Eurogiro News 11
Eurogiro Security Seminar to update on evolution in
information technology standards
Security in all aspects is a very valid topic within the financial world today. Eurogiro has since
the beginning utilized the strength of the Eurogiro community to gain and share knowledge and
experience within this very important field
The Eurogiro Security Group (ESG) arranged
the Security Seminar with the aim to cover
best practices surrounding security procedures
of the Eurogiro systems, as well as to influ-
ence participants with up to date information
and examples on valid security topics within
the financial world. With a steady growth in
Asia Pacific, the ESG decided to arrange two
Security Seminars, one in Europe and one
in Asia, so that all members could benefit
from the Security Seminar, regardless of their
geographical location. The ESG also had an
opportunity to present the results of the annual
self-assessment and its migration to a web-
based form located on the Eurogiro webpage.
Mr. Johan A. Grandsoult, VP of US Cash
Operations Global Payments Infrastructure,
Deutsche Bank, presented the US Cash
Operations detailed Business Continuity Plan
(BCP), which demonstrated a well-tested and
strong model of Business Continuity Manage-
ment. Being a very valid topic, and unfortu-
nately often forgotten, Mr. Johan A. Grandsoult
demonstrated the importance and main
reasons why a Business Continuity Plan is
needed, giving examples of Hurricane Katrina
and 9/11, which affected several million people
and countless businesses.
The most commonly used model with regard
to audits and IT is undoubtedly the COBIT
framework. COBIT is commonly used by
auditors in many different types of organisa-
tions. Developed by the ISACA organisation,
the COBIT framework has been successfully
implemented in several large and small finan-
cial institutions around the world where, for
instance, SWIFT is using its framework for its
customer support centres. We had the pleasure
of listening to one of the founders of the COBIT
framework, Mr. Urs Fischer, who went in to
detail about the difference between COBIT 4.1
and newly released COBIT 5.
The conclusion of the two Security Seminars
was that we see a growing interest in several
areas and levels of security, which can also be
matched against today’s growing cyber threats
against the financial institutions. We see groups
like ‘Anonymous’ targeting large network infra-
structures and smaller groups specialized in
hacking and phishing user data, getting direct
access to accounts and other sensitive data.
It is therefore essential that changes, updates
and security models are adhered to, and they
must not be discarded as something that will
not happen to us.
The Eurogiro Security Group consists of spe-
cialists from amongst the Eurogiro members,
who work daily with audit and security ques-
tions. Its task is mainly to uphold the Eurogiro
Security Policy, but also to assist and help the
Eurogiro community with member audits and
informational member visits. This has resulted
in a secured environment where every new
implementation is screened and validated to
[email protected]
match the member’s increasing needs, as
well as following the evolution of information
technology. The group is available for, and
welcomes, all types of questions surrounding
the security of the Eurogiro Systems.
3
COBIT 5
Principles
5
Separating
governance from
management
1
Meeting
stakeholder
needs
2
Covering
the enterprice
end-to-end
3
Applying a
single integrated
framework
4
Enabling
a holistic
approach
COBIT is the abbreviation for
Control Objective for Informa-
tion and Related Technology
Standards
Source: COBIT
®
5, figure 2.
© 2012 ISACA
®
All rights reserved
.
Members of the Eurogiro
Security Group:
Mr. Thorsten Naujokat, chairman,
Deutsche Postbank
Mr. Marian Illovsky, Postova Banka
Ms. Chantal Becker, EPT
Mr. Dejan J. Kovacevic, Postal Savings Bank
Mr. Oskar Schultz, Eurogiro
ISACA, previously known as
the Information Systems Audit
and Control Association, de-
fines the roles of information
systems governance, security,
audit and assurance profes-
sionals worldwide
1...,2,3,4,5,6,7,8,9,10 12