing room with the facilities of TVs, digital maps, projections and video conferencing. “All the lockups should be monitored through CCTV cameras which should be operational 24X7 as is being done in police stations in some south Indian states,” the paper says. Besides, the ministry has asked for a recreation room or gym in each police station for cops, as it is required for unwinding stress and boosting up health and morale. Karnataka budget: Stress on internal security, modernization sidelined With an increase of 10 per cent in the budgetary allocation for the home department, a major push has been given to addressing major needs in the state’s law and order situation. The budget allocation for the sector may have increased from Rs. 3,941crores to Rs. 4,372 crores to address issues like terrorism, women’s safety and surveillance, there is limited scope for police modernization and investment in futuristic technology. Among the major projects announced, a sum of Rs.50 crores has been allocated for a central command centre to coordinate anti-terror activities in the state. The ongoing surveillance improvement program in the city, following the Church Street blast case, is expected to get a boost with the government announcing Rs.8 crores for the installation of surveillance cameras. Also to improve the investigations in to the crime against women cases, 6 special units with 15 personnel, headed by an SP rank officer will be established. In other good news for Bengaluru, the B-TRAC project for finding a permanent solution to the city’s traffic woes has been extended for three more years. However, no specific amount has been earmarked for the project. Projects similar to B-TRAC will also be launched in Belgavi (Bel-trac), and Hubli-Dharwad (H-trac) for planning traffic infrastructure developments in the districts. The CM also announced the establishment of a new jail in the outskirts of Bengaluru to solve the problem of overcrowding in the city’s central jail. 42 3rd SECURE BFSI CONCLAVE 2015 - Special Issue NEWS BRIEFS Police chiefs sound alarm in wake of cuts to modernisation budget Directors-General of Police from several states have warned Home Minister Rajnath Singh that the government’s decision to slash central funding for state police forces could hit their combat capability in insurgency and terrorism-hit states. Police chiefs have also warned that the cuts will hit plans to modernise the forensics and investigative skills of their forces. The cuts to the centre’sModernisation of Police Fund (MPF), will slash about Rs 800 crore from funding for key police infrastructure—construction and upgrading of police stations, police housing, forensic science laboratories and training facilities. The cuts to the MPF were announced in the Union Budget as part of an effort contain the fiscal deficit. Now, state governments will be expected to provide their own funds for these elements of police modernisation, through the additional 10% share of central tax revenue they were granted by the Fourteenth Finance Commission. SMART CITIES Task forces for Smart Cities set up City-wise task forces have been set up by Urban Development Minister Venkaiah Naidu for drawing up concrete action plans for development of Ajmer, Allahabad and Visakhapatnam as Smart Cities. The Task Force will have representatives of the ministries of Urban Development and External Affairs, respective state governments and cities and the United States Trade Development Agency (USTDA), said a senior Urban Development Ministry official. Setting up of these Task Forces is in pursuance of the decision taken at a recent meeting between Naidu and the US Secretary of Commerce Penny Pritzker. The Task Force on Ajmer comprises Divisional Commissioner, Ajmer (Chairman), Secretaries of Town and Country Planning and Municipal Affairs in Rajasthan government, District Collector of Ajmer, Administrator of Urban Improvement Trust, Ajmer, Municipal Commissioner of Ajmer, Mayor of Ajmer besides Joint Secretary of Union Urban Development Ministry, and representatives of Ministry of External Affairs and USTDA. Allahabad Task Force comprises Divisional Commissioner (Chairman), Secretaries of Town and Country Planning and Municipal Affairs in UP government, District Magistrate, Vice-Chairman, Allahabad Development Authority, Mayor of the city besides Additional Secretary (Urban Development), Government of India and representatives of Ministry of External Affairs and USTDA. The Task Force for Visakhapatnam will be headed by Secretary (Town and Country Planning) in Andhra government, Secretary (Municipal Affairs), District Collector, Municipal Commissioner, Vice-Chairman, Visakhapatnam Urban Development Authority, Mayor of the city, Joint Secretary (Urban Development), GOI and representatives of Ministry of External Affairs, Indian Navy and USTDA. NBCC, DDA sign MoU for first smart sub-city in East Delhi The National Buildings Construction Corporation Ltd. (NBCC) and Delhi Development Authority (DDA) have signed anMoU for the first smart sub-city to come up at Karkardooma in East Delhi. As per the MoU between NBCC and DDA, the project, which will be spread over an area of 30 hectares, will be completed in phases and the first phase of construction will be completed within a period of 36 months. As per the MOU, NBCC will manage the project and a joint team of VC, DDA and CMD of NBCC will monitor its progress. 3rd SECURE BFSI CONCLAVE 2015 - Special Issue 43 NEWS BRIEFS The finalization of designs etc will be done by a Committee represented by both the Organisations and experts. NBCC shall be paid project management charges @10 percent of the final project cost (i.e. only the cost of construction and development without including the cost component of land) for coordination, supervision and monitoring of the project as per approved detailed project report. NBCC with prior written permission of the DDA may undertake marketing of the built-up space at such terms and conditions which may be mutually agreed from time to time. NBCC in consultation with DDA will finalize disposal methodology, phasing of disposal, period of disposal, rates thereof and other terms and conditions for disposal of the built-up space. NBCC shall be entitled to disposal fee @ one percent of disposal Price of such properties. However, DDA would retain authority for pricing and disposal of the property. It may be recalled that “East Delhi Hub” at Karkardooma project is the first TOD project which will be taken up and since this will be a unique mix of small size town homes, apartments, studios, residents for senior citizens including commercial, recreational etc. with world class facility etc, it is slated to change and shape the lifestyles of Delhiites as there will be more emphasis on quality living with less use of personal transport and more of pedestrian commuting. An MOU with NBCC has already been signed outlining the details of the responsibilities of NBCC and deliverables to DDA. It has been agreed by both parties that the project should be designed in such a manner that it has the advanced technology features. Fuji Electric eyes smart city, energy management projects Japanese energy efficiency solutions provider Fuji Electric is in the process of identifying smart city projects in India and Andhra Pradesh, in particular, to offer their solutions. Kazuhiko Hanaoka, General Manager, Fuji Electric, Power & Social Infrastructure Group, said that the company has been deployed in a number of smart community projects across various parts of the world including Japan, has begun a pilot project in AP. In India, the company has worked on Smart Grid in Panipat, Water Recycling System in Maharashtra, Energy Management System in Andhra Pradesh. “The challenges faced by power distribution companies in India, such as outage management, peak load management and the need to deploy smart metres, could be handled in a holistic way addressing the overall energy management efficiently,” he said. Referring to the projects under way in AP, he said it involves setting up of monitoring equipment, following this up with the energy management system. “The renewable energy sector, which is posed to grow in the country, would give us opportunities to provide integration services,” he said. Once the energy efficiency management is taken care off, the next important solution that would be useful for electric utilities is the demand supply forecast and management. This enables utilities to better manage generation demand based on the requirement and supply needs that too location-wise. 44 3rd SECURE BFSI CONCLAVE 2015 - Special Issue NEWS BRIEFS Gujarat to adopt Bengaluru model for city roads Gujarat government will adopt the Automated Traffic Enforcement (ATE) system used by Bengaluru city police.The system which aims to improve the traffic management and punish traffic law violators in major cities of the state will be launched in Ahmedabad and Jamnagar on a pilot basis. The government has allocated Rs 6 crore for the pilot project. Under the ATE system in Bengaluru city, constables note down the numbers of the offending vehicle and pass the information to the Automation Enforcement Centre equipped with computers, software and vehicle database. Enforcement surveillance cameras keep watch on the motorists crossing the stop line, breaking lane discipline, and violating other traffic rules. The offender is issued computerized challans generated under the section 133 of M V Act and it is sent to the offender by post.The traffic police also use smart phones to impose fine on the offender. This type of system helps in on-the-spot fine collection and receipt generation. Cases booked are stored in the server and repeated offenders are identified. For those who cannot pay the fine on the spot, notices are issued to them and the details are put up on the server. The registration database from the transport department is linked to the automated centre so it helps in taking action like cancelling licence of the repeated offender. ISB to develop Smart City Index for Indian cities Indian School of Business (ISB) having campuses in Mohali and Hyderabad, is working on a plan to develop a Smart City Index for Indian cities. An initiative of the Punj Lloyd Institute of Infrastructure Management at ISB, the index would be rooted in the Indian context though it has been modelled after some of the best international indices, ISB said today. The project has been conceived in such a way that it will allow comparisons among cities and rank them based on how they perform. It can assess improvements over the time and also serve as the measure of a city’s livability and smartness, it explained. A smart city is defined as one that is socially, environmentally and financially sustainable and which strives to minimise waste of resources, like energy and water, in meeting the needs of its residents. Such a city also values its citizens’ views and adopts a practice of citizen consultation in almost everything it does and will deploy technology extensively to improve the delivery of services. It is projected that will account for nearly 75 per cent of the GDP in the next 15 years. It is for this reason that the government has decided on developing 100 smart cities in the country. The Smart City Index will support this initiative of the government, the B-school explained. Kandla, JNPT to be ‘smart port cities’ At least two smart cities are expected to come up in the Special Economic Zones in two major ports in the country in the coming five years. Under the ambitious Sagarmala project, Ministry of Shipping will build at least two smart cities in the SEZs in Kandla and Jawaharlal Nehru Port Trust. “In the first phase, we plan to come up with at least two smart 3rd SECURE BFSI CONCLAVE 2015 - Special Issue 45 NEWS BRIEFS cities in ports of Kandla and JNPT, complete with affordable housing and other necessary infrastructure, wind and solar power generators for electricity generation,” said Nitin Gadkari, Minister of Shipping, after the Cabinet gave an ‘in-principle’ nod to the project, aimed at port-led development in coastal States. “We are confident that the Sagarmala project will bring down cost of export-import, boost coastal traffic, improve trade and will provide infrastructure by way of roads and rail to transfer goods from one port to another,” he said. Giving the example of high costs involved in transferring a shipment by road from Mumbai to Aurangabad vis-à-vis by ship from Mumbai to Delhi, Gadkari said, “Not only is mobility by road expensive and time consuming, but is also environment unfriendly and comes with an added risk of accidents.” The port-led development is expected to lift India’s GDP growth by 2 per cent, Gadkari said. Terming the decision as “revolutionary” Gadkari said, “An allocation of Rs4,000 crore has been made for SEZ at JNPT. Our second SEZ is proposed at Kandla port, for which we have two lakh acres of land in its possession.” Gadkari said a National Perspective Plan (NPP) for the coastline will be prepared within six months which will identify geographical regions to be created as SEZs. The Cabinet also nodded the creation of a Special Purpose Vehicle by the Ministry of Shipping, which will be funded by 12 major ports and Rail Vikas Nigam Limited. The SPV, which will improve the last mile connectivity to ports and modernise evacuation infrastructure will aim at reducing time and costs involved in cargo transfer. Gadkari further said that parliamentary nod is also being sought on the Bill to convert 101 rivers into National Waterways in the ongoing Budget Session. 24 year-old wins Indias first Smart City Contest ShubhojitMallick was adjudged as the winner of the ‘Dalmia Bharat Smart City Contest’ which was conducted in collaboration with Ashoka University and NASA Research Park based Singularity University. ShubhojitMallick won the contest for his innovative project in Bangalore that captures pollutants from automobiles using Nanocylinders to reduce pollution. The contest was conducted over two months and received several entries from across India and Asia. A first of its kind, the contest enabled Indian students to participate in the annual Global Impact Competition (GIC) of Singularity University that is conducted across various countries. The winner received a fellowship worth USD 30,000 and will also attend the Graduate Studies Program (GSP) at Singularity University, US. Singularity University has been conducting the GIC for two years across markets with a different focus and theme for every geography. In India, the contest was launched on January 2, 2015, opening a platform for Indian students to develop innovative ideas that are focused on helping further India’s dream of building 100 smart cities in the next 3-5 years. The winner will also represent India amongst other students from all over the world at Singularity University. CII inks pacts for smart city initiative Industry body CII has signed agreements with Hitachi India Ltd and Siemens Ltd to set up a National Mission that will help realise government’s vision of creating 100 Smart Cities in the country. Under the pact, CII will establish a National Mission for Smart Cities -- a platform comprising industry leaders and experts to provide “policy advocacy and thought leadership” to government and other stakeholders. with US-based Cisco Systems by the end of the month. 46 The forum will engage with central & state governments as well as other public authorities to promote the Smart City initiative, CII said. CII said it also hopes to finalise a similar agreement 3rd SECURE BFSI CONCLAVE 2015 - Special Issue NEWS BRIEFS The idea is to help form consortiums to enable Smart Cities happen, working with the state governments to see how we can bring expertise and knowledge from these countries to India to enable the vision of creating a 100 Smart Cities. Industry partners will support the Mission by generating ideas promoting Smart City concepts amongst stakeholders. They will also prepare and undertake demonstration projects, prepare prototypes to showcase best practices in various fields related to Smart City development. Sri City starts centre for smart cities A new centre for smart cities has been started at the Indian Institute of Information Technology (IIIT), at Sri City in Andhra Pradesh. M Venkaiah Naidu, Union Minister for Urban Development, Housing and Urban Poverty Alleviation inaugurated the centre in the presence of Srini Raju, Chairman, Sri City Foundation and Member Secretary, IIIT and others dignitaries. The Centre is expected to help Sri City in managing the water and power resources efficiently, besides balancing its ecosystem.Naidu said it was among the first of such initiatives by an academic institution. RavindraSannareddy, chief of Sri City said,” Centre for Smart Cities’ of IIIT would enable R&D of such technologies for building smart cities and smart villages, and aid in achieving the goals announced by central and state governments.” Haryana plans services data hub in first step to build smart cities The state government is planning to launch a separate company to maintain and manage its geo-spatial data. For this, a centralized databank will be created that will source information from 19-odd government departments. The policies of this company, as well as its formation, are being deliberated upon by the department of town and country planning (DTCP), which aims to centralize geo-spatial data and enable other government agencies impart smoother citizen services. The need for creation of ‘Haryana Urban Geo-Spatial Applications Limited’ (HUGSA), for preparedness in urban e-governance and development of smart cities, was discussed in a meeting called by the additional chief secretary to DTCP, P Raghavendra Rao, with 16 senior officials from departments including urban local bodies, DTCP, HUDA, HSIIDC, transport and MCG. According to Rao, the proposal to create a specialized agency (HUGSA) is aimed at integrating data from different departments, and to develop a technology-based platform for data-sharing and coordination among various arms of the government. If customized applications are made using this databank to cater to services offered by bodies like HUDA, HSIIDC and municipal corporations, it will improve response time and efficiency of all departments, as well as of citizen services, he said. He further said the purpose of this company is to integrate geo-spatial data (from creation to updating, management, dissemination and sharing of the data), master plans, a land-use portal, land-ownership records, data from public utility networks (including roads, water, sewerage, electricity, telecommunications) maintained and managed by various departments, local bodies, HUDA, HSIIDC, housing boards, among others. He added that the ‘draft concept note’, issued by the Union ministry of urban development on smart cities, lays great emphasis on building a GIS (geographic information system) database for selected cities/towns as well as urban e-governance. Three cities from Haryana - Gurgaon, Faridabad and Sonepat - are likely to figure in the smart city scheme list. One 3rd SECURE BFSI CONCLAVE 2015 - Special Issue 47 NEWS BRIEFS of the prerequisites of a ‘smart city’ would be to have an integrated and reliable database, which in case of Haryana could benefit HUDA, licensed colonies, the public health department, municipalities, PWD (Buildings and Roads), Delhi Metro, for future infrastructure expansion or development. Need to tap new funding sources for infrastructure: Raghuram Rajan The banking sector has already overstretched itself in lending to infrastructure, Reserve Bank of India Governor RaghuramRajan said, underscoring the need to tap new sources of funding for this industry. “Going forward, we need to develop new sources of risk capital so that our infrastructure needs can be financed with moderate amount of debt, even as we help the system deleverage,” Rajan said in his inaugural address at a conference on financial inclusion, organised as part of the RBi’s80th anniversary celebrations. India’s infrastructure funding needs were estimated at more than $1 trillion (Rs 62.60 lakh crore) over the 12th plan period ending March 2017. To meet that, tapping other sources too would be required. “Our tasks are far from over. The nation has enormous financing needs in infrastructure, and far too many of our banks already have too much exposure,” he said. Moreover, big corporate infrastructure players have also taken too much debt. The government has already allowed mutual funds and non-bank finance companies to float infrastructure debt funds to cater to this sector. Excessive reliance on the banking sector to fund infrastructure could potentially impact financial stability, Rajan warned. “The required national push to finance infrastructure should not override financial stability, which is key to national security.” 48 3rd SECURE BFSI CONCLAVE 2015 - Special Issue Not more security. Better security. For the consumer. Think of knowledge-based security as sprawl. When one level becomes ineffective, another level is added. PINs become passwords and passwords then require security questions to back them up. This is hard and stressful for the customer, and it puts them further away from completing their intended task. Voice Biometrics does away with all this. It uses the customer’s voiceprint for authentication. It can be passive, where the user can say anything and we match their voice, or it can be based on a passphrase. Either way, it’s a natural, effortless, and much more accurate way to authenticate. For the corporation. Knowledge-based security is easily compromised. The four-digit PIN is the weakest credential as it’s often shared and a brute force attack can compromise it without any knowledge of the legitimate account holder. Passwords and security questions can be successfully answered based on simple web searches . Voice Biometrics is more secure than a PIN or password, because a compromised voiceprint has no value to a hacker. Not only that, when a fraudster speaks in an IVR, call centre or mobile app, they leave behind their own voice – which can be used to identify them. Powerful Voice Solutions for Public Security Nuance is the global leader in public security solutions employing voice biometric and other speech technologies. Nuance delivers successful security solutions to government, military, intelligence and law enforcement agencies to assist in crime prevention, investigation efforts, and voice recording analysis. Nuance Identifier Nuance Forensics solution that allows agencies to quickly and easily identify known individuals through their voice within large audio data sets, as well as enroll voiceprints for individuals under surveillance or investigation to: • Identify speakers, language & gender quickly and accurately • Spot keywords spoken in over 80 different languages and dialects audio analysis Nuance Communications Nuance Communications Deepak Bhatia | T +61 2 9434 2300 Ashish Bhat | australia.nuance.com Nuance Forensics is a web-based voice biometric software solution designed to provide forensic examiners and law enforcement investigators with the ability to quickly and accurately match an individual’s identity from audio captured during a criminal investigation. • Support successful prosecutions or defence with comprehensive biometric forensic reports • Advance active investigations by biometrically linking targets with audio statements • Leverage language, dialect and gender detection capabilities to speed up investigations Brisbane Melbourne Sydney [email protected] 23,| 40 City+91 99111 81052 245 - 249 Lutwyche Rd Rd Level 11, 124 Walker St [email protected] | +91 98102 14664 Windsor QLD 4030 Southbank VIC 3006 North Sydney NSW 2060 3rd SECURE BFSI CONCLAVE 2015 - Special Issue 49 50 3rd SECURE BFSI CONCLAVE 2015 - Special Issue BANK SECURITY Tackling the Cyber Threat- Way Forward T echnology’s giant strides and its incredible success in terms of bringing more people in the ambit of a digitized and connected world need no elaboration. If the last decade of the 20th Century witnessed the advent of new age banking in India with the ubiquitous Indian customer being introduced to the concept of ATM, the first decade of the 21st Century saw the expansion of the sphere of plastic money, internet based banking or net banking as well as phone banking. Over the last five years or so, the exponential growth of smart phones, tablets and the advent of the new age of applications or app as there are commonly known as, has brought in a completely new dimension so far as spreading the reach of banking is concerned. This has been extended even more with the massive proliferation of blogging sites such as facebook and twitter. New age banking thus had to keep pace with all these developments and bring innovations to match the pace of technological developments. Today one can even operate or rather make banking transactions with twitter. With time, the reality of today is that one can and does operate a bank account from multiple platforms like the smart phone, the tablet as well as the PC or laptop. Ports have been replaced by smart applications and even though cyber banking has made life and transaction extremely convenient, it has not come without its baggage of inherent risk because of cyber related frauds. A report by the Centre for Strategic and International Studies (CSIS) in 2014 stated that the global cost of cyber crimes is to the tune of a whopping $445 billion. In fact the enormity of the impact of cyber related crimes on the banking industry can be gauged by what was reported in February this year. An article by The Telegraph of UK stated that a gang of Russia based hackers were behind a cyber heist that resulted in stealing of £650 million from some UK as well as Japan, China and US based banks, As pert the news report the modus operandi of the gang involved using malware to infiltrate into the concerned banks network and then sending data back to the hackers for months. To take another example, in 2013, it was reported how the hackers had stolen around $45 million from a couple of Gulf based banks after successfully hacking into the system of a credit card processing firm and then withdrawing money from ATMs from around 27 countries. 3rd SECURE BFSI CONCLAVE 2015 - Special Issue 51 BANK SECURITY With India continuing to be the one of the fastest growing markets for internet, net banking and digital payment industry has been growing by leaps and bounds here. Reports state that in 2013, India 800 million financial transactions through the electronic media with almost 44% of the same being through net banking. By certain estimates, the digital payment industry of India was worth nearly $20 billion in 2014. The rapid increase of mobile banking as a result of a massive proliferation of mobile telephony and popularity of smart phones have made the Indian market one of the fastest for net based banking. However, as is the case with the global trends, the proliferation of net banking and cyber world has brought with it, its own set of problems. India has been witnessing a whopping 40% increase in cyber crime annually and a substantial portion of this is related to banking as well. Cyber attacks not just by non-state actors but also state sponsored concerted cyber attacks have become a real issue. The modus operandi of the cyber criminals remain more or less the same across the world with some of the most popular method of attacks can be categorized as virus, spam mails, Trojan, malware, scare ware, phishing, fiscal fraud and carders. Criminal Processes Poor Practice Accidental Assets Governance Information Sharing Mutual Aid Reputation Traditional Regulations Coordinated Action Risk Markets Embedded Security Community People Corporate Espionage Terrorism Responses Policies Hacktivism Government Driven Values at Risk Systemic Vulnerabilities Technology Threats Source- World Economic Forum Report The impact, efficacy and indispensability of the cyber world today is such that the only way forward to make sure that on the regulatory, policy and awareness front, a considerable amount of effort is put to make sure that both organizations and governments take ample precautionary measures and sensitize the citizens so that cyber crimes can be contained if not completely done away with. While cyber attacks with time would become more of a norm than an exception, the key question that would be the determinant factor is how much the financial industry and governments would be willing to learn and invest in preventive measures, The response in this respect has to be in the realm of traditional approach such as improving the regulatory and policy measures in addition to more of information sharing and coordinated actions as well as investments in cyber security technologies. In this respect one has to accept that some positive steps have been taken by the Government of India through the creation of the Critical Information Infrastructure Protection Centre as well as coming out with a National Cyber Security Policy but more has to be done in terms of doing away with the culture of denial that exists so far as cyber crime is concerned. Disclosure of cyber attacks on organizations should ideally be made mandatory. 52 3rd SECURE BFSI CONCLAVE 2015 - Special Issue Notes 3rd SECURE BFSI CONCLAVE 2015 - Special Issue 53 Notes 54 3rd SECURE BFSI CONCLAVE 2015 - Special Issue Special Issue on the occasion of BFSI 3 SECURE CONCLAVE rd April 10th, 2015, Sofitel, Bandra Kurla Complex, Mumbai New Delhi Next to Syndicate bank, Subhanchal Hostel Building Near Vikas Sadan, INA colony New Delhi – 110 023 T: +91 11 4955 6600 F : 91-11 4373 4477 Mumbai 103/104, 10th Floor, Maker Chambar VI, Nariman Point, Mumbai - 400021 T : 91-22-43423313 33 F : 91-22-43423322 Bangalore 503, 15th Main, 7th Cross 3rd Block, Koramangala Extn Behind BDA, Bangalore – 34 T : 91-80-4125 4959 F : 91-80-4125 4958 To know more please visit www.securitywatchindia.org.in or email us at [email protected] Please Search SWI at :
© Copyright 2024