Amendment of BAIT 2021
Homepage Admin

Amendment of BAIT 2021- The new require­ments for financial institutions

The amendment of BAIT for 2021 means new require­ments for credit insti­tu­tions. In contrast, BaFin faces the challenge of imple­menting the Guide­lines on security measures for opera­tional and security risks under the PSD2 and the Guide­lines on ICT and security risk management of the EBA in Germany. This is to be completed by 31 December 2020 with an amendment to the BAIT (banking super­visory require­ments for IT). First drafts have already been discussed and commented on in the insti­tutes and associations.

BAIT 2021 focuses on IT security

With a separate and new chapter, opera­tional IT security is moving further into focus. The require­ments formu­lated there can only be fulfilled with a Security Infor­mation and Event Management System (SIEM). This also includes the estab­lishment and operation of a Security Opera­tions Centre (SOC). Regular opera­tional checks are required. These include:

  • internal deviation analyses
  • Vulner­a­bility scans
  • Penetration tests
  • the simulation of attacks (“Red Teaming”)

The new require­ments of BAIT 2021 lead to the estab­lishment of a profes­sional cyber security infra­structure. This means extensive and independent internal infor­mation security structures.

The management assumes overall responsibility

It is noticeable that the draft already refers not only to the respon­si­bility of the management. The management is even required to explicitly acknowledge the overall respon­si­bility for infor­mation security. This also includes regular infor­mation about their concerns and the decision to deal with security risks appropriately.

Require­ments for IT emergency management are consolidated

We expect further changes in the area of IT emergency management. The require­ments from BAIT will be consol­i­dated with those from section AT7.3 of MaRisk. This creates uniform national require­ments. In addition, we expect to tighten and specify the require­ments with regard to emergency planning and prevention, BCM, disaster recovery and backup strategies. In our view, outsourcing to service providers will also be covered by the revised version.

Financial insti­tu­tions face major challenges

According to the assessment of the SRC experts for bank compliance, the expected changes will pose great challenges for the affected insti­tu­tions. This concerns especially the required know-how and the limited resources on the labour market.

Janine Wolff

BarCamp “Infor­mation Security Management in Credit Insti­tu­tions” — 19 September 2019

In cooper­ation with SRC Security Research & Consulting GmbH, Bank-Verlag GmbH hosts a BarCamp on the subject of “Infor­mation Security Management in Credit Insti­tu­tions”. The event will take place on 19 September 2019 at the premises of Bank-Verlag in Cologne.

The Federal Financial Super­visory Authority (BaFin) has also defined the new function of the Infor­mation Security Officer with the “Banking Super­visory Require­ments for IT” (BAIT). He or she controls the infor­mation security process and reports directly to management. What this theory looks like in practice will be examined in more detail on 19 September at the BarCamp “Infor­mation Security Management in Credit Institutions”.

The BarCamp Principle

A BarCamp is an open conference with practical workshops. The workshops serve the exchange and discussion among the partic­i­pants. At the beginning, the partic­i­pants themselves develop the contents and the agenda, which they then develop further. There are no prede­fined speakers or proce­dures to be found in a BarCamp. Instead, this principle relies on the (moderated) exchange of experience.

BarCamp “Infor­mation Security Management in Credit Institutions

The BarCamp “Infor­mation Security Management in Credit Insti­tu­tions” gives Infor­mation Security Officers as well as all those respon­sible for infor­mation and IT security management at credit insti­tu­tions the oppor­tunity to exchange infor­mation on topics such as BAIT audits, service provider management or risk management. In addition, contacts can be estab­lished and expertise expanded. The coffee breaks can be used for individual discus­sions. At the end of the event, a “get-together” provides an in-depth exchange among the participants.

The SRC Speakers

Four experts from different areas of SRC will share their knowledge and expertise with the participants.

Sandro Amendola, deputy head of the evalu­ation body at SRC, is respon­sible for the topic “IT compliance in the banking industry”. In addition, he develops security concepts and security require­ments for payment trans­action proce­dures on behalf of the German banking industry, among others.

Jochen Schumacher is respon­sible for commu­ni­ca­tions at SRC. He concen­trates on product management, the technical and editorial support of the website as well as the planning, imple­men­tation and moder­ation of events.

Florian Schumann is Head of IT at SRC. In addition, he is an infor­mation security consultant and qualified auditor according to § 8 (a) BSIG for critical infrastructures.

Dr. Deniz Ulucay works at SRC as a consultant for infor­mation security. His focus is on the devel­opment of ISMSs, in particular for operators of critical infra­struc­tures. He is also respon­sible for the devel­opment and imple­men­tation of security concepts.

Regis­tration & Schedule

Further infor­mation about the regis­tration and the course of the BarCamp on the topic “Infor­mation security management in Credit Insti­tu­tions” can be found in this flyer (GER) and on the website of Bank-Verlag. Here you can register directly online for the event and bring in the topics that are important and inter­esting for you and thus help to determine the course and outcome of the BarCamp “Infor­mation Security Management in Credit Institutions”.

For further questions Mrs. van Kessel is at your disposal (Tel. 0221/5490–161, andrea.vankessel(at)bank-verlag.de).

Information security officers for credit institutions
Janine Wolff

Certificate Course “Infor­mation Security Officer for Credit Insti­tu­tions” — November 19 to 22, 2019

BAIT-Compliance: Use of an Infor­mation Security Officer (ISB)

The German Banking Act (KWG) and MaRisk require banks to ensure the integrity, avail­ability, authen­ticity and confi­den­tiality of data in their IT systems and processes. However, secure and efficient IT is also essential for the economic success of a bank. The new “Banking Super­vision Require­ments for IT” (BAIT) formulate concrete expec­ta­tions. Among other things, the Federal Financial Super­visory Authority (BaFin) is calling for the newly created function “Infor­mation Security Officer for Credit Insti­tu­tions” (ISB) in its guideline. They control the infor­mation security process and report directly to the management.

6th Certificate Course “Infor­mation Security Officer (ISB) for Credit Institutions

In cooper­ation with Bank-Verlag, SRC has already success­fully completed five certificate courses on “Infor­mation Security Officer (ISB) for Credit Insti­tu­tions”. After the great response and the continuing demand, we are pleased that Bank-Verlag has made another date possible for this four-day certificate course.

From 19 to 22 November 2019, you will once again have the oppor­tunity to receive further training as an “Infor­mation Security Officer (ISB) for Credit Insti­tu­tions” on the premises of Bank-Verlag GmbH in Cologne.

Training by skilled experts

In cooper­ation with Heinrich Lottmann (TARGOBANK AG & Co. KGaA) and Alexandros Manakos (HSBC Germany) the SRC experts Sandro Amendola, Florian Schumann and Dr. Deniz Ulucay will give lectures. In this course, the experts inform you compre­hen­sively about the norms and standards according to ISO and IT-Grund­schutz, as well as about all legal/regulatory require­ments relevant to you as an ISB. In addition, the topics IT Risks and Emergency Prevention as well as Business Conti­nuity Management are dealt with.

After passing the final exami­nation, you will receive the certificate “Infor­mation Security Officer for Credit Insti­tu­tions”.

Optionally, you have the oppor­tunity to acquire the basic IT knowledge required for the course in a one-day intensive seminar in Cologne on 18 November 2019 prior to the event. This course deals with the basics, terms, encryption and IT security techniques in infor­mation technology.

Course website
Online regis­tration
ISB
Janine Wolff

Certificate Course “Infor­mation Security Officer for Credit Insti­tu­tions” — May 7 to 10, 2019

The German Banking Act (KWG) and MaRisk require banks to ensure the integrity, avail­ability, authen­ticity and confi­den­tiality of data in their IT systems and processes. But secure and efficient IT is also essential for the economic success of a bank.

The new “Banking Super­vision Require­ments for IT” (BAIT) formulate concrete expec­ta­tions. Among other things, the Federal Financial Super­visory Authority (BaFin) has issued a guideline calling for the new function of the “Infor­mation Security Officer ” to be set up. He or she controls the infor­mation security process and reports directly to the management.

In cooper­ation with Bank-Verlag, SRC has already success­fully completed three certificate courses for the “Infor­mation Security Officer (ISB) for credit insti­tu­tions”. After the great response and the continuing demand, we are pleased that the Bank-Verlag has made another date possible for this four-day certificate course.

From 7 to 10 May 2019, you will once again have the oppor­tunity of further training in Cologne to become an “Infor­mation Security Officer (ISB) for credit institutions”.

In a team with Heinrich Lottmann (TARGOBANK AG & Co. KGaA) and Alexandros Manakos (HSBC Trinkaus & Burkhardt AG) the SRC experts Sandro Amendola, Florian Schumann and Randolf Skerka will give a lecture on the norms and standards according to ISO and IT-Grund­schutz, as well as on all legal/regulatory require­ments relevant for you as an ISB. In addition, the topics IT Risks and Contin­gency Management as well as Business Conti­nuity Management will be discussed.

After passing the final exami­nation, you will receive the certificate “Infor­mation Security Officer for Credit Institutions”.

On 6 May 2019 you will also have the optional oppor­tunity to acquire the basic IT knowledge required for the course in a one-day intensive seminar in Cologne prior to the event. This course deals with basics, terms, encryption and IT security techniques in infor­mation technology.

 

Course website
Online regis­tration

 

Transakt entspricht dem EBA-RTS
Homepage Admin

Transakt complies with the EBA RTS

SRC confirms that the mobile banking solution Transakt by Entersekt meets the PSD2 requirements

Read more

Information Security Officer for Credit Institutions
Homepage Admin

Certificate Course “Infor­mation Security Officer for Credit Insti­tu­tions” — November 6 to 9, 2018

The German Banking Act (KWG) and MaRisk require banks to ensure the integrity, avail­ability, authen­ticity and confi­den­tiality of data in their IT systems and processes. However, secure and efficient IT is also absolutely essential for the economic success of a credit institution.

The new “Banking Super­visory Require­ments for IT” (BAIT) formulate concrete expec­ta­tions. Among other things, the Federal Financial Super­visory Authority (BaFin) has issued a guideline calling for the new function of the ” Infor­mation Security Officer ” to be set up. He or she controls the infor­mation security process and reports directly to management.

In cooper­ation with Bank-Verlag, SRC has already success­fully offered three certificate courses to become an “Infor­mation Security Officer (ISB) for credit insti­tu­tions”. After the great response and the continuing demand, we are pleased that the Bank-Verlag has made another date for this four-day certificate course possible.

From 6 to 9 November 2018, you will again have the oppor­tunity to receive further training in Cologne to become an “Infor­mation Security Officer (ISB) for credit institutions”.

Teamed up with Heinrich Lottmann (TARGOBANK AG & Co. KGaA) and Alexandros Manakos (HSBC Trinkaus & Burkhardt AG), the SRC experts Sandro Amendola, Florian Schumann and Randolf Skerka will give a lecture on the norms and standards according to ISO and IT-Grund­schutz, as well as on all legal/regulatory require­ments relevant to you as an ISB. In addition, the topics IT risks and emergency precau­tions as well as business conti­nuity management will be dealt with.

After passing the final exami­nation, you will receive the certificate “Infor­mation Security Officer for Banks”.

Optionally, you will have the oppor­tunity to acquire the basic IT knowledge required for the course in a one-day intensive seminar in Cologne on 5 November 2018 prior to the event. This course deals with the basics, terms, encryption and IT security techniques in infor­mation technology.

Course website
Online regis­tration
Course Flyer
PSD2
Janine Wolff

SRC expert Sandro Amendola contributes to the PSD2 conference meeting

Second EU Payment Services Directive PSD2 comes into force

“Banken+Partner” expert panel on PSD2

The second EU Payment Services Directive PSD2 comes into force in January. The business policy, technical and regulatory need for action to be taken by credit insti­tu­tions is diverse and at the same time individual for each bank. Among other things, the insti­tu­tions will have to observe and implement stricter security require­ments for the authen­ti­cation of their customers and prove these to the national super­visory authority. For banks and Sparkassen as service providers and for customers as users, there is a risk that login and payment release will become more incon­ve­nient. At the same time, the interface must be imple­mented for access by autho­rised third parties.

SRC expert discusses complex challenges and evaluates solution approaches

SRC expert Sandro Amendola

Sandro Amendola, Division Manager at SRC Security Research & Consulting GmbH, was one of the experts at the table talk of “Banken+Partner”. Mr. Amendola discussed the oppor­tu­nities and challenges of the PSD2 and outlined possible solutions for banks and Sparkassen.

The challenges for banks and Sparkassen

An example of these challenges are the inter­faces for autho­rised third party providers, which PSD2 requires to be made available by banks. Another example is two-factor authen­ti­cation, which further enhances account access security. Increased security on the one hand is often not possible without making too great a sacrifice in terms of conve­nience and customer friend­liness on the other. The experts present also explained how this security can be achieved without loss of comfort or customers. Finally, the oppor­tu­nities that can be exploited through cooper­ation with the agile FinTechs were discussed.

Possible solutions for banks and Sparkassen

The entire expert discussion, as well as the topics and solutions, can be read in the free e‑paper from “Banken+Partner”. In addition, Sandro Amendola is available for individual workshops and consul­ta­tions on PSD2 and its implications.

Image source: Banken+Partner/Fotografie Schepp