Taher Ahmed Chowdhury, the Deputy Managing Director of Islami Bank, is a 30 years experienced personality in field of IT and is therefore also the Head of Information & Communication of this bank. He has also played the role of Executive Vice President & CIO of first security of Islami Bank.
Mr. Taher Ahmed Chowdhury’s resume reveals that apart from completing MBA from IIUC, he have also mastered the International Project Managing from AAPM, USA, after which he finally mastered in Information Technology from Institute of IT from Jahangirnagar university. He, for the quest of knowledge, has also earned professional/global online certifications on MCP, MCSE and CCNA from Microsoft & Cisco, USA. Recently he has received CISSO (Certified information Systems Security Officer)from Miles2 of USA. The fact is, he is the only head of ICT in banking industry who have earned this prestigious online certification.
With such high qualifications in the field of IT, in 1986, he started his career as the Hardware Engineer of Beximco Computers Ltd.; which was the first IT Company of Bangladesh. After sometimes, he took a break from Beximco and joined as a Radio Electronic Instructor in the Marine Academy of Chittagong (under Ministry of Shipping) in 1993. However, he joined back Beximco in 2000 as the Senior Network Engineer. After a while during the period of 2002, he became the Senior Faculty & System In-charge of BRAC IBM-ACE & BRAC BITI. Nevertheless, he went back to Beximco; but this time as a Manager Technical of Training & Services in 2005. Later after a certain time, he finally shifted his career to banking and joined as the Assistant Vice President of IT division of IFIC Bank. He worked there before he finally became a part of Islami bank.
In the last three issues of Fintech, the first, second and third core functions of cyber security of Taher Ahmed Chowdhury ’s (the Deputy Managing Director of IT, Islami Bank) guidebook on “Executive leadership of cyber security”was published.
According to this IT personality’s guidebook, cyber security can be divided into five core cyber security functions of the NIST ’s cyber security framework which includes the five core functions of cyber security;namely- Identify,protect, detect,respond and recover.Among these, how to“Identify”, “Protect”& “Detect” along with their respective elements has been discussed earlier.
This current issue will therefore shed light on the second last and 4thcorefunction of cyber security-“Respond and its elements”written by this only Bangladeshi achiever of CISSO (Certified Information Systems Security Officer)from Miles2, USA, a prestigious online certification of ICT banking.
Cyber security data breaches are now part of our way of life. Even large,well-funded, and technically sophisticated institutions struggle to keep up with the frequency and complexity of cyber-attacks. Even still, it is important that banks adequately prepare for a cyber security incident,and this includes knowing how you will respond once an incident occurs.To do this, banks must have an incident response plan.
Where to Start in Developing an Incident Response Plan
1.Start with creating your incident response team. Coordinate efforts between your bank’s various departments or roles to determine the team members. This process should include the CEO, the head of IT, legal personnel, human resources, and the head of communications.
2.Select a leader for the incident response team and identify the members of the senior management team who can declare an incident.
3.Outline a structure of internal reporting to ensure executives and everyone on the response team is up-to-date and on-track during a data breach.
4.Clearly define steps, timelines, and checklists to keep the team focused during the stress of a data breach.
5.Conduct preparedness training for the incident response team.
Communicating a Data Breach
Your bank’s incident response plan should also address communicating a data breach to customers, regulators,law enforcement, and other stakeholders. When informing stakeholders about a data breach, your bank’s incident response plan should generally include the following:
• When and if you should report a breach to the media and/or notify affected individuals;
• Which medium is the best for notifying stake holders;
• Key messaging; and
• Basic guidelines for tracking and analyzing media coverage as a result of the breach.
Depending on the type of data compromised, you may have a legal obligation to inform your customers.This is likely the case if personal information or financial data have been breached.Bank CEOs are encouraged to check with their state regulator, however, as laws on disclosures differ from state to state and change from year to year.
The guide also covers legal considerations when experiencing a data breach, such as mandatory state notification laws, a template notification letter to customers, and best practices for negotiating security safeguards with vendors.
You’ve Been Hacked/Attacked, What Are Your Next Steps?
The following are three steps bank CEOs should consider when responding to a cyber-security incident:
Triage/Evaluate the Cyber-event;
• Invoke the Incident Response Plan;and
• Review the 24-Hour Checklist.
Triage/Evaluate the Cyber-Event
After receiving notification of a potential cyber security event,evaluate the event by answering critical questions, such as were high-value assets compromised? Wereany data altered?
Invoke the Incident Response Plan
Once it is determined that a cyber-security event has occurred,carry out the cyber security incident response plan. Please note that by the time a cyber-attack occurs, it is often too late to develop the right procedures. Create and implement as security incident response plan now to better prepare for a cyber-attack later.
The First 24 Hours Checklist
It’s been discovered that your bank has been hacked or attacked. What should you do? Once you have detected a cyber-incident,immediately contact your legal counsel for guidance on initiating these ten steps:
1.Record the date and time when the breach was discovered, as well as the current date and time when response efforts begin, i.e. when someone on the response team is alerted to the breach.
2.Alert and activate everyone on the response team, including external resources, to begin executing your preparedness plan.
3.Secure the premises around the area where the data breach occurred to help preserve evidence, if necessary.
4.Stop additional data loss. Take affected machines or servers offline.
5.Document everything known about the breach. Who discover edit? Who reported it? To whom was it reported? Who else knows about it? What type of breach occurred? What was stolen? How was it stolen? What systems are affected? What devices are missing?
6.Interview those involved in discovering the breach and anyone else who may know about it. Document your investigation
.7.Review protocols regarding disseminating information about the breach for everyone involve din this early stage.
8.Assess priorities and risks based on what you know about the breach.
9.Inform the proper authorities,including your banking regulator,the U.S. Secret Service or theFederal Bureau of Investigation.
10.Notify law enforcement, if needed, to begin an in-depth investigation.
For more information on forming and executing an incident response plan, here are two guides that provide best practices to follow:
• Data Breach Response Guide by Experian Data Breach Resolution at: http://www. experian.com/assets/data-breach/broc hures/response-guide.pdf;
• Cyber Incident Response Guide published by the Multi-State Information Sharing & Analysis Center at: https://msisac.cisecurity.org/resources /guides/documents/ Incident-Response-Guide.pdf.