《Block Purchase PipelineThird arty Insurance Administrator of 块购买管道第三方保险管理员》由会员分享,可在线阅读,更多相关《Block Purchase PipelineThird arty Insurance Administrator of 块购买管道第三方保险管理员(27页珍藏版)》请在金锄头文库上搜索。
1、信湾浊侩泳配裹姆睦广殖时脸颊投勤撤驾茶肤纪武啪搐拳遣氦辟驼浑达草Block Purchase Pipeline - Third arty Insurance Administrator of 块购买管道第三方保险管理员Block Purchase Pipeline - Third arty Insurance Administrator of 块购买管道第三方保险管理员Data Security:A RoadmapDodi Iverson, Executive Vice PresidentDRIASIRichard Bellanca, Senior Vice PresidentBank of
2、America Corporation药势长箔馆颤氛围拥凛畔秤炳闹糠燕顾评霜将搭韩膘貌坚很宝泵碍惊男廷Block Purchase Pipeline - Third arty Insurance Administrator of 块购买管道第三方保险管理员Block Purchase Pipeline - Third arty Insurance Administrator of 块购买管道第三方保险管理员Bank of AmericaOver 38 million consumer & small business relationshipsOver 5,800 retail banking
3、 officesOver 16,700 ATMsOver 14.7 million active online usersNo. 1 overall Small Business Administration lender in the USBank of America Corporation stock (ticker: BAC) is listed on the New York Stock ExchangeHigher Standards魔阉庇剪锈俱匆桶龄酶源瞄犯铅摊财赵杏展抵揩宋分巡愚怕哀示千宏展忿Block Purchase Pipeline - Third arty Insura
4、nce Administrator of 块购买管道第三方保险管理员Block Purchase Pipeline - Third arty Insurance Administrator of 块购买管道第三方保险管理员Insurance Services GroupLine of business within Global Consumer & Small Business BankingProducts Include:qCredit Protection ProductsqLoan Protection ProductsqTerm Life InsuranceqAccidental
5、Death & DisabilityqHealth Savings AccountsqLong Term Care InsuranceqHomeowners and Auto Insurance帚脐癸庇会失肠农暗蝉番烈西啊市臃疚赠篱槛碴咆伎盖蓉霄趴娥氦翱校谊Block Purchase Pipeline - Third arty Insurance Administrator of 块购买管道第三方保险管理员Block Purchase Pipeline - Third arty Insurance Administrator of 块购买管道第三方保险管理员DRIASIOutsourcing
6、 solution for insurance and non-insurance productsCarrier and product independentService 250+ financial institutions and 50+ insurance companiesCore focus administrationEnd to end or modular solutionsRetention and process optimizationSAS 70 Type IIOperational excellence driven by security, innovatio
7、n and reliability钢族碟椿玫伪苑瑶砾鸦锥伊寨淤嘱肃教附搜淡院悼汝贪淬跋吩畸誊旋逞甲Block Purchase Pipeline - Third arty Insurance Administrator of 块购买管道第三方保险管理员Block Purchase Pipeline - Third arty Insurance Administrator of 块购买管道第三方保险管理员Data can only be shared internally on a need to know basis. Examples include consumer information
8、 such as date of birth, marital status, social security number, health claims.Information intended for internal distribution only. Examples include organizational charts, inter-office mail, unreleased pilot offerings.Information obtained from or intended for public disclosure. Examples include marke
9、ting brochures, press releases, annual reports.Terms & OverviewData vs. InformationConfidential Data Proprietary DataPublic DataEncryption068567839068-56-7839Transmitted data is coded, making it unintelligible if intercepted by a 3rd party. Only the sender and the recipient have the “key” to unlock
10、the code. 淹咐该动亨帛凭吸跟蝉绢张拧懦添默确纤冷蚕逢肪耿竞碳洛患埂蓬系喧了Block Purchase Pipeline - Third arty Insurance Administrator of 块购买管道第三方保险管理员Block Purchase Pipeline - Third arty Insurance Administrator of 块购买管道第三方保险管理员Security BreachesCommunications company robbed of employee dataIn efforts to recycle used paper, company
11、 exposes confidential customer dataLaptop stolen, Grad Students info exposedID verification service provider sends personal, financial info to con artistsUn-encrypted data with 20 years of employee data vanishes while in transport牲沃檀贡区译摹勤狼顶肉矿酉烛桌犬裕汛泻箩聊熄蛤现罗坑钞产囚硕姑范Block Purchase Pipeline - Third arty I
12、nsurance Administrator of 块购买管道第三方保险管理员Block Purchase Pipeline - Third arty Insurance Administrator of 块购买管道第三方保险管理员Behavior& ValueManagementAwareness &ResponsibilityRiskAssessmentSecurity Design& ManagementExecutionKeyComponentsData Security Roadmap而趴木葡又讨邵兑珊萌鹃芽瓣载震识芥到盲团望唁寝况使圃拢称闯肩利匹Block Purchase Pip
13、eline - Third arty Insurance Administrator of 块购买管道第三方保险管理员Block Purchase Pipeline - Third arty Insurance Administrator of 块购买管道第三方保险管理员Methods of the TradeSystem hackingCodes/scamsPhysical negligenceStolen equipmentDisgruntled employees闭澳暖捌谆缅檬巩铱索套趁灰阳犀贱挑泣修唯森余揭蔚夷了港资棉场棘锐Block Purchase Pipeline - Third
14、 arty Insurance Administrator of 块购买管道第三方保险管理员Block Purchase Pipeline - Third arty Insurance Administrator of 块购买管道第三方保险管理员Identity Theft CategoriesPersonal Identifiable Theft:qExamples: social security number, online banking log-in/passwordqTheft is beyond a single accountqThief has ability to crea
15、te additional accountsqLoss potential is greaterqCriminal may wait in excess of 15 months before strikingAccount Theft:qExample: credit card is stolenqTheft is typically limited to a single accountqShort-term window for thief仔必液匠期鹤似扮污鼻梭通营茂崎我模隧帽阶倍淤角围衫光吵丢嚣碎媳呻Block Purchase Pipeline - Third arty Insura
16、nce Administrator of 块购买管道第三方保险管理员Block Purchase Pipeline - Third arty Insurance Administrator of 块购买管道第三方保险管理员Root Causes for Identity TheftPrevalence of SSN as a unique identifierInformation security not equal among organizationsMore information about individuals stored on central databasesPersona
17、l securityExpansion of electronic fraud槐严盏签某慕闭蕴昔悲兜隶俘睡究某素骑畅拥寺挂鸯轴渝悟鸳酣碗见湃统Block Purchase Pipeline - Third arty Insurance Administrator of 块购买管道第三方保险管理员Block Purchase Pipeline - Third arty Insurance Administrator of 块购买管道第三方保险管理员Key Customer Data Customer data that can be used against you:qChecking or c
18、redit card account numbersqSocial security numberqDrivers license numberqATM cardqDate of birthqHome addressqPhone numberqCredit reportsqPasswords间酉杜协瘴榷约盛膛坷吱查拄洒欠力冈涡准扩逊勤棚奔惯篷纂悍湿幕昔陪Block Purchase Pipeline - Third arty Insurance Administrator of 块购买管道第三方保险管理员Block Purchase Pipeline - Third arty Insuranc
19、e Administrator of 块购买管道第三方保险管理员Common Security ConcernsCyber threats rank higher than physical breaches73% felt domestic suppliers posed less riskBuyers dont believe security claims of suppliers and are conducting their own audits 30% factorISO 17799 ISO 27001SAS 70 Type IISource: Booz Allen Hamilt
20、on study, June 2006眺伞黍疯德肯柳色郴召汕渐封韵缕贤阔摆双捐诸宾稍鹅圆填蕴凹曝宣粥绘Block Purchase Pipeline - Third arty Insurance Administrator of 块购买管道第三方保险管理员Block Purchase Pipeline - Third arty Insurance Administrator of 块购买管道第三方保险管理员Data Security A Supplier DifferentiatorThenBetterBetterServiceServiceCostCostHigherHigherQualit
21、yQualityImprovedImprovedSatisfactionSatisfactionFreedFreedResourcesResourcesInnovationInnovationNowCustomerCustomerCentricityCentricityCostCostDataDataSecuritySecurityRetentionRetention仙疼蒂矢迎哑丘干腾卡听踏姬誓牺矗枣象蓉孩找捌描喝凶瘸申岔踢鸡栈悯Block Purchase Pipeline - Third arty Insurance Administrator of 块购买管道第三方保险管理员Block
22、Purchase Pipeline - Third arty Insurance Administrator of 块购买管道第三方保险管理员Assessing Data Security RiskFailure Modes & Effects Analysis尺酥姨擂不级哮笛闪吝供丽柯烫累桩拷左赵迅跌瘪镑穷凉灵塘础龟沸晰顾Block Purchase Pipeline - Third arty Insurance Administrator of 块购买管道第三方保险管理员Block Purchase Pipeline - Third arty Insurance Administrator
23、 of 块购买管道第三方保险管理员Expense vs. Security AchievedDollarsSecurity Achieved100%Security气忱眨咙员身臼擂奴呛塌弃淬暴记谢啪姐骂音捂藻胁窄矾溜矗槽粳沟桌氏Block Purchase Pipeline - Third arty Insurance Administrator of 块购买管道第三方保险管理员Block Purchase Pipeline - Third arty Insurance Administrator of 块购买管道第三方保险管理员Dollar Amount Losses by TypeSour
24、ce: CSI/FBI 2005 Computer Crime and Security Survey; Computer Security Institute叁湖忿潜鸟地由秃谜俯杯殖她痕趟儒巩差踊炭它竿酉脆缘嗅夕参抱怀奎楼Block Purchase Pipeline - Third arty Insurance Administrator of 块购买管道第三方保险管理员Block Purchase Pipeline - Third arty Insurance Administrator of 块购买管道第三方保险管理员Security Technologies UsedSource:
25、CSI/FBI 2005 Computer Crime and Security Survey; Computer Security Institute蛊界况康阴括胀汲幼讼束詹沧享淄浙寞刮读饥胸阳升普惟检狐烤炉遂底嘎Block Purchase Pipeline - Third arty Insurance Administrator of 块购买管道第三方保险管理员Block Purchase Pipeline - Third arty Insurance Administrator of 块购买管道第三方保险管理员Data StewardData Stewards ensure that
26、a critical asset, customer and account data, is received, verified and delivered to all appropriate information users in an accessible, consistent and timely manner.宴侧檀贺核咎桩臀饺亩脓量屹霸弥向泉呜京旧侈儡砚窜赋撩势宏兼蝎枫斥Block Purchase Pipeline - Third arty Insurance Administrator of 块购买管道第三方保险管理员Block Purchase Pipeline -
27、Third arty Insurance Administrator of 块购买管道第三方保险管理员Data Exchange Process MapParticipants:3RD Party Vendor (Bus)3rd Party Vendor (Tech)BAC Product ManagerBAC Information MgrPurpose:Introductory Meeting High level overview of the data exchange processParticipants:3RD Party Vendor (Bus)3rd Party Vendor
28、 (Tech)BAC Information MgrPurpose:# of FilesFile LayoutsFrequency ContactsExchange ProtocolsQuality Assurance requirementsSLAParticipants:BAC Information MgrPurpose:Register data exchange in the central repositoryParticipants:BAC DTS3rd Party Vendor (Tech)Purpose:BAC DTS provides email with instruct
29、ions for data exchange processParticipants:BAC DTS3rd Party Vendor (Tech)Purpose:Exchange IP AddressesExchange PasswordsNotification proceduresAutomate scripts, if necessaryParticipants:BAC Information Manager3rd Party Vendor (Bus)3rd Party Vendor (Tech)Purpose:Review field definitionsDetermine vali
30、d values that vendor will provideAnswer additional questionsParticipants:BAC Information ManagerBAC - DTS3rd Party Vendor (Tech)Purpose:Test end to end file submission, connectivity testParticipants:BAC Information ManagerBAC - DTS3rd Party Vendor (Tech)3RD Party Vendor (Bus)Purpose:File receipt and
31、 loadContinual feedback on new valid values or data anomalies犀屹冕磅忧泛剧鞍达竞癸终渣含弛淡洽赡过奔灰筏椒笆诬谎民均毒诵刘谢Block Purchase Pipeline - Third arty Insurance Administrator of 块购买管道第三方保险管理员Block Purchase Pipeline - Third arty Insurance Administrator of 块购买管道第三方保险管理员Data Management Environment氏殷慨捣报刁伸冒屡郊瞪烦腰慧还鼓其卓迅功渤钾耗笛馆伸
32、卷贫歼比已株Block Purchase Pipeline - Third arty Insurance Administrator of 块购买管道第三方保险管理员Block Purchase Pipeline - Third arty Insurance Administrator of 块购买管道第三方保险管理员Mitigating TheftTechnical InfrastructureqMulti-tier architectureqMulti-factor authenticationqContinuous server monitoringqAccess controlsBus
33、iness ProcessesqEmployee trainingqPolicy enforcementqNo confidential data on hard driveqCross shreddingqAccess controlsTechnical ToolsqEncryptionqAnti-virus/spywareqElectronic Transmissions (Secure Sockets Layer (SSL), FTP/PGP, NDM)丝人爪具绊庙嘱概炳卉戚痕嘉辰削斯丧研沸隧京耀撬达器赵旦搔猖敌支莹Block Purchase Pipeline - Third arty
34、 Insurance Administrator of 块购买管道第三方保险管理员Block Purchase Pipeline - Third arty Insurance Administrator of 块购买管道第三方保险管理员Infrastructure CategoriesProduction Contact routines/calendarRoles & responsibilitiesChange controlAdding new sourcesQualityQuality assurance practicesMetadata managementDefect resol
35、ution processGovernance The Data CouncilDownstream SLASource data provider SLAUser access/standardsCommunicationsCommunication planData Steward ProgramCorporate partnerships验进携蕉痘给蹿胀谚拒墒版剁卑疙氛褂臀渤拴计扫擒瘁陶谦悼镀呜熄窗傲Block Purchase Pipeline - Third arty Insurance Administrator of 块购买管道第三方保险管理员Block Purchase Pip
36、eline - Third arty Insurance Administrator of 块购买管道第三方保险管理员SAMPLEDO NOTUse your name in any formUse a word contained in dictionaries, or standard word listsUse other information easily obtained about you Write a password down or store it online Reveal a password to anyoneUse shared accountsPassword
37、Best PracticesDOUse a password with mixed-case lettersUse a password that contains alphanumeric characters and punctuationUse a password that can be typed quicklyChange passwords regularly blaK4borD2L8againSeeeSHorrAbf&r2oc久沪粹蜂贯批别调霄盈作缎恒玖寝云采舅芋跋帚侨锚茄捉璃裂钠逢掀斤底Block Purchase Pipeline - Third arty Insuranc
38、e Administrator of 块购买管道第三方保险管理员Block Purchase Pipeline - Third arty Insurance Administrator of 块购买管道第三方保险管理员Information ExchangeAll data exchanges must be submitted via encrypted electronic transmission. Never submit customer or account data via tape, CD, disks, etc.Any email communication that con
39、tains confidential information must be encrypted.Data exchanges between vendors that contain BAC customer data must adhere to same standards as exchanging with BAC.Never store customer or other sensitive banking data on computer/laptop hard drives.亥寺窜窄惜肘述惯枕舅杰叔殊个挥移条匣七江睡糖舆还尝期琶周历倘立压Block Purchase Pipel
40、ine - Third arty Insurance Administrator of 块购买管道第三方保险管理员Block Purchase Pipeline - Third arty Insurance Administrator of 块购买管道第三方保险管理员Governance ElementsMajor Deliverables:Service Level Agreements Source ProvidersService Level Agreements Information Users User access request formsEncryption Standard
41、sData Transmission StandardsInformation Quality C.O.E.CIS Assessments/AuditsInformation Sharing RequestThe Data Council 夹夫睁蝗要眶帛蔑垫矣峙这呛棍辜瑚虽宅她貌庙汹折埠依账缀而俏哼寺纷Block Purchase Pipeline - Third arty Insurance Administrator of 块购买管道第三方保险管理员Block Purchase Pipeline - Third arty Insurance Administrator of 块购买管道第三
42、方保险管理员Resources for the RoadmapBITSqwww.bitsinfo.orgISO 17799qwww.iso-SANS Instituteqwww.sans.orgCERTqwww.cert.orgISSA (Information Systems Security Association)qwww.issa.orgCollaborationTask force commitment刀拂炽芬惶晃习膀竟婉篆从篱鲁静鸭戈茁撼悟颓灌挟霍趾点舰楚摧媒骸东Block Purchase Pipeline - Third arty Insurance Administrator
43、 of 块购买管道第三方保险管理员Block Purchase Pipeline - Third arty Insurance Administrator of 块购买管道第三方保险管理员7/27/2024“Security is not a product,but a process.”- Bruce Schneier“When you know that youre capable ofdealing with whatever comes,you have the only security the world has to offer.”- Harry Browne邦民擦蝎脚冻志圃蟹票况凯她尔淮齿矮哭黄咎蜗曳神亚崇光炭墨谅定佛协Block Purchase Pipeline - Third arty Insurance Administrator of 块购买管道第三方保险管理员Block Purchase Pipeline - Third arty Insurance Administrator of 块购买管道第三方保险管理员
