Dinar Daily
Welcome to Dinar Daily Discussions.

Logging in with your USERNAME allows you to participate in discussions, see what has recently been posted, and other options. Guests can post but they do have limited abilities.

We are NOT a guru forum. We are a dinarian forum. The opinions expressed on the forum do not reflect the of opinion of Dinar Daily specifically, but rather reflect the views of the individual posters only.

Disclamer:

We are in compliance with, "Copyright Disclaimer Under Section 107 of the Copyright Act 1976, allowance is made for "fair use" for purposes such as criticism, comment, news reporting, teaching, scholarship, and research. Fair use is a use permitted by copyright statute that might otherwise be infringing. Non-profit, educational or personal use tips the balance in favor of fair use."


Get Daily Updates of the NEWS & GURUS in your EMAIL
CHECK YOUR EMAIL for VERIFICATION

Enter your email address:

ARAB MONETARY FUND ISSUES FOURTH ISSUE OF "POLICY BRIEF" SERIES ON "CYBERSECURITY IN THE BANKING SECTOR" DinarDailyUpdates?bg=330099&fg=FFFFFF&anim=1

Key Words
Adam Montana, AdminBill, Benjamin Fulford, Currency Exchange, David Schmidt, Dinar, Dinar Guru, Dinar Recaps, Dinar Rv, Dinar Scam, Dr Clarke, Frank26, Gary Larrabee, Gurus, Guru Hunters, JerzyBabkowski, Kaperoni, Kenny, Monetary Reform, Mnt Goat, My Ladies, Okie, Poppy, RamblerNash, Ray Renfrow, Redenomination, Revaluation, Ssmith, TNTBS, Tnt Tony, WING IT, We Are The People, Willis Clark, WSOMN, Yosef, Zap

ARAB MONETARY FUND ISSUES FOURTH ISSUE OF "POLICY BRIEF" SERIES ON "CYBERSECURITY IN THE BANKING SECTOR"

Post new topic   Reply to topic

Go down

ARAB MONETARY FUND ISSUES FOURTH ISSUE OF "POLICY BRIEF" SERIES ON "CYBERSECURITY IN THE BANKING SECTOR" Empty ARAB MONETARY FUND ISSUES FOURTH ISSUE OF "POLICY BRIEF" SERIES ON "CYBERSECURITY IN THE BANKING SECTOR"

Post by claud39 on Mon Jul 08, 2019 8:05 am

ARAB MONETARY FUND ISSUES FOURTH ISSUE OF "POLICY BRIEF" SERIES ON "CYBERSECURITY IN THE BANKING SECTOR"




2019-07-08



ARAB MONETARY FUND ISSUES FOURTH ISSUE OF "POLICY BRIEF" SERIES ON "CYBERSECURITY IN THE BANKING SECTOR" Logo-ar








Arab Monetary Fund

Issue No. 4 of the series " Cybersecurity in the banking sector "

The financial services sector is experiencing 65% more cyber attacks than other sectors, according to World Bank estimates

            The cost of cyber attacks in the financial services sector could reach an estimated $ 270 to $ 350 billion a year if the breadth of its spread according to estimates of the International Monetary Fund

            Regulatory Instructions for Arab Central Banks obligates banks to establish a list of instructions to secure electronic applications, the most important of which are the installation of protection programs against hacking

 

As part of its interest in developing its research activities, the Arab Monetary Fund launched a new periodic research series entitled "Policy Brief", which aims to support the decision-making process in the Arab countries by providing brief research publications that address the most important priorities and topics of interest to member countries with recommendations to policy makers. 

The fourth issue of this series dealt with the topic " Cybersecurity in the banking sector"He pointed out that ICT opportunities pose a particular challenge for banking institutions, as they continue to innovate in finding and introducing new ways of reaching customers, while at the same time they are exposed to new risks. Disrupts financial services necessary for national and international financial systems, undermines security and trust, and jeopardizes financial stability Cyber ​​attacks pose a threat to the entire financial system, confirmed by international and regional reports The number of customers who experienced cyber attacks in 2016 was about 65 percent, an increase of about 29 percent over the previous year, according to a World Bank report. As a result, in recognition of the threats posed by cybercrime and the importance of enhancing the ability of banking systems to withstand and hedge these risks, regulatory authorities worldwide have taken regulatory and supervisory steps aimed at avoiding the impact of these cyber risks on banks. In this regard, the Arab central banks issued instructions and circulars in which banks are urged to strengthen their capabilities to counter these cyber attacks.

The fourth issue of the Arab Monetary Fund's policy brief indicated that most opinions differed on how to regulate Internet risk. One suggested that the evolving nature of cybercrime was not specifically regulated, and cyber issues could be addressed from During the current regulations relating to both operational risks and techniques. The other view is that there is an urgent need for an organizational structure to deal with the unique nature of electronic risk, given the increasing threats resulting from the recent intense shift towards a digital financial sector . The evolution of cybercrime motivates financial institutions to continuously and intensively seek to take preventive action against such risks through regulations that make these procedures more visible to the boards of directors of these institutions, creating a greater incentive to continuously invest in improving cybersecurity . In addition, the inclusion of cyber risks within the operational risks of financial institutions is considered inadequate. Banking controls require the inclusion of bank risk strategies and policies, which are regularly reviewed by the boards of directors of these banks with increased risk Cyber.

In this context, the summary dealt with the aspects related to cybersecurity within the framework of the operational risks of the Arab central banks by addressing a number of axes:


  • General control framework for the risks associated with the security of information systems and cyberspace.

  • Organize and manage online accounts and banking.

  • Proof of identity online.

  • Controls and instructions for managing the regulatory password (Password) .

  • Money transfers through Internet services.

  • Confidentiality and integrity of information.

  • Secure electronic applications used in the provision of banking services and transactions through the Internet.

  • Risks related to the security of information systems and cyberspace.

  • Cooperation and coordination with other cross-border regulatory authorities and partners in the IT industry.



In this context, the fourth issue of this summary pointed out some of the policy implications of seeking to overcome the challenges in the field of security of information systems and cyberspace in the Arab countries, the most important of which are :


  • The importance of monitoring institutions and institutions to provide high-level training courses and seminars, workshops and conferences with the participation of international companies and institutions in the field of information technology to inform the technical staff to the latest technologies to keep abreast of the rapid development and knowledge of modern technologies in the field of electronic services at the global level. In order to create high-level technical cadres capable of addressing the new challenges associated with these techniques and how to overcome them .

  • The importance of the establishment of Arab regulatory bodies to a clear monitoring mechanism for banks and financial institutions to ensure the existence of controls and policies to achieve cybersecurity .

  • The importance for financial institutions and banks in the Arab countries on the latest technology both in terms ofhardware ( the Hardware ), or software ( Software ) to cope with the latest developments and methods in the field of attacks , international electronic piracy, with a view to the acquisition of a security wall more effectively able to address the latest methods used in this regard .

  • The importance of developing cyber security specialization in Arab universities specialized in the field of information technology, similar to the international universities, in order to create specialized Arab cadres of high level in this field.

  • The regulatory authorities in the Arab countries shall issue the regulations and regulations for banks and financial institutions to conduct contracts for third parties concerned with the security of information systems, subject to those companies that are outsourced to strict control by the Arab security agencies to eliminate fraud and piracy on the systems. In those banks and institutions.

  • The importance of Arab banks and financial institutions allocating sufficient resources and allocations to obtain the latest technologies in the field of information systems security and cyberspace, which are characterized by a significant increase in the cost of acquisition.

  • To increase customer awareness through audio and video programs and educational seminars to raise the level of cybersecurity culture in the financial and banking sector in order to understand the regulations and instructions related to the security of information systems and cyberspace.



 

The full version of  

[url=https://www.amf.org.ae/sites/default/files/%D8%A7%D9%84%D8%B9%D8%AF%D8%AF %284%29 - %D8%A3%D9%85%D9%86 %D8%A7%D9%84%D9%81%D8%B6%D8%A7%D8%A1 %D8%A7%D9%84%D8%B3%D9%8A%D8%A8%D8%B1%D8%A7%D9%86%D9%8A.pdf]Cybersecurity in the banking sector[/url]




[url=https://www.amf.org.ae/sites/default/files/%D8%A7%D9%84%D8%B9%D8%AF%D8%AF %284%29 - %D8%A3%D9%85%D9%86 %D8%A7%D9%84%D9%81%D8%B6%D8%A7%D8%A1 %D8%A7%D9%84%D8%B3%D9%8A%D8%A8%D8%B1%D8%A7%D9%86%D9%8A.pdf]https://www.amf.org.ae/sites/default/files/%D8%A7%D9%84%D8%B9%D8%AF%D8%AF%20%284%29%20-%20%D8%A3%D9%85%D9%86%20%D8%A7%D9%84%D9%81%D8%B6%D8%A7%D8%A1%20%D8%A7%D9%84%D8%B3%D9%8A%D8%A8%D8%B1%D8%A7%D9%86%D9%8A.pdf[/url]











https://www.amf.org.ae/ar/content/%D8%B5%D9%86%D9%80%D9%80%D9%80%D9%80%D8%AF%D9%88%D9%82-%D8%A7%D9%84%D9%86%D9%82%D8%AF-%D8%A7%D9%84%D8%B9%D8%B1%D8%A8%D9%8A-%D9%8A%D8%B5%D9%80%D9%80%D9%80%D9%80%D8%AF%D8%B1-%D8%A7%D9%84%D8%B9%D8%AF%D8%AF-%D8%A7%D9%84%D8%B1%D8%A7%D8%A8%D8%B9-%D9%85%D9%86-%D8%B3%D9%84%D8%B3%D9%84%D8%A9-%D9%85%D9%88%D8%AC%D8%B2-%D8%B3%D9%8A%D8%A7%D8%B3%D8%A7%D8%AA-%D8%AD%D9%88%D9%84-%D8%A3%D9%85%D9%86-%D8%A7%D9%84%D9%81%D8%B6%D8%A7%D8%A1-%D8%A7%D9%84%D8%B3%D9%8A%D8%A8%D8%B1%D8%A7%D9%86%D9%8A
claud39
claud39
VIP Member
VIP Member

Posts : 7988
Join date : 2018-11-04

View user profile

Back to top Go down

ARAB MONETARY FUND ISSUES FOURTH ISSUE OF "POLICY BRIEF" SERIES ON "CYBERSECURITY IN THE BANKING SECTOR" Empty Re: ARAB MONETARY FUND ISSUES FOURTH ISSUE OF "POLICY BRIEF" SERIES ON "CYBERSECURITY IN THE BANKING SECTOR"

Post by claud39 on Mon Jul 08, 2019 8:31 am

Policy Brief: Issue 4
June 2019
Preparation:
Dr.. Mohammed Ismail

Cybersecurity in the banking sector

o Financial services sector Cyber ​​attacks outperform other sectors by 65% ​​according to World Bank estimates.
o The cost of cyber attacks in the financial services sector could reach an estimated $ 270- $ 350 billion per year if the scope is expanded
According to IMF estimates.
o Incorporating cyber risks within the framework of the operational risks of financial institutions alone is not enough, as banks need to be adopted
Reliable and enhanced cyber security strategies.
o Supervisory instructions for Arab central banks require banks to develop a list of instructions to secure electronic applications, most importantly
Install intrusion protection software.
o Requiring Arab banks to perform stress testing to determine the extent of the effects of any successful piracy
Exposed to their electronic systems.
o The importance of continuous efforts to strengthen the supervisory authorities' capacity to control the risks of cyber security and to build cadres in this field.



First: Submission
It has enabled the remarkable development of the financial technology industry
Many opportunities for banks to enhance the level of services
Provided to customers through innovative new channels away from channels
Traditional banks used to provide banking services
To its customers, thereby radically changing the way the sector operates
The banker. Technical development has contributed to banks' offering
Banking services through electronic transactions
Saving time, money and effort through these channels
The new innovative.
The opportunities created by ICTs represent
Banking institutions, while continuing to innovate
A special challenge
In finding and introducing new ways to reach customers, those
At the same time enterprises are exposed to new risks. whereas
Malicious use of ICT can result
To disrupt the necessary financial services for national financial systems
Undermining security and trust, and jeopardizing financial stability
At risk. Cyber ​​attacks pose a threat to the financial system
In a whole, a fact confirmed by reports in this regard

1 World Bank, (2018). "Cybersecurity, Cyber ​​Risk and
Financial Sector Regulation and Supervision ", Feb.
International, regional and local levels. In this context, refer
World Bank reports focus on cyber attacks in the sector
Financial services witnessed in 2016 cyber attacks outweigh
Sectors by 65 per cent, representing an increase of 29 per cent
1 per cent over the previous year
.
The International Monetary Fund (IMF) estimates the cost
Resulting from cyber attacks in the financial sectors of reality
The losses caused by actual attacks in 50 countries around the world
The average annual potential loss of cyber attacks has been
Which is estimated to be about 9 per cent of net bank income
Globally, or about $ 100 billion in some case
These attacks were similar to those of the former. In a severe scenario
Severity - where the frequency of cyber attacks is twice as high
Compared with its past record with greater scale spread
Losses - Losses can be up to three times that
2 level, or between $ 270 billion and $ 350 billion
.
2 Lagarde C., (2018). "Estimating Cyber ​​Risk for the
Financial Sector ", IMF Blog, June.

Cost of potential losses of cyber attacks
In the financial services sector (as a percentage of net annual income)
Lagarde C., (2018). "Estimating Cyber ​​Risk for the Financial
Sector ", IMF Blog, June.
Threatened
As a result, the recognition of risks
And the importance of enhancing the capacity of banking institutions
Bearing these risks and hedging them, the regulatory authorities have taken
Worldwide regulatory and supervisory steps aimed at avoiding
The impact of cyber risks on the banking sector. In this regard
Arab Central Banks issued instructions and circulars
Banking in which banks are urged to strengthen their capabilities to cope
Those cyber attacks.
Second: The importance of having specific criteria governing cyber risks
Opinions differ about how Internet risk is regulated, as it sees
Some of them that the evolving nature of cyber hazards are not scalable
And cyber-related issues,
Issues can be addressed through existing regulations
Of operational risks and techniques in the banking sector. As indicated
Others, that there is an urgent need for an organizational structure
To deal with the unique nature of cybercrime
To the increasing threats resulting from the intense shift towards a sector
Digital financial resources.
The evolution of cybercrime motivates institutions
Finance the ongoing and intensive search for preventive action
Of those risks through regulations that make these procedures more effective
To the boards of directors of those institutions, which leads
To create a greater incentive to invest continuously in enhancing security
Cyberspace.
In addition, the inclusion of cyber risks within risks
The operational of financial institutions is considered inadequate, as the standards
Control of banks requires the importance of including strategies
Their policies are a special part of risk management
Are reviewed regularly by the boards of directors of banks
With an increased risk of cybercrime.
III. INTEGRATED INTERNATIONAL FRAMEWORKS AND STANDARDS:
International standards and frameworks cover cybercrime
next:
(Cyber-governance): Governance. 1
This physical asset is the most important element of a security strategy
So that each financial institution puts a security strategy
Risk management exercises
The Sajjibrani special in accordance with
Masawatandah to the initiators. Supervisors review these
Strategies as part of their assessment of public practices
To manage risks in institutions. As all parties
The audit emphasizes the importance of roles and responsibilities
And special controls related to e-governance. In addition to
The importance of developing the cultural awareness of the Syrian security of customers
During the financial sector.
It also emphasizes the importance of the availability of qualified cadres
Assume the responsibilities and carry out the functions assigned to it
Cybersecurity.
2. Concepts of risk management, testing and how to overcome
(Approaches to risk management, Violations
testing and incident response and
 : recovery)
This axis has four main concepts: roads
Resistance to cyber-security (cyber-resiliency),
Information security and methods of testing and evaluation of information
In general, the importance of resilience to risk aversion,
Cybersecurity standards and flexibility.

3. Communicating and exchanging information
 : and sharing of information)
Among the common relationships to continue in the field
Sharing the most important practices in cybersecurity is considered
Inter-bank information sharing and partnership between the Bank
And regulators, and share that information with the agencies
Security is one of the most familiar of these issues
the field.
Figure (2)
Different types of communication in cybersecurity
The numbered circles next to the arrows indicate the "types" of info sharing.
Source: Basel Committee on Banking Supervision.
4. Outsourcing the security of information systems and electronic systems to one side
: (Interconnections with third parties) Third
The extensive use of third-party outsourcing services increases
Of the challenge to the regulators and regulators of the population
A full vision of the applicable controls and risk appetite.
The communion of the servants of the Thaathaat in the Kaaba of Ashkakaal
(Including outsourcing services)
 Services, cloud computing services)
Standard and non-standard products that are not normally considered
External power supplies, and power supply lines
Social and commercial programs, etc.,

This section is based on a questionnaire prepared by the Arab Monetary Fund in this regard and completed by 3
Ya
Specialized in central banks and Arab monetary institutions.
(Financial or non-financial institutions)
International financial issues (such as payment and taxation systems,
Trading Platforms, Central Securities Trustees
(Central counterparties).
IV. Aspects of cybersecurity in the framework of
Operational Risk for Arab Central Banks
1. General regulatory framework for risks associated with the security of systems
Information and cyberspace:
Regulatory directives are consistent with most of the policies
Regulatory framework in the Arab countries, especially in relation to the risk framework
, With its operational component (Risks Operational)
Information systems and e-security
The Iraqi sector determines the standards required for the two seasons
Security of banking transactions executed through cyberspace.
In most Arab countries, these circulars address specific instructions
Management of information and technology, e-risk,
And performing the tasks through the Internet. As Chamal
They also have education related to the management of e-workers' risks
The rapprochement between the enemy and the confrontation, and the moderation of the confrontation with the reckless attack
And risk aversion to the PRI
E-mail.
In addition to that, most of the central Arab cities are located
To control the risks of testing
Demonstrate the banks' ability to address the risks of space security
E-mail. There are instructions from regulatory authorities
 مقاورة
These banks are required to include risk strategies
Related to the
By the Boards of Directors of Banks, Attara
Electronic and information systems systems
(Cyber ​​attacks) are verified
During the control processes, which are carried out periodically, including the overall
The existence of SAAISAA and risk management governance
In most Arab countries. So that the procedures for determining
Love, protection, threats and dealing with threats,
Plans for recovery (plans recovery) and appointment of an administrator


About Security Information Security Information Chief [
Officer (CISO)].
In respect of regulatory directives issued by governments
In most Arab countries, which are imposed on
Security practices of information systems and electronic systems
For the third party, this is the case
Instructions Arab banks are required to conclude binding agreements (with
(Adequate liability terms) and adequate control,
The regulations and procedures are based on the Party's expectations
The third is sufficient and does not pose any security threat to the electronic system
Of the Bank.
This is in addition to the issuance of these authorities in the Arab countries
Many instructions are to be followed when performing operations
External outsourcing of IT services and services
Internet presence, the most important of which is the presence of workers
 Linked to
The quality of the servers is as follows:
Outsourcing companies, as well as periodic operations
To assess the risks associated with contracting with the providers of such services.
It should be noted that there are some central features
Arab countries that impose their prior consent
Before signing the contract with any external company equipped for those services
At the level of all financial institutions.
2. Organization and management of accounts and banking services provided via
The Internet
Some Arab countries allow customers to create or open accounts
Through the Bank's website
In the absence of a number of controls and instructions in the group of banks
And customer. In this framework, the customer will carry out the transactions of the bonds
Required to open the account through electronic accounts
D. After it is done
So that the actual operation of the client's account is not taken into account
Signature of the client to visit the relevant bank.
The customer is committed to following the relevant conditions and provisions
You can immediately report your concerns to third parties
In an unintended manner. The bank's responsibilities are to take action
Considerations necessary to maintain data integrity
The lives of clients are documented and verified by the stubbornness of the workers
Internet banking.
This is true, while the other Arab countries do not agree with the client
By opening or opening a computer network through the Internet
Of the instructions issued by the regulatory authorities in those countries
Because it is
Countries, the banks are committed to avoiding new customers
The opening of the Masaarvi Basaat using the bank's website on Shaaabka
The Internet. In such circumstances, the application shall be applied
Customer identification and customer identification rules
To combat money laundering and the financing of poverty alleviation
Regulatory authorities in this regard.
For customers who wish to benefit from the services
Through banks, banks are involved in this process
Submit a manual signature from the customer on a form
Request for service containing the customer's primary data
Such as mobile phones, mobile phones, and mobile phones
(Land, land and land), and requirements are applied
And provisions that define rights and obligations between assets
And customers clearly.
Kamaaa adheres to Almsaadarf in most of the Arab Idol, and Viva
Of the instructions issued by the regulatory authorities, by applying methods
Can be relied upon to verify the identity and validity of customers
Who wish to participate in the Internet banking services. addition
Banks are committed to implementing all procedures and controls
Which enables it to identify those involved in any transactions
Electronic transactions linked to bank accounts, in such cases
In which more than one benefit is agreed upon in dealing with Hassa
One. The banks are also committed to all levels
The legal instruments required to establish the mandate of the authorities
For transactions to deal with accountabilities
Legal entities. Banks must also be in most Arab countries
Conducting the necessary self-validation measures
The client when requesting any modifications to the relevant data
Or modify any data
Used by the customer to follow up on his bank accounts.


3. Means of identification through the Internet
Most banks in the Arab region rely on the principles of principle
(Tow Factor Authentication)
To verify the identity of the customer who is assisted by the Masrafian services
Through the Internet, where the central banks of countries
The Arabic language is the regulatory authority on the Masarafi system
Technical and security assessment of the banking services provided by
Banks online. That is particularly true with regard to the Sahariyya
Identification, and identity verification prior to service delivery
For the aged. The Secretariat also conducts the security assessment of the servers
 Through which they will participate in accordance with the procedures
The
The rules are applicable to the internal control of each bank
And to measure the effectiveness of performance and the technical issues involved
To verify the identity of the client and to measure indicators of incident exposure
Information security. Most of the banks are in banks
Arab countries, using specialized companies to conduct a study
And to assess the readiness of WFP to contribute to policy
The process is done
For hacking, cracking and malware programs. Often
Customers are encouraged to use the software in most of their applications
The Arab countries through the Bank's direct and direct approval
To the customer's mobile phone number.
As well as the instructions and circulars issued by the accounts
In most Arab countries, that all should
Banks have a maximum limit of false attempts to enter
The website of the bank, with no more than 3 attempts
Wrong one day, and then bank transactions are stopped
Electronic. The service is only reactivated
Through secure channels such as customer access to the center
And ensure compliance with the procedures adopted by the Bank
Required for identity verification.
4. Controls and instructions for password management
(Password)
Instructions for most
According to the central banks
Arabic, each bank must take into account the regulatory measures
When dealing with the customer's special word, so that it is done
The application of dual control and the separation between the construction process
The customer's words and their timings to customers and the process of activating accounts
Internet banking services, and enhanced secure word creation
The secret is to ensure that they are not exposed. Also be sure to
The words of the bees are not processed, stored, or stored
As a clear text, give instructions to users and system administrators
To change the password of the password immediately upon entry
To the system for the first time, and determine the duration of the word Al-Sayar from
Al-Masaharif side. The bank must also obligate the customer not to
Use the expired password to be valid again, and enforce
They use complicated words, and their explanations are used automatically
ChavaFire is powerful in its use of high-tech technologies, maintaining
Oh . Secure during delivery to the customer either by hand or electron
With respect to the instructions and specializations related to the word "bad"
Which are used for one-time and outgoing devices using codes
(OTP), most of the central resources have been established
Arab countries have the lowest acute demand in the Arab world
The one-time word, that a word should not be less than one word
The password is for 6 characters and the validity period is not to exceed
Period 90 seconds. Also make sure that your system is created
The word "good" provides adequate aphrodisiacs of symbolic values ​​in this
Show.
For security codes (PINs), circulars issued by
The majority of the regulatory authorities in the Arab countries must be at least
The number of symbols of the symbols of the Armenians is 4 days
It is difficult to predict the Arkam. It also has to be sharp
Please enter the wrong number to enter the number
More than five attempts. In addition, it must
The banks and the absence of procedures for clarifying the numbers
The revival of the symbols of the dead Oman,
And change the bank number at first use
Issued by the Bank.
5. Transfer of funds through Internet services
The controls and instructions required by most administrations are required
Supervisory in the Arab countries banks that offer conversion service
Funds from customers' accounts to the accounts of other parties
Through the Internet, to establish appropriate controls to assist
To reduce the level of risk associated with that service to reach
To acceptable and acceptable approval of the banks. And Agath died of Thalk

Password FAQ Calendar Mark Forums Read للمصاااارف اساااتخدام وساااايلة تصاااديق mono أو
Double transfers of funds between private accounts
For the same customer within the scope of its State, and at the Sasaadad
Commitments related to credit or loan issues
Of the customer. As recommended by the supervisory authorities
Banks apply double control to money transfers
To the other parties, so as to comply
The Bank has a daily limit for remittances
Of their customers' accounts for two more years
There is a conflict with any other limits determined by the banks
In this section. As required by those instructions
Some Arab countries prohibit the transfer of funds outside the state via
The Internet does not comply with the instructions issued by the Internet
In this regard.
6. Confidentiality and information integrity
The instructions issued by the Central Arab Courts are required
All measures to take all security measures and measures
To ensure safe and secure customer information, where you must
The Bank undertakes a risk assessment to identify potential risks
And the taking of the necessary measures to protect them. As it does
Central banks set specific standards for tools and programs
The protection that the bank must use, such as good words
Financial services, and services provided through
The Internet, and other such information
Customers.
These are the regulations and instructions issued by the authorities
Arab Center for Information and Information Technology
Which is covered by the Internet, in the security and safety of data security
The organizations, for the most part, obfuscate customer information
Systems that can not be accessed by non-interlocutors,
As well as the importance of maintaining customer data and keeping it safe. as such
The application of instructions addresses the importance of reliability and availability of objects
Online banking to provide instant access
To systems for users and to maintain effectiveness in the system
As well as the importance of a more proactive approach to Kashawaf
Potential fraudulent transactions. In addition, they do
Circulars issued by those regulatory authorities and the means to achieve
Through the harmonization of standard operating procedures
It also provides all possible tracking possibilities
Transactions.
7. Ensuring the electronic applications used in the provision of services
And banking transactions through the Internet
Most of the central banks in the Arab countries have developed a situation
A list of instructions for securing your electronic applications
In banks, it is most important to install protection programs to maintain these
Applications from penetration, then to the tests
(Before and after installation)
Instructions to the banks to assess the points of Dhahaf
In applications at least twice a day, and work
A plan to reduce the double points and share the plan with
Senior management. Add to many instructions and controls
And others that come to the attention of electronic applications
Used in banks for breaches.
Some countries have issued circulars emphasizing the importance of following a methodology
Ensuring that security requirements and quality requirements are met
The system is designed to support the
(Cycle Life Development), to meet standards
International standards, and to provide linkages
Class protection (or depth)
By activating protection controls at the levels of: networks,
Server systems, servers, routing systems, applications,
In addition to providing physical and environmental protection controls. as such
Banks should apply the principles and rules of governance
To manage information technology within the bank.
8. Risks associated with the security of information and space systems
Cyberspace
Arab central banks impose on banks to carry out
Perform testing stress to determine the size
The implications of the success of any transactions
Electronic systems of such banks, on an annual basis
Or passive texts. As the bank must, in accordance with the instructions
Control of this report, to report breaches
And any electronic piracy within one hour of its occurrence
Some Arab countries (reporting event-Cyber, (in


One or two days are more likely to be exposed in some cases
Other Arab countries, and to match cases of violations
Of cybersecurity that result in losses
Concrete to customers and adversely affect. On the Bank's operations
9. Cooperate and coordinate with other regulatory authorities through
Boundaries and partners in the IT industry
Cooperation between Arab central banks and institutions
Regional and regulatory authorities abroad
The grassroots in the different Aljajan encounter experiences
And to identify the most important findings of these institutions in the field
Development of electronic security in the financial sector. Where is your life
Arab supervisory authorities in workshops held
Regional and international perspectives on information security
With a view to exchanging experiences, discussing challenges and uniting efforts in the field
Cybersecurity. As it is done, by being present in such
These events, the exchange of information on the attacks of the Sahara
The snakes or the titillation that the Qataaa faces
Al-Masaharafi Baladol Arabiya, Bahad recognize the moderation
In order to meet the requirements of the agreements and procedures, procedures are required
And security precautions. As well as to some standards
Arab Centralization with the Central Bank
By holding electronic meetings / meetings
To discuss the most important and effective means of protection against the cyber attacks
And means of insurance and protection.
In addition to cooperation and coordination with various institutions
And research centers through the signing of the Convention on Tobacco Control
Development and cooperation to search for Saabel development of information security
In the Qataa'a al-Maa'ali. The events of some of the Arab Idol
In coordination with the Ministries of Education and Technology,
Security and information security risks in the Ministry's curricula
With different benchmarks to raise awareness on technology and security
the information. As well as the establishment of the central Arab settlement
In coordination with local regulators to implement strategies
National laws and laws adopted in Arab countries.
Fifth: Building regulatory capacities and challenges in the field of systems security
Information and cyberspace
Arab central banks are training and strengthening capacities
In the security sector in the security sector
In accordance with the recommendations and decisions
Of international institutions in this matter.
Through the training of security personnel
And participate in training courses (internal and external).
Information security. In addition to training programs
Which is specialized in cybersecurity for workers from inside and outside
The Masarah sector to develop national skills and competencies
Under the supervision of international companies specialized in this field.
Trainees undergo intensive training programs
See the latest news, tools, and technologies
To field training and professional testing. As some do
The Central Bank of Saudi Arabia directs the Masharafi sector
In order to intensify efforts to prepare and strengthen capacities
Pashawaraya in Haza al-Majaal and Thalak through the support of education
Academic and external study missions
Higher academic degrees from prestigious foreign universities.
In this context, the most important challenges facing States are
Arabic in this regard in:
• Rapid development in the field of information technology and accreditation
Increasing techniques to do most financial operations, which
Increases exposure to threats and accidents
Electronic.
• Attacks and international hacking attacks
It has banks in some Arab countries and banks in
And the effectiveness of the security wall in this regard.
• Modernity of the concept of cybersecurity at the level of States
And the need to strengthen banking expertise in this area
In some Arab countries.
• Ensure cybersecurity is achieved when banks are established
Contracts for third parties dealing with the security of systems
Information, to reduce the existence of fraud and piracy
On the electronic systems in those banks.

• The relatively high cost of implementing systems security techniques
Information and cyberspace significantly.
• The difficulty of applying security controls to information and space systems
Vulnerability to cybersecurity culture
Cyberspace view given
Some workers in the financial and banking sector.
• The need for a clear monitoring mechanism for banks
Financial companies to ensure the existence of controls and policies
To achieve cybersecurity.
Fourth: policy implications
• The importance of regulatory bodies and institutions providing
High-level training courses and seminars,
Workshops and conferences with the participation of companies
And advanced international institutions in the field of technologies
The information foresight technical staff on the latest technology
To keep pace with the rapid development and knowledge of modern technologies
In the field of electronic services at the global level.
With the aim of creating high technical cadres capable of addressing
The new challenges associated with these techniques and how to overcome them
on her.
• The importance of establishing the Arab regulatory bodies as a supervisory mechanism
Clear to banks and financial institutions to make sure
• The existence of controls and policies to achieve cybersecurity.
• Importance of obtaining financial institutions and banks in countries
Arabic on the latest modern technology both regarding
Hardware, Software,
To meet the latest developments and methods in the field
Attacks and cybercrime, with the aim of acquiring
A more effective security wall capable of coping with the latest
In this regard.
• The importance of developing cybersecurity specialization in
Arab universities specializing in technology
Information as in international universities, with a view to creating
Specialized high - level Arab cadres in
this field.
• The establishment of regulatory bodies in Arab countries
Issuing instructions and rules governing the establishment of
Banks and financial institutions to conduct contracts for parties
The third is concerned with the security of information systems, subject to those
Companies that are outsourcing to them are strictly controlled by
Arab security agencies to eliminate fraud
And piracy on electronic systems in those banks
And institutions.
• The importance of Arab banks and financial institutions
Allocate adequate resources and allocations to obtain
The latest technologies in the field of information systems security
And cyber space, where these technologies are high
Observed in the cost of their acquisition.
• To increase awareness among customers through
Audio and video programs and educational seminars to raise
The level of cybersecurity culture among dealers
In the financial and banking sector, with a view to understanding the controls
And instructions on the security of information and space systems
Cyberspace.
• Stress the importance of stress testing
Partial and overall implications of cybercrime risk
Banks.
For other versions of this series please
 Through
To the IMF
J
Wen
Visit the website
Yale
The following link:
www.amf.org.ae
Issued from this series:
• Promotion of sprinklers • Number one: micrographs
Arab countries through increased opportunities
J

And medium p
Access to funding. ) March 2019.)
• Digitalization of public finances. )April
J

No. 2, 2019.)
 Z • Yep. )May
Third issue: Justice 2019.)
June)
J

Issue 4: Space Security 2019.)



[url=https://www.amf.org.ae/sites/default/files/%D8%A7%D9%84%D8%B9%D8%AF%D8%AF %284%29 - %D8%A3%D9%85%D9%86 %D8%A7%D9%84%D9%81%D8%B6%D8%A7%D8%A1 %D8%A7%D9%84%D8%B3%D9%8A%D8%A8%D8%B1%D8%A7%D9%86%D9%8A.pdf]https://www.amf.org.ae/sites/default/files/%D8%A7%D9%84%D8%B9%D8%AF%D8%AF%20%284%29%20-%20%D8%A3%D9%85%D9%86%20%D8%A7%D9%84%D9%81%D8%B6%D8%A7%D8%A1%20%D8%A7%D9%84%D8%B3%D9%8A%D8%A8%D8%B1%D8%A7%D9%86%D9%8A.pdf[/url]
claud39
claud39
VIP Member
VIP Member

Posts : 7988
Join date : 2018-11-04

View user profile

Back to top Go down

Back to top


 
Permissions in this forum:
You can reply to topics in this forum