Data Security

Hello everyone, 

A reminder to Data Security working group members that this group was invited to assist in developing a survey and report for the Financial Services group based on data and cyber resiliency. Please review and provide suggestions prior to our next working group meeting on February 15th, where further group discussion and review is planned to prepare the survey for distribution. Additional details regarding the survey can be found on the Data Security Working Group - 2/1/24 meeting notes available within the Circle group discussion board.

Questions for 2024 Survey on Resiliency

Thank you,
Alex

------------------------------
Alex Kaluza
Research Analyst
Cloud Security Alliance
------------------------------

Concerns and challenges regarding data resiliency in financial services mentioned during 2/1/24 meeting:

• Potential disruption caused by AI to traditional resiliency controls in financial services.
• AI ingestion and the difficulty of removing relative associations created by AI can impact the security of financial services.
• Increasing use of AI in various industries and institutions and the challenges of enforcing regulations across all industries.
• Difficulty of removing copyrighted material from AI and the potential moral and technical problems associated with AI's ability to determine what is true or false.
• AI models have benefited the field of anti-money laundering and real-time money transfer risk calculation in banking institutions.
• Importance of understanding incident response plans, change control, and the impact of vulnerabilities and coordinated disclosures in customer environments.
• Vendor management, security reviews, and the challenges faced by financial services in managing vendor relationships and liabilities.
• Managing relationships with vendors, especially in the context of mergers and acquisitions.
• The need for ongoing due diligence and security reviews is highlighted.
• Integrating Gen AI into vendor management and predicting CSP outages.
• Blockchain technology in the financial services industry, including the potential vulnerabilities of smart contracts and the need for additional security measures.
• Cyber resiliency aspects of blockchain technology, including the need for AI in programming.
• Joint testing with third parties and involving clients in recovery exercises.
• Responsibility of organizations and cloud service providers in conducting proactive exercises for cyber resiliency.
  

------------------------------
Alex Kaluza
Research Analyst
Cloud Security Alliance
------------------------------

Hello everyone,

For tomorrow's Data Security working group meeting, the main agenda item will be analyzing the results from the Data Resiliency 2024 Survey, comparing FI and Non-FI data. The CSA Research team has had an initial analysis of the survey data adding interesting comments and trends, in which the Data Security group will be reviewing and expanding upon this analysis. In February, the group assisted with selecting and refining the survey question pool, so this will be a great way to view and provide feedback on the results, which will later be turned into an official CSA report. This will be the primary agenda item, which may expand into an additional meeting if needed. As a reminder the Data Security working group meetings are now Thursdays at 11 AM PT, every other week, using the following Zoom link:

Data Security Meeting 5/23/24 - https://cloudsecurityalliance.zoom.us/j/89226145898?pwd=eHYwNlBGLzNjMmp1N3ZkSzcrdlI1QT09

Thanks!
Alex

------------------------------
Alex Kaluza
Research Analyst
Cloud Security Alliance
------------------------------