CISO Forum Meet - June 2014

A CISO Forum meeting was organized by IDRBT on June 27th, 2014. Thirty six CISOs from various banks participated in the forum.

In his opening address, Shri B. Sambamurthy, Director, IDRBT remarked that Indian Banks – Center for Analysis of Risks and Threats (IB-CART) is a good beginning and wished it would gain momentum as it goes on. He expressed confidence that with more information being shared, the utility of information dissemination would be visible. He observed that the Banks in the USA formed a group after the recent DDOS attacks, while the CISOs in India have proactively grouped and associated with information sharing through the IB-CART. He categorized problems as simple, complex or wicked, out of which Information Security was categorized as a "wicked" problem that needs to be handled adroitly.

Dr. A.S. Ramasastri, Director (Designate), IDRBT highlighted the role of IB-CART which has enabled sharing of security incidents amongst banks. He emphasized on the need for banks' participation to gather more information in order to enhance IB-CART. He noted that IB-CART should understand the needs of the banks and help in closing the gap in banks' participation in reporting incidents.

Shri Patrick Kishore, Chief Operating Officer, SBU, IDRBT made a lucid presentation highlighting the nuances of Cyber Security and Information Security across the entire spectrum. He opined that Information Security needs a holistic, top down view of People, Process and Technology. He pointed out that Information Security is essentially Information Systems Security – as the organisation is concerned about internal and external threats and its own IT assets. Cyber Security is about information infrastructure that is critical to the sector and to the nation as well. He elucidated on the Information Security layers, Information Security Policy and the Banking Sector domain. Speaking about IB-CART, he urged banks to also report non-internet type of incidents like ATM frauds, etc.

Later, the C-DAC team made a presentation on various security products and MDM – USB Pratirodh, Browser JS guard, PAVS (PHP Application Vulnerability Scanning), WAIPS (Web Application Intrusion Prevention Solution), Web SAFE, MDM (requirements were shared by CISO Forum Members).

A presentation on the progress and current status of IB-CART was made by Shri S. Lalit Mohan, Senior Technology Manager, SBU, IDRBT. The members have deliberated on the need for increased participation in IB-CART. It was decided that awareness and system-related changes would be made to improve some of the participation. During the forum meet, Andhra Bank was awarded a special prize for IB-CART naming contest.

Shri Subhash Subramaniam, CISO, ICICI bank shared the details of a DDOS Attack and emphasized the need to have a DDOS response plan for effective remediation.

Four groups which were formed to understand emerging risks/vulnerabilities/frauds and issues arising out of the four different delivery channels viz., ATM, Internet Banking, Mobile Banking and Branch Banking, shared the information on trends and security of these delivery channels.

The meeting concluded with a vote of thanks delivered by Shri Patrick Kishore, Chief Operating Officer, SBU, IDRBT.