Invited Talk Abstract

Security has been an essential requirement of any organization, more so for financial institutions. The introduction of new and stronger security schemes, innovative gadgets, powerful monitoring and identification schemes, etc., has strengthened the security, unfortunately it has also helped attackers, especially the insiders (authorized users) to come up with relatively more effective hacking schemes. They use the same gadgets (software and hardware) to attack the system that are designed to protect the system. It is a reality that financial institutions are more vulnerable to threats from insiders than from outsiders. This presentation, after a brief history of origin of banking, touches upon a number of security issues and then focuses on a security framework mainly for securing banks from insider attacks; however, the approach would be equally affective for other institutions. We present a brief overview of current security schemes, identify their inability to protect the institution from new types of threats, and then we present a framework. We use "contextual-processing" for implementing our security scheme. Contextual processing has been around for sometime but its scope is expanded here by including spatial and temporal parameters, financial activity (ATM, etc.), customer profile, a number of real time metrics, and "activitycontext" for developing this framework. The core component of the scheme is referred to as "Contextual Transaction (CT)" which is an extension to the conventional ACID transaction model.