Abstract
This chapter describes some standards and norms and best practices related to ICT security used within the financial services industry in the Netherlands. Although some of the best practices are sector specific, such as ATM security measures, we assume that most of the ICT security challenges for banks are similar to the challenges of the energy sector. Therefore, we hope that this paper will bring up new ideas for those who are responsible for ICT security in the energy sector. Information security and business continuity measures together belong to the area of operational risk management in a banking environment. Operational risk management is highlighted in Section 9.2. Operational risk management within a bank can best being described as a structured approach to respond to a number of threats according to the principles of Basel II. One the key elements is the capital calculation for operational risks. Section 9.3 explains a simplified model for the analysis of operational risks and the classification of data into three quality aspects: availability, integrity and confidentiality. In Section 9.4 state-of-the-art attacks, such as man-in-the-browser attacks, on Internet banking systems are discussed as an example of external fraud banks face today. The next Section explains the industries co-operative responses to those attacks. Finally, in Section 9.6 a parallel is made towards the energy sector with some conclusions and policy and research recommendations.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
http://www.3xkloppen.nl
- 2.
‘Phishing’ is a collective noun for internet related identity theft incidents.
- 3.
http://www.samentegencybercrime.nl (in Dutch)
- 4.
Such as floods, lightning storms, etc.
Abbreviations
- AMA:
-
Advanced Measurement Approach
- AIVD:
-
Algemene Inlichtingen- en Veiligheidsdienst
- CRM:
-
Customer Relations Management (system)
- CDW:
-
Customer Data Warehouse
- EMV:
-
Europay Mastercard Visa
- KLPD:
-
Korps Landelijke Politiediensten
- SCADA:
-
Supervisory Control and Data Aquisition
- SEPA:
-
Single European Payments Area
- SMS:
-
Short Message System
References
NEN-ISO/IEC 27002: Information technology - Security techniques - Code of practice for information security management, November (2007)
Basel Committee on Banking Supervision, International Convergence of Capital Measurement and Capital Standards (2005). http://www.bis.org , November 2005
Guldentops, E.: Governing information technology through COBIT, IFIP TC11/WG11.5 4th Working conference on integrity and internal control in information systems. Kluwer, Brussel (2001)
ENISA: Risk management: implementation principles and inventories for risk management/assessments methods and tools, June (2006)
Keemink, S., Roos, B.: Security analysis of Dutch smart metering systems. University of Amsterdam, Amsterdam (2007)
Hafkamp, W.H.M.: Is internetbankieren nog wel veilig? NIBE Bank en Effectenbedrijf - Fraudeflits, September (in Dutch) (2007)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer Science+Business Media B.V.
About this chapter
Cite this chapter
Hafkamp, W., Steenvoorden, R. (2010). Experience From the Financial Sector with Consumer Data and ICT Security. In: Lukszo, Z., Deconinck, G., Weijnen, M. (eds) Securing Electricity Supply in the Cyber Age. Topics in Safety, Risk, Reliability and Quality, vol 15. Springer, Dordrecht. https://doi.org/10.1007/978-90-481-3594-3_9
Download citation
DOI: https://doi.org/10.1007/978-90-481-3594-3_9
Published:
Publisher Name: Springer, Dordrecht
Print ISBN: 978-90-481-3593-6
Online ISBN: 978-90-481-3594-3
eBook Packages: EngineeringEngineering (R0)