Banking and Finance Sector-Specific Plan - U.S. Department of ...
Banking and Finance Sector-Specific Plan - U.S. Department of ...
Banking and Finance Sector-Specific Plan - U.S. Department of ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
N R&D focused on SFTP will require effort to develop information-hiding techniques because they are needed to protect<br />
sensitive customer <strong>and</strong> confidential information from unauthorized access while avoiding more onerous or unmanageable<br />
cryptographic practices. (A related requirement is that key management needs to be simple, secure, <strong>and</strong> transparent.)<br />
Q R&D focused on SFTP will require effort to develop economic models for secure communication methods because costs<br />
to implement <strong>and</strong> maintain SFTP must not present an unacceptable burden to smaller merchants or local banks that may<br />
operate with limited technical expertise <strong>and</strong> lower budgets.<br />
4.2 Resilient Financial Transaction System (RFTS)<br />
B, C, & F A distributed, resilient financial system must use best practices to prevent damage or destruction, including restricting<br />
entry <strong>and</strong> access to physical infrastructure. Research <strong>and</strong> practices in those areas could be applied to any infrastructure<br />
with high reliability <strong>and</strong> resiliency requirements. The distributed environment could be used to house detection <strong>and</strong> sensor<br />
systems <strong>and</strong> to disseminate the information those sensors carry, to aid in the system’s self-healing capabilities.<br />
E Automated decision-support <strong>and</strong> analysis are a subcomponent <strong>of</strong> any resultant transaction system. Increases in online fraud<br />
have made the financial industry fertile ground for such real-time analysis.<br />
H As the financial industry becomes more <strong>and</strong> more automated, financial systems technology architects <strong>and</strong> engineers<br />
require access to research in the design <strong>of</strong> complex systems, including modeling, operation, <strong>and</strong> failure-recovery.<br />
I Government <strong>and</strong> private sector coordination during a terrorist attack <strong>and</strong> risk communication <strong>and</strong> management will be<br />
key areas for maintaining CI/KR to support a functioning financial sector during a natural or manmade disaster. Models<br />
developed in this area would apply broadly to other CI/KR sectors.<br />
L The processes, st<strong>and</strong>ards, <strong>and</strong> procedures developed to run such a system would be applicable to other systems with similar<br />
scope <strong>and</strong> resiliency requirements.<br />
4.3 Enrollment <strong>and</strong> Identity Credential Management<br />
B, H, & K The necessary improvements in enrollment <strong>and</strong> identity credential systems require advances in protection <strong>and</strong> prevention<br />
systems, development <strong>of</strong> advanced infrastructure architectures, <strong>and</strong> advanced methods to authenticate <strong>and</strong> verify<br />
personal identity to meet the performance objectives.<br />
I Improvements in financial systems customer enrollment, data consumption, <strong>and</strong> aggregation habits require greater knowledge<br />
<strong>of</strong> human <strong>and</strong> social issues. Decisions that financial services customers make with respect to personal privacy <strong>and</strong><br />
convenience are both appropriate <strong>and</strong> well-defined topics for research.<br />
4.4 Suggested Practices <strong>and</strong> St<strong>and</strong>ards<br />
A, B The financial sector is the most common target <strong>of</strong> miscreants’ activity due to the potential for financial gain. The sector<br />
is subject to constant attack, both traditional <strong>and</strong> innovative. Hence, it is a most fertile field for research on detection <strong>and</strong><br />
sensor systems, <strong>and</strong> the sector also has been a leader in combining detection with prevention, as potential fraud activity<br />
triggers additional control. Research results in layering these technologies easily could be ported to the requirements <strong>of</strong><br />
other industries.<br />
C Due to the FDIC guidance with respect to two-factor authentication, the financial sector has established cooperative efforts<br />
devoted to entry <strong>and</strong> access portals. Researchers in these areas are encouraged to contact the Financial Services Technology<br />
Consortium (FSTC) to learn more about them <strong>and</strong> to join <strong>and</strong> contribute to these efforts through the Object Management<br />
Group (OMG), Open Web Application Security Project (OWASP) <strong>and</strong> other st<strong>and</strong>ards groups where financial institutions’<br />
<strong>Banking</strong> <strong>and</strong> <strong>Finance</strong> <strong>Sector</strong>-<strong>Specific</strong> <strong>Plan</strong>