1 / 13

How to Face E-security Challenges

Global Dialogue/World Bank Group. How to Face E-security Challenges. Xia Lingwu Division Head International Department China Banking Regulatory Commission 11 September 2003. Contents. Comments on e-security incidents What we do to face e-security incidents Our suggestions. CBRC.

valora
Download Presentation

How to Face E-security Challenges

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Global Dialogue/World Bank Group How to Face E-security Challenges Xia Lingwu Division Head International Department China Banking Regulatory Commission 11 September 2003

  2. Contents • Comments on e-security incidents • What we do to face e-security incidents • Our suggestions CBRC

  3. Internet banking has been developing very rapidly in mainland China. CBRC

  4. As of the end of June 2003, the number of banks engaged in transactional internet banking businesses has grown to 27 from 1 in 1999. All big and medium local banks can provide transactional internet banking services. • During the period of SARS, more customers used Internet to handle with banking A/Cs services. CBRC

  5. Characteristics of E-security Incidents • Widened scope without time and space limitation: • attacks from both inside and outside; • attacks from both domestic and abroad. • Increased means: • high-tech attacks; • frauds without any technologies, such as stealing customer data by cheating e-mails. CBRC

  6. Challenges for E-security • Not frauds and malicious attacks; • Lack of risk awareness and risk management ability of internet banking. • Dissymmetry exists between the risk management ability and complexity of e-security. • Lack of good cooperation among regulators and supervisors. CBRC

  7. Risk Management Framework of Internet Banking Financial Regulation and Supervision IT Security Regulators and Supervisors Internet Banking Internal Auditing Outsourcing External Assessment Bank Management Vendors Developers CBRC

  8. Contents • Comments on e-security incidents • What we do to face e-security incidents • Our suggestions CBRC

  9. Measures to Maintain E-security • In terms of regulation and supervision, the supervisory authority should establish rules and criteria for running e-banking. • Risk management system on IT risks; • Qualified IT management and staff; • Business continuity and contingency plans; • IT internal auditing functions; • Information security assessment. CBRC

  10. Measures to Maintain E-security • In terms of bank management, • To equip with appropriate sophisticated security technologies; • To establish adequate policies and operation procedures; • To put e-security into the overall framework of risk management of the whole bank, and give the same emphasis on IT security as on credit risk and market risk; • To train staff and managerial persons on on-going bases. CBRC

  11. Security Assessment on Internet Banking • Qualified assessors; • Qualified working procedures and policies; • Adequate coverage of security assessment: • Security strategies and policies; • Physical and environmental security; • Communication security; • Operation security; • Resources security; • Security inspection; • External safety. • Qualified report. CBRC

  12. Suggestions on Strengthening Internet Banking Supervision • Encourage to establish information sharing mechanism among banks both in domestic market and international market; • Develop cooperative mechanism among regulatory and supervisory agencies; • Establish internationally accepted e-security classification system. CBRC

  13. Thanks! CBRC

More Related