Re: Where is it all going?
From: Panorama (pvsp_at_front.ru)
Date: 06/09/04
- Next message: Laura A. Robinson: "Re: Women in IT"
- Previous message: id: "RE: 2003 mcse cert"
- In reply to: Laura A. Robinson: "Re: Where is it all going?"
- Next in thread: billyw: "Re: Where is it all going?"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 10 Jun 2004 03:46:39 +0530
Excerpt from [ISN] Bank glitch leaves 10 million Canadians without paycheque
Dated June 07, 2004 by Mark E. S. Bernard
----------------****
Computer problems plaguing the Royal Bank of Canada has caused payroll
paralysis across the country, affecting more than 10 million people
nationwide with the end for some unpaid clients not expected until the
weekend.
More than 10,000 provincial government employees, including Premier Bernard
Lord, were not paid yesterday leaving $11.4 million in the government's bank
account until the massive computer failure is fixed. The payroll problem
didn't end with the government; more than 3,000 NB Power employees were
impacted as well as 125 City of Moncton workers who were left without a pay
cheque.
----------------****
With incidents like this happening, financial institutions are looking at
strengthening their security measures while trying to mitigate risk. Not all
the Financial Institutions are upto the mark. Their security needs are never
ending.
The above is caused due to a computer glitch during a routing update. One
might argue that software update is not under the purview of IT Security. In
fact it is an integral part. Anything that impacts the functioning of IT
Systems directly or indirectly is under the purview of IT Security
Management function.
I have been in IT Infrastructure since past 6 years and I was in the banking
software integration projects for the last two years, working with major
credit card companies. I worked on projects trying to utilize CCS7, SS7, GSM
technologies, ISO 8583 Banking messages and all kinds of other crap (MQ
Series, VisiBroker, Websphere) technologies to aid payment/billing systems.
The project estimated to complete in about 10 months excluding pilot, but
when we were asked to add security infrastructure for compliance we had to
bill the customer 30% the original project cost and took us additional 7
months.
There is no single standard used for banking security today. We had to
rebuild the entire IT Systems & Infrastructure design to overcome countless
loopholes in the current bank messaging (Security) System.
With problems like this the attitude towards dealing with It security has
changed a lot.
I have noticed that the awareness on IT Infrastructure with major focus on
Security has increased enormously in the past 3 years. A good example is
VISA with its 3D Secure Protocol for Payment Authentication.
While new technologies are being introduced many new opportunities are
perceived. There is a greater demand for Security today, not just in IT but
in all security aspects like physical, personnel, software & Telecom.
The above demand is just in banking domain, imagine the demand for the
entire Financial Services Vertical of IT Security in capital markets and
FI's like Goldman Sachs & GE Capital. They must be using their own
proprietary software/technology for banking. Even with their CERT, CSIRT &
FIRST teams it is not going to be easy to maintain proprietary technologies
and the CIA triad with ever growing list of vulnerabilities. I received
notification about 68,48 & 30 vulnerabilities in weeks 21,22 & 23. Three
years back I used to see less than 20 Vulnerabilities in a month. This is
one more sign indication a greater demand for security in software
development and implementation.
IT Expenditure: Above the capital (About 20% of the IT Capital), the cost of
maintaining security is growing by 1-2% every year reaching 5- 8 % of the
Total IT operations cost. Although there is no real means of measuring the
ROI spent on Security (considered as operational expenditure) This is a
healthy sign that the demand for IT Security is increasing.
The demand is likely to grow in the next 3 years. The demand that is there
right now can't be ignored.
> As one who works in exactly that, I can tell you that the financial
> sector has *already* had this focus.
I would say that the financial vertical of IT has just realized the need for
IT security. Even the major players are no where near achieving 99%
foolproof system. The vertical is struggling to improve and progress is
anticipated at large. There might be a difference in opinion here since
there is no true measurement of a foolproof system, one can never compare
the security of one organization with another. Especially while speaking in
context to vulnerabilities suck as Kerberos buffer overflow.
> If you're just now getting into
> the field and are targeting the financial market, you're late. ;-)
I have a foot in this field and I am having a piece of the pie.
--- Sunny
"Laura A. Robinson" <geekwench@snippit.hotmail.com> wrote in message
news:MPG.1b3088f69bb5d7a298aa22@msnews.microsoft.com...
> circa Wed, 9 Jun 2004 08:32:36, in
> microsoft.public.cert.exam.mcse, Panorama (pvsp@front.ru) said,
> > IT in finance sector is
> > likely to grow with Major focus on Security.
> >
> As one who works in exactly that, I can tell you that the financial
> sector has *already* had this focus. If you're just now getting into
> the field and are targeting the financial market, you're late. ;-)
>
> Laura
> --
> Experience is the name every one gives to their mistakes.
> -Oscar Wilde
- Next message: Laura A. Robinson: "Re: Women in IT"
- Previous message: id: "RE: 2003 mcse cert"
- In reply to: Laura A. Robinson: "Re: Where is it all going?"
- Next in thread: billyw: "Re: Where is it all going?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
