|
|
|
|
|
|
by gpm
2124 days ago
|
|
|
Risk: An employee can transfer all of a customers funds to an oversees bank account
Mitigation: Multiple employee must approve transfer of funds
Mitigation: No individual employee can deploy modifications to the computer system actually doing the transferring.
Mitigation: No team can both write code and access (the important) production systems
Mitigation: Must stand on head while deploying code, because people standing on their head are more honest
Status: Risk accepted, we'll have 10 more meetings to review this next month.
The idea that bank transfers are reversible is false. Some are, some aren't, the adversaries are interested in the ones that aren't. The idea that manual review is a trivial fix is very false. Even if there was a trivial fix, the idea that you could get this past the numerous gatekeepers with a simple and easy process is probably false in most banks. |
|
|