Complying with Technology Risk Management (TRM) Guidelines of the Monetary Authority of Singapore (MAS)

Thales e-Security helps organizations comply with key components of the Monetary Authority of Singapore's Technology Risk Management Guidelines

Monetary Authority of Singapore Guidance

To safeguard sensitive customer data and comply with MAS’s TRM guidelines, organizations need to apply consistent, robust, and granular controls. With the Vormetric Data Security Platform from Thales e-Security, customers can leverage the flexible integration, comprehensive capabilities, and centralized policy and key management they need to efficiently address these guidelines throughout their organization.

Monetary Authority of Singapore Guidance
Regulation Overview

The Monetary Authority of Singapore (MAS) published Technology Risk Management (TRM) Guidelines to help financial firms establish sound technology risk management, strengthen system security, and safeguard sensitive data and transactions.

The TRM contains statements of industry best practices that financial institutions conducting business in Singapore are expected to adopt. The MAS makes clear that, while the TRM requirements are not legally binding, they will be a benchmark the MAS uses in assessing the risk of financial institutions.

Guideline Descriptions
  • 8.4.4 The FI should encrypt backup tapes and disks, including USB disks, containing sensitive or confidential information before they are transported offsite for storage.
  • 9.1.6 Confidential information stored on IT systems, servers and databases should be encrypted and protected through strong access controls, bearing in mind the principle of “least privilege”.
  • 11.0.1.c Access control principle – The FI should only grant access rights and system privileges based on job responsibility and the necessity to have them to fulfill one's duties. The FI should check that no person by virtue of rank or position should have any intrinsic right to access confidential data, applications, system resources or facilities.
  • 11.1.1 The FI should only grant user access to IT systems and networks on a need-to-use basis and within the period when the access is required. The FI should ensure that the resource owner duly authorises and approves all requests to access IT resources.
  • 11.2 Privileged Access Management.
  • 11.2.3.d. Grant privileged access on a “need-to-have” basis.
  • 11.2.3.e. Maintain audit logging of system activities performed by privileged users.
  • 11.2.3.f. Disallow privileged users from accessing systems logs in which their activities are being captured.
  • 13 payment card security (automated teller machines, credit and debit cards).
Vormetric Data Security Manager

The Vormetric Data Security Manager from Thales e-Security offers centralized management of keys and policies for the entire suite of products available within the Vormetric Data Security Platform. The product is available as a physical or virtual appliance.

Vormetric Transparent Encryption

Vormetric Transparent Encryption from Thales e-Security leverages an agent that runs in the file system to provide high-performance encryption and least-privileged access controls for files, directories, and volumes. Vormetric Transparent Encryption supports both structured databases and unstructured files.

Vormetric Application Encryption

Vormetric Application Encryption from Thales e-Security employs standards-based APIs to simplify the process of doing column-level encryption in applications.

Vormetric Key Management

With Vormetric Key Management from Thales e-Security, administrators can centrally manage keys for Vormetric products, Oracle TDE, Microsoft TDE, and more. In addition, the product securely stores certificates and offers support for the Key Management Interoperability Protocol (KMIP).

Vormetric Security Intelligence

Vormetric Security Intelligence can deliver granular file access logs to popular security information and event management (SIEM) systems and be used to support audits.

Thales e-Security HSMs

Hardware Security Modules (HSMs) from Thales e-Security provide a hardened, tamper-resistant environment for secure cryptographic processing, key protection, and key management. With these devices organizations can deploy high assurance security solutions that satisfy widely established and emerging standards of due care for cryptographic systems and practices—while also maintaining high operational efficiency.

Research and Whitepapers : Meeting Technology Risk Management (TRM) Guidelines from the Monetary Authority of Singapore (MAS)

The TRM Guidelines are statements of industry best practices which financial institutions (FI) are expected to adopt, and although they are not legally binding, the degree of observance with the spirit of the TRM Guidelines by a FI will be taken into account by MAS in its risk assessment of the FI. These guidelines hold for any FI that is doing business in Singapore.


Data Sheets : Vormetric Data Security Platform

The Vormetric Data Security Platform makes it efficient to manage data-at-rest security across your entire organization. Built on an extensible infrastructure, Vormetric Data Security Platform products can be deployed individually, while sharing efficient, centralized key management....


Research and Whitepapers : 2016 Vormetric Data Threat Report: Financial Services Edition

According to the legend of Willie Sutton, the oft-misquoted bandit robbed banks because ‘that’s where the money is’. Thus it’s no surprise that the U.S. financial industry is among those that are most heavily targeted by cyber attacks, and like the broader global economy, has been subject to numerous and well-publicized data threats.


인터랙티브 동영상 시청하기 자세히 보기
라이브 데모 예약하기 예약하기
전문가와 상담하기 연락하기