Professional Documents
Culture Documents
Risk Management
Cyber Security, Cyber Frauds,
Prevention of Cyber Crimes
Anand Shrimali
Ex.Faculty, IIBF &
Former DGM-IT, Bank of India
(Head CBS & DC)
INDIAN INSTITUTE OF BANKING & FINANCE
About the Faculty…
Hello, friends….. Greetings from Anand Shrimali
Asset
Threat
Impact
Control
IT Threats IT Control
Preventive
Confidentiality – Data Breach
Detective
Integrity Compromised
Limitative
Availability - Disruptions Corrective
Termination: Removing or
discontinuing the information asset
from the organization
Examples include:
❖ Equipment disposal
❖ Discontinuing a provided service
❖ Firing an employee
SOCIETE GENERALE
2008: The Trading loss incident for breach of trust,
forgery and unauthorised use of bank’s computers.
Financial Loss: of €5 Billion
ZURICH:
2008: Failing to properly manage the risks associated
with the security of customer information, in the
context of an outsourcing program in South Africa.
FinancialLoss: €2 M
INDIAN INSTITUTE OF BANKING & FINANCE 35
Information System Failure
DBS BANK:
2010: One of Singapore’s largest banks, suffered a major IT system
crash affecting the bank’s commercial and consumer banking
systems. The bank was blamed by the Monetary Authority (MAS)
for insufficient oversight of the maintenance, functional and
operational practices and controls employed by its provider IBM
Financial Loss: €135 M
DOWJONES:
2010: Industrial Average of one of the G8 country plunged about
1000 points (around 9%), only to recover flash crash losses within
minutes, due to unusual sell of E-Mini S&P 500 contracts and high-
frequency trades.
Financial Loss: US stock market Flash Crash
HSBC:
2008: Bank lost a CD containing 1.8L customers’ information and
was fined by the FSA more than £3m for failing to protect
confidential details from being lost or stolen. Lack of Training,
lack of IT Security (no data encryption) have been highlighted as
the main issue.
Financial Loss: €3,5 M (FSA Fine)
unauthorized access,
use,
disclosure,
destruction,
disruption, or
modification.
1. Against Individuals
a. their person &
b. the property of an individual
Financial fraud crimes, Cybersex trafficking, Obscene or offensive content,
Online harassment
2. Against an Organization
b. Firm, Company,
c. Group of Individuals.
Financial fraud crimes, IPR & other Property Rights
Sabotage
Malicious
Insider
Acts
Fraud Hackers
Threats
Damages