Electronic Safety and Soundness : Securing Finance in a New Age

Intro -- TABLE OF CONTENTS -- Foreword -- Abstract -- Preface -- Executive Summary -- 1. Introduction to E-Security -- 2. Policy Framework -- 3. Legal and Regulatory Framework (Pillar 1) -- 4. External Monitoring of E-Security Practices (Pillar 2) -- 5. Certifications, Policies, Standards, and Procedures (Pillar 3) -- 6. Twelve Layers of Security (Pillar 4) -- Annexes: -- Annex A: Selected Public E-Security Incidents -- Annex B: Types of E-Fraud -- Annex C: Worldwide E-Security Industry -- Annex D: Risk Management: A Blueprint for Layered Security -- Annex E: Identity Management: Authentication and Non-Repudiation -- Annex F: Wireless Vulnerabilities -- Glossary -- References -- LIST OF BOXES: -- Box 1.1: Money Laundering -- Box 1.2: Selected Country Case Studies -- Box 2.1: G8 Principles for Protecting Critical Information Infrastructures 2003 -- Box 2.2: The Electronic Security Industry: Imperfect Competition -- Box 3.1: Money Transmitters and Internet Service Providers -- Box 4.1: Principles for Managing Risk in Online Banking -- Box 4.2: ISO/IEC 13335 Information Technology-Security Techniques-Guidelines for the Management of IT Security GMITS -- Box 6.1: Instant Messaging -- Box 6.2: Blended Threats -- Box 6.3: Survivable System Development -- Box B.1: Voice-over-IP (VOIP) -- Box B.2: Case Study: Bugbear.B -- Box B.3: Identity Theft: Abraham Abdallah -- Box C.1: Evolution of Technology and International Standards -- Box D.1: BITs Master Security Criteria -- Box D.2: The Future of Access Controls -- Box D.3: Next Generation Instruction Detection System -- Box D.4: SQL Vulnerability -- LIST OF FIGURES: -- Figure 1.1: E-Finance Penetration: 2000 and Projected Rates for 2005 and 2010 -- Figure 1.2: Number of Incidents Reported by CERT, Worldwide -- Figure 6.1: Five Layers of Data Flow -- Figure B.1: Computer Incidents 1990-2002.