On June 30th, new EU guidelines regarding cybersecurity for banks came into force. Now it is clearer how various financial services are expected to manage internal and external risks linked to IT and security. Segmentation using data diodes is an essential measure to mitigate security risks.
The new guidelines from the European Banking Authority, EBA, are the European standard for managing security and IT risks. It describes how banks, fund managers and providers of payment services operating within the EU are to manage internal and external risks linked to IT and security. The objective is to reduce the likelihood of cyberattacks, data leaks, disruptions and intrusions.
Among other things, the guidelines point out which security measures have to be developed and implemented to mitigate IT and security risks that financial institutions are exposed to.
It is essential to understand that the guidelines have legal status and that the operators covered, therefore, are obliged to justify any deviations from its application.
The guidelines address the management of internal and external risks within IT and information security, referred to as ICT risks, as well as operational risk management in financial institutions, referred to as payment service providers, credit institutions and securities companies.
The guidelines are comprehensive, but a central requirement regards classification; stating that financial institutions must make a risk assessment and classification of business functions, support processes and information assets, judged on how critical these are.
Another vital requirement is information security measures: the guidelines state that security measures have to be developed and implemented to mitigate IT and security risks that financial institutions face.
An excellent method for mitigating security risks and protecting critical information and critical systems is network segmentation through a combination of physical and logical separation. Physical separation means that safety zones are defined and distributed on different physical hardware. Logical separation means that different zones or network traffic are allowed to coexist on the same hardware or in the same network cable, which makes it less apparent – and thus leads to lower confidence in the strength of the separation mechanism than that of physical separation.
DDE Technology has considerable experience working with Advenica's SecuriCDS Data Diodes. Both the separation and diode function are based on an optical transmitter and receiver. The design guarantees that no data can pass in the opposite direction, in fact, it is physically impossible! The solution, with its high assurance, protects assets for operators of critical infrastructure such as utility companies, defence, aerospace and space agencies.
In situations where information needs to go in two directions, a different type of solution is required for secure network segmentation. A solution that can effectively filter the information and ensure that the organisation's information policy is followed with every transfer is needed.
Advenica's ZoneGuard is a customisable and at the same time simple solution based on whitelisting of information through information policies. The solution ensures that organisations securely and correctly can exchange information between security domains at different levels.
Please contact DDE Technology to learn more about how data diodes and filtering solutions such as ZoneGuard can ensure network segmentation and information security.
Data Diodes Raise Cybersecurity for the Banking Industry
Who is Affected by the New Guidelines?
Information Security Requirements Guidelines
Network Segmentation is Addressed with Data Diodes
DDE has considerable experience working with critical systems across a range of industries including banking and finance, energy, water, oil and gas, telecommunications and others and understands the risks inherent in these systems. Contact us to learn more about the cyber risks of such systems and how operators can quickly deploy threat detection and anomaly monitoring systems, internal process controls and physica security to mitigate against these risks.
DDE Technology is a trusted advisor to companies around the world that rely upon critical operational infrastructure. We provide a range of solutions that ensures industry keeps running and that address the threats inherent in an increasingly interconnected world.
COPYRIGHT © 2020, DDE TECHNOLOGY LIMITED. ALL RIGHTS RESERVED.