Security Analytics Platform for Financial Industry (ART/243CP)

Security Analytics Platform for Financial Industry (ART/243CP)

Security Analytics Platform for Financial Industry (ART/243CP)
09 / 11 / 2017 - 08 / 05 / 2019

Mr Wilson Wai-Shing TANG

1. Feed Adapter To collect data input which consists of two modules: a. External intelligence adapter b. Internal intelligence adapter 2. Intelligence & Model Store To offer storage and access on different types of intelligences and models 3. Analytics Module To provide the analytic work which includes: a. Model building module b. Resilience measurement module c. Malware analysis module 4. Action App To display and initiate actions upon user's confirmation which includes: a. Metrics dashboard app b. STIX publishing app 5. Platform Management Console To manage deployed modules and apps 6. Trial run with bank or financial institution Conduct and report trial run with bank or financial institution

E-Business Solutions Limited
Singapore Telecom Hong Kong Limited

There is an increasing concern about cybersecurity at the financial industry. Corporates like banks, insurances and other financial institutions are willing to spend more in cybersecurity solutions and services. However, corporate CISO (Chief Information Security Officer) encounters difficulties in justifying his return of investment since the traditional security evaluation, which is based on the capability maturity model, does not measure the operational effectiveness on the deployed cybersecurity solutions. This project aims at developing the Security Analytics Platform for Financial Industry (SERA) which establishes a set of security metrics, covering both externally observable security evidences and internally collected logs and events, to formulate the corporate cybersecurity level. Both the corporate itself and industry-wise index will be presented at this platform. By using this platform, CISO can observe the changes and trends of the corporate and industry cybersecurity resilience level through a dashboard and conduct further analytics. In this way, the corporate’s security posture is continuously monitored, facilitating prompt reaction when inefficiency is identified.