InfoSec

2

Peer-Review

(Review)

APP

IOT

/Gateway

&

IT

3

P2P

IOTP2P

()

Fintech (UX)

4

Fintech

01

02

03

04

05

/

//

1st

2nd

3rd

5

Fintech()

1

2

3

Fintech

Fintech

()

6

? ? /?

Gartner20154.7%Gartner20157544.7%

Gartner

http://technews.tw/2015/09/23/gartner-information-security-cost-in-2015/

Organizations spent

$ 75.4 billionOn information Security in 2015

According to Gartner

7

, NSAS PRISM

PRISMForeign Intelligence Surveillance CourtPRISMPRISM

7

Main-wayMarinaNucleon

Plans Since 2007

PRISM | Boundless Informant | X-Keyscore | Dropmire | Fairview | Surveillance

Detection Unit | Bullrun | GCHQ | collaboration | MUSCULAR | IMP | Tempora |

Mastering the Internet | Global Telecoms Exploitation Discontinued Trailblazer

Project | ThinThread | President's Surveillance Program ( Terrorist Surveillance

Program, STELLARWIND)

8

PRISM

PRISM2007US-984XN8

9

9

()

10

Fintech

1

()

11

20162016

8,100

DAO3607200

8686

ATM

120

SevenEnet18.6

RCBC

321 54 7 86

Bitfinex127800

DDoS

9

OBU7

12

Fintech

13

SWIFT

14

Fintech (bypass)

Fintech/

()

15

()Cyber Security

2017190 201635%

16

(), IT (FFIEC) Fintech I -

/

/

17

NIST / FFIEC /

/

18

Fintech III

/

19

Fintech IV Cyber Space

/

/

/

20

/

Fintech IV Cyber Security

1

&

2

3

4

5

21

Payment Card Industry Data Security Standard(PCI DSS) (self-regulated)

European Banking Authority Guidelines on the security of internet payments ENISA

UK Government-Distributed Ledger Technology: beyond block chain

NIST-Big Data Interoperability Framework Volume 4, Security and Privacy

EU Data Protection Regulation

Online Trust Alliance- IoT Trust Framework

ENISA-Securing Europe IoT Devices and Services

CSA-Security Guidance for Critical Areas of Focus in Cloud Computing

ENISA-Cloud Computing: Benefits, Risks and Recommendations for Information Security

ISO/IEC 27017 -Information security controls based on ISO/IEC 27002 for cloud services

ISO/IEC 27018 -Protection of personally identifiable information (PII) in public clouds acting as PII processors

22

Fintech V

:

SaaS

: & SaaS

IaaS

?

3

7

1

6

4

1

2

3

4

5

6

7

Public

Internet5

2

23

Fintech VI IT

STEP 1

Define war

game goals

STEP 4

STEP 5

STEP 7

STEP 6

STEP 2

STEP 1

STAGE 1

STAGE 2

STAGE 3

STAGE 4

STEP 3

24

802015916(Securities and Industry and Financial Markets Association, SIFMA)3Quantum Dawn

SIFMA20113650((SEC)()

35

: , (3)

25

1.2.

1.2.

Fintech VII

: 96

26

Fintech VIII

- Knowledge bases- Open &

subscription based Malware repositories

- Honeynets- Tracking websites - Phishing

repositories - Trap email accounts- Domain databases- Social media sites- Paste sites

- Subversive media - Mainstream news- TOR sites- Forums - IRC channel

monitoring- Security research

sites blogs- Vulnerability

databases - Think tanks- Blog sites

Cyber Security

(Cyber Intelligence)

Agent-based

Web-based//

27

FintechISAC

Security Research Intelligence Shared Industry Intelligence

Dark Web Monitoring Open Source Threat IntelligenceCommercial Threat Intelligence

Corporate Brand Intelligence

/know-how

know-how

Cyber/Physical Alerts from Govt, Partners, other ISACs

Cyber/Physical Alerts from Members

Critical Notifications 24x7 Monitoring (dashboard)CINS Crisis Notifications

Anonymous Submissions

Risk Mitigation Toolkit Threat Viewpoints

Portal Access Credentials Member Contact DirectoryDocument Repository

Regular Report

Complimentary Webinars Professional Meetings

Cyber Security Tip Newsletter Conduct SurveysParticipate in Community Institution Council

Teleconferences

Complimentary Regional Workshops

Inclusion in Threat Exercises Meets Regulatory Compliance Requirement

ISAC

Human Resource Intelligence Organization Analytics National Security

Deloitte""("DTTL"))"" www.deloitte.com/about 150220,000

Deloitte & ToucheDeloitte Touche Tohmatsu Limited

("")

2016