1 / 10

Managing Security Risks in the Federal Reserve System

Learn how the Federal Reserve System maintains information security, implements policies, protects against threats, and handles actual security challenges.

jabby
Download Presentation

Managing Security Risks in the Federal Reserve System

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Managing Security Risks in the Federal Reserve System Marianne Emerson, Deputy Director Information Technology Division Board of Governors of the Federal Reserve System Washington, D.C. 20551

  2. Automation Oversight in the Federal Reserve System

  3. Information Security Officers • support development and implementation of FR System security policies and practices • serve as the primary point of contact in each FR Bank for purposes of quickly sharing information on threats to the Federal Reserve's automation environment • Each ISO member is the information security officer in his operational unit

  4. ISO Policies and Procedures • Information Security Manual • Distributed Processing Security Support Manual • Mainframe and FedNet Security Support Manual • Standard Operating Procedures

  5. Current Security Activities • PKI framework to support Web-based access to major FR business applications • architecture for the next-generation firewall for Internet and extranet applications • nationwide and global remote access system • additional support for laptops and personal digital assistants (PDAs)

  6. Support to ISO • Advisories • FS/ISAC (Financial Services Information Sharing and Assessment Center) • public/private partnership with anonymous contributions • NIPC (National Infrastructure Protection Center) • biweekly Cybernotes

  7. Support to ISO • Advisories • SANS Institute (System Administration, Networking, and Security) • cooperative research and educational organization for sharing experience and finding solutions to security issues

  8. Support to ISO • VCC (Virtual Competency Center) • expert staff from FR Banks who conduct preemptive penetration tests of FR networks • penetration testing from outside vendors

  9. Handling of Actual Threats • protection of FR System is more immediately important than prosecution of hacker • check and update virus signatures daily from Symantec • escalation procedures in place throughout FR System to handle threats • Information Security Officers in FR System hold conference calls to handle threats as necessary

  10. Current Challenges • Public web site protection • comment letters • scam email • configuration management

More Related