Banking and Finance Sector-Specific Plan - U.S. Department of ...
Banking and Finance Sector-Specific Plan - U.S. Department of ...
Banking and Finance Sector-Specific Plan - U.S. Department of ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
K Financial information tracing is not possible unless the identity <strong>of</strong> the transaction initiator is able to be carried through the<br />
multiple layer <strong>of</strong> authentication required to navigate through complex infrastructure.<br />
M Financial transaction anomaly detection R&D in private financial institutions has set the bar for advances in technical<br />
surveillance, monitoring, <strong>and</strong> detection.<br />
P Reference to potential threats to the stability <strong>of</strong> the economic infrastructure <strong>of</strong>ten cite inability to trace financial transactions,<br />
<strong>and</strong> business process simulation <strong>of</strong> this domain would serve to mitigate this <strong>and</strong> similar online identity-related<br />
threats.<br />
Q The ability to trace a financial transaction to an accountable source is key to the easiest demonstration <strong>of</strong> the economics <strong>of</strong><br />
InfoSec: antifraud measures. Moreover, the methodology <strong>of</strong> tracing accountability is extensible to other sectors.<br />
4.7 Testing<br />
B Improving the quality <strong>of</strong> s<strong>of</strong>tware <strong>and</strong> providing proven guidelines for organizations to use for s<strong>of</strong>tware certification can<br />
improve the defensive posture <strong>of</strong> CI/KR with s<strong>of</strong>tware-based components. Such research can also provide near-term<br />
security <strong>and</strong> economic benefits for the financial <strong>and</strong> other industries that rely heavily on s<strong>of</strong>tware process automation.<br />
G Many new attacks are the result <strong>of</strong> exploiting a newly-discovered s<strong>of</strong>tware bug before a patch can be applied. Higher-quality<br />
s<strong>of</strong>tware testing <strong>and</strong> certification can help reduce the number <strong>of</strong> emerging threats against CI/KR.<br />
H A new, more secure architecture, while desirable, discards the years <strong>of</strong> real-world experience with current system deployments.<br />
Rigorous s<strong>of</strong>tware testing st<strong>and</strong>ards will be necessary to ensure a new architecture does not initially weaken<br />
systems’ defensive posture.<br />
L S<strong>of</strong>tware testing <strong>and</strong> certification st<strong>and</strong>ards can help coordinate work <strong>and</strong> provide a shared yardstick for measuring posture<br />
cross-sector. Financial industry problems are good barometers <strong>of</strong> succession because validation <strong>of</strong> tests results is <strong>of</strong> paramount<br />
importance where dollars are involved.<br />
4.8 St<strong>and</strong>ards for measuring ROI <strong>of</strong> CIP <strong>and</strong> Security Technology<br />
E, G, I, Q Individual organizations in the public <strong>and</strong> private sectors tend to optimize locally with respect to investing in<br />
critical infrastructure protection rather than talking a global perspective. Economic <strong>and</strong> capital budgeting models need to<br />
be developed which assist in determining the global impact <strong>of</strong> security-related decisions. Such models should be the basis<br />
for determining the optimal expenditures, which will yield the highest global ROI, for all the other Challenge Projects.<br />
Researchers need to first determine the components to be included in such a global ROI calculation <strong>and</strong> then provide suitable<br />
methods for analyzing them in the context <strong>of</strong> R&D funding decision-making.<br />
Appendix : FSSCC Research <strong>and</strong> Development Agenda<br />
0