Understanding Cybersecurity Management in FinTech: Challenges, Strategies, and Trends (Future of Business and Finance)

Preface
Contents
About the Authors
1: Introduction to FinTech and Importance Objects
	1.1 Introduction to Financial Technology
	1.2 Importance of FinTech
	1.3 Big Data and Financial Technology
	1.4 Impact of FinTech on Global Economy
	1.5 FinTech and Banking
	1.6 FinTech and Online Banking
	1.7 FinTech Evolution
	1.8 FinTech Ecosystem
	1.9 FinTech Applications
	1.10 Chapter Summary
	References
2: Introduction to Cybersecurity
	2.1 What Is Cybersecurity?
	2.2 Motivation
	2.3 The CIAAA Principle
	2.4 Cybersecurity Threats
	2.5 Cybersecurity Attacks
	2.6 Cybersecurity Analysis
	2.7 Why Cybersecurity Matters
	2.8 Data Science and Important Data Breachers
		2.8.1 Important Data Breaches
	2.9 The NSA Triad for Security Assessment
	2.10 Data-Centric Security Management
		2.10.1 Data-Centric Security Cycle
		2.10.2 Characteristics of Data-Centric Security Management
		2.10.3 Problems with Data-Centric Security Management
	2.11 Chapter Summary
	References
3: Information Security Governance in FinTech
	3.1 What Is Information Security Governance?
	3.2 Security Governance Solution
		3.2.1 Security Governance Profiling
		3.2.2 Security Policies and Standards
		3.2.3 Security Strategic Planning
		3.2.4 Security Roles and Responsibilities
		3.2.5 Security Governance of Assets
		3.2.6 Governance Structure Appropriate to the Organization
		3.2.7 Third Parties and Suppliers
		3.2.8 Information Security Governance Assessment Tools
	3.3 Available Information Security Governance Models
		3.3.1 Basic Information Security Governance Model
		3.3.2 Extended Information Security Governance Model
		3.3.3 Comprehensive Information Security Governance Model
	3.4 What Is Effective and Efficient Information Security Governance?
	3.5 Integrated Governance Mechanisms
		3.5.1 The Role of Governance
		3.5.2 Corporate Governance
		3.5.3 Principles of Good Governance
		3.5.4 Principles of Undertaking Governance Review
	3.6 Comprehensive Security Governance
		3.6.1 Strategic Integration
		3.6.2 Cyber Risk Mitigation Approach
		3.6.3 Adaptability and Agility
		3.6.4 Reporting Framework for Good Governance
	3.7 Effectively Implementing a Sustainable Strategy
	3.8 Integrated Governance Framework
	3.9 The Integrated Framework Assessment
		3.9.1 Governance Structure
		3.9.2 Management Structure
		3.9.3 Operations/Infrastructure
		3.9.4 Compensation/Funds Flow
	3.10 A General Information Security Governance Model for FinTech
	3.11 Chapter Summary
	References
4: Cybersecurity Threats in FinTech
	4.1 Understanding Cybersecurity Threats
	4.2 Understanding the Adversary
	4.3 Threat Categories for FinTech
	4.4 Threat Actors
	4.5 Threat Intelligence
	4.6 Structural Approach to FinTech Threat Modeling
		4.6.1 Focusing on Assets
		4.6.2 Focusing on Attackers
		4.6.3 Focusing on Software
	4.7 Threat Modeling
	4.8 The Best Threat Modeling Methodology for FinTech
		4.8.1 STRIDE
		4.8.2 Trike
		4.8.3 VAST
		4.8.4 PASTA
	4.9 Chapter Summary
	References
5: Cybersecurity Vulnerabilities in FinTech
	5.1 General Cybersecurity Vulnerabilities in FinTech
	5.2 Specific Cybersecurity Vulnerabilities in FinTech
		5.2.1 Technology Vulnerabilities
		5.2.2 Human Vulnerabilities
		5.2.3 Transaction Vulnerabilities
	5.3 Assessing the FinTech Cybersecurity Vulnerabilities
	5.4 General Policies to Mitigate FinTech Cybersecurity Vulnerabilities
	5.5 Chapter Summary
	References
6: Cybersecurity Risk in FinTech
	6.1 What Is Risk?
	6.2 What Is the Cybersecurity Risk?
	6.3 Cybersecurity Risk Lifecycle
	6.4 Risk Assessment
	6.5 Risk Analysis
		6.5.1 Procedure
		6.5.2 Strategies
		6.5.3 Models
	6.6 Risk Mitigation
	6.7 Risk Monitoring and Review
	6.8 Challenges in FinTech Risk Management
	6.9 Dealing with Uncertainty in FinTech
	6.10 Kinds of Uncertainty
	6.11 Reducing Uncertainty
	6.12 Handling Uncertainty for FinTech Cybersecurity Risk
	6.13 Chapter Summary
	References
7: Secure Financial Market Infrastructures (S/FMI)
	7.1 What Is FMI?
		7.1.1 Payment Systems
		7.1.2 Central Securities Depositories
		7.1.3 Securities Settlement Systems
		7.1.4 Central Counterparties
		7.1.5 Trade Repositories
	7.2 Vulnerability of the Systemically Important Payment Systems (SIPS)
	7.3 Cybersecurity Issues of Central Counterparties (CCPs)
	7.4 Securities Settlement Facilities (SSFs)
	7.5 Available Security Mechanisms
		7.5.1 X.800 Security Services
			7.5.1.1 Specific Security Mechanisms
			7.5.1.2 Pervasive Security Mechanisms
		7.5.2 NIST
	7.6 Security of Various Components in FMI
		7.6.1 Financial Risks
		7.6.2 Security Objective of each FMI Component
	7.7 Chapter Summary
	References
8: Cybersecurity Policy and Strategy Management in FinTech
	8.1 Access Control
	8.2 Authentication Systems
	8.3 Remote Access Control
	8.4 Policy and Strategy
	8.5 Prevention and Preparedness
	8.6 FinTech Policy and Prevention
		8.6.1 Establishing and Using Firewall
		8.6.2 Installing and Using Antivirus
		8.6.3 Removing Unnecessary Software
		8.6.4 Disabling Nonessential Services
		8.6.5 Securing Web Browsers
		8.6.6 Applying Updates and Patches
		8.6.7 Requiring a Strong Password
		8.6.8 Visitors and BYOD
	8.7 Resilience Policy
	8.8 Chapter Summary
	References
9: Designing Cybersecure Framework for FinTech
	9.1 General Cybersecurity Framework
		9.1.1 Determining Scope of Information Technology
		9.1.2 Determining the Value of Information and Assets
		9.1.3 Defining the Cybersecurity Threat Level
		9.1.4 Personnel Screening and the Insider Threat
		9.1.5 Cybersecurity Awareness and Training
	9.2 Available Standard Frameworks
		9.2.1 NIST CSF
			9.2.1.1 Identify
			9.2.1.2 Protect
			9.2.1.3 Detect
			9.2.1.4 Respond
			9.2.1.5 Recover
		9.2.2 FFIEC
			9.2.2.1 Inherent Risk Profile
			9.2.2.2 Cybersecurity Maturity
		9.2.3 CPMI-IOSCO
		9.2.4 ECB-CROE
		9.2.5 FSSCC Cybersecurity Profile
		9.2.6 Center for Internet Security (CIS): CIS 20 Controls
	9.3 Chapter Summary
	References
10: Conclusion