SWIFT Assessment Guidelines Workshop
01 - 01 Jan, 1970
Our Customer Security Programme sets benchmark security practices, critical to defending against, detecting and recovering from cybercrime. The Independent Assessment Framework, is a significant milestone in our security programme. It reinforces the level of assurance provided by self-attestations by mandating independent assessments by third parties.
Do you perform gap analyses for SWIFT member organisations? Do you help enrich and improve their level of compliance with the Customer Security Controls Framework? Will you be responsible for independent attestations? If so, you need to understand each of the controls, each of the architecture components in scope, and how to verify evidence for each SWIFT infrastructure type. SWIFT has designed a new Assessment Guidelines workshop to help you conduct more efficient and robust assessments. Aimed at auditors, risk managers and IT assessors, the workshop is tailored to the business and technical contexts in which you are operating. It demonstrates how to interpret and comply with mandatory and advisory controls, which evidences are best collected, and how to audit objectively based on security best practices. The workshop is structured around a blend of theoretical and practical modules. The theory includes targeted information to help collect and analyse evidence for the design, implementation and operating effectiveness of each control. The practical elements of the workshop provide unique opportunities to explore real-life case studies and discuss your feedback as a group.
By the end of the course, participants will be able to:
- Carry out your responsibilities in relation to the Customer Security Programme
- Gain a broader industry perspective
- Ensure you have the necessary technical capabilities
- Review security best practice scenarios and field compliance experience with a SWIFT expert
CSO, Department, Information Technology, Audit and Risk Department, Banking Operations, Payment Systems and SWIFT Department.
• Overview of SWIFT: What is SWIFT? (Context of the nancial industry), core messaging services (supporting business transactions), secure IP network and connectivity types, interfaces portfolio, FIN and ISO20022 messaging standards
• The Customer Security Programme: Customer Security Controls Framework (CSCF), IAF - Independent Assessment Framework
• PKI certicates and HSMs: Public Key Infrastructure (PKI), Hardware Security Modules (HSMs), SWIFTNet Security Officers
• Connect to Alliance Gateway (or Alliance Remote Gateway): Operator Access, security management, operational and auditing profiles
• Connect to Alliance Access: Operator access, security parameters, messaging data flows, messaging routing terminology, operational and auditing profiles
• Connect to FIN and SWIFTNet: BIC usage and identity importance, FIN Secure Login and Select (connectivity control), SWIFTNet communication channels (InterAct and FileAct profiles)
• Integrity, filtering and other security controls: Authentication methods and application integrity checks, transaction business control (RMA and Payment Control best practices), condentiality, availability and integrity of messages, reconciliation and integrity of the message flow
• Audit trails (financial messages): Identification of a message (tracking history), message search and event log (where to see), daily message check report (the what), undelivered message report (why it failed), message delivery monitoring (what is the status), message retrievals (why to retrieve), monitoring event log (for Auditing), swift.com security and audit trail (who has accessed)