SWIFT, the Society for Worldwide Interbank Financial Telecommunications, is a messaging network that financial institutions use to securely transmit information and instructions through a standardized system of codes.1
According to SWIFT:
The SWIFT Customer Security Controls Framework describes a set of mandatory and advisory security controls for SWIFT customers.
Mandatory security controls establish a security baseline for the entire community, and must be implemented by all users on their local SWIFT infrastructure. SWIFT has chosen to prioritise these mandatory controls to set a realistic goal for near-term, tangible security gain and risk reduction.
Advisory controls are based on good practice that SWIFT recommends users to implement. Over time, mandatory controls may change due to the evolving threat landscape, and some advisory controls may become mandatory.
All controls are articulated around three overarching objectives:
1. 'Secure your Environment',
2. 'Know and Limit Access',
3. 'Detect and Respond'
The controls have been developed based on SWIFT's analysis of cyber threat intelligence and in conjunction with industry experts and user feedback. The control definitions are also intended to be in line with existing information security industry standards.2
Thales can help you comply with all three objectives.
Thales can help you comply with the following sections of the CSC Framework:
Section 1.2. “Operating System Privileged Account Control”
Section 5. “Manage Identities and Segregate Privileges”
Section 6. “Detect Anomalous Activity to Systems or Transaction Records”3
The Vormetric Data Security Platform from Thales makes it easy and efficient to manage data-at-rest security across your entire organization. Built on an extensible infrastructure, the platform features multiple data security products that can be deployed individually or in combination to deliver advanced encryption, tokenization and centralized key management. This data security solution prepares your organization for the next security challenge and new compliance requirements at the lowest TCO.
Detailed data access audit logs delivered by Vormetric Transparent Encryption are useful not only for compliance, but also for the identification of unauthorized access attempts, as well as to build baselines of authorized user access patterns. Vormetric Security Intelligence completes the picture with pre-built integration to leading Security Information and Event Management (SIEM) systems that make this information actionable. The solution allows immediate automated escalation and response to unauthorized access attempts, and all the data needed to build behavioral patterns required for identification of suspicious usage by authorized users.
Perhaps the most comprehensive data privacy standard to date, GDPR affects any organisation that processes the personal data of EU citizens - regardless of where the organisation is headquartered.
Any organisation that plays a role in processing credit and debit card payments must comply with the strict PCI DSS compliance requirements for the processing, storage and transmission of account data.
Data breach notification requirements following loss of personal information have been enacted by nations around the globe. They vary by jurisdiction but almost universally include a “safe harbour” clause.