Scribd Logo
Upload

Welcome to Scribd!

  • Swift Customer Security Program

    Uploaded by

    Pankaj Thakur
    16 views3 pages

    Original Title

    swift-customer-security-program

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    16 views3 pages

    Swift Customer Security Program

    Uploaded by

    Pankaj Thakur

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    SWIFT Customer Security Pr

    An introduction to SWIFT customer security controls framework (CSCF)

    The financial sector continues to be a prime target for highly sophisticated, customized cyber-attacks. The Society for Worldwide
    Interbank Financial Telecommunications (SWIFT) interbank messaging network has come under attack resulting in millions of
    dollars in losses for member financial institutions. In response, SWIFT has introduced a Customer Security Program (CSP) with a
    goal to strengthen the cyber security posture of the SWIFT payment network by increasing the cyber maturity of its members.

    The SWIFT CSP is built around three pillars: (1) securing your local environment, (2) preventing and detecting fraud in your
    commercial relationships, and (3) continuously sharing information and preparing to defend against future cyber threats. As part
    of the CSP, SWIFT developed the Customer Security Controls Framework (CSCF) – a set of control guidelines for SWIFT
    members on how to securely operate their SWIFT environment. All its member organizations who use the interbank messaging
    network must attest with SWIFT’s customer security controls framework (CSCF) on
    an annual basis.
    SECURE YOUR ENVIRONMENT

    What is the SWIFT Customer Security Program? Restrict Internet Access

    SWIFT adapts the framework to the changing threats as well as to the maturity of their membership.
    Protect The SWIFT
    Critical Systems fromCSP
    the requires
    General each organizati
    IT Environmen

    Reduce Attack Surfaces & Vulnerabilities

    Physically Secure the Environment

    KNOW & LIMIT ACCESS


    Prevent Compromise of Credentials
    3
    Objectives
    Manage Identities & Segregate Privileges
    8
    Principles
    DETECT & RESPOND
    Detect Anomalous Activity to Systems or Transaction Reco
    22 Mandatory Controls

    Plan for Incidence Response & Information Sharing

    9 Advisory Controls
    With the introduction of v.2021 of the CSCF, SWIFT has also published a timeline for members which provides a schedule for the
    introduction of changes to the framework and the reporting requirements. SWIFT member organizations will be expected to assess
    and implement these changes in accordance with the published timeline.

    Q1- Q3-Q4 Q1- Q3-Q4


    20 20 20
    Q1- Q3-Q4
    V2021 Published V2022 Published V2023 Published
    Attest to v.2019 Attest to v.2021 Attest to v.2022
    Attestation window open Attestation window open
    Attestation
    Updates/corrections Updates/corrections Updates/corrections
    window

    © 2021 KPMG Qatar Branch is registered with the Ministry of Commerce and Industry, State of Qatar and a member firm of the KPMG global organization of independent
    member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. © 2021 KPMG LLC, a limited liability company
    registered with Qatar Financial Centre Authority (QFCA), State of Qatar and a member firm of the KPMG global organization of independent member firms affiliated with
    KPMG International Limited, a private English company limited by guarantee. All rights reserved.
    The KPMG name and logo are registered trademarks or trademarks KPMG International.
    How can we help? Why KPMG?
    An important change SWIFT introduced is that self-

    56+
    assessment is no longer an option for attestation. SWIFT Number of countries with available
    members are required to have an independent assessment KPMG resources (Cyber, Audit,
    of the attestation status of their organization. The type of SWIFT)
    assessment can either be a review or an audit. These can
    be provided internally or externally, as long as sufficient Number of SWIFT CSP

    180+
    evidence and independence can be demonstrated. Internal assessments and attestations
    assessments can be conducted by risk management or
    performed in the US and globally
    internal audit functions – these can be supplemented with
    expert resources from companies such as KPMG. External since SWIFT CSP inception
    assessments can provide clear independence in the
    Number of SWIFT CSP

    180+
    assessment and provide additional confidence to both
    internal and external stakeholders. practitioners and SWIFT SMEs in
    KPMG’s global network
    SWIFT RISK ASSESSMENT AND READINESS
    REVIEW

    3200+
    Cyber Security professionals
    KPMG will work with you to perform a gap assessment
    of your SWIFT environment, processes, controls and
    available from our global Cyber
    governance against the SWIFT CSCF assurance team
    framework using KPMG's SWIFT Security Assessment
    (KSSA) framework. Our approach is to identify the most KPMG is a recognized Global
    efficient way to maintain a unified posture between the Consultancy Partner for SWIFT
    SWIFT requirements and client controls to reduce
    duplication and overlap with existing transaction
    processing and cyber security controls.

    REMEDIATION SERVICES
    – Cyber Security transformation programs to
    remediate gaps
    – Selection and implementation of SWIFT and
    Third-Party security tools
    – independent vendor assessment and champion
    selection of cyber tools Contact us
    ATTESTATION SERVICES Ali Al-Shabibi
    KPMG can assist an organization in preparing for and Partner
    performing an attestation examination in accordance KPMG in Qatar
    with the SWIFT CSCF criteria by performing one of M: +974 7471 2768
    the below: E: aalshabibi@kpmg.com
    – Attestation Examination (AT-C 205)
    – International Attest (ISAE-3000) Rami Hasan
    – Dual Reporting Attestation (US & Int’l. Standard) Director
    – SOC 2+ (including SWIFT CSCF Criteria) KPMG in Qatar
    M: +974 5064 2787
    E: ramihasan@Kpmg.Com

    © 2021 KPMG Qatar Branch is registered with the Ministry of Commerce and
    Suleiman Gammoh
    Industry, State of Qatar and a member firm of the KPMG global organization of Manager KPMG
    independent member firms affiliated with KPMG International Limited, a private
    English company limited by guarantee. All rights reserved. © 2021 KPMG LLC, a in Qatar
    limited liability company registered with Qatar Financial Centre Authority (QFCA),
    State of Qatar and a member firm of the KPMG global organization of independent M: +974 6625 3672
    member firms affiliated with KPMG International Limited, a private English company
    limited by guarantee. All rights reserved. E: suleimangammoh@Kpmg.Com
    The KPMG name and logo are registered trademarks or trademarks KPMG
    International.
    Idrak Ahmad Khan
    Assistant Manager
    KPMG in Qatar
    M: +974 3342 7638
    E: idrakk@kpmg.com

    You might also like