Tuesday, April 25, 2017

Hai Pham - Week 7 - RSA Data Encryption for Financial Institution.


Data encryption is just a process of scrambling the data so it is not readable by unintended people.  For a normal conversation, we don’t need to encrypt the data.  However, if banks, government or military groups don’t have any data encryption apply for their daily business, they would be in a very bad shape.

Having said that, this week, I am talking about the second common encryption that is used widely by financial institution, which is RSA which was made of the name of three people that invented this algorithm.  They are Ron Rivest, Adi Shamir and Leonard Adleman.

RSA is one of the most popular data encryption methods that is use for encrypting data over the internet.  With RSA, the encryption key is public and the decryption key is kept secret.  The encryption is based on the factoring of the two large prime numbers which makes it very hard for bad guys to decode it.  Again, it “only” can be decoded when a person has both public and private key.

The idea of RSA is: the public key can be sent to regular route, no need to be secret route (bad guys still can still the public key and encrypted message) but the private key will not be sent out, this would make RSA very strong encryption because without private key, it is extremely hard for anyone to decode it without a private key.

Reference:
StorageCraft Technology Corporation. (2017).  Retrieved from https://www.storagecraft.com/blog/5-common-encryption-algorithms/



Posted by at No comments:

Tuesday, April 18, 2017


Hai Pham - Week 6

One best common way for data encryption for now and future


For all financial institution, data encryption for both online transaction and data at rest would be extremely critical and important.  Without proper way of protect sensitive the data that is transfer or at rest, companies will run into the big problems such as damaging reputation, losing the trust from customer and paying for penalties. 

With that concern, let see what would be the best way to do data encryption to protect the enterprises.  This week, I am going to talk about one of the best way to do the data encryption to protect the data.

DES is stand for Data Encryption Standard.  DES was developed back in 1970 at IBM and it was considered to be one of the most secure options at that time.  However, it had some security holes due to the use of 56-bit key size, it was a bit short and hacker took the advantage on this and exploited it.  To improve the DES, a Triple DES came out to fix the issue of DES.  It uses three key with 56 bit each and this helped strengthen the encryption with the total of 168 bit in length, that was sufficient for data encryption.

Even though Triple DES has been out there for different organization and business to use (published in 1998) but it is still one of the top five data encryptions for financial institution for the current time and future. 

 

Reference:

StorageCraft Technology Corporation. (2017).  Retrieved from https://www.storagecraft.com/blog/5-common-encryption-algorithms/


Posted by at No comments:

Monday, April 10, 2017

Week 5 - “Cyber security is the most prevalent IT risk for banks”

KPMG had shown on their recent survey that the cyber security has the highest among other threats and risks, especially for the bank.

There were three major cyber security breach in 2015 and 2016 on 3 foreign banks that caused a huge financial lost about $100 millions.  The breaches were focus mainly on exploiting the weaknesses of the digital infrastructure of the bank that connect the banks to the global SWIFT network.

The first bank was the the Ecuadorian Banco del Austro.  It lost about $12 millions.  The second bank was the Vietnam’s Tien Phong Bank.  In this case, the hackers used fraudulent SWIFT messages to transfer more than EUR 1 million from TP Bank.  The third bank had the biggest financial lost, which was the Bangladesh Central Bank, the hacker was trying to transfer $850 million and then SWIFT detected a spelling error on the recipient name but $101 million were already transferred to the hacker account successfully.

The incidents had raised my concern and question that the foreign banks might not follow the same national security standards?  Why the security system did not raise any alert when a big amount of money was transferred?  The system should check for three main things such as:

1.    Is it during business hours?

2.    Is it under the money limitation for wired transfer?

3.    Who and where is the recipience?

 

What I was thinking is either the banks did not follow the international security standard and their security system has security holes or their security team was weak and short of knowledge on setup security issue. 

 

I would think the foreign banks should spend $1 million or even more to consult security experts from other countries to help them setting up a strong security policies and security systems or losing $100 million. 

 

Preference:


KPMG’s European Central Bank Office.  Cyber security is the most prevalent IT risk for banks.  (September 6, 2016).  Retrieved from https://home.kpmg.com/bh/en/home/insights/2016/09/cyber-security-most-prevalent-it-risk-fs.html

Posted by at No comments:

Wednesday, April 5, 2017

Week 4 Blog - Data Management



Week 4 Blog
Data Management

Nowadays, all businesses create and store more and more data than ever before.  Financial Institutions are the type of businesses that create a vast data for their daily business.  With a huge amount of data that include many sensitive data and intellectual data, they better need to manage the data very well.  This is not just for their duty, benefit, operation, but also for complying with different regulations.

So the questions are how they manage and protect the data?  What would be the tools they use? How financial institutions deal with different regulations? What human effort that they need to dedicate for data management?  Bad data management would cause data lost and lead to many terrible issues such as lost in revenue, lost customers’ trust, damage business reputation and also involving with penalties and fine.

Depending on each business type, I believe that company can purchase existing well known tool out there to do data management.  Each tool also should have the flexibility for each enterprise to custom their uses and needs.  Why doing some quick research on the web, I see that the InfoTrellis provide one of the powerful tool for data management.  MDM is the service and solution that would help financial institutions not only manage well data but also all the regulations.

Reference:

Infotrellis.  (August 8, 2016).  Retrieved from http://www.infotrellis.com/mdm-regulatory-compliance-banking-industry/
Posted by at No comments:
Subscribe to: Posts (Atom)