Monday, May 23, 2022
  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory
  • Login
  • Register
Cloud7 News
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • How-Tos
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • Video
No Result
View All Result
Cloud7 News
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • How-Tos
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • Video
No Result
View All Result
Cloud7 News
No Result
View All Result

Home > Cybersecurity > Interview: Deniz Kaya, CEO of Perseus Information Security Consulting

Interview: Deniz Kaya, CEO of Perseus Information Security Consulting

Perseus Information Security Consulting offers global compliance assessment, evaluation and cyber security consultancy services.

Atalay Kelestemur by Atalay Kelestemur
May 25, 2020
in Cybersecurity, Interview
5 min read
1 0
0
Interview: Deniz Kaya, CEO of Perseus Information Security Consulting
0
SHARES
186
VIEWS
Share on FacebookShare on TwitterShare on EmailFollow on Google News

Perseus Information Security builds effective security programs to protected infrastructures and enhance business operations. The security consultants bring deep and broad industry expertise to the table, with an average of 10+ years of IT security consulting experience in disciplines including compliance, data protection, application services, risk management, identity and access management, cyber security, mobility, cloud, and incident planning and response. We’ve made an interview with Deniz Kaya, CEO of Perseus Information Security about the important changes to the SWIFT CSP.

Perseus Information Security Consulting is listed on the SWIFT website as a CSP assessment provider. Before I ask you about how Perseus got listed there – tell us about SWIFT.

SWIFT is a member-owned cooperative that provides the communications platform, products and services to connect more than 10,000 banking organizations, securities institutions and corporate customers in 212 countries and territories. SWIFT enables its users to exchange automated, standardized financial information securely and reliably, thereby lowering costs, reducing operational risk and eliminating operational inefficiencies. SWIFT also brings the financial community together to work collaboratively to shape market practice, define standards and debate issues of mutual interest.

Is the cyber security initiative by SWIFT new for their members?

Deniz Kaya, Perseus Information Security Consulting, CEO
Deniz Kaya, Perseus Information Security Consulting, CEO

No, SWIFT started a cyber security initiative a couple of years ago. SWIFT developed their Customer Security Program (CSP) in response to the cyber-attack on the Bank of Bangladesh in 2016 in which millions of dollars were stolen, and subsequent attacks on other banks and corporations. They realized the need to help SWIFT members keep their SWIFT infrastructure secure, and ensure that SWIFT could maintain their industry leading position of trust, as one of the primary financial messaging services in the world.

The goal of the CSP is to strengthen the cyber security posture of the SWIFT payment network by increasing the cyber maturity of its members. The SWIFT CSP is built around three pillars: (1) securing your local environment, (2) preventing and detecting fraud in your commercial relationships, and (3) continuously sharing information and preparing to defend against future cyber threats.

They asked their members – banks basically, to submit to SWIFT on an annual basis an internal report about their cyber security readiness and how it adheres to the SWIFT recommended controls. What’s new this year is SWIFT is requiring all members to submit a 3rd party cyber security audit of these cyber security controls.

So, tell us how Perseus got listed on the SWIFT website and are members required to secure their cyber security services and 3rd party audits from the companies listed there?

Our work with central banks came to the attention of folks at SWIFT and they reached out to us and asked us to apply and go through their vetting process. SWIFT was looking for experts in the cyber security field that had worked with banks and specifically had expertise with the SWIFT cyber security controls, framework, policies and procedures.

They have been approving a limited number of providers that have strong cyber security services experience, credentials, a strategic focus on cyber security services and a good reputation and commitment to customers in the financial industry. Members of SWIFT are not required to use the companies listed on the SWIFT website – but SWIFT has already vetted these companies as a service to their members and this allows them to find experts quickly.

Is there a financial penalty or any type of penalty if a bank or member of SWIFT does not submit an audit or fails an audit?

First – don’t fail the audit. Second, no, SWIFT does not issue a fine if a member is not compliant.  But when SWIFT introduced the requirement for their members to attest to their level of compliance with this framework, they also included a communications channel to let other members know of the audit result. This attestation then acts as an indicator to SWIFT, the member, their regulators and counterparties of the security posture of the member.

So, other member banks will be able to see how your bank performed in a CSP/cyber security audit and decide if they want to continue doing business with you based on your level of compliance. It’s not unusual – as an example, for the U.S. Federal Reserve to reach out to a SWIFT member who is in non-compliance with their CSP requirements and put pressure on them to “right their ship”. Banks have told me that the U.S. Federal Reserve has been known to cut banks off if they are not in compliance – which makes for a pretty good incentive.

Nevertheless, compliance is not the only goal. Putting in place the SWIFT Customer Security Controls Framework (CSCF) controls not only enhances the security posture of an organization – it also serves as a way to demonstrate their maturity to third parties. Counterparties and regulators, encouraged by SWIFT, are increasingly using SWIFT CSCF compliance, as a way to enhance their evaluation of third-party cyber risk – potentially replacing or reducing costly audit activities.

How can SWIFT member organizations meet this challenge?

The first option is to integrate the SWIFT Customer Security Controls Framework (CSCF) into the governance of their organization, making the processes standardized and, when appropriate, part of their normal operations. The second option is to design or alter their systems to limit the impact of the SWIFT requirements. Organizations seeking to reduce the impact of compliance are also changing the way they use the SWIFT service to reduce their SWIFT footprint, and structuring their networks and systems to limit where the controls need to be applied.

Deniz, I did go through the website for Perseus Information Security Consulting and found that your company provides a wide range of IT consulting services. How did you get into consulting for banks?

When you do great work at a fair price, your customers will refer you to their friends and associates. IT Directors at banks are looking for expert consultants they can trust and rely on and are familiar with the banking environment – and we deliver in those areas. Most of our work has come from referrals, that’s how we got into the banking sector and other sectors as well like: refineries, gas pipeline projects, digital grid, various utility projects, airports, manufacturing, national defense and so many more. We have delivered our services to various clients in over 40 countries around the globe over the last 5 years.

Back to the SWIFT cyber security requirements – do you provide the 3rd party auditing service as well as remediation services?

We provide attestation support across the globe, with Tampa, Florida as our global HQ. We provide the 3rd party audits and assessments and we also have a number of services that can assist with the implementation of the SWIFT CSCF. These range from integrating the CSCF controls into the existing risk, governance and IT processes, to performing gap assessments, through to technical transformation of key systems, security, and network controls. The areas we cover include, Identity and Access Management, Privileged Access Management, Network and System Architecture, Security Operations and Cloud transformation.

Generally speaking, what’s been the experience of you and your team working with the SWIFT member banks?

Well, the banks may be under pressure to meet these SWIFT requirements and their budgets may be tight – but speaking for myself and my team – we all love working at banks. The folks that we have worked with at banks are smart, dedicated and passionate about securing their networks and have been very open to working as a team to get the job done.

And finally, how do you initially engage with a bank?

It’s different this year. Up until now, a SWIFT member could prove its compliance with the CSP by means of a self-attestation that the company did by itself. Most companies were honest with their fulfillment levels and reported these truthfully to SWIFT. SWIFT now wants to put an end to this. Starting this July, such an audit by independent third parties will now become mandatory. We offer an initial one- hour consultation, which is free – this is not a sales call, but an hour where both parties exchange info – ask and answer questions.

These audits are relatively inexpensive and most banks will require a formal quote, then issue a purchase order and then schedule the audit. For a bank to begin a conversation with us just takes a phone call to 813-925-9582 or visit our website and hit the “Begin the Discussion” button at the top of our home page – pretty simple.

See more Cyber Security News


Tags: Perseus
ShareTweetSendShare
Get free daily newsletters from Cloud7 News Get the Cloud7 Newsletter

Check your inbox or spam folder to confirm your subscription.

By subscribing, you agree to our
Copyright Policy and Privacy Policy
Previous Post

Qwinix provides free Google Cloud training

Next Post

Huawei launched CloudFabric 2.0 Data Center Network Solution

Atalay Kelestemur

Atalay Kelestemur

Atalay Kelestemur is the Editor-in-Chief of Cloud7 News. He was most recently the chief editor of T3. Prior to that, he was the managing editor of BYTE. He also served as software editor in PC World. Atalay Kelestemur has covered the technology industry since 1996, publishing articles in PC Net, IT Pro, Computer World, PC Life, CyberMag, and CIO magazines. Atalay Kelestemur is an information system security professional and his area of expertise includes Linux security, penetration testing, secure software development, malware removal, and computer forensics. Atalay Kelestemur is the author of Pardus 2011, Ubuntu, Windows 8, and Siber Istihbarat (Cyber Intelligence). Atalay graduated with a Bachelor's Degree in Maritime from Istanbul Technical University. He earned a master's degree in political science from Gedik University, where he wrote his thesis on The Importance of Cyber Intelligence on Public Security. Now he is working on his Ph.D. thesis on international trade, covering the cybersecurity threats and countermeasures on the maritime industry.

Related News

Microsoft SQL Servers Are Targeted With Brute - Force Attacks

Microsoft SQL servers are targeted with brute-force attacks

May 20, 2022 3:45 pm
Google OAuth client library for Java had a high severity flaw

Google OAuth client library for Java had a high severity flaw

May 20, 2022 2:45 pm
The Linux Malware XOR DDoS Is On The Rise Again

The Linux malware XOR DDoS is on the rise again

May 20, 2022 1:50 pm
Conti ransomware group is shut down

Conti ransomware group is shut down

May 20, 2022 12:10 pm
Next Post
Huawei launched CloudFabric 2.0 Data Center Network Solution

Huawei launched CloudFabric 2.0 Data Center Network Solution

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Editor's Choice

Interview with Igor Seletskiy on AlmaLinux

7 best hosting control panels

How to update Linux Kernel without rebooting?

7 best Linux mail servers for 2022

7 best cPanel alternatives for 2022

7 best Linux web browsers for 2022

cPanel Security: 7 steps to secure cPanel

7 best CentOS alternatives

7 best Linux server distros for 2022

How to scan your server for Log4j (Log4Shell) vulnerability

Best web hosting service providers

AlmaLinux 8.6 Stable is ready to download

Ubuntu 22.04 LTS is available for download. What is new?

Advertisement

Recent News

  • Weekly round-up: 16 – 20 May
  • Intentional user-unfriendly interfaces of popular services
  • Snap app of the week: Glate
  • Weekly tips & tricks: Linux #4
  • [Event] Live Webinar – WordPress: Don’t Underestimate the Power of Plugins

Our Latest Interview

Interview: Erez Barak, Vice President Observability of Sumo Logic
Interview

Interview: Erez Barak, Vice President Observability of Sumo Logic

by Atalay Kelestemur
November 25, 2021 3:23 am


Cloud7 News is a news source that publishes the latest news, industry news and exclusive interviews on web hosting, cloud computing, data center, cybersecurity and linux.

News Categories

  • Web Hosting
  • Cloud Computing
  • Data Center
  • Cybersecurity
  • Linux
  • Network/Internet
  • Software
  • Hardware
  • Blockchain

Our Free Modules

  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory

Get the Cloud7 Newsletter

Get FREE daily newsletters from Cloud7 delivering the latest news and reviews.

  • About Us
  • Privacy & Policy
  • Copyright Policy
  • Contact

© 2022, Cloud7 News. Latest Cloud Computing, Web Hosting, Data Center Industry and Tech News

No Result
View All Result
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • How-Tos
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • Video
  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory

© 2022, Cloud7 News. Latest Cloud Computing, Web Hosting, Data Center Industry and Tech News

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

*By registering into our website, you agree to the Terms & Conditions and Privacy Policy.
All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.