You are here

Home » Content

FINANSAL HIZMET SEKTÖRÜNDE SIBER GÜVENLIK RISKLERI VE ÇÖZUM YOLLARı: ÖDEME SISTEMLERI VE TEDARIK ZINCIRI BUTUNLUĞU*

CYBER SECURIT Y RISKS AND SOLUTIONS IN THE FINANCIAL SERVICES SECTOR: PAYMENT SYSTEMS AND SUPPLY CHAIN INTEGRITY

Journal Name:

  • Celal Bayar Üniversitesi Sosyal Bilimler Enstitüsü Dergisi

Publication Year:

  • 2015
DOI: 
10.18026/cbusos.40441

Key Words:

Keywords (Original Language):

Author Name
Abstract (2. Language): 
Turkey continues to be statistically in the forefront of the world rankings in terms of the exposure to cyber security threats. In Turkey, many academic studies related to cyber security or legal issues in regard to cybercrime have been conducted to date. Further, the risk factors that lead to cyber security problems and the causes of these factors should be examined more rigorously. Internet banking, debit and credit card uses and e-commerce are the key components of the online payment system that suffer intrusions. Software supply system is also one of the most important technical infrastructure elements of the financial system security. Increasing cyber risks diminish consumer confidence regarding online payment systems, and such risks could cause extraordinary expenditures within financial system. Therefore, a nationwide analysis and interpretation of the cyber security risks is vital for national economy and cyber critical infrastructure security. In this study, online payment systems in Turkey and the appertaining cyber security systems that are supported by software supply chains are examined in terms of the associated risks. The study addresses the aforementioned potential cyber security risks in the context of cyber security norms and cyber security measures are discussed from an administrative perspective.
Bookmark/Search this post with
Abstract (Original Language): 
Türkiye kötücül yazılım kaynaklı siber güvenlik tehditlerine maruz kalma açısından dünya sıralamalarında en üst sıralarda olmaya devam etmektedir. Türkiye'de birçok akademik çalışmada siber güvenlikle ilgili siber suçların işleniş tarzı ya da hukuki boyutu incelenmiştir. Bununla beraber, bu hususların ötesinde siber güvenlik problemlerine neden olan risk faktörleri ve bu faktörlerin nedenleri yeterince incelenmelidir. İnternet bankacılığı, banka ve kredi kartları kullanımı ve e-ticaret fnansal siber güvenlik sisteminin korunması gereken en önemli bileşenleridir. Yazılım tedarik sistemi ise fnansal sistem güvenliğini oluşturan en önemli teknik altyapı unsurlarındandır. Artan siber riskler tüketici güveninin azalmasına, vatandaşların finans sistemini internet aracılığıyla daha az kullanmasına ve fnans sistemlerinin beklenmeyen giderlerinin artmasına neden olacaktır. Bu nedenle siber güvenlik risklerinin ulusal bazda incelenmesi ve yorumlanması ülke ekonomisi ve siber kritik altyapı güvenliği açısından hayati öneme sahiptir. Bu çalışmada Türkiye'de çevrimiçi ödeme sistemleri ve bu sistemin siber güvenliğini destekleyen yazılım tedarik zincirlerinin barındırdıkları riskler incelenmiştir. Çalışmada, bahse konu potansiyel riskler siber güvenlik normları kapsamında tanımlanmakta ve siber güvenlik önlemleri yönetimsel açıdan tartışılmaktadır.
FULL TEXT (PDF): 
PDF icon arastirmax-finansal-hizmet-sektorunde-siber-guvenlik-riskleri-cozum-yollari-odeme-sistemleri-tedarik-zinciri-butunlugu.pdf
  • 2
97
120
  • Turkish

REFERENCES

References: 

ASSAF, Dan
(2008)
, "Models of Critical İnformation İnfrastructure Protection", International Journal of Critical Infrastructure Protection, Sayı: 1, ss. 6-14. http://www.researchgate.net/profile/Dan_Assaf/ erişim tarihi: 19.05.2014.
ALBERTS, Christopher, J., & DOROFEE, Audrey, J, (2009, Nisan), A Framework for Categorizing Key Drivers of Risk (No. CMU/SEI-2009-TR-007 Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University,
http://repository.cmu.edu/cgi/viewcontent.cgi?article=1045&conte xt=sei_erişim tarihi: 08.05.2014
ANDRIJCIC, Eva ve HOROWITZ, Barry (2006), "A Macro-Economic Framework for Evaluation of Cyber Security Risks Related to Protection of Intellectual Property", Risk Analysis, Sayı: 26(4), ss. 907-923. erişim tarihi: 20.05.2014
BANKALARARASI
KAR
T MERKEZİ (BKM), 2014. Dönemsel Bilgiler, İstanbul, http://www.bkm.com.tr/donemsel-bilgiler.aspx. erişim tarihi: 08.05.2014
BELLA, Giampaolo, MASSACCI, Fabio ve PAULSON, Lawrence, C. (2005), "An Overview of the Verification of SET", International Journal of Information Security, Sayı:4(1/2), 17-28.
doi:10.1007/s10207-004-0047-7.
BOLLIER, David (2006), When Push Comes to Pull Economy,
Washington, DC: The Aspen Institute.
http://bollier.org/sites/default/files/aspen_reports/2005InfoTechT ext.pdf.erişim tarihi: 08.05.2014
İktisadi ve İdari Bilimler Sayısı | 115
Hamdi
Yeşilyurt
BOPING, Zhang ve SHIYU, Shang (2009, Ağustos), An Improved SET Protocol. In Proceedings of the 2009 International Symposium on Information Processing (ISIP'09), ss. 267-272. erişim tarihi: 21.05.2014
BLUE COAT (2008), Technology Primer: Secure Sockets Layer (SSL), Sunnyvale, CA, https://www. bluecoat.com, erişim tarihi: 08.05.2014
BOUCH, Anthony (2011), 3-D Secure: A critical review of 3-D Secure and its effectiveness in preventing card not present fraud, University of London, Londra,
erişim: http://www.58bits.com/thesis/3-D_Secure.pdf, erişim tarihi: 08.05.2014
.CASALO,
Luis. V., FLAVIÂN, Carlos ve GUINALIU, Miguel (2007), "The Role of Security, Privacy, Usability and Reputation in the Development of Online Banking", Online Information Review, Sayı: 31(5), ss.583-603, erişim tarihi: 08.05.2014
CERT(t.y.), Supply chain assurance, CERT Software Engineering Institute Web sitesi: http://www.cert.org/cybersecurity- engineering/research/supply-chain-assurance.cfm,. erişim tarihi: 08.05.2014
CLAESSENS, Joris, DEM, Valentin, DE COCK, Danny, PRENEEL, B., & VANDEWALLE, Joos (2002), "On the Security of Today's Online Electronic Banking Systems", Computers & Security, Sayı: 21(3), ss. 253-265, erişim tarihi: 08.05.2014
COŞKUN, M. Necat, ARDOR, Hakan. N. ve diğerleri (2012), Türkiye'de Bankacılık Sektörü Piyasa Yapısı, Firma Davranışları ve Rekabet Analizi, Türkiye Bankalar Birliği, İstanbul. erişimhttp://www.tbb.org.tr/Content/Upload/Dokuman/796/rekab etKitap.pdf, erişim tarihi: 08.05.2014
CHONG, Alain Yee-Loong ve diğerleri (2010), "Online Banking Adoption: An Empirical Analysis", International Journal of Bank Marketing, Sayı: 28.4, ss.267-287.
COWHEY, Peter. F. ve ARONSON, Jonathan. D (2009), Transforming global information and communication markets, Cambridge, Massachusetts: The MIT Press.
DAN, Sarel ve HOWARD, Marmorstein (2006), "Addressing Consumers ' Concerns About Online Security: A Conceptual And Empirical Analysis of Banks ' Actions", Journal of Financial Services Marketing, Sayı:11.2, s s. 99-115.
DZEMYDIENE, D., NAUJIKIENE, R., KALINAUSKAS, M., & JASIUNAS, E. (2010). "Evaluation of Securıty Disturbance Risks in Electronic Financial Payment Systems", Intellectual Economics, Sayı:2(8), ss.21-29.
116 | Celal Bayar Üniversitesi Sosyal Bilimler Dergisi - Cilt: 13, Sayı: 2, Haziran 2015
Finansal Hizmet Sektöründe Siber Güvenlik Riskleri.
ELLISON, Robert. J., ALBERTS, Christopher, CREEL, Rita., DOROFEE, Audrey ve WOODY. Carrol (2010), Software supply chain
risk management: From products to systems of systems, Software Engineering Institute, Pittsburgh.
http://www.sei.cmu.edu/reports/10tn026.pdf, erişim tarihi:
02.05.2014.
FILSINGER, Jarrellann, FAST, Barbara, WOLF, Danial.G.,
PAYNE, James, F.X. (2012), Supply chain risk management awareness ,Armed Forces Communication and Electronics Association, Cyber Committee.
http://www.afcea.org/committees/cyber/documents/Supplychain.p
df, erişim tarihi: 08.05.2014
GOERTZEL, Karen Mercedes (2010) "Supply Chain Risk
Management and the Software Supply Chain", OWASP AppSec DC, erişim https://www.owasp.org/images/7/77/BoozAllen-AppSecDC2010-sw_scrm.pdf, erişim tarihi:15.05.2015.
GRAUMAN, Brigid (2012), Cyber-security: The Vexed Question of Global Rules. Security and Defence Agenda,
http://www.isssource.com/wp-
content/uploads/2012/02/020212rp-sda-cyber-security.pdf, erişim
tarihi: 23.05.2014
HILTGEN, Alain, KRAMP, Thorsten ve WEIGOLD, Thomas
(2006), "Secure Internet Banking Authentication", Security & Privacy, IEEE, Sayı:4(2), ss.21-29, erişim tarihi: 08.05.2014
HUTCHINSON, Damien, & WARREN, Matthew (2003), "Security for internet banking: a framework", Logistics Information Management, 16(1), 64-73, erişim tarihi: 08.05.2014
Internet World Stats (2012). Internet Usage Statistics, http://www.internetworldstats.com/stats.htm. erişim tarihi:
08.05.2014.
INSA (2009), Addressing cyber security through public -private partnership - an analysis of existing models, Arlington, VA, http://www.insaonline.org/, erişim tarihi: 08.05.2014
JARUPUNPHOL, Pita ve MITCHELL, Chris (2003, June),
Measuring 3-D Secure and 3D SET against e-commerce end-user
requirements
. İçinde 8th Collaborative Electronic Commerce Technology and Research Conference, CollECTeR, Europe, Galway, Ireland, ss. 51-64.
KHAROUNI, Loucif (2012), Automatic transfer system: The latest cybercrime toolkit feature. trend micro ıncorporated research paper. Trend Micro, http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/wh...
İktisadi ve İdari Bilimler Sayısı | 117
Hamdi
Yeşilyurt
papers/wp_automating_online_banking_fraud.pdf, erişim tarihi:
08.05.2014
KIM, Changsu, TAO, Wang, SHIN, Namchul ve KIM, Ki-Soo (2010). "An Empirical Study of Consumers' Perceptions of Security and Trust in e-Payment Systems." Journal of Electronic Commerce Research and Applications, Cilt No: 9, Sayı: 1, ss. 84-95.
KOM
Dair
e Başkanlığı (2012), Kaçakçılık ve Organize Suçlarla Mücadele, 2011 raporu, KOM Yayınları: Ankara, erişim www.kom.gov.tr, erişim tarihi: 21.08.2014
KUMAR, Muneesh, SAREEN, Mamta ve BARQUISSAU, Eric
(2012), "Relationship between types of trust and level of adoption of Internet banking", Problems and perspectives in management : PPM.. ,
Sayı:10
(1), ss. 82-92.
http://businessperspectives.org/journals_free/ppm/2012/PPM_201 2_01_Kumar.pdf, erişim tarihi: 08.05.2014
LI, Yang ve WANG, Yun (2001), Secure Electronic Transaction (SET protocol), http://ccc.cs.lakeheadu.ca/set/set-lw.pdf, erişim tarihi 15.05.2014
LU, S., & SMOLKA, S. A. (1999), Model Checking the Secure
Electronic Transaction (SET) Protocol. In Modeling, Analysis and Simulation of Computer and Telecommunication Systems, 1999. Proceedings. 7th International Symposium on, ss. 358-364, IEEE.
MITRE(t.y.), Supply Chain Risk Management. MITRE:
http://www.mitre.org/publications/systems-engineering-guide/enterprise erişim tarihi: 08.05.2014
MICROSOFT (2014), Toward a Trusted Supply Chain: A Risk Based Approach to Managing Software Integrity, http://www.microsoft.com/en-us/download/details.aspx?id=26828,
erişim
tarihi
: 08.05.2014
MICROSOFT (t.y.), TLS vs. SSL, http://msdn.microsoft.com/en-
us/library/windows/desktop/aa380515(v=vs.85).aspx, erişim tarihi:
08.05.2014
NASHERI, Hedieh (2005), Economic espionage and industrial spying, New York: Cambridge University Press.
NSOULI, Saleh, M. ve SCHAECHTER, Andrea (2002), "Challenges of the E-Banking Revolution", Finance and Development, Cilt: 39 Sayı: 3
https://www.imf.org/external/pubs/ft/fandd/2002/09/nsouli.htm, erişim tarihi: 08.05.2014
OOI, Keng-Boon, LIN, Binshan, TAN, Boon-In, ve YEE-LOONG CHONG Alain (2011), "Online Banking Adoption: An Empirical
118 | Celal Bayar Üniversitesi Sosyal Bilimler Dergisi - Cilt: 13, Sayı: 2, Haziran 2015
Finansal Hizmet Sektöründe Siber Güvenlik Riskleri.
Analysis", International Journal of Bank Marketing, Sayı: 28(4), ss.267-287.
PCI
GÜVENLİ
K KONSÜLÜ (2013), Ödeme Kartları Endüstrisi
Veri
Güvenliği Standardı,
https://www.pcisecuritystandards.org/security_standards/, erişim
tarihi:
08.05.201
4
PAGANIN,
Pierluig
i (2013), Modern Online Banking Cyber Crime, erişim http://resources.infosecinstitute.com/modern-online- banking-cyber-crime/_erişim tarihi: 08.05.2014
PAVLOU, Paul. A, (2003), "Consumer Acceptance of Electronic Commerce: Integrating Trust And Risk With The Technology Acceptance Model", International journal of electronic commerce, Sayı:7(3), ss.101-134.
RANDAZZO, Marisa R, KEENEY, M., KOWALSKI, E., CAPPELLI, D., & MOORE, A. (2005), Insider Threat Study: Illicit Cyber Activity in The Banking And Finance Sector , Carnegıe-Mellon Unıv, Pıttsburgh, Software Engıneerıng Inst.
REKABET KURUMU (2013), Ticari Sırların Korunması, http://www.rekabet.gov.tr/default.aspx?,.erişim tarihi: 08.05.2014
RADACK,
SHIRLE
Y (2010), Secure Management of Keys in Cryptographic Applıcations: Guidance for Organizations, http://csrc.nist.gov/publications/nistbul/february2010_key- management-part3.pdf_erişim tarihi: 08.05.2014
RAJA, J.
v
e VELMURGAN, Senthil, M. (2008), E-payments: Problems and Prospects, Journal of Internet Banking & Commerce, Sayı:13(1), ss.1-17, erişim tarihi: 08.05.2014
REEVES, Jeff (2013), Cybersecurity - 5 security companies for uncertain times. http://investorplace.com/2013/12/investing-cybersecurity-5-security-comp..., erişim tarihi: 09.05.2014
SABAH (2014), Türkiye Kartta Avrupa liderliğine Soyundu. http://www.sabah.com.tr/Ekonomi/2014/05/12/turkiye-kartta- avrupa-liderligine-soyundu, erişim tarihi: 08.05.2014
SCHNEIDER, Gary P. (2010), Electronic Commerce 2010, Boston, Massachusetts: Prentice Hall Press.
SHARMA, Surinder ve RAMANDEEP, Singh (2011), Factors Influencing Internet Banking: An Empirical Investigation. IUP Journal Of Bank Management, Sayı:10(4), ss.71-80.
ŞIKER, Perihan (2011), Müşterilerin İnternet Bankacılığını Benimsemelerine Yönelik Keşifsel Bir Araştırma. Uygulamaları ve Yönetimi, Sayı: 35.
SIMPSON, Stacy (2009), The software supply chain integrity framework.
İktisadi ve İdari Bilimler Sayısı | 119
Hamdi Yeşilyurt
http://www.safecode.org/publications/SAFECode_Supply_Chain070 9.pdf_erişim tarihi: 08.05.2014
SUH, Bomil ve HAN, Ingoo
(2003)
, "The İmpact Of Customer Trust And Perception Of Security Control On The Acceptance Of Electronic Commerce", International Journal of electronic commerce, Sayı:7, ss.135-161.
TÜİK (2011), Bilgi Toplumu İstatistikleri, Ankara: TÜİK İstatistik Konseyi, www.tuik.gov.tr
TÜİK(2013), Hane Halkı BT Kullanım Araştırması, Ankara: TÜİK İstatistik Konseyi,
http://www.tuik.gov.tr/PreHaberBultenleri.do?id=13569, erişim tarihi: 01.05.2014
TSIAKIS, Theodosios ve
Georg
e STHEPHANIDES (2005), The Concept of Security and Trust İn Electronic Payments. Computers & Security, Sayı:24(1), ss.10-15.
YESİLYURT, Hamdi,
(2011)
, "The Response of American Police Agencies to Digital Evidence" University of Central Florida Doktora Tezi, Orlando, ABD.
YESİLYURT, H. (2015). Siber Suçlar: Tehditler, Farkındalık ve Mücadele, İçinde F. Tombul, M. Gunestas, O. Basibuyuk (Eds.), Global Press, ss. 169- 195.
White House (2013), National Strategy for Global Supply Chain Security Implementation Update.
http: //www.whitehouse.gov/sites/default/files/docs/national_strat egy_for_global_supply_chain_security_implementation_update_public _version_final2-26-131.pdf erişim tarihi: 12.05.2014
US-CERT(2009). "Software Supply Chain Risk Management & Due-Diligence". Cilt:2 https://buildsecurityin.us-
cert.gov/sites/default/files/DueDiligenceMWV12_01AM090909.pdf

Thank you for copying data from http://www.arastirmax.com