PROJECT KICKOFF ON

I) OUTSOURCED SERVICES FOR SECURITY

OPERATION CENTER (SOC)

II) IMPLEMENTATION OF SECURITY

SYSTEM/TOOLS SOLUTION PROJECT

TECHNOLOGY DIVISION

BANK ISLAM MALAYSIA BERHAD

01/2017 MEETING
10 APRIL 2017

Strictly Private & Confidential

 TABLE OF CONTENTS
TITLE PAGE
PROJECT BACKGROUND & OBJECTIVE 3
PROPOSED PROJECT ORGANIZATION CHART 4
PROJECK KICK-OFF 5
PROJECT SCOPE 6
HIGH LEVEL ARCHITECTURE 8
SOC
PROJECT SCOPE DETAILS 10
HIGH LEVEL PROJECT TIMELINE 12
PROJECT TIMELINE 13
PROJECT DELIVERABLES 14
PROJECT MANAGEMENT APPROACH 15
SERVICE LEVEL AGREEMENT 16
SECURITY STEMS / TOOLS SOLUTION
PROJECT SCOPE DETAILS 20
HIGH LEVEL PROJECT TIMELINE 21
PROJECT TIMELINE 22
PROJECT DELIVERABLES 23
PROJECT MANAGEMENT APPROACH 24
SERVICE LEVEL AGREEMENT 25

OUTSOURCED SERVICES FOR SECURITY OPERATION CENTER (SOC) AND IMPLEMENTATION OF SECURITY SYSTEM/TOOLS SOLUTION
PROJECT Page 2
 PROJECT BACKGROUND & OBJECTIVE

 BNM had issued a Managing Cyber Risk circular on 31st July 2015, requiring all banks to undertake
measures to mitigate cyber threats. One of the measures required to be implemented by all banks is to
implement a Security Operation Center (SOC).
 The absence of SOC has been highlighted in IT’s audit finding.
 In this regards, we need to setup an SOC to monitor security event centrally, covering perimeter
protection, access breaches, unauthorized access and internal violation.
 To setup an outsourced SOC monitoring services for up to 25 devices for the first years & provide
managed security monitoring services for Bank Islam

 BNM also require all banks to implement the minimum measures to mitigate cyber threats. In order to
comply to BNM’s requirement, the following security systems/tools are required (but not limited to):
 Advanced Persistence Threat (APT) mitigation tools - required to mitigate advanced threat.

 Security device management tools - automated tools to review and monitor changes on security
devices.
 Distributed Denial of Services (DDOS) on premise solution - provide protection from DDOS
attack.
 Anti-Phishing services - a service subscription designed to detect and shut down phishing sites
which mimic bank’s website pages
OUTSOURCED SERVICES FOR SECURITY OPERATION CENTER (SOC) AND IMPLEMENTATION OF SECURITY SYSTEM/TOOLS SOLUTION
PROJECT Page 3
 PROPOSED PROJECT ORGANIZATION CHART
Project Sponsor Member
Observer Zainal Azlan Zainudin Zainal Azlan Zainudin
Internal Audit - Mohamed Iran Yusmir Mohd Yousuf
Amran Mohd Ismail
Risk Management - Alina Sylvia
Jasliza Rejab
Compliance - Nik Azmir Project Director Azmi Samuri
Yusmir Mohd Yousuf
Quann Project Director
Programme Manager Project Management Office Yap Wei Hung
Mohd Tarmizie Mohd Shahidan Azlan Abdul Aziz

Quann Project Manager

Oon Weng Sern

Bank Islam Project Manager

Nor Muhamad Ramlan

Bank Islam Technology Team Quann Security Team Quann SOC

Noor Kamarizal Azri – IT Security Koay Yee Chen– MSS Darren Shei – Operation Manager
Mohd Azhar Mohd Razali – IT Security Consultant Quann Security Analyst Team
Fazrul Azfar – IT Security Syaifull Hafiz/Mazlan -
Efendi Ismail IT Network/Desktop Solution Engineer
Mohd Norhisham Kamarudin – IT System Admin Taufiq - MSS Engineer
Choo Kok Hoong – IT Application
 PROJECT IMPLEMENTATION KICKOFF
 Quann has been engaged to implement a strategic security solution for Bank Islam. With the
objective of meeting Bank Islam’s requirements to setup a SOC to monitor security event centrally,
covering perimeter protection, access breaches, unauthorized access and internal violation.
 In this project implementation, the project scope are divided into 2 implementations:
1) Outsourced Security Operation Center (SOC) Services (SOC)
Quann will setup an outsourced SOC monitoring services for up to 25 devices for the first
years & provide managed security monitoring services for Bank Islam.

2) Implementation of Security Systems/tools solutions

Quann will deploy the following security systems/tools for Bank Islam Data Center:
a) Advanced Persistence Threat (APT) mitigation tools - required to mitigate
advanced threat.
b) Security device management tools - automated tools to review and monitor
changes on security devices.
c) Distributed Denial of Services (DDOS) on premise solution - provide protection
from DDOS attack.
d) Anti-Phishing services - a service subscription designed to detect and shut down
phishing sites which mimic bank’s website pages
OUTSOURCED SERVICES FOR SECURITY OPERATION CENTER (SOC) AND IMPLEMENTATION OF SECURITY SYSTEM/TOOLS SOLUTION
PROJECT Page 5
 PROJECT SCOPE – SOC
No Scope
1. Outsourced Security Operation Center (SOC) Services
- To provide Outsourced SOC services
- To capture and correlate any anomaly from the devices’ logs
- Integration of 25 critical devices and application with SIEM tool
- Integration of 4 Security System/tools solutions with SIEM tool
- To perform the 24x7 security log monitoring and incident handling
- To provide urgent, monthly and quarterly event/incident reporting
- To provide latest global threat intelligence update and integrate into SIEM
- To setup video wall solution at MBI SOC room

OUTSOURCED SERVICES FOR SECURITY OPERATION CENTER (SOC) AND IMPLEMENTATION OF SECURITY SYSTEM/TOOLS SOLUTION
PROJECT Page 6
 PROJECT SCOPE – SECURITY SYSTEMS/TOOLS
No Scope
2. Implementation of Security Systems/tools solutions
- Security Devices Management tool : Deploy in Bank Islam DC to review and monitor changes on
security devices.
- Advanced Persistence Threat (APT) mitigation tool : Deploy in Bank Islam DC to mitigate
advanced threat.
- Distributed Denial of Services (DDOS) on premise mitigation solution : Deploy in Bank Islam DC
to provide protection from DDOS attack.
- Anti Phishing Services : Subscribe to a cloud service for anti phishing.

OUTSOURCED SERVICES FOR SECURITY OPERATION CENTER (SOC) AND IMPLEMENTATION OF SECURITY SYSTEM/TOOLS SOLUTION
PROJECT Page 7
 HIGH LEVEL ARCHITECTURE
BIMB Data Center QUANN Security Operating Center (SOC) DC

SOC
IPS Anti-
Security
Phishing
Firewalls Analyst
Enrich & 24x7x365
Filter & Correlate
Normalize
OS

APP Security
Analyst
DB VPN 24x7x365
(AES256bit)
Event SIEM
Collector tools
DDOS
Security
Analyst
APT 24x7x365

Legend:
SDMT SOC
Security Tools
Security Tools Security Logs
OUTSOURCED SERVICES FOR SECURITY OPERATION CENTER (SOC) AND IMPLEMENTATION OF SECURITY SYSTEM/TOOLS SOLUTION
PROJECT Page 8
SOC Project
 PROJECT SCOPE DETAILS (SOC)
No Type System Name Proposed type of events monitored No of Devices

1 IPS Internet DC IPS Intrusion Attempt Eg. 3

WAN DC IPS SQL injection, Cross Site Scripting, DDOS, Brute force
Internet DRC IPS Possible Worm/Virus Outbreak
2 Firewalls DC WAN Firewall • Failed attempt 4
DC Internet Firewall • system/network mis-configuration
DC 2nd Tier Firewall • Possible Worm/Virus Outbreak
DRC Internet Firewall • Abnormal Traffic Spike
• Audit Logs – Unauthorized Change of Policy
• Unauthorized User login – Failed and successful

3 Operating 1. RBSPRD (CBS) Audit trail and security events 17

System, 2. BICPRD (BIC)
APP & DB 3. Internet Banking
- PRDIBDB
- PRDIBWEB01
- PRDIBWEB01
- PRDIBAPP01
- PRDIBAPP01
- F1iPRD01
- F1iPRD02

OUTSOURCED SERVICES FOR SECURITY OPERATION CENTER (SOC) AND IMPLEMENTATION OF SECURITY SYSTEM/TOOLS SOLUTION
PROJECT Page 10
 PROJECT SCOPE DETAILS (SOC) - CONT
No Device System Name Proposed type of events monitored No of Devices

4. Rentas
- PRDRENTASDB01
- PRDRENTASDB02
- PRDRENTASAPP01
- PRDRENTASAPP02
5. Mobile Banking
- MOBILEAPPPRD
- MOBILEDBPRD
6. Ebanker
- CDBWEBPRD01
- PRDMSCAPP01
4 SWIFT SWIFTSVRPRD Audit trail and security events 1
Total No of Devices 25

OUTSOURCED SERVICES FOR SECURITY OPERATION CENTER (SOC) AND IMPLEMENTATION OF SECURITY SYSTEM/TOOLS SOLUTION
PROJECT Page 11
 HIGH LEVEL PROJECT TIMELINE (SOC)
MONTHS
NO. Project Stage Remark
March April May June July

• Hardware Procurement
1. Project Initialization & Planning • Kick Off Meeting
• Information Gathering

• Pre-installation and Decoder

Implementation Configuration
2.
Preparation • Bank Islam DC Readiness

SOC • Event collector setup

3. Execution • Policy Tuning
Implementation • Quann DR site setup

• Traffic Analysis
4. Testing • Fine Tuning
• UAT

• Documentations
5. Closure • Administration Training

OUTSOURCED SERVICES FOR SECURITY OPERATION CENTER (SOC) AND IMPLEMENTATION OF SECURITY SYSTEM/TOOLS SOLUTION
PROJECT Page 12
 PROJECT TIMELINE (SOC)

OUTSOURCED SERVICES FOR SECURITY OPERATION CENTER (SOC) AND IMPLEMENTATION OF SECURITY SYSTEM/TOOLS SOLUTION
PROJECT Page 13
 PROJECT DELIVERABLES (SOC)

Project Stage Key Milestones Deliverables

Initialization & Project kick off Statement Of Work document (SOW) Sign Off
Planning
Scope Of Work Functional Specification Design (FSD) Sign Off
System Design Technical Reference

Execution EVM Deployment System Integration and Logging configuration

Logging Configuration Logging configuration sign off
QUANN DR Logging Configuration Ready to monitor when declare DR
Traffic Analysis and Fine Tuning UAT sign off

Closure Go-Live (start monitoring) System Administration Training

Project Closure Training Material

Post Implementation Support Service Execution SLA

OUTSOURCED SERVICES FOR SECURITY OPERATION CENTER (SOC) AND IMPLEMENTATION OF SECURITY SYSTEM/TOOLS SOLUTION
PROJECT Page 14
 PROJECT MANAGEMENT APPROACH (SOC)

1. Initiation & Planning

• Information Gathering
• System Requirements Design and Planning
• System Design Acceptance
 
2. Execution
• Site readiness preparation
• CESM Server Preparation
• Installation - provide physical cabling, rack mounting and interconnections
• Configuration - Implement the configuration based on agreed design
• Testing - Conduct testing with present personnel to verify the requirements fulfilment
• Fine-tuning - perform fine-tuning with presence of Bank Islam personnel
• UAT & Project Signoff - perform User Acceptance Test and Signoff
 
3. Closure
• Provide comprehensive deployment and built documentation as per design
• Provide solution configuration and operation briefing to equip Bank Islam team with
fundamental knowledge to administrate, support, and operate the implemented solution.

OUTSOURCED SERVICES FOR SECURITY OPERATION CENTER (SOC) AND IMPLEMENTATION OF SECURITY SYSTEM/TOOLS SOLUTION
PROJECT Page 15
 SERVICE LEVEL AGREEMENT (SOC)
Deliverables Frequency

SOC Services include: 24 x 7 x 365

24 x 7 Security Surveillance
24 x 7 Attack Detection
24 x 7 Customer Response
24 x 7 Global Command Center (GCC) phone & email support
Monthly Report Submission 10th day of next month
Security Incident Report Notification and Escalation 24x7x365
Incident Notification (IN)
Request For Information (RFI)
Security Device Notification (SDN)
Threat Notification & Advisory Service (TNAS) – Patch Management
Notification
On-Site Forensic 6 man-days per year
Threat Intelligence Services Daily
Video Wall Solution One off setup

OUTSOURCED SERVICES FOR SECURITY OPERATION CENTER (SOC) AND IMPLEMENTATION OF SECURITY SYSTEM/TOOLS SOLUTION
PROJECT Page 16
 SERVICE LEVEL AGREEMENT (SOC) - CONT
MONITORING & LOG ANALYSIS
Description Escalation time
High 10 min
Medium 30 min
Low Under Observation

Note:
“Escalation time stated above is after “T” where “T “is the from the time the incident is detected at Bank Islam devices and analysis, analysis
will not take more than 4 hours

INCIDENT RESOLUTION
Description Resolution Time
High 10 min after “T” where “T” is from the time the incident is detected at Bank Islam
devices and provide update every 15 min until incident closed

Medium 30 min after “T” where “T” is from the time the incident is detected at Bank Islam
devices and provide update every 15 min until incident closed

Low Incident Under Observation

RESTORING TIME FROM BACKUP

Description Estimated Time
Restore up to 6 months of log online 24 hours

OUTSOURCED SERVICES FOR SECURITY OPERATION CENTER (SOC) AND IMPLEMENTATION OF SECURITY SYSTEM/TOOLS SOLUTION
PROJECT Page 17
 SERVICE LEVEL AGREEMENT Rebate (SOC)

REBATE - MONITORING AND LOG ANALYSIS

For Severity Service Level Rebate offered per incident missed (% Of MRC)
High Not more than One (1) incident 2%
escalated beyond the specified timing

Medium Not more than Two (2) incident 2%

escalated beyond the specified timing

REBATE - SOC SYSTEMS AVAILABILITY

Description Service Level Rebate offered if SLA not met (% Of MRC)
Availability of SOC System Availability 99.9% 5%

REBATE - HARDWARE RESOLUTION

Description Service level Rebate offered if SLA not met per incident (% Of MRC)

Outage of hardware reported during Office 4 hours 2%

hours before 5pm

Outage of hardware reported after 5pm 8 hours 2%

OUTSOURCED SERVICES FOR SECURITY OPERATION CENTER (SOC) AND IMPLEMENTATION OF SECURITY SYSTEM/TOOLS SOLUTION
PROJECT Page 18
SECURITY SYSTEMS/TOOLS
PROJECT
 PROJECT SCOPE DETAILS (SECURITY SYSTEMS/TOOLS)

No Device Type Proposed type of events monitored No of Devices

Security Device Management Algosec Firewall Analyzer - Security Policy 1
Tool Analysis & Audit
1
Devices Audit trail and security
events
Advanced Persistence Threat FireEye To monitor and block the unknown 1
Mitigation (APT) malware
2 Devices Audit trail and security
events
3 DDOS mitigation on premise Radware On Premises application layer DDOS 1
solution monitoring
Devices Audit trail and security
events

4 Anti-Phishing Services Netname To monitor, alert and take down the -

phishing site
Total No of Devices 3

OUTSOURCED SERVICES FOR SECURITY OPERATION CENTER (SOC) AND IMPLEMENTATION OF SECURITY SYSTEM/TOOLS SOLUTION
PROJECT Page 20
 HIGH LEVEL PROJECT TIMELINE (SECURITY SYSTEMS/TOO
MONTHS
NO. Project Stage Remark
March April May June July

• Hardware Procurement
1. Project Initialization & Planning • Kick Off Meeting
• Information Gathering

2.
Implementation • Bank Islam DC Readiness
Preparation

• AlgoSec setup
• FireEye setup
3. Execution Implementation • Radware setup
• LookingGlass setup

• Fine Tuning
4. Testing • UAT

• Documentations
5. Closure • Administration Training

OUTSOURCED SERVICES FOR SECURITY OPERATION CENTER (SOC) AND IMPLEMENTATION OF SECURITY SYSTEM/TOOLS SOLUTION
PROJECT Page 21
 PROJECT TIMELINE (SECURITY SYSTEMS/TOOLS)

OUTSOURCED SERVICES FOR SECURITY OPERATION CENTER (SOC) AND IMPLEMENTATION OF SECURITY SYSTEM/TOOLS SOLUTION
PROJECT Page 22
 PROJECT DELIVERABLES (SECURITY SYSTEMS/TOOLS)

Project Stage Key Milestones Deliverables

Initialization & Project kick off Low Level Design Document
Planning
Scope Of Work Implementation Plan
System Design

Execution Algosec Deployment System Integration and configuration

FireEye Deployment UAT sign off
Radware Deployment
LookingGlass Deployment

Closure  System Administration Training As Build Document

 Project Closure System Administration Training
Training Material

Post Implementation Support Service Execution SLA

OUTSOURCED SERVICES FOR SECURITY OPERATION CENTER (SOC) AND IMPLEMENTATION OF SECURITY SYSTEM/TOOLS SOLUTION
PROJECT Page 23
 PROJECT MANAGEMENT APPROACH (SECURITY SYSTEMS/TOOLS)

1. Initiation & Planning

• Information Gathering
• System Requirements Design and Planning
• System Design Acceptance
 
2. Execution
• Site readiness preparation
• Installation - provide physical cabling, rack mounting and interconnections
• Configuration - Implement the configuration based on agreed design
• Testing - Conduct testing with present personnel to verify the requirements fulfilment
• Fine-tuning - perform fine-tuning with presence of Bank Islam personnel
• UAT & Project Signoff - perform User Acceptance Test and Signoff
 
3. Closure
• Provide comprehensive deployment and built documentation as per design
• Provide solution configuration and operation briefing to equip Bank Islam team with fundamental
knowledge to administrate, support, and operate the implemented solution

OUTSOURCED SERVICES FOR SECURITY OPERATION CENTER (SOC) AND IMPLEMENTATION OF SECURITY SYSTEM/TOOLS SOLUTION
PROJECT Page 24
 SERVICE LEVEL AGREEMENT (SECURITY SYSTEMS/TOOLS)
Deliverables Support and Maintenance

Distribution Denial Of Services Detection - Radware Standard Support 3 Years

Advanced Persistence Threat Detection - Fireeye
Security Device Management Tools (Firewall
Analyze) – Algosec
Maintenance 3 Years
Advanced Hardware Replacement / Equivalent unit. Report before
3pm (Mon - Fri) NBD on-site engineer support.
Email & phone support 9am - 5pm (Mon - Fri).
Standard Support 3 Years
Maintenance 3 Years
8 hours x 5 days x NBD onsite support within 6 hours response
time
4 visits on-site support per year
Hardware warranty 3 Years
Standard Support 3 Years
Maintenance 3 Years
Phone call & email support 24 x 7
On-site support and Advanced Hardware Replacement 8 x 5

Netname Brand Monitoring (Phishing Detection and Subscription services 3 Years

Take down) - LookingGlass

OUTSOURCED SERVICES FOR SECURITY OPERATION CENTER (SOC) AND IMPLEMENTATION OF SECURITY SYSTEM/TOOLS SOLUTION
PROJECT Page 25
OUTSOURCED SERVICES FOR SOC AND MANAGED SECURITY MONITORING Page 26