Skip to content

Information System Security (ISS)

Information System Security (ISS) :

In today’s complex and competitive changing business environment, the information technology assists banks across the globe to offer wide range of services and products and also give competitive edge to the players with well supported information system. However, banks are also exposed to many risks on account of growing opportunities on account of information system. This leads to the security concerns of the information system and calls for implementation of an effective control system as well. Since banks are important segment in the financial sector and also acts as trustees of funds. The information system security of banks should provide comfort levels both for the banks as well as customers and regulators.

Objectives of banks’ IS Security Policy:

Confidentiality: The confidentiality of customer information and sensitive financial data should not be revealed to unauthorized persons. The IS security should ensure that the confidentiality is maintained

Integrity: Banks’ IS security should protect banks information system from accidental or unauthorized and deliberate alteration or deletion of information

All the required controls should be in place to ensure availability of reliable and correct information to the authorized users and persons. These controls include access controls by PIN, pass words, proper approved authentication control, and effective internal controls.

E-banking allows on line banking services and as such the banks’ should ensure high level of IS security as part of e banking.

Threats to IS Security: Banks are also offering Core Banking Solutions along with e banking or online banking. In view of these facilities, network security is a concern for banks.

E-mail viruses, Phishing attacks and other issues: Installation of updated antivirus software would assist banks to handle email viruses. The users should be cautioned not to open e mail from unknown sources and spam mails. Phishing is one form of cyber attack in which the attackers make the internet users to reveal sensitive information about the bank account details and personal information. Banks should use certain level of protection by installing fire walls for data integrity. Fire walls do not allow direct access between the internet and the banks’ system. This facilitates a high level of control and monitoring. Necessary controls should be exercised in case of computer hardware and software to secure banks information system.

Disaster Recovery Management Control for computer environment: Banks should have in place a disaster recovery policy as part of their management control system. Any incident which results in direct denial or stoppage of essential business functions of a bank for unreasonable period of time is called as a disaster. If this stoppage of business is going to affect the customers it should be treated as disaster. Disaster recovery plan of a bank should give importance to the security of bank’s information system. Some examples which cause the disaster to a bank’s operations are:

External Factors : Natural disasters like floods, fire and earthquake etc.
Internal Factors : Hardware and Software failures,
Other Factors : virus attack, acts of terrorism

 

Banking Law | Dhruv Joshi |

Leave a Reply