fx gsg brochure draft 3
DESCRIPTION
ÂTRANSCRIPT
FusionX Global Strategy & Governance
Cyber Security An Essential Part of the Risk Management Program
Protecting the Financial Industry
Focusing on the MENA Region
Cyber Security Targets Interconnected Banking & Financial Institutions
As financial institutions become more interconnected, their vulnerabilities to cyber risk increase
It is management’s duty to protect the bank and it’s clients from known sources of probable risk
Cyber security is becoming one of the primary concerns within multinational corporations and governments. The BIS underlined that this category of risk should be considered as a strategic management issue as well as IT.
A major concern for multinationals – These risks
are now a determining factor for the continued
sustainability and competitiveness of
interconnected businesses.
Financial institutions in particular are
increasingly faced with threats surrounding:
• Theft of banks’ & clients’ money
• Destruction of information
• Disruption of operations
• Espionage
Targeting the Middle East and North Africa
(MENA)
The MENA region is particularly susceptible to
these threats due to a lack of solid regulation
and immature information security structures,
as well as being the targets of politically
motivated attacks.
Additionally, we have witnessed sophisticated
organized criminals from other parts of the
world migrate their attacks away from western
banks and toward the MENA region, as they
present a “softer” target for not having adequate
security controls in place.
Managing Cyber Risk
Effective information security requires an
enterprise-specific design of solutions that
consider and tackle the ever evolving cyber
security risks. Since cyber security is also a
strategic risk management issue, an appropriate
corporate governance structure is required that
would serve to uphold such an investment as
part of the Board of Director’s duties towards
Risk Management.
MENA is particularly vulnerable to the lack of a preventative strategy
MENA financial institutions are becoming the primary targets of information-related criminal activities
Recent Events in the MENA region highlight the fact that protecting banking information is an immensely positive risk-management strategy.
Because North American financial institutions
and banks have hardened their computer
systems, there is an increasing trend for large,
transnational organized criminal groups
targeting MENA banks and financial centers.
This has led to the loss of large amounts of funds
from Middle Eastern banks to these organized
crime groups. In addition, hostile countries in
the region are using State-sponsored offensive
computer attacks to damage and destroy the
computer systems of rival country Central
Banks and financial centers.
Arab banks under attack
It was described as "a massive 21st-century
bank heist”. Two banks in the Middle East (one
in the United Arab Emirates and another in
Oman) were targets of a gang of cybercriminals
in the United States. In a span of 10 hours, USD
45 million was stolen by hacking into a database
of prepaid credit cards and withdrawal of
customer money from ATMs in 27 countries.
Banks in the kingdom of Saudi Arabia have also
been victims of many cyber security crimes.
Ensuring Cyber-security leads to diminishing risk exposures
Dimensions of Cyber Risk
The majority of data gathered and compiled by financial institutions and banks is done electronically. The failure to secure the organization from evolving threats can further expose them to even greater risks.
Three key cyber risks affecting banks include:
Scope of the Threat
The rate by which cyber-attacks evolve and
diversify is very high.
Industry Interconnection
The interconnection of banks and the financial
industry, which is crucial to the financial
system's functioning, is also an area of
vulnerability when it comes to cybersecurity.
Moreover, many banks, especially small and
medium sized institutions, contract with third-
party vendors and service providers to expand
their offerings and improve efficiency.
Rising Costs
Banks are paying more to strengthen their
cybersecurity protections as the risks to their
institutions grow. At the same time, launching
an attack on the industry is getting cheaper.
Technical Proposal to Banks & Financial institutions
To mitigate your bank’s cyber risks and enhance its management of them, we replicate the exact cyber-attacks that your enemies will carry out against your computer systems and network. We will then identify the vulnerabilities of your computer system and plug those holes making the system impervious to attack, thus saving your institution millions of dollars in probable losses. Specifically, we can provide the highest quality services and products in the following areas:
Periodic vulnerability assessment and tactical
penetration testing (“red cell scenarios”) of the
client’s computer network mimicking actual
cyber-attack methods of the client’s main
threats (whether national governments,
criminal groups, or terrorist groups) to ensure
the network is secure and to identify and
quickly resolve any network vulnerabilities.
An initial technical threat and vulnerability
assessment of existing computer network, both
software and hardware, with recommendations
and procurement of updated hardware and
software systems based on what the client
needs the network to meet them.
Implementation of new hardware and software
into the computer system fully integrated with
security packages, solutions and training to
ensure the computer system’s integrity and
security from all threats.
Cyber security policy, procedures and
awareness training for all personnel who will be
operating and maintaining the computer
system, and the development of an “in-house”
continuing training program.
On-demand incident response and threat
analysis support as well as access to subject
matter experts.
Evaluation of the corporate governance matrix
as far as cyber security is concerned. This
exercise will consider related reporting and
responses at all governance levels, including the
Board of Directors.
Providing a set of proposals to improve the
cyber risk governance at all levels so as to be in
line with best practices
Help the client in implementing its cyber risk
governance proposals in line with international
best practices.
A U.S. Company at the Forefront of Information Security
FusionX represents an innovative information security, technology, intelligence, and risk management
company that utilizes a unique approach providing holistic security solutions in complex environments to
counter the most advanced, ever evolving, and persistent cyber security threats.
Philosophy: FusionX’s philosophy is “we think like your adversaries and anticipate their next moves”. Its
methodology provides a flexible framework for addressing the full-spectrum of the client’s computer/cyber
security risk management issues drawing from established best practices, best-in-class technology
solutions, and unprecedented risk assessment expertise.
Specialization: FusionX specializes in the financial/banking sector, and currently has clients that are some
of the largest banks in the United States, some with over $10 trillion USD under custody. The FusionX team
regularly finds vulnerabilities that would be exploited by criminals and provides countermeasures and
mitigation strategies to prevent and deter costly cyber attacks.
The FusionX Team
Its computer/cyber security team has been working together for over 15 years to provide the highest
quality technical consulting services to international corporations and governments.
Collectively, its team has worked with hundreds of companies and government organizations (assessing
millions of systems) to address their information security concerns using comprehensive risk management
principles. They have worked with every critical infrastructure sector to provide enterprise-wide technical
vulnerability assessments including assessments of control systems (SCADA) and other critical networks
such as the government, transportation and financial services sectors.
FusionX team members come from companies like UUNET, WheelGroup, BTG, Network Solutions, Titan,
SAIC, CounterPane Internet Security, iDEFENSE, iSIGHT Partners, Security Design International, Technical
Defense, Total Intel, and Computer Sciences Corporation.
About Us
FusionX Senior Computer Expert
Specialization: He is an international security expert specializing in counterterrorism, critical infrastructure
protection, intelligence, risk management and cyber security issues.
Global Experience: He has previous computer and cyber security experience at the highest levels of several
other well-respected computer and information technology companies that operated in the U.S., China,
India, Europe and South America. This expert provided strategic consulting services to select foreign
governments and corporations on issues of information warfare and security, critical infrastructure
protection and cyber security.
Publications & Television: His research on cyber security and security lead to a widely published thesis
entitled, “National Security in the Information Age”, as well as having co-written or authored chapters for
several books, including “Cyber adversary Characterization”, “Threats in the Age of Obama”, Information
Warfare Volume 2”, and “Sun Tzu Art of War in Information Warfare”. In addition, he has appeared on
CNN, MSNBC, FOX News, NPR, CBS News, BBC Television, NWCN, Australian television and dozens of other
domestic and international radio and television programs as an expert on cyber security.
Lecturer: He is an adjunct professor at Georgetown University, and is the Founding Director of the Cyber
conflict Studies Association. Furthermore, he has lectured on the computer networks and cyber security to
the National Defense University, the Swedish, Australian, Japanese and New Zealand governments, and
various universities and colleges.
FusionX Top Computer Expert
Research & Publication: FusionX’s other expert has been recognized throughout the security industry for
his research in multiple areas including adversary profiling and software vulnerability research and
analysis.
Four books have been published by him on the topic of information security, including Cyber Adversary
Characterization – Auditing the Hacker Mind and is a contributor to the popular Stealing the Network
Series.
Lecturer & Speaker: He is a frequent speaker and subject matter expert at world-class computer and cyber
security conferences including Black Hat. In addition, he lectures at various colleges and universities on
computer issues.
Television: He is frequently called upon to provide his expert opinion to mass media organizations,
including BBC News, CNN, Reuters News, Wired and Business Week.
A Wealth of Experience In the Financial Industry, the MENA Region and Corporate Governance
Specialization: Global Strategy & Governance S.A. (GSG) provides advice on Global & Regional Strategic
Positioning, Risk Management Infrastructures, as well as Securing Strategic Corporate Governance
Principles for financial institutions and central banks.
Objective: One of its major objectives is to play a positive role in the global advancement of Risk
Management, Corporate Governance, and Corporate Social Responsibility. A special emphasis in these
fields is directed to the Arab region.
Its vision is to promote a positive socio-economic change in the Middle East and North Africa that can only
be secured through improved corporate strategic and governance rational.
The GSG Team
The GSG team consists of experienced executives, including former senior managers and regulators.
Thanks to an integrated and cohesive corporate culture, GSG helps financial institutions identify an adapted
and realistic strategic positioning.
About Us
GSG’s Leading Expert in Corporate Governance
He has directed GSG’s advisory as well as implementation client projects for various systematically
important MENA banks as well as central banks. These projects included Strategic Repositioning, Mergers
and Acquisitions.
CFO & Board Member Experience with plenty of firsts in the Arab World: Previously the CFO of one of the
top Arab bank groups in the region, he was successful in achieving several important, goals including:
• Raising the Group’s net income after tax from USD 228 million in 2003 to an estimated USD one billion
in 2008.
• The enhancement the Group’s equity from USD 2.9 billion in 2003 to an estimated USD 8 billion in 2008.
• Implementing Basel II and redesigning the Group’s related systems.
• Introducing several modern managerial tools including Asset/liability management and financial
planning concepts.
• Reorganizing the Group's operations in Europe.
• Restructuring of the operations of subsidiary and sister banks.
• Acquisitions of banking and financial institutions outside of the Group’s home country.
• Obtaining the Group an (A-) rating from the international rating agencies: Moody’s, S&P, and Fitch at
the time when the sovereign rating of the home country was (BB).
Publications: He has also published various articles focused on Corporate Governance, Risk Management,
Strategic Positioning, Sovereign Wealth funds, and Capital Adequacy.
Implementation Process Implementing integrated contemporary cyber risk management systems will enable financial institutions to enhance the profitability of existing businesses and achieve stronger control.
A brief visit to the organization (2-3 days) to
conduct a preliminary assessment surrounding
the capabilities and deficiencies of the
organizations’ technical and strategic risk
management infrastructures concerning their
cyber risks.
The client will be sent a proposal detailing the
current status of the institution regarding the
above and proposed plans of action, along with
a detailed pricing for implementation.
Implementation incorporates best-practices.
A gradual implementation of the strategy will be
agreed upon, specifying a clear list of tasks and
time planning. This should identify each
strategic objective, resources needed for its
implementation and the needed time frame to
accomplish it.
An appropriate and organizational
implementation task force will be formed that
will direct and oversee the implementation of
the proposal.
FusionX [email protected] Reston – Arlington – Seattle – Kansas City United States t : + 1 888 7475 411 f : + 41 22 317 9659
Global Strategy & Governance S.A. [email protected] P.O. Box 348 CH-1211 Geneva 3 Switzerland t : + 41 22 317 9650 f : + 41 22 317 9659
P.O. Box 212989 11121-Amman Jordan t : + 962 6 565 2642 f : + 962 6 567 6016