ISOG: Building a web of trust for PH financial institutions

By Ike Suarez

It is late in the afternoon and we are at the executive dining hall of the main office of the United Coconut Planters Bank (UCPB) in Makati City. Opposite us on a dining table is Joey Regala, one of the bank’s vice presidents and head of information security.

ISOG president Joey Regala

ISOG president Joey Regala

The affable banker has been with UCPB since 1982 when as a fresh graduate of Philippine School of Business Administration, he started out in the bank’s accounting department. He tells us he most will likely retire as a bank employee where he shifted to a career in computers and climbed up the ranks.

We are there though not to talk about him and UCPB. Rather, we are there to converse about the other hat he wears, that of founding member and president of the Information Security Officers Group (ISOG), among the country’s professional and trade industry groups in the country’s information technology (IT) sector.

And so, we converse over a few cups of coffee and this writer munching a Cocobank sandwich. This is a unique and delicious sandwich exclusive to the bank’s executive dining lounge and consists of ham, cheese, coconut, and macapuno in between slices of bread.

He tells us that for a very long time, information security officers of the country’s banks and other financial institutions never interacted with each other. Rather, they kept to themselves.

The departments of their institutions where they worked functioned as tightly guarded silos, with only members of these departments conversant with their respective practices to deter attacks on their computer and networking systems.

Such started to change on July 7, 2014 when ISOG formally launched. Its founding institutional members consisted of representatives of the following: UCPB, China Banking Corp., Development Bank of the Philippines, Land Bank of the Philippines, Philippine Bank of Communications, Philippine Savings Bank, Networld Capital Ventures and Rizal Commercial Corp. (RCBC).

The Securities and Exchange Commission (SEC) approved its formation on Sept. 18 of that year. For three consecutive terms already, Regala has been its president.

He explains that spurring ISOG’s formation is the fact that in today’s borderless and networked world, attacks against computer and network systems of banks as well as other financial institutions are now the handiwork mostly of cybercrime syndicates a varied number of countries.

Because organized crime now is behind most attacks on banks and other financial institutions, these institutions must themselves organize to better fend off these attacks. Thus, ISOG’s founding with the encouragement of the Bangko Sentral ng Pilipinas (BSP).

To fend off such attacks, banks and other financial institutions must now collaborate with each other on best practices and information sharing while, at the same time, protecting the confidentiality of information of their clients.

As the group’s brochure declares,” ISOG will provide its members a venue to exchange ideas and expertise on Information Security best practices.” As such, it also aims to establish a common information security training and awareness program for all its members.

Regala explains that the three pillars on which ISOG rests its justification for existence are the following:

• Education and awareness of information security practices for its members and their clients/customers

• Inter-institutional incident response

• Intelligence sharing through maintenance of a database on critical information such as the latest operational methods of cybercriminals

Regala further says that ISOG likewise seeks to standardize the information security competencies of personnel from its member institutions. It does this through best practices sharing on security policies, updates on technology developments, and training on specialized skills such as information systems forensics.

It also aims to coordinate its activities with law enforcement agencies such as the Philippine National Police (PNP) and the National Bureau of Investigation (NBI) even as it will work closely with the BSP.

Regala tells us that ISOG conducts free Thursday technical sessions for representatives of its member institutions at least once a month. Technical experts on various aspects of information security act as resource speakers.

He admits ISOG is still in its infancy. It is still starting to grow, its membership now made up of 20 banks and one insurance company. According to him, membership is open to all kinds of banks — from rural, thrift, commercial and unibanks. Insurance companies and other institutions in the Philippine financial system are also welcome to join.

He says that ISOG will seek greater interaction with other IT trade and industry groups such as those among vendors, computer professionals, and the IT education sector.

According to him, ISOG will hold its very first trade and industry congress, the Information Security Summit this Sept. 29 and 30 at SM Aura at Bonifacio Global City.

Regala assures that experts on cybersecurity from the Philippines and abroad will be present to share their knowledge with summit participants. The summit’s theme will deal with the strengthening of institutional defenses against cyberattacks and attaining resiliency in the face of such attacks.

As a new IT organization, Joey Regala admits that ISOG still has plenty of work ahead for it. But he adds that the organization will be persistent in its efforts to build a web of trust among the country’s banks and other financial institutions with regard to information security.

For as the group’s brochure declares, “Our mandate is to strengthen information security among financial institutions in the Philippines.

Comment on this post