It is the second Basel Accord and represents recommendations from the Basel Committee on Banking Supervision (BCBS). It was created to promote greater consistency in the ways banks and banking regulators approach risk management across national borders.
About the Basel Committee on Banking Supervision (BCBS)
The Basel Committee on Banking Supervision provides a forum for regular cooperation on banking supervisory matters. Over recent years, it has developed increasingly into a standard-setting body on all aspects of banking supervision, including the Basel II Accord.
BCBS's members come from Belgium, Canada, France, Germany, Italy, Japan, Luxembourg, the Netherlands, Spain, Sweden, Switzerland, United Kingdom, and United States. Countries are represented by their central bank and also by the authority with formal responsibility for the prudential supervision of banking business where this is not the central bank.
Key Security Requirements
Within its three "pillars" of thought—(1) Minimum Capital Requirements; (2) Supervisory Review; and (3) Market Discipline—Basel II addresses several key security requirements.
U.S. Rules Implementing Basel II Capital Accord
In March 2006, the Federal Reserve Board issued an interagency notice of proposed rulemaking (NPR) that would implement Basel II risk-based capital requirements in the United States for large, internationally active banking organizations within the next two years. The proposed rule would require the largest internationally active banks to enhance the measurement and management of their risks, including credit risk and operational risk. It would also require these banks to have rigorous processes for assessing overall capital adequacy in relation to their total risk profile and to publicly disclose info rmation regarding their risk profile and capital adequacy. Many financial institutions are beginning to plan and implement safeguards in preparation of these emerging requirements. The Federal Deposit Insurance Corporation, The Office of the Comptroller of the Currency, and the Office of Thrift Supervision are also considering the NPR.
Sourcefire Provides The Most Effective Network Security Available
Sourcefire is transforming the way banking organizations and government agencies manage and minimize network security risks with its approach to securing real networks. The Sourcefire network security solutions are the first to unify IPS, NBA, and compliance technologies under the same management console. This intelligent cybersecurity approach affords customers with an efficient and effective layered security defense—protecting network assets before, during, and after an attack.
Sourcefire ensures financial institutions are protected to the fullest possible extent against security breaches and continuously maintain compliance with Basel II and other data security requirements. Sourcefire helps financial institutions achieve control objectives outlined in ISO 17799, an accepted control framework for BASEL II compliance:
|ISO 17799 Control Objective||The Sourcefire Approach|
|7.1.1 Maintain an inventory of assets||Passive discovery provides a real-time view of what’s on the network and maintains a profile of each asset, including OS, services, applications, and related vulnerability information.|
|7.1.3 Acceptable use of assets||Network Usage Control enables real-time enforcement of acceptable use policies and alerts on policy violations.|
|10.1.2 Change management||Detects changes to assets and may be configured to automate the enforcement configuration policy and generate alerts for out-of-policy assets.|
|10.6.1 Network controls||Represents multiple best practice controls (IPS, NBA, and compliance) for protecting the confidentiality, integrity, and availability of information and assets.|
|10.10 Monitoring||Provides centralized monitoring for security events, policy violations, and anomalous activity.|
|12.6 Technical vulnerability management||Maps host profile information against numerous known vulnerabilities providing a real-time view of potential risks.|
|13.1.1 Reporting of information security events||Security events and policy violations generate alerts in real time with aggregate reports available on demand.|
|13.2 Management of information security incidents||Can alert or automate the appropriate response to security incidents, policy violations, or anomalous events according to predefined policies and procedures.|