Issuu on Google+

FusionX Global Strategy & Governance

Cyber Security An Essential Part of the Risk Management Program

Protecting the Financial Industry Focusing on the MENA Region


Cyber Security Targets Interconnected Banking & Financial Institutions

As financial institutions become more interconnected, their vulnerabilities to cyber risk increase

It is management’s duty to protect the bank and it’s clients from known sources of probable risk


Cyber security is becoming one of the primary concerns within multinational corporations and governments. The BIS underlined that this category of risk should be considered as a strategic management issue as well as IT. A major concern for multinationals – These risks

Additionally, we have witnessed sophisticated

are now a determining factor for the continued

organized criminals from other parts of the

sustainability and competitiveness of

world migrate their attacks away from western

interconnected businesses.

banks and toward the MENA region, as they present a “softer” target for not having adequate

Financial institutions in particular are increasingly faced with threats surrounding: • Theft of banks’ & clients’ money • Destruction of information • Disruption of operations • Espionage

security controls in place.

Managing Cyber Risk Effective information security requires an enterprise-specific design of solutions that consider and tackle the ever evolving cyber

Targeting the Middle East and North Africa

security risks. Since cyber security is also a

(MENA)

strategic risk management issue, an appropriate

The MENA region is particularly susceptible to these threats due to a lack of solid regulation and immature information security structures, as well as being the targets of politically motivated attacks.

corporate governance structure is required that would serve to uphold such an investment as part of the Board of Director’s duties towards Risk Management.


MENA is particularly vulnerable to the lack of a preventative strategy

MENA financial institutions are becoming the primary targets of information-related criminal activities


Recent Events in the MENA region highlight the fact that protecting banking information is an immensely positive risk-management strategy.

Because North American financial institutions and banks have hardened their computer systems, there is an increasing trend for large, transnational organized criminal groups targeting MENA banks and financial centers.

This has led to the loss of large amounts of funds from Middle Eastern banks to these organized crime groups. In addition, hostile countries in the region are using State-sponsored offensive computer attacks to damage and destroy the computer systems of rival country Central Banks and financial centers.

Arab banks under attack It was described as "a massive 21st-century bank heist�. Two banks in the Middle East (one in the United Arab Emirates and another in Oman) were targets of a gang of cybercriminals in the United States. In a span of 10 hours, USD 45 million was stolen by hacking into a database of prepaid credit cards and withdrawal of customer money from ATMs in 27 countries. Banks in the kingdom of Saudi Arabia have also been victims of many cyber security crimes.


Ensuring Cyber-security leads to diminishing risk exposures


Dimensions of Cyber Risk The majority of data gathered and compiled by financial institutions and banks is done electronically. The failure to secure the organization from evolving threats can further expose them to even greater risks.

Three key cyber risks affecting banks include:

Scope of the Threat The rate by which cyber-attacks evolve and diversify is very high. Industry Interconnection The interconnection of banks and the financial industry, which is crucial to the financial system's functioning, is also an area of vulnerability when it comes to cybersecurity. Moreover, many banks, especially small and medium sized institutions, contract with thirdparty vendors and service providers to expand their offerings and improve efficiency.

Rising Costs Banks are paying more to strengthen their cybersecurity protections as the risks to their institutions grow. At the same time, launching an attack on the industry is getting cheaper.


Technical Proposal to Banks & Financial institutions

To mitigate your bank’s cyber risks and enhance its management of them, we replicate the exact cyber-attacks that your enemies will carry out against your computer systems and network. We will then identify the vulnerabilities of your computer system and plug those holes making the system impervious to attack, thus saving your institution millions of dollars in probable losses. Specifically, we can provide the highest quality services and products in the following areas:


Periodic vulnerability assessment and tactical penetration testing (“red cell scenarios”) of the client’s computer network mimicking actual cyber-attack methods of the client’s main threats (whether national governments, criminal groups, or terrorist groups) to ensure the network is secure and to identify and quickly resolve any network vulnerabilities. An initial technical threat and vulnerability assessment of existing computer network, both software and hardware, with recommendations and procurement of updated hardware and software systems based on what the client needs the network to meet them. Implementation of new hardware and software into the computer system fully integrated with security packages, solutions and training to ensure the computer system’s integrity and security from all threats.

Cyber security policy, procedures and awareness training for all personnel who will be operating and maintaining the computer system, and the development of an “in-house” continuing training program. On-demand incident response and threat analysis support as well as access to subject matter experts. Evaluation of the corporate governance matrix as far as cyber security is concerned. This exercise will consider related reporting and responses at all governance levels, including the Board of Directors. Providing a set of proposals to improve the cyber risk governance at all levels so as to be in line with best practices Help the client in implementing its cyber risk governance proposals in line with international best practices.


About Us A U.S. Company at the Forefront of Information Security FusionX represents an innovative information security, technology, intelligence, and risk management company that utilizes a unique approach providing holistic security solutions in complex environments to counter the most advanced, ever evolving, and persistent cyber security threats.

Philosophy: FusionX’s philosophy is “we think like your adversaries and anticipate their next moves”. Its methodology provides a flexible framework for addressing the full-spectrum of the client’s computer/cyber security risk management issues drawing from established best practices, best-in-class technology solutions, and unprecedented risk assessment expertise.

Specialization: FusionX specializes in the financial/banking sector, and currently has clients that are some of the largest banks in the United States, some with over $10 trillion USD under custody. The FusionX team regularly finds vulnerabilities that would be exploited by criminals and provides countermeasures and mitigation strategies to prevent and deter costly cyber attacks.

The FusionX Team Its computer/cyber security team has been working together for over 15 years to provide the highest quality technical consulting services to international corporations and governments. Collectively, its team has worked with hundreds of companies and government organizations (assessing millions of systems) to address their information security concerns using comprehensive risk management principles. They have worked with every critical infrastructure sector to provide enterprise-wide technical vulnerability assessments including assessments of control systems (SCADA) and other critical networks such as the government, transportation and financial services sectors. FusionX team members come from companies like UUNET, WheelGroup, BTG, Network Solutions, Titan, SAIC, CounterPane Internet Security, iDEFENSE, iSIGHT Partners, Security Design International, Technical Defense, Total Intel, and Computer Sciences Corporation.


FusionX Senior Computer Expert Specialization: He is an international security expert specializing in counterterrorism, critical infrastructure protection, intelligence, risk management and cyber security issues.

Global Experience: He has previous computer and cyber security experience at the highest levels of several other well-respected computer and information technology companies that operated in the U.S., China, India, Europe and South America. This expert provided strategic consulting services to select foreign governments and corporations on issues of information warfare and security, critical infrastructure protection and cyber security.

Publications & Television: His research on cyber security and security lead to a widely published thesis entitled, “National Security in the Information Age”, as well as having co-written or authored chapters for several books, including “Cyber adversary Characterization”, “Threats in the Age of Obama”, Information Warfare Volume 2”, and “Sun Tzu Art of War in Information Warfare”. In addition, he has appeared on CNN, MSNBC, FOX News, NPR, CBS News, BBC Television, NWCN, Australian television and dozens of other domestic and international radio and television programs as an expert on cyber security.

Lecturer: He is an adjunct professor at Georgetown University, and is the Founding Director of the Cyber conflict Studies Association. Furthermore, he has lectured on the computer networks and cyber security to the National Defense University, the Swedish, Australian, Japanese and New Zealand governments, and various universities and colleges.

FusionX Top Computer Expert Research & Publication: FusionX’s other expert has been recognized throughout the security industry for his research in multiple areas including adversary profiling and software vulnerability research and analysis. Four books have been published by him on the topic of information security, including Cyber Adversary Characterization – Auditing the Hacker Mind and is a contributor to the popular Stealing the Network Series.

Lecturer & Speaker: He is a frequent speaker and subject matter expert at world-class computer and cyber security conferences including Black Hat. In addition, he lectures at various colleges and universities on computer issues.

Television: He is frequently called upon to provide his expert opinion to mass media organizations, including BBC News, CNN, Reuters News, Wired and Business Week.


About Us A Wealth of Experience In the Financial Industry, the MENA Region and Corporate Governance Specialization: Global Strategy & Governance S.A. (GSG) provides advice on Global & Regional Strategic Positioning, Risk Management Infrastructures, as well as Securing Strategic Corporate Governance Principles for financial institutions and central banks.

Objective: One of its major objectives is to play a positive role in the global advancement of Risk Management, Corporate Governance, and Corporate Social Responsibility. A special emphasis in these fields is directed to the Arab region. Its vision is to promote a positive socio-economic change in the Middle East and North Africa that can only be secured through improved corporate strategic and governance rational.

The GSG Team The GSG team consists of experienced executives, including former senior managers and regulators. Thanks to an integrated and cohesive corporate culture, GSG helps financial institutions identify an adapted and realistic strategic positioning.


GSG’s Leading Expert in Corporate Governance He has directed GSG’s advisory as well as implementation client projects for various systematically important MENA banks as well as central banks. These projects included Strategic Repositioning, Mergers and Acquisitions. CFO & Board Member Experience with plenty of firsts in the Arab World: Previously the CFO of one of the top Arab bank groups in the region, he was successful in achieving several important, goals including: • • • •

• • • •

Raising the Group’s net income after tax from USD 228 million in 2003 to an estimated USD one billion in 2008. The enhancement the Group’s equity from USD 2.9 billion in 2003 to an estimated USD 8 billion in 2008. Implementing Basel II and redesigning the Group’s related systems. Introducing several modern managerial tools including Asset/liability management and financial planning concepts. Reorganizing the Group's operations in Europe. Restructuring of the operations of subsidiary and sister banks. Acquisitions of banking and financial institutions outside of the Group’s home country. Obtaining the Group an (A-) rating from the international rating agencies: Moody’s, S&P, and Fitch at the time when the sovereign rating of the home country was (BB).

Publications: He has also published various articles focused on Corporate Governance, Risk Management, Strategic Positioning, Sovereign Wealth funds, and Capital Adequacy.


Implementation Process Implementing integrated contemporary cyber risk management systems will enable financial institutions to enhance the profitability of existing businesses and achieve stronger control.

A brief visit to the organization (2-3 days) to conduct a preliminary assessment surrounding the capabilities and deficiencies of the organizations’ technical and strategic risk management infrastructures concerning their cyber risks. The client will be sent a proposal detailing the current status of the institution regarding the above and proposed plans of action, along with a detailed pricing for implementation. Implementation incorporates best-practices. A gradual implementation of the strategy will be agreed upon, specifying a clear list of tasks and time planning. This should identify each strategic objective, resources needed for its implementation and the needed time frame to accomplish it.

An appropriate and organizational implementation task force will be formed that will direct and oversee the implementation of the proposal.


FusionX info@fusionx.com Reston – Arlington – Seattle – Kansas City United States t : + 1 888 7475 411 f : + 41 22 317 9659

Global Strategy & Governance S.A. info@gsgovernance.com P.O. Box 348 CH-1211 Geneva 3 Switzerland t : + 41 22 317 9650 f : + 41 22 317 9659

P.O. Box 212989 11121-Amman Jordan t : + 962 6 565 2642 f : + 962 6 567 6016



Fx gsg brochure draft 3