CoMiFin offers a platform for information sharing to react in a timely manner to new threats and that fulfills business requirements that are specific for financial operators. Information sharing creates a common knowledge about on‐going and historical threats that may be shared among Financial Institutions(FI) and this can greatly benefit the FIs by speeding up information circulation and therefore shortening time to react to threats. Each FI will bring its own knowledge but it can greatly benefit of the much bigger community knowledge on risks, threats and possible counter‐measures.
The platform leverages the idea of information sharing by adding functionalities that are specific for financial operators and that addresses the new threats that are emerging in the worldwide arena, requiring therefore a new generation of tools to enable financial institutions to effectively and efficiently react.
CoMiFin relies upon the idea of creating a new generation IT platform that connects financial institutions in communities of financial partners. Each community operates in a specific and logically separated environment (named Semantic Room) whose contained information is strictly protected to avoid unauthorized access of external people. Only community members can access information shared inside each SR, in such a way data ownership is preserved and privacy of information is protected. Each financial institution shall decide which information to share and in which SR. Nevertheless the more information are shared in each SR, the wider benefits may be gained by SR community. Certified anonymization1 of information may be provided. These financial communities of interest are expected to create a high level of trust among community members, boosting cooperation.
Business can greatly benefit from CoMiFin platform by:
- Sharing information among community partners in real time, which can be both human‐readable information (documents, reports, ...) and low level events (e.g. network traffic logs,best suited for automated processing and to identify on‐going threats)
- Shared information can be structured in such a way to be managed by automated systems (the only way to guarantee a reaction time in‐line with the strict needs related to an IT threat reaction), which can offer a real support to timely react to threats
- “Certified anonymization” allows a financial institution to insert information in the Semantic Room without signing this piece of information. In such a way the reputation of the financial institution is preserved while the information is shared. Nevertheless the members of the SR are certified the information is true.
- Exchanged information events can be related to different areas, such as:
- IT security
- Financial risks monitoring and management
- Money laundering
- Fraud detection
Having the guarantee of data integrity of exchanged information (such as black lists), as data cannot be inserted, deleted and updated by unauthorized users. Any trial to change data will be tracked and void by SR monitoring and control software
- Protecting data privacy whenever required: most of exchanged data will be technical data that doesn’t raise privacy issues, others will be protected inside the SR according to existing laws
- Each SR can host a specific algorithm for information processing (that can include event correlation, pattern recognition, rule‐based evaluation of events) which is dynamically updated to cope with new threats.
CoMiFin is a flexible platform that can cope with requirements expressed by:
• Financial operators (such as banks, insurance companies, securities brokers etc.)
- • Regulatory and supervisory bodies (such as the Financial Supervisory Authority of Norway, Italian CONSOB)
- • National banks and the ECB
- • National security agencies (such as European and National Polices, national Computer Emergency Response Teams)
- • Service/communication providers (such as SWIFT)
- • National reporting and analysis centre (such as Italian ABI, Swiss Melani)
Involved actors inside a Semantic Room may be different, each one gaining a specific benefit:
• Risk managers can share information about current risks
- • Regulators and financial supervisors can have an overview of status of risks
- • National security operators can share information on IT threats coming from other European or US security agencies
- • IT managers can have an overview of IT threats and suggested counter‐measures
- • IT operators can have detailed information on a specific threat as well as suggestion on how to react
- • Service/network provider can use the SR to tailor its services to the changing needs of financial customers.
Enrico Angori (
Atle Dingsor (
October 14th 2010